syzbot


general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 05:50
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+eee3da306b650209ce68@syzkaller.appspotmail.com
First crash: 365d, last: 2d00h
Bug presence (2)
Date Name Commit Repro Result
2024/07/27 linux-5.15.y (ToT) 7e89efd3ae1c C [report] general protection fault in u2fzero_rng_read
2024/07/27 upstream (ToT) 3a7e02c040b1 C Didn't crash
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 general protection fault in u2fzero_rng_read origin:lts-only 8 C inconclusive 212 21h00m 365d 0/3 upstream: reported C repro on 2024/07/26 11:32
linux-6.6 general protection fault in u2fzero_rng_read origin:lts-only 2 C inconclusive 25 1d20h 35d 0/2 upstream: reported C repro on 2025/06/21 06:00
Last patch testing requests (7)
Created Duration User Patch Repo Result
2025/06/28 13:21 14m retest repro linux-5.15.y report log
2025/06/28 13:21 14m retest repro linux-5.15.y report log
2025/06/28 13:21 9m retest repro linux-5.15.y report log
2025/06/28 13:21 9m retest repro linux-5.15.y report log
2024/12/16 20:26 9m retest repro linux-5.15.y report log
2024/11/18 15:20 11m retest repro linux-5.15.y report log
2024/10/05 21:19 11m retest repro linux-5.15.y report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/10/29 05:34 7h51m fix candidate upstream OK (2) job log

Sample crash report:
usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
usb 1-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 1325 Comm: kworker/0:3 Not tainted 5.15.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline]
RIP: 0010:u2fzero_rng_read+0x1fc/0x680 drivers/hid/hid-u2fzero.c:202
Code: 43 80 7c 3d 00 00 74 08 48 89 df e8 3e ca 60 fa 41 bf a8 00 00 00 4c 03 3b 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 96 ca 60 fa 48 8d 44 24 60 49 89 07
RSP: 0018:ffffc90004ebe800 EFLAGS: 00010202
RAX: 0000000000000015 RBX: ffff8881421d4030 RCX: dffffc0000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88802aae6169
RBP: ffffc90004ebe998 R08: 0000000000000001 R09: ffff88802aae612e
R10: ffffed100555cc2d R11: 1ffff1100555cc25 R12: ffff8881421d4388
R13: 1ffff1102843a806 R14: 1ffff1102843a805 R15: 00000000000000a8
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005573b32f9e80 CR3: 000000007e752000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rng_get_data drivers/char/hw_random/core.c:196 [inline]
 add_early_randomness+0x7a/0x150 drivers/char/hw_random/core.c:74
 hwrng_register+0x42d/0x4b0 drivers/char/hw_random/core.c:526
 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:597
 u2fzero_probe+0x26e/0x2f0 drivers/hid/hid-u2fzero.c:336
 hid_device_probe+0x271/0x360 drivers/hid/hid-core.c:2309
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 hid_add_device+0x389/0x530 drivers/hid/hid-core.c:2461
 usbhid_probe+0xb92/0xf40 drivers/hid/usbhid/hid-core.c:1424
 usb_probe_interface+0x5a0/0xaf0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_set_configuration+0x1991/0x1fd0 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x89/0x150 drivers/usb/core/generic.c:238
 usb_probe_device+0x139/0x270 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_new_device+0xd53/0x1640 drivers/usb/core/hub.c:2604
 hub_port_connect drivers/usb/core/hub.c:5467 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5607 [inline]
 port_event drivers/usb/core/hub.c:5753 [inline]
 hub_event+0x295c/0x4fa0 drivers/usb/core/hub.c:5835
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
----------------
Code disassembly (best guess):
   0:	43 80 7c 3d 00 00    	cmpb   $0x0,0x0(%r13,%r15,1)
   6:	74 08                	je     0x10
   8:	48 89 df             	mov    %rbx,%rdi
   b:	e8 3e ca 60 fa       	call   0xfa60ca4e
  10:	41 bf a8 00 00 00    	mov    $0xa8,%r15d
  16:	4c 03 3b             	add    (%rbx),%r15
  19:	4c 89 f8             	mov    %r15,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 ff             	mov    %r15,%rdi
  33:	e8 96 ca 60 fa       	call   0xfa60cace
  38:	48 8d 44 24 60       	lea    0x60(%rsp),%rax
  3d:	49 89 07             	mov    %rax,(%r15)

Crashes (161):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/30 13:37 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/16 19:49 linux-5.15.y c16c81c81336 40a34ec9 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/11/04 11:02 linux-5.15.y 72244eab0dad f00eed24 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/27 06:47 linux-5.15.y 7c6d66f0266f 46eb10b7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/24 16:42 linux-5.15.y c79648372d02 65d60d73 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/18 15:49 linux-5.15.y c79648372d02 88248e14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/18 01:16 linux-5.15.y 89950c454265 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/17 22:19 linux-5.15.y 89950c454265 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/16 18:45 linux-5.15.y 89950c454265 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/16 17:32 linux-5.15.y 89950c454265 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/06 03:46 linux-5.15.y 3dea0e7f549e 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/05 15:48 linux-5.15.y 3dea0e7f549e 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/05 01:22 linux-5.15.y 3dea0e7f549e d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/06/07 17:11 linux-5.15.y 1c700860e8bc 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/06/01 06:03 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/30 12:59 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/25 17:32 linux-5.15.y 98f47d0e9b8c ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/15 08:08 linux-5.15.y 3b8db0e4f263 d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/13 23:57 linux-5.15.y 3b8db0e4f263 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/05 11:43 linux-5.15.y 16fdf2c7111b b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/04 10:48 linux-5.15.y 16fdf2c7111b b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/03 11:39 linux-5.15.y 16fdf2c7111b b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/04/24 16:26 linux-5.15.y f7347f400572 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/04/11 03:30 linux-5.15.y f7347f400572 1ef3ab4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/04/09 05:58 linux-5.15.y 0c935c049b5c a775275d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/31 23:03 linux-5.15.y 0c935c049b5c d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/27 21:13 linux-5.15.y 0c935c049b5c 6c09fb82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/25 23:35 linux-5.15.y 0c935c049b5c 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/25 22:14 linux-5.15.y 0c935c049b5c 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/25 15:19 linux-5.15.y 0c935c049b5c 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/16 20:53 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/16 00:21 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/13 23:20 linux-5.15.y 0c935c049b5c 44be8b44 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/10 10:28 linux-5.15.y c16c81c81336 163f510d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/08 09:52 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/08 00:39 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/05 05:08 linux-5.15.y c16c81c81336 c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/03/01 23:23 linux-5.15.y c16c81c81336 c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/26 12:45 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/26 10:40 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/20 15:53 linux-5.15.y c16c81c81336 50668798 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/16 19:25 linux-5.15.y c16c81c81336 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/09 15:42 linux-5.15.y c16c81c81336 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/26 05:49 linux-5.15.y 7c6d66f0266f 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/06 02:37 linux-5.15.y 3dea0e7f549e 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/06/13 05:05 linux-5.15.y 1c700860e8bc 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/04/10 22:57 linux-5.15.y f7347f400572 1ef3ab4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/03/04 21:57 linux-5.15.y c16c81c81336 c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/02/20 13:59 linux-5.15.y c16c81c81336 50668798 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.