syzbot


general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 11:32
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+f172030e1ac89d63806c@syzkaller.appspotmail.com
First crash: 152d, last: 2h22m
Bug presence (2)
Date Name Commit Repro Result
2024/11/26 linux-6.1.y (ToT) e4d90d63d385 C [report] general protection fault in u2fzero_rng_read
2024/11/26 upstream (ToT) 7eef7e306d3c C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 general protection fault in u2fzero_rng_read origin:lts-only C inconclusive 46 3h30m 153d 0/3 upstream: reported C repro on 2024/07/26 05:50
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/09/26 08:39 7h03m fix candidate upstream OK (2) job log

Sample crash report:
usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
usb 1-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 1 PID: 41 Comm: kworker/1:1 Not tainted 6.1.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:137 [inline]
RIP: 0010:u2fzero_rng_read+0x27d/0x710 drivers/hid/hid-u2fzero.c:223
Code: 68 fd ff ff 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 82 19 c5 f9 bb a8 00 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 e4 19 c5 f9 48 8d 84 24 80 00 00
RSP: 0018:ffffc90000b26720 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: 0000000000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff888027c26769
RBP: ffffc90000b268d0 R08: dffffc0000000000 R09: ffff888027c2672e
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881473163e0
R13: 1ffff11028e62c06 R14: ffff888147316030 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd37b03188 CR3: 0000000018dc1000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rng_get_data drivers/char/hw_random/core.c:201 [inline]
 add_early_randomness+0x78/0x140 drivers/char/hw_random/core.c:73
 hwrng_register+0x3a0/0x440 drivers/char/hw_random/core.c:593
 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:665
 u2fzero_probe+0x31a/0x410 drivers/hid/hid-u2fzero.c:359
 hid_device_probe+0x298/0x3a0 drivers/hid/hid-core.c:2630
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3689
 hid_add_device+0x3a5/0x510 drivers/hid/hid-core.c:2782
 usbhid_probe+0xb2d/0xeb0 drivers/hid/usbhid/hid-core.c:1424
 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3689
 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238
 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293
 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
 driver_probe_device+0x50/0x420 drivers/base/dd.c:815
 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943
 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429
 __device_attach+0x359/0x570 drivers/base/dd.c:1015
 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489
 device_add+0xb48/0xfd0 drivers/base/core.c:3689
 usb_new_device+0xbdd/0x18f0 drivers/usb/core/hub.c:2620
 hub_port_connect drivers/usb/core/hub.c:5477 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5617 [inline]
 port_event drivers/usb/core/hub.c:5773 [inline]
 hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5855
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
----------------
Code disassembly (best guess):
   0:	68 fd ff ff 4d       	push   $0x4dfffffd
   5:	89 f5                	mov    %esi,%ebp
   7:	49 c1 ed 03          	shr    $0x3,%r13
   b:	43 80 7c 3d 00 00    	cmpb   $0x0,0x0(%r13,%r15,1)
  11:	74 08                	je     0x1b
  13:	4c 89 f7             	mov    %r14,%rdi
  16:	e8 82 19 c5 f9       	call   0xf9c5199d
  1b:	bb a8 00 00 00       	mov    $0xa8,%ebx
  20:	49 03 1e             	add    (%r14),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 e4 19 c5 f9       	call   0xf9c51a1d
  39:	48                   	rex.W
  3a:	8d                   	.byte 0x8d
  3b:	84 24 80             	test   %ah,(%rax,%rax,4)

Crashes (76):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/25 10:11 linux-6.1.y e4d90d63d385 68da6d95 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/12 06:38 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/12/26 07:47 linux-6.1.y 29f02ec58a94 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/12/20 05:22 linux-6.1.y 29f02ec58a94 5905cb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/12/08 01:54 linux-6.1.y e4d90d63d385 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/12/07 03:50 linux-6.1.y e4d90d63d385 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/29 11:51 linux-6.1.y e4d90d63d385 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/29 02:35 linux-6.1.y e4d90d63d385 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/25 09:36 linux-6.1.y e4d90d63d385 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/20 20:29 linux-6.1.y b67dc5c9ade9 4fca1650 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/18 08:43 linux-6.1.y b67dc5c9ade9 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/15 03:08 linux-6.1.y 59d7b1a7104a a8c99394 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/04 07:01 linux-6.1.y 7c15117f9468 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/02 18:29 linux-6.1.y 7c15117f9468 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/02 07:13 linux-6.1.y 7c15117f9468 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/10/31 21:42 linux-6.1.y 7ec6f9fa3d97 96eb609f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/10/30 08:54 linux-6.1.y 7ec6f9fa3d97 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/10/30 08:54 linux-6.1.y 7ec6f9fa3d97 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/10/28 03:51 linux-6.1.y 7ec6f9fa3d97 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/10/28 03:51 linux-6.1.y 7ec6f9fa3d97 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/10/23 18:54 linux-6.1.y 7ec6f9fa3d97 15fa2979 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/10/23 18:54 linux-6.1.y 7ec6f9fa3d97 15fa2979 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/09/17 12:11 linux-6.1.y 5f55cad62cc9 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/09/17 12:11 linux-6.1.y 5f55cad62cc9 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/09/17 05:17 linux-6.1.y 5f55cad62cc9 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/09/17 05:17 linux-6.1.y 5f55cad62cc9 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/26 02:21 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/26 02:21 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/25 15:32 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 21:37 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 21:37 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 21:34 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 21:33 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 00:20 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/24 00:20 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/22 21:59 linux-6.1.y ee5e09825b81 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/22 21:58 linux-6.1.y ee5e09825b81 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/12 00:20 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/12 00:20 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/11 23:15 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/11 23:15 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/11 22:47 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/11 22:47 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/07 01:38 linux-6.1.y 48d525b0e463 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/08/07 01:38 linux-6.1.y 48d525b0e463 1ef9fe42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/27 21:33 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/27 21:32 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/27 19:12 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/27 19:12 linux-6.1.y c1cec4dad96b 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/26 11:32 linux-6.1.y c18e82d3ee44 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/07/26 11:32 linux-6.1.y c18e82d3ee44 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in u2fzero_rng_read
2024/11/18 01:45 linux-6.1.y b67dc5c9ade9 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/09/17 02:47 linux-6.1.y 5f55cad62cc9 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/08/24 17:51 linux-6.1.y ee5e09825b81 d7d32352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/08/22 17:18 linux-6.1.y ee5e09825b81 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/08/12 02:25 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2024/08/12 02:24 linux-6.1.y 36790ef5e00b 6f4edef4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.