syzbot

 sign-in | mailing list | source | docs
🐞 Open [706]
🐞 Fixed [89]
🐞 Invalid [349]
Missing Backports [43]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 11:32
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+f172030e1ac89d63806c@syzkaller.appspotmail.com
First crash: 43d, last: 12d
Bug presence (2)
Date Name Commit Repro Result
2024/08/12 linux-6.1.y (ToT) 36790ef5e00b C [report] INFO: rcu detected stall in corrupted
2024/08/12 upstream (ToT) 7c626ce4bae1 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 general protection fault in u2fzero_rng_read origin:lts-only C 33 13d 43d 0/3 upstream: reported C repro on 2024/07/26 05:50

Sample crash report:
usb 1-1: config 0 descriptor??
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
Unable to handle kernel paging request at virtual address dfff800000000015
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000015] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4086 Comm: kworker/0:3 Not tainted 6.1.104-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: usb_hub_wq hub_event
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
pc : u2fzero_rng_read+0x204/0x614 drivers/hid/hid-u2fzero.c:223
lr : u2fzero_recv drivers/hid/hid-u2fzero.c:135 [inline]
lr : u2fzero_rng_read+0x1e0/0x614 drivers/hid/hid-u2fzero.c:223
sp : ffff80001de16360
x29: ffff80001de164d0 x28: 00000000000000a8 x27: ffff0000d4f3f088
x26: ffff0000d4f3f438 x25: ffff80001de163c0 x24: ffff0000d4f3f080
x23: 1fffe0001a9e7e11 x22: ffff0000d4f3f320 x21: 1fffe0001a9e7e87
x20: dfff800000000000 x19: ffff700003bc2c74 x18: ffff80001de15e80
x17: ffff800018a96000 x16: ffff8000121d73c0 x15: ffff80001857bf80
x14: 0000000038b72a3a x13: dfff800000000000 x12: ffff6000186296d8
x11: 1fffe000186296d0 x10: 0000000000000001 x9 : 0000000000000001
x8 : 0000000000000015 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800018bcfba0 x4 : 000000000000000a x3 : 0000000000000030
x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff0000c314b686
Call trace:
 u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
 u2fzero_rng_read+0x204/0x614 drivers/hid/hid-u2fzero.c:223
 rng_get_data drivers/char/hw_random/core.c:201 [inline]
 add_early_randomness+0x88/0x16c drivers/char/hw_random/core.c:73
 hwrng_register+0x37c/0x430 drivers/char/hw_random/core.c:593
 devm_hwrng_register+0x50/0xcc drivers/char/hw_random/core.c:665
 u2fzero_init_hwrng+0x108/0x144 drivers/hid/hid-u2fzero.c:266
 u2fzero_probe+0x2fc/0x3e0 drivers/hid/hid-u2fzero.c:359
 hid_device_probe+0x238/0x328 drivers/hid/hid-core.c:2630
 really_probe+0x394/0xacc drivers/base/dd.c:639
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785
 driver_probe_device+0x78/0x330 drivers/base/dd.c:815
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3689
 hid_add_device+0x318/0x4a8 drivers/hid/hid-core.c:2782
 usbhid_probe+0x864/0xba4 drivers/hid/usbhid/hid-core.c:1424
 usb_probe_interface+0x500/0x984 drivers/usb/core/driver.c:396
 really_probe+0x394/0xacc drivers/base/dd.c:639
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785
 driver_probe_device+0x78/0x330 drivers/base/dd.c:815
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3689
 usb_set_configuration+0x15c0/0x1b40 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x8c/0x148 drivers/usb/core/generic.c:238
 usb_probe_device+0x120/0x25c drivers/usb/core/driver.c:293
 really_probe+0x394/0xacc drivers/base/dd.c:639
 __driver_probe_device+0x194/0x3b4 drivers/base/dd.c:785
 driver_probe_device+0x78/0x330 drivers/base/dd.c:815
 __device_attach_driver+0x2a8/0x4f4 drivers/base/dd.c:943
 bus_for_each_drv+0x158/0x1e0 drivers/base/bus.c:427
 __device_attach+0x2f0/0x480 drivers/base/dd.c:1015
 device_initial_probe+0x24/0x34 drivers/base/dd.c:1064
 bus_probe_device+0xbc/0x1c8 drivers/base/bus.c:487
 device_add+0xae0/0xef4 drivers/base/core.c:3689
 usb_new_device+0x908/0x1440 drivers/usb/core/hub.c:2620
 hub_port_connect drivers/usb/core/hub.c:5477 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5617 [inline]
 port_event drivers/usb/core/hub.c:5773 [inline]
 hub_event+0x243c/0x42e4 drivers/usb/core/hub.c:5855
 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
Code: 963c0ddd f9400368 9102a11c d343ff88 (38746908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	963c0ddd 	bl	0xfffffffff8f03774
   4:	f9400368 	ldr	x8, [x27]
   8:	9102a11c 	add	x28, x8, #0xa8
   c:	d343ff88 	lsr	x8, x28, #3
* 10:	38746908 	ldrb	w8, [x8, x20] <-- trapping instruction

Crashes (30):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/12 06:38 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/08/26 02:21 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/26 02:21 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/25 15:32 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 21:37 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 21:37 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 21:34 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 21:33 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 00:20 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 00:20 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/22 21:59 linux-6.1.y ee5e09825b81 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/22 21:58 linux-6.1.y ee5e09825b81 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/12 00:20 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/12 00:20 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/11 23:15 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/11 23:15 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/11 22:47 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/11 22:47 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/07 01:38 linux-6.1.y 48d525b0e463 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/07 01:38 linux-6.1.y 48d525b0e463 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/27 21:33 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/27 21:32 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/27 19:12 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/27 19:12 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/26 11:32 linux-6.1.y c18e82d3ee44 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/26 11:32 linux-6.1.y c18e82d3ee44 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 17:51 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/08/22 17:18 linux-6.1.y ee5e09825b81 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/08/12 02:25 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/08/12 02:24 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.