syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15779]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

UBSAN: shift-out-of-bounds in s32ton

Status: upstream: reported on 2024/11/11 15:08
Subsystems: input usb
[Documentation on labels]
Reported-by: syzbot+3fa2af55f15bd21cada9@syzkaller.appspotmail.com
First crash: 190d, last: 81d
Discussions (4)
Title Replies (including bot) Last reply
[syzbot] Monthly input report (Mar 2025) 0 (1) 2025/03/08 22:15
Re: [syzbot] [input?] [usb?] UBSAN: shift-out-of-bounds in s32ton 1 (1) 2024/11/14 02:19
[syzbot] [input?] [usb?] UBSAN: shift-out-of-bounds in s32ton 3 (4) 2024/11/14 01:40
[PATCH] HID: core: s32ton always be 0 when n>=32 1 (1) 2024/11/13 10:13

Sample crash report:
------------[ cut here ]------------
UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:69:16
shift exponent 4294967295 is too large for 32-bit type 'int'
CPU: 1 UID: 0 PID: 36 Comm: kworker/1:1 Not tainted 6.14.0-rc3-syzkaller-00037-gc749f058b437 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_shift_out_of_bounds+0x24f/0x3f0 lib/ubsan.c:468
 s32ton.cold+0x37/0x9c drivers/hid/hid-core.c:69
 hid_set_field+0x1dc/0x3c0 drivers/hid/hid-core.c:1913
 hidinput_input_event+0x290/0x430 drivers/hid/hid-input.c:1862
 input_event_dispose drivers/input/input.c:321 [inline]
 input_handle_event+0x14e/0x14d0 drivers/input/input.c:369
 input_inject_event+0x1c8/0x380 drivers/input/input.c:423
 __led_set_brightness drivers/leds/led-core.c:52 [inline]
 led_set_brightness_nopm drivers/leds/led-core.c:323 [inline]
 led_set_brightness_nosleep drivers/leds/led-core.c:354 [inline]
 led_set_brightness+0x214/0x290 drivers/leds/led-core.c:316
 kbd_led_trigger_activate+0xcb/0x110 drivers/tty/vt/keyboard.c:1036
 led_trigger_set+0x59a/0xc60 drivers/leds/led-triggers.c:212
 led_match_default_trigger drivers/leds/led-triggers.c:269 [inline]
 led_match_default_trigger drivers/leds/led-triggers.c:263 [inline]
 led_trigger_set_default drivers/leds/led-triggers.c:287 [inline]
 led_trigger_set_default+0x1bd/0x2a0 drivers/leds/led-triggers.c:276
 led_classdev_register_ext+0x7bc/0xa10 drivers/leds/led-class.c:566
 led_classdev_register include/linux/leds.h:274 [inline]
 input_leds_connect+0x552/0x8e0 drivers/input/input-leds.c:145
 input_attach_handler.isra.0+0x181/0x260 drivers/input/input.c:993
 input_register_device+0xa84/0x1130 drivers/input/input.c:2412
 hidinput_connect+0x1da5/0x2ba0 drivers/hid/hid-input.c:2340
 hid_connect+0x1393/0x1890 drivers/hid/hid-core.c:2235
 hid_hw_start drivers/hid/hid-core.c:2350 [inline]
 hid_hw_start+0xaa/0x140 drivers/hid/hid-core.c:2341
 ms_probe+0x195/0x500 drivers/hid/hid-microsoft.c:391
 __hid_device_probe drivers/hid/hid-core.c:2713 [inline]
 hid_device_probe+0x349/0x700 drivers/hid/hid-core.c:2750
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x114b/0x1a70 drivers/base/core.c:3665
 hid_add_device+0x374/0xa60 drivers/hid/hid-core.c:2896
 usbhid_probe+0xd32/0x1400 drivers/hid/usbhid/hid-core.c:1431
 usb_probe_interface+0x300/0x9c0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x114b/0x1a70 drivers/base/core.c:3665
 usb_set_configuration+0x10cb/0x1c50 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:250
 usb_probe_device+0xec/0x3e0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:579 [inline]
 really_probe+0x23e/0xa90 drivers/base/dd.c:658
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
 bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x114b/0x1a70 drivers/base/core.c:3665
 usb_new_device+0xd09/0x1a20 drivers/usb/core/hub.c:2663
 hub_port_connect drivers/usb/core/hub.c:5533 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5673 [inline]
 port_event drivers/usb/core/hub.c:5833 [inline]
 hub_event+0x2e58/0x4f40 drivers/usb/core/hub.c:5915
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3317 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
 kthread+0x3af/0x750 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
---[ end trace ]---

Crashes (18):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/24 06:14 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c749f058b437 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2025/02/06 16:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9682c35ff6ec 577d049b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2025/01/15 06:12 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 26a6cc10f19a 7315a7cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2025/01/13 01:37 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a59c366e11dc 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2025/01/12 06:34 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 594c82329eef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2025/01/09 17:49 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f1a2241778d9 9220929f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2025/01/06 04:30 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f1a2241778d9 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2025/01/04 13:06 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f1a2241778d9 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2025/01/01 22:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing f097a36ef88d d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/12/23 08:49 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d3571faa1ba8 b4fbdbd4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/12/21 20:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 362a7993ed01 d7f584ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/12/09 07:18 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d8d936c51388 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/12/07 12:26 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d8d936c51388 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/12/07 00:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing d8d936c51388 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/11/29 03:10 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 237d4e0f4113 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/11/28 11:29 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 237d4e0f4113 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/11/08 16:18 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 226ff2e681d0 179b040e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
2024/11/07 14:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 226ff2e681d0 867e44df .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb UBSAN: shift-out-of-bounds in s32ton
* Struck through repros no longer work on HEAD.