syzbot

 sign-in | mailing list | source | docs
🐞 Open [711]
🐞 Fixed [60]
🐞 Invalid [634]
Missing Backports [62]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 05:50
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+eee3da306b650209ce68@syzkaller.appspotmail.com
First crash: 148d, last: 4d15h
Bug presence (2)
Date Name Commit Repro Result
2024/07/27 linux-5.15.y (ToT) 7e89efd3ae1c C [report] general protection fault in u2fzero_rng_read
2024/07/27 upstream (ToT) 3a7e02c040b1 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 general protection fault in u2fzero_rng_read origin:lts-only C inconclusive 72 1d06h 148d 0/3 upstream: reported C repro on 2024/07/26 11:32
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/12/16 20:26 9m retest repro linux-5.15.y report log
2024/11/18 15:20 11m retest repro linux-5.15.y report log
2024/10/05 21:19 11m retest repro linux-5.15.y report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/10/29 05:34 7h51m fix candidate upstream OK (2) job log

Sample crash report:
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 1335 Comm: kworker/0:3 Not tainted 5.15.170-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline]
RIP: 0010:u2fzero_rng_read+0x21a/0x700 drivers/hid/hid-u2fzero.c:202
Code: df 41 80 7c 05 00 00 74 08 4c 89 f7 e8 6f f3 f9 f9 bb a8 00 00 00 49 03 1e 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 c8 f3 f9 f9 48 8d 54 24 60 48 89 13
RSP: 0018:ffffc9000544e760 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88801ec52a69
RBP: ffffc9000544e8f0 R08: dffffc0000000000 R09: ffff88801ec52a2e
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888146712388
R13: 1ffff11028ce2406 R14: ffff888146712030 R15: 1ffff11028ce2405
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe21de0331b CR3: 00000000784e7000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rng_get_data drivers/char/hw_random/core.c:196 [inline]
 add_early_randomness+0x78/0x140 drivers/char/hw_random/core.c:74
 hwrng_register+0x430/0x4c0 drivers/char/hw_random/core.c:526
 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:597
 u2fzero_probe+0x266/0x2e0 drivers/hid/hid-u2fzero.c:336
 hid_device_probe+0x2a6/0x3a0 drivers/hid/hid-core.c:2307
 really_probe+0x24e/0xb60 drivers/base/dd.c:595
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
 driver_probe_device+0x50/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:979
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3415
 hid_add_device+0x3a5/0x510 drivers/hid/hid-core.c:2459
 usbhid_probe+0xb32/0xec0 drivers/hid/usbhid/hid-core.c:1424
 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
 really_probe+0x24e/0xb60 drivers/base/dd.c:595
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
 driver_probe_device+0x50/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:979
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3415
 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
 really_probe+0x24e/0xb60 drivers/base/dd.c:595
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755
 driver_probe_device+0x50/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:979
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3415
 usb_new_device+0xc17/0x18e0 drivers/usb/core/hub.c:2593
 hub_port_connect drivers/usb/core/hub.c:5455 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5595 [inline]
 port_event drivers/usb/core/hub.c:5741 [inline]
 hub_event+0x2cdf/0x54c0 drivers/usb/core/hub.c:5823
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+
----------------
Code disassembly (best guess):
   0:	df 41 80             	filds  -0x80(%rcx)
   3:	7c 05                	jl     0xa
   5:	00 00                	add    %al,(%rax)
   7:	74 08                	je     0x11
   9:	4c 89 f7             	mov    %r14,%rdi
   c:	e8 6f f3 f9 f9       	call   0xf9f9f380
  11:	bb a8 00 00 00       	mov    $0xa8,%ebx
  16:	49 03 1e             	add    (%r14),%rbx
  19:	48 89 d8             	mov    %rbx,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	48 89 df             	mov    %rbx,%rdi
  33:	e8 c8 f3 f9 f9       	call   0xf9f9f400
  38:	48 8d 54 24 60       	lea    0x60(%rsp),%rdx
  3d:	48 89 13             	mov    %rdx,(%rbx)

Crashes (42):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/04 11:02 linux-5.15.y 72244eab0dad f00eed24 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/27 06:47 linux-5.15.y 7c6d66f0266f 46eb10b7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/12/02 06:13 linux-5.15.y 0a51d2d4527b 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/12/02 03:01 linux-5.15.y 0a51d2d4527b 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/11/25 09:49 linux-5.15.y 0a51d2d4527b 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/11/25 09:48 linux-5.15.y 0a51d2d4527b 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/11/04 10:34 linux-5.15.y 72244eab0dad f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/10/27 09:06 linux-5.15.y 74cdd62cb470 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/25 15:04 linux-5.15.y fa93fa65db6e d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/24 11:45 linux-5.15.y fa93fa65db6e d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/24 11:45 linux-5.15.y fa93fa65db6e d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/23 21:55 linux-5.15.y fa93fa65db6e d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/23 21:55 linux-5.15.y fa93fa65db6e d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/22 13:18 linux-5.15.y fa93fa65db6e ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/22 13:18 linux-5.15.y fa93fa65db6e ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/18 22:57 linux-5.15.y 7e89efd3ae1c dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/18 22:56 linux-5.15.y 7e89efd3ae1c dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/18 22:52 linux-5.15.y 7e89efd3ae1c dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/18 22:50 linux-5.15.y 7e89efd3ae1c dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/12 01:34 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/12 01:33 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/12 00:52 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/12 00:52 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/11 22:32 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/11 22:32 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/11 18:51 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/11 18:51 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/11 17:26 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/11 17:25 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/11 15:53 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/11 15:51 linux-5.15.y 7e89efd3ae1c 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/06 22:46 linux-5.15.y 7e89efd3ae1c 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/06 22:46 linux-5.15.y 7e89efd3ae1c 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/06 21:51 linux-5.15.y 7e89efd3ae1c 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/08/06 21:51 linux-5.15.y 7e89efd3ae1c 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/27 17:03 linux-5.15.y 7e89efd3ae1c 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/27 17:03 linux-5.15.y 7e89efd3ae1c 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/26 05:49 linux-5.15.y 7c6d66f0266f 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/26 05:49 linux-5.15.y 7c6d66f0266f 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/11/25 09:51 linux-5.15.y 0a51d2d4527b 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/07/27 15:58 linux-5.15.y 7e89efd3ae1c 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.