syzbot

 sign-in | mailing list | source | docs
🐞 Open [782]
🐞 Fixed [129]
🐞 Invalid [842]
Missing Backports [74]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 11:32
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+f172030e1ac89d63806c@syzkaller.appspotmail.com
First crash: 397d, last: 8h48m
Bug presence (2)
Date Name Commit Repro Result
2024/11/26 linux-6.1.y (ToT) e4d90d63d385 C [report] general protection fault in u2fzero_rng_read
2024/11/26 upstream (ToT) 7eef7e306d3c C Didn't crash
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 general protection fault in u2fzero_rng_read origin:lts-only 2 C inconclusive 53 8h07m 68d 0/2 upstream: reported C repro on 2025/06/21 06:00
linux-5.15 general protection fault in u2fzero_rng_read origin:lts-only 8 C inconclusive 180 3d10h 398d 0/3 upstream: reported C repro on 2024/07/26 05:50
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2025/02/10 07:28 5h53m fix candidate upstream OK (2) job log
2024/09/26 08:39 7h03m fix candidate upstream OK (2) job log

Sample crash report:
usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
usb 1-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.130-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
RIP: 0010:u2fzero_rng_read+0x27d/0x750 drivers/hid/hid-u2fzero.c:223
Code: 68 fd ff ff 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 c2 a5 bb f9 bb a8 00 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 24 a6 bb f9 48 8d 84 24 80 00 00
RSP: 0018:ffffc90002d96720 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: 0000000000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88807ebf3c69
RBP: ffffc90002d968d0 R08: dffffc0000000000 R09: ffff88807ebf3c2e
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88801d6873e0
R13: 1ffff11003ad0e06 R14: ffff88801d687030 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555fc67377c8 CR3: 000000002fcd9000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rng_get_data drivers/char/hw_random/core.c:201 [inline]
 add_early_randomness+0x78/0x140 drivers/char/hw_random/core.c:73
 hwrng_register+0x3a0/0x440 drivers/char/hw_random/core.c:593
 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:665
 u2fzero_probe+0x31a/0x410 drivers/hid/hid-u2fzero.c:359
 hid_device_probe+0x298/0x3a0 drivers/hid/hid-core.c:2632
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 hid_add_device+0x3a5/0x510 drivers/hid/hid-core.c:2784
 usbhid_probe+0xc09/0xfc0 drivers/hid/usbhid/hid-core.c:1424
 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3696
 usb_new_device+0xbdd/0x1900 drivers/usb/core/hub.c:2631
 hub_port_connect drivers/usb/core/hub.c:5489 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5629 [inline]
 port_event drivers/usb/core/hub.c:5785 [inline]
 hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5867
 process_one_work+0x917/0x1260 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
----------------
Code disassembly (best guess):
   0:	68 fd ff ff 4d       	push   $0x4dfffffd
   5:	89 f5                	mov    %esi,%ebp
   7:	49 c1 ed 03          	shr    $0x3,%r13
   b:	43 80 7c 3d 00 00    	cmpb   $0x0,0x0(%r13,%r15,1)
  11:	74 08                	je     0x1b
  13:	4c 89 f7             	mov    %r14,%rdi
  16:	e8 c2 a5 bb f9       	call   0xf9bba5dd
  1b:	bb a8 00 00 00       	mov    $0xa8,%ebx
  20:	49 03 1e             	add    (%r14),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 24 a6 bb f9       	call   0xf9bba65d
  39:	48                   	rex.W
  3a:	8d                   	.byte 0x8d
  3b:	84 24 80             	test   %ah,(%rax,%rax,4)

Crashes (236):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/08 08:47 linux-6.1.y 6ae7ac5c4251 7e3bd60d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/25 10:11 linux-6.1.y e4d90d63d385 68da6d95 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/12 06:38 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/08/28 02:25 linux-6.1.y 0bc96de781b4 e12e5ba4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/24 12:13 linux-6.1.y 0bc96de781b4 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/21 01:10 linux-6.1.y 0bc96de781b4 0b9605c8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/09 11:54 linux-6.1.y 3594f306da12 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/08 21:17 linux-6.1.y 3594f306da12 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/06 15:59 linux-6.1.y 3594f306da12 ffe1dd46 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/05 04:51 linux-6.1.y 3594f306da12 f5bcc8dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/04 16:23 linux-6.1.y 3594f306da12 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/04 07:51 linux-6.1.y 3594f306da12 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/04 05:16 linux-6.1.y 3594f306da12 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/29 01:51 linux-6.1.y 3594f306da12 6654ea9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/25 20:13 linux-6.1.y 3594f306da12 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/21 03:09 linux-6.1.y 3369c6df2fae 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/18 16:26 linux-6.1.y 3369c6df2fae 88248e14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/18 00:38 linux-6.1.y f2198ea7eb3e 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/17 10:30 linux-6.1.y f2198ea7eb3e 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/17 08:08 linux-6.1.y f2198ea7eb3e 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/14 10:11 linux-6.1.y dfc486ec9cce 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/10 12:01 linux-6.1.y 04d1ccaa9c28 956bd956 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/10 12:01 linux-6.1.y 04d1ccaa9c28 956bd956 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/05 18:37 linux-6.1.y 7e69c33e4858 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/07/05 02:45 linux-6.1.y 7e69c33e4858 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/30 07:37 linux-6.1.y 7e69c33e4858 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/29 15:28 linux-6.1.y 7e69c33e4858 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/28 12:09 linux-6.1.y 7e69c33e4858 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/13 06:02 linux-6.1.y 58485ff1a74f 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/13 06:02 linux-6.1.y 58485ff1a74f 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/08 00:39 linux-6.1.y 58485ff1a74f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/07 16:21 linux-6.1.y 58485ff1a74f 4826c28e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/02 09:11 linux-6.1.y da3c5173c55f 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/06/01 06:29 linux-6.1.y da3c5173c55f 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/30 13:01 linux-6.1.y da3c5173c55f 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/14 02:27 linux-6.1.y 02b72ccb5f9d 7344edeb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/04 12:39 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/04 11:28 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/05/03 19:21 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/24 20:35 linux-6.1.y 420102835862 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/18 09:35 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/11 04:22 linux-6.1.y 420102835862 1ef3ab4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/09 09:03 linux-6.1.y 3dfebb87d7eb a775275d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/04/08 17:56 linux-6.1.y 3dfebb87d7eb a775275d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/26 11:32 linux-6.1.y c18e82d3ee44 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2025/08/09 19:23 linux-6.1.y 3594f306da12 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/08/04 01:11 linux-6.1.y 3594f306da12 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/07/10 10:27 linux-6.1.y 04d1ccaa9c28 956bd956 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/06/29 13:21 linux-6.1.y 7e69c33e4858 fc9d8ee5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/05/04 07:44 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.