syzbot

 sign-in | mailing list | source | docs
🐞 Open [723]
🐞 Fixed [119]
🐞 Invalid [756]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 11:32
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+f172030e1ac89d63806c@syzkaller.appspotmail.com
First crash: 300d, last: 9d00h
Bug presence (2)
Date Name Commit Repro Result
2024/11/26 linux-6.1.y (ToT) e4d90d63d385 C [report] general protection fault in u2fzero_rng_read
2024/11/26 upstream (ToT) 7eef7e306d3c C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 general protection fault in u2fzero_rng_read origin:lts-only C inconclusive 131 7d18h 300d 0/3 upstream: reported C repro on 2024/07/26 05:50
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2025/02/10 07:28 5h53m fix candidate upstream OK (2) job log
2024/09/26 08:39 7h03m fix candidate upstream OK (2) job log

Sample crash report:
usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
usb 1-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.130-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
RIP: 0010:u2fzero_rng_read+0x27d/0x750 drivers/hid/hid-u2fzero.c:223
Code: 68 fd ff ff 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 c2 a5 bb f9 bb a8 00 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 24 a6 bb f9 48 8d 84 24 80 00 00
RSP: 0018:ffffc90002d96720 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: 0000000000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88807ebf3c69
RBP: ffffc90002d968d0 R08: dffffc0000000000 R09: ffff88807ebf3c2e
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88801d6873e0
R13: 1ffff11003ad0e06 R14: ffff88801d687030 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555fc67377c8 CR3: 000000002fcd9000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rng_get_data drivers/char/hw_random/core.c:201 [inline]
 add_early_randomness+0x78/0x140 drivers/char/hw_random/core.c:73
 hwrng_register+0x3a0/0x440 drivers/char/hw_random/core.c:593
 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:665
 u2fzero_probe+0x31a/0x410 drivers/hid/hid-u2fzero.c:359
 hid_device_probe+0x298/0x3a0 drivers/hid/hid-core.c:2632
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 hid_add_device+0x3a5/0x510 drivers/hid/hid-core.c:2784
 usbhid_probe+0xc09/0xfc0 drivers/hid/usbhid/hid-core.c:1424
 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 usb_new_device+0xbdd/0x1900 drivers/usb/core/hub.c:2631
 hub_port_connect drivers/usb/core/hub.c:5489 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5629 [inline]
 port_event drivers/usb/core/hub.c:5785 [inline]
 hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5867
 process_one_work+0x917/0x1260 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
----------------
Code disassembly (best guess):
   0:	68 fd ff ff 4d       	push   $0x4dfffffd
   5:	89 f5                	mov    %esi,%ebp
   7:	49 c1 ed 03          	shr    $0x3,%r13
   b:	43 80 7c 3d 00 00    	cmpb   $0x0,0x0(%r13,%r15,1)
  11:	74 08                	je     0x1b
  13:	4c 89 f7             	mov    %r14,%rdi
  16:	e8 c2 a5 bb f9       	call   0xf9bba5dd
  1b:	bb a8 00 00 00       	mov    $0xa8,%ebx
  20:	49 03 1e             	add    (%r14),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 24 a6 bb f9       	call   0xf9bba65d
  39:	48                   	rex.W
  3a:	8d                   	.byte 0x8d
  3b:	84 24 80             	test   %ah,(%rax,%rax,4)

Crashes (170):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/08 08:47 linux-6.1.y 6ae7ac5c4251 7e3bd60d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/25 10:11 linux-6.1.y e4d90d63d385 68da6d95 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/12 06:38 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/05/14 02:27 linux-6.1.y 02b72ccb5f9d 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/04 12:39 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/04 11:28 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/03 19:21 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/24 20:35 linux-6.1.y 420102835862 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/18 09:35 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/11 04:22 linux-6.1.y 420102835862 1ef3ab4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/09 09:03 linux-6.1.y 3dfebb87d7eb a775275d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/08 17:56 linux-6.1.y 3dfebb87d7eb a775275d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/26 01:05 linux-6.1.y 344a09659766 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/25 22:52 linux-6.1.y 344a09659766 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/25 12:24 linux-6.1.y 344a09659766 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/19 14:50 linux-6.1.y 344a09659766 8d0a2921 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/15 23:33 linux-6.1.y 344a09659766 e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/15 23:33 linux-6.1.y 344a09659766 e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/15 07:41 linux-6.1.y 344a09659766 e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/10 08:21 linux-6.1.y 6ae7ac5c4251 163f510d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/08 14:28 linux-6.1.y 6ae7ac5c4251 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/08 05:01 linux-6.1.y 6ae7ac5c4251 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/05 18:32 linux-6.1.y 3a8358583626 60f5d8d9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/03/02 01:25 linux-6.1.y 3a8358583626 c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/26 02:54 linux-6.1.y 3a8358583626 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/25 12:48 linux-6.1.y 3a8358583626 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/24 09:54 linux-6.1.y 3a8358583626 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/22 05:46 linux-6.1.y 3a8358583626 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/22 05:46 linux-6.1.y 3a8358583626 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/20 02:14 linux-6.1.y 0cbb5f65e52f b257a9b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/17 05:05 linux-6.1.y 0cbb5f65e52f 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/15 16:19 linux-6.1.y 0cbb5f65e52f 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/14 23:08 linux-6.1.y 0cbb5f65e52f 1022af74 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/09 15:58 linux-6.1.y 0cbb5f65e52f ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/09 06:04 linux-6.1.y 0cbb5f65e52f ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/09 05:02 linux-6.1.y 0cbb5f65e52f ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/02/09 03:08 linux-6.1.y 0cbb5f65e52f ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/01/22 06:23 linux-6.1.y f4f677285b38 da72ac06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/01/20 12:37 linux-6.1.y f4f677285b38 f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/01/13 04:38 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/01/12 11:51 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/01/11 22:42 linux-6.1.y c63962be84ef 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/01/08 22:08 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/01/07 06:26 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/01/06 15:06 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/12/30 00:24 linux-6.1.y 563edd786f0a d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/12/29 18:11 linux-6.1.y 563edd786f0a d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/12/28 18:13 linux-6.1.y 563edd786f0a d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/26 11:32 linux-6.1.y c18e82d3ee44 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/04 07:44 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/12/29 22:17 linux-6.1.y 563edd786f0a d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.