Hello, syzbot found the following issue on: HEAD commit: 4bbf3422df78 Merge tag 'net-6.1-rc5' of git://git.kernel.o.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1001828e880000 kernel config: https://syzkaller.appspot.com/x/.config?x=480ba0fb2fd243ac dashboard link: https://syzkaller.appspot.com/bug?extid=8b1641d2f14732407e23 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13556dfe880000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16de4db9880000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/3f5450859d5d/disk-4bbf3422.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/d5ef9126ce18/vmlinux-4bbf3422.xz kernel image: https://storage.googleapis.com/syzbot-assets/a806f631e533/bzImage-4bbf3422.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8b1641d2f14732407e23@xxxxxxxxxxxxxxxxxxxxxxxxx microsoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) > 32! (swapper/0) ================================================================================ UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20 shift exponent 127 is too large for 32-bit type 'int' CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322 snto32 drivers/hid/hid-core.c:1323 [inline] hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline] hid_process_report drivers/hid/hid-core.c:1665 [inline] hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998 hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066 hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284 __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671 dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [inline] __run_timers+0x76a/0x980 kernel/time/timer.c:1790 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803 __do_softirq+0x277/0x75b kernel/softirq.c:571 __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:22 [inline] RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline] RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:130 [inline] RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:113 [inline] RIP: 0010:acpi_idle_do_entry drivers/acpi/processor_idle.c:572 [inline] RIP: 0010:acpi_idle_enter+0x43d/0x800 drivers/acpi/processor_idle.c:709 Code: ff e8 a7 8d 38 f7 48 83 e3 08 44 8b 7c 24 04 0f 85 00 01 00 00 e8 33 4d 3f f7 66 90 e8 cc 88 38 f7 0f 00 2d f5 af c4 00 fb f4 <4c> 89 e3 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 e7 e8 7d 64 8d f7 RSP: 0018:ffffffff8ca07b80 EFLAGS: 000002d3 RAX: ffffffff8a512d84 RBX: 0000000000000000 RCX: ffffffff8cabb7c0 RDX: 0000000000000000 RSI: ffffffff8aad68a0 RDI: ffffffff8b0ac540 RBP: ffffffff8ca07c30 R08: ffffffff8a512d69 R09: fffffbfff19576f9 R10: fffffbfff19576f9 R11: 1ffffffff19576f8 R12: ffffffff8ca07bc0 R13: dffffc0000000000 R14: ffff8880121c6800 R15: 0000000000000001 cpuidle_enter_state+0x50b/0xf50 drivers/cpuidle/cpuidle.c:239 cpuidle_enter+0x59/0x90 drivers/cpuidle/cpuidle.c:356 call_cpuidle kernel/sched/idle.c:155 [inline] cpuidle_idle_call kernel/sched/idle.c:236 [inline] do_idle+0x3da/0x680 kernel/sched/idle.c:303 cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:400 rest_init+0x24f/0x270 init/main.c:729 arch_call_rest_init+0xa/0xa init/main.c:890 start_kernel+0x4b6/0x565 init/main.c:1145 secondary_startup_64_no_verify+0xcf/0xdb </TASK> ================================================================================ ---------------- Code disassembly (best guess), 1 bytes skipped: 0: e8 a7 8d 38 f7 callq 0xf7388dac 5: 48 83 e3 08 and $0x8,%rbx 9: 44 8b 7c 24 04 mov 0x4(%rsp),%r15d e: 0f 85 00 01 00 00 jne 0x114 14: e8 33 4d 3f f7 callq 0xf73f4d4c 19: 66 90 xchg %ax,%ax 1b: e8 cc 88 38 f7 callq 0xf73888ec 20: 0f 00 2d f5 af c4 00 verw 0xc4aff5(%rip) # 0xc4b01c 27: fb sti 28: f4 hlt * 29: 4c 89 e3 mov %r12,%rbx <-- trapping instruction 2c: 48 c1 eb 03 shr $0x3,%rbx 30: 42 80 3c 2b 00 cmpb $0x0,(%rbx,%r13,1) 35: 74 08 je 0x3f 37: 4c 89 e7 mov %r12,%rdi 3a: e8 7d 64 8d f7 callq 0xf78d64bc --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches