syzbot

 sign-in | mailing list | source | docs
🐞 Open [828]
🐞 Fixed [84]
🐞 Invalid [1078]
Missing Backports [128]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 05:50
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+eee3da306b650209ce68@syzkaller.appspotmail.com
First crash: 466d, last: 1d01h
Bug presence (2)
Date Name Commit Repro Result
2024/07/27 linux-5.15.y (ToT) 7e89efd3ae1c C [report] general protection fault in u2fzero_rng_read
2024/07/27 upstream (ToT) 3a7e02c040b1 C Didn't crash
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 general protection fault in u2fzero_rng_read origin:lts-only 8 C inconclusive 284 3d18h 465d 0/3 upstream: reported C repro on 2024/07/26 11:32
linux-6.6 general protection fault in u2fzero_rng_read origin:lts-only 2 C inconclusive 93 3d20h 136d 0/2 upstream: reported C repro on 2025/06/21 06:00
Last patch testing requests (7)
Created Duration User Patch Repo Result
2025/06/28 13:21 14m retest repro linux-5.15.y report log
2025/06/28 13:21 14m retest repro linux-5.15.y report log
2025/06/28 13:21 9m retest repro linux-5.15.y report log
2025/06/28 13:21 9m retest repro linux-5.15.y report log
2024/12/16 20:26 9m retest repro linux-5.15.y report log
2024/11/18 15:20 11m retest repro linux-5.15.y report log
2024/10/05 21:19 11m retest repro linux-5.15.y report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/10/29 05:34 7h51m fix candidate upstream OK (2) job log

Sample crash report:
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 1336 Comm: kworker/0:3 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline]
RIP: 0010:u2fzero_rng_read+0x1fc/0x680 drivers/hid/hid-u2fzero.c:202
Code: 43 80 7c 3d 00 00 74 08 48 89 df e8 0e f0 5f fa 41 bf a8 00 00 00 4c 03 3b 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 66 f0 5f fa 48 8d 44 24 60 49 89 07
RSP: 0018:ffffc900059b6800 EFLAGS: 00010202
RAX: 0000000000000015 RBX: ffff88807ce84030 RCX: dffffc0000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88801f27b569
RBP: ffffc900059b6998 R08: 0000000000000001 R09: ffff88801f27b52e
R10: ffffed1003e4f6ad R11: 1ffff11003e4f6a5 R12: ffff88807ce84388
R13: 1ffff1100f9d0806 R14: 1ffff1100f9d0805 R15: 00000000000000a8
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff3a36ff68 CR3: 0000000017fe1000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rng_get_data drivers/char/hw_random/core.c:196 [inline]
 add_early_randomness+0x7a/0x150 drivers/char/hw_random/core.c:74
 hwrng_register+0x42d/0x4b0 drivers/char/hw_random/core.c:526
 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:597
 u2fzero_probe+0x26e/0x2f0 drivers/hid/hid-u2fzero.c:336
 hid_device_probe+0x271/0x360 drivers/hid/hid-core.c:2318
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 hid_add_device+0x389/0x530 drivers/hid/hid-core.c:2470
 usbhid_probe+0xb92/0xf40 drivers/hid/usbhid/hid-core.c:1427
 usb_probe_interface+0x5a0/0xaf0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_set_configuration+0x1991/0x1fd0 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x89/0x150 drivers/usb/core/generic.c:238
 usb_probe_device+0x139/0x270 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_new_device+0xd53/0x1640 drivers/usb/core/hub.c:2632
 hub_port_connect drivers/usb/core/hub.c:5497 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5637 [inline]
 port_event drivers/usb/core/hub.c:5799 [inline]
 hub_event+0x2dd9/0x5560 drivers/usb/core/hub.c:5881
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Modules linked in:
---[ end trace 164d232f363deca7 ]---
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline]
RIP: 0010:u2fzero_rng_read+0x1fc/0x680 drivers/hid/hid-u2fzero.c:202
Code: 43 80 7c 3d 00 00 74 08 48 89 df e8 0e f0 5f fa 41 bf a8 00 00 00 4c 03 3b 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 66 f0 5f fa 48 8d 44 24 60 49 89 07
RSP: 0018:ffffc900059b6800 EFLAGS: 00010202
RAX: 0000000000000015 RBX: ffff88807ce84030 RCX: dffffc0000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88801f27b569
RBP: ffffc900059b6998 R08: 0000000000000001 R09: ffff88801f27b52e
R10: ffffed1003e4f6ad R11: 1ffff11003e4f6a5 R12: ffff88807ce84388
R13: 1ffff1100f9d0806 R14: 1ffff1100f9d0805 R15: 00000000000000a8
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff3a36ff68 CR3: 0000000017fe1000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	43 80 7c 3d 00 00    	cmpb   $0x0,0x0(%r13,%r15,1)
   6:	74 08                	je     0x10
   8:	48 89 df             	mov    %rbx,%rdi
   b:	e8 0e f0 5f fa       	call   0xfa5ff01e
  10:	41 bf a8 00 00 00    	mov    $0xa8,%r15d
  16:	4c 03 3b             	add    (%rbx),%r15
  19:	4c 89 f8             	mov    %r15,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 ff             	mov    %r15,%rdi
  33:	e8 66 f0 5f fa       	call   0xfa5ff09e
  38:	48 8d 44 24 60       	lea    0x60(%rsp),%rax
  3d:	49 89 07             	mov    %rax,(%r15)

