general protection fault in u2fzero_rng

Date	Name	Commit	Repro	Result
2024/07/27	linux-5.15.y (ToT)	7e89efd3ae1c	C	[report] general protection fault in u2fzero_rng_read
2024/07/27	upstream (ToT)	3a7e02c040b1	C	Didn't crash

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-6.1	general protection fault in u2fzero_rng_read origin:lts-only	C		inconclusive	35	30d	83d	0/3	upstream: reported C repro on 2024/07/26 11:32

linux-6.1

general protection fault in u2fzero_rng_read origin:lts-only

inconclusive

30d

83d

0/3

upstream: reported C repro on 2024/07/26 11:32

Created	Duration	User	Patch	Repo	Result
2024/10/05 21:19	11m	retest repro		linux-5.15.y	report log

Created

Duration

User

Patch

Repo

Result

2024/10/05 21:19

11m

retest repro

linux-5.15.y

report log

usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 usb 1-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 usb 1-1: config 0 descriptor?? hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0 hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af] CPU: 0 PID: 1292 Comm: kworker/0:2 Not tainted 5.15.163-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 Workqueue: usb_hub_wq hub_event RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline] RIP: 0010:u2fzero_rng_read+0x21a/0x700 drivers/hid/hid-u2fzero.c:202 Code: df 41 80 7c 05 00 00 74 08 4c 89 f7 e8 7f a4 fa f9 bb a8 00 00 00 49 03 1e 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 d8 a4 fa f9 48 8d 54 24 60 48 89 13 RSP: 0018:ffffc9000550e760 EFLAGS: 00010202 RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000 RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88807a0b3f69 RBP: ffffc9000550e8f0 R08: dffffc0000000000 R09: ffff88807a0b3f2e R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8880790b0388 R13: 1ffff1100f216006 R14: ffff8880790b0030 R15: 1ffff1100f216005 FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055bfdd377ee8 CR3: 00000000732ab000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> rng_get_data drivers/char/hw_random/core.c:196 [inline] add_early_randomness+0x78/0x140 drivers/char/hw_random/core.c:74 hwrng_register+0x430/0x4c0 drivers/char/hw_random/core.c:526 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:597 u2fzero_probe+0x266/0x2e0 drivers/hid/hid-u2fzero.c:336 hid_device_probe+0x2a6/0x3a0 drivers/hid/hid-core.c:2307 really_probe+0x24e/0xb60 drivers/base/dd.c:595 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755 driver_probe_device+0x50/0x420 drivers/base/dd.c:785 __device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:427 __device_attach+0x359/0x570 drivers/base/dd.c:979 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:487 device_add+0xb48/0xfd0 drivers/base/core.c:3412 hid_add_device+0x3a5/0x510 drivers/hid/hid-core.c:2459 usbhid_probe+0xb32/0xec0 drivers/hid/usbhid/hid-core.c:1424 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396 really_probe+0x24e/0xb60 drivers/base/dd.c:595 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755 driver_probe_device+0x50/0x420 drivers/base/dd.c:785 __device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:427 __device_attach+0x359/0x570 drivers/base/dd.c:979 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:487 device_add+0xb48/0xfd0 drivers/base/core.c:3412 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293 really_probe+0x24e/0xb60 drivers/base/dd.c:595 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:755 driver_probe_device+0x50/0x420 drivers/base/dd.c:785 __device_attach_driver+0x2b9/0x500 drivers/base/dd.c:907 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:427 __device_attach+0x359/0x570 drivers/base/dd.c:979 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:487 device_add+0xb48/0xfd0 drivers/base/core.c:3412 usb_new_device+0xc17/0x18e0 drivers/usb/core/hub.c:2593 hub_port_connect drivers/usb/core/hub.c:5455 [inline] hub_port_connect_change drivers/usb/core/hub.c:5595 [inline] port_event drivers/usb/core/hub.c:5741 [inline] hub_event+0x2cdf/0x54c0 drivers/usb/core/hub.c:5823 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310 ---------------- Code disassembly (best guess): 0: df 41 80 filds -0x80(%rcx) 3: 7c 05 jl 0xa 5: 00 00 add %al,(%rax) 7: 74 08 je 0x11 9: 4c 89 f7 mov %r14,%rdi c: e8 7f a4 fa f9 call 0xf9faa490 11: bb a8 00 00 00 mov $0xa8,%ebx 16: 49 03 1e add (%r14),%rbx 19: 48 89 d8 mov %rbx,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction 2e: 74 08 je 0x38 30: 48 89 df mov %rbx,%rdi 33: e8 d8 a4 fa f9 call 0xf9faa510 38: 48 8d 54 24 60 lea 0x60(%rsp),%rdx 3d: 48 89 13 mov %rdx,(%rbx)

Crashes (33):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/07/27 06:47	linux-5.15.y	7c6d66f0266f	46eb10b7	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/25 15:04	linux-5.15.y	fa93fa65db6e	d7d32352	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/24 11:45	linux-5.15.y	fa93fa65db6e	d7d32352	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/24 11:45	linux-5.15.y	fa93fa65db6e	d7d32352	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/23 21:55	linux-5.15.y	fa93fa65db6e	d7d32352	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/23 21:55	linux-5.15.y	fa93fa65db6e	d7d32352	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/22 13:18	linux-5.15.y	fa93fa65db6e	ca02180f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/22 13:18	linux-5.15.y	fa93fa65db6e	ca02180f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/18 22:57	linux-5.15.y	7e89efd3ae1c	dbc93b08	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/18 22:56	linux-5.15.y	7e89efd3ae1c	dbc93b08	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/18 22:52	linux-5.15.y	7e89efd3ae1c	dbc93b08	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/18 22:50	linux-5.15.y	7e89efd3ae1c	dbc93b08	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/12 01:34	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/12 01:33	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/12 00:52	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/12 00:52	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/11 22:32	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/11 22:32	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/11 18:51	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/11 18:51	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/11 17:26	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/11 17:25	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/11 15:53	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/11 15:51	linux-5.15.y	7e89efd3ae1c	6f4edef4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/06 22:46	linux-5.15.y	7e89efd3ae1c	1ef9fe42	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/06 22:46	linux-5.15.y	7e89efd3ae1c	1ef9fe42	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/06 21:51	linux-5.15.y	7e89efd3ae1c	1ef9fe42	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/08/06 21:51	linux-5.15.y	7e89efd3ae1c	1ef9fe42	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/07/27 17:03	linux-5.15.y	7e89efd3ae1c	46eb10b7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/07/27 17:03	linux-5.15.y	7e89efd3ae1c	46eb10b7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/07/26 05:49	linux-5.15.y	7c6d66f0266f	3f86dfed	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/07/26 05:49	linux-5.15.y	7c6d66f0266f	3f86dfed	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan	general protection fault in u2fzero_rng_read
2024/07/27 15:58	linux-5.15.y	7e89efd3ae1c	46eb10b7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-5-15-kasan-arm64	BUG: unable to handle kernel paging request in u2fzero_rng_read

Crashes (33):

Assets (help?)

2024/07/27 06:47

linux-5.15.y