Crashes (204):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/07 23:29 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/30 13:37 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/16 19:49 linux-5.15.y c16c81c81336 40a34ec9 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/11/04 11:02 linux-5.15.y 72244eab0dad f00eed24 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/27 06:47 linux-5.15.y 7c6d66f0266f 46eb10b7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/03 07:37 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/31 10:36 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/31 04:24 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/21 22:17 linux-5.15.y ac56c046adf4 9832ed61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/13 23:04 linux-5.15.y 29e53a5b1c4f b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/12 14:55 linux-5.15.y 29e53a5b1c4f ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/07 18:32 linux-5.15.y 29e53a5b1c4f 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/03 20:12 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/29 10:25 linux-5.15.y 43bb85222e53 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/19 04:21 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/10 12:10 linux-5.15.y de9476bb4f1b fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/07 23:00 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/29 04:43 linux-5.15.y 01879f56bdde d401b9d7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/24 22:48 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/24 12:10 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/16 16:54 linux-5.15.y c79648372d02 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/09 19:56 linux-5.15.y c79648372d02 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/09 08:07 linux-5.15.y c79648372d02 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/06 13:16 linux-5.15.y c79648372d02 ffe1dd46 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/05 04:01 linux-5.15.y c79648372d02 f5bcc8dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/04 02:57 linux-5.15.y c79648372d02 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/01 09:15 linux-5.15.y c79648372d02 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/29 03:19 linux-5.15.y c79648372d02 6654ea9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/24 16:42 linux-5.15.y c79648372d02 65d60d73 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/18 15:49 linux-5.15.y c79648372d02 88248e14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/18 01:16 linux-5.15.y 89950c454265 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/17 22:19 linux-5.15.y 89950c454265 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/16 18:45 linux-5.15.y 89950c454265 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/16 17:32 linux-5.15.y 89950c454265 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/06 03:46 linux-5.15.y 3dea0e7f549e 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/05 15:48 linux-5.15.y 3dea0e7f549e 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/05 01:22 linux-5.15.y 3dea0e7f549e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/06/07 17:11 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/06/01 06:03 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/30 12:59 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/25 17:32 linux-5.15.y 98f47d0e9b8c ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/15 08:08 linux-5.15.y 3b8db0e4f263 d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/13 23:57 linux-5.15.y 3b8db0e4f263 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/05 11:43 linux-5.15.y 16fdf2c7111b b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/04 10:48 linux-5.15.y 16fdf2c7111b b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/03 11:39 linux-5.15.y 16fdf2c7111b b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/04/24 16:26 linux-5.15.y f7347f400572 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/26 05:49 linux-5.15.y 7c6d66f0266f 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/25 00:54 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/08/21 17:34 linux-5.15.y c79648372d02 3e79b825 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/07/06 02:37 linux-5.15.y 3dea0e7f549e 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/06/13 05:05 linux-5.15.y 1c700860e8bc 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.