syzbot

 sign-in | mailing list | source | docs
🐞 Open [854]
🐞 Fixed [87]
🐞 Invalid [1270]
Missing Backports [132]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 05:50
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+eee3da306b650209ce68@syzkaller.appspotmail.com
First crash: 624d, last: 6d23h
Bug presence (2)
Date Name Commit Repro Result
2024/07/27 linux-5.15.y (ToT) 7e89efd3ae1c C [report] general protection fault in u2fzero_rng_read
2024/07/27 upstream (ToT) 3a7e02c040b1 C Didn't crash
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 general protection fault in u2fzero_rng_read origin:lts-only 8 C inconclusive 355 1d10h 624d 0/3 upstream: reported C repro on 2024/07/26 11:32
linux-6.6 general protection fault in u2fzero_rng_read origin:lts-only 2 C inconclusive 149 10d 294d 0/2 upstream: reported C repro on 2025/06/21 06:00
Last patch testing requests (10)
Created Duration User Patch Repo Result
2026/02/08 06:20 12m retest repro linux-5.15.y report log
2026/02/08 06:20 11m retest repro linux-5.15.y report log
2026/02/08 06:20 11m retest repro linux-5.15.y report log
2026/02/08 06:20 15m retest repro linux-5.15.y report log
2026/02/08 06:20 10m retest repro linux-5.15.y report log
2025/06/28 13:21 14m retest repro linux-5.15.y report log
2025/06/28 13:21 14m retest repro linux-5.15.y report log
2025/06/28 13:21 9m retest repro linux-5.15.y report log
2025/06/28 13:21 9m retest repro linux-5.15.y report log
2024/12/16 20:26 9m retest repro linux-5.15.y report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/10/29 05:34 7h51m fix candidate upstream OK (2) job log

Sample crash report:
usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
usb 1-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-1: config 0 descriptor??
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 4313 Comm: kworker/0:16 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline]
RIP: 0010:u2fzero_rng_read+0x256/0x750 drivers/hid/hid-u2fzero.c:202
Code: d9 74 12 4c 89 ef e8 19 92 4e fa 48 b9 00 00 00 00 00 fc ff df bb a8 00 00 00 4c 89 6c 24 18 49 03 5d 00 48 89 d8 48 c1 e8 03 <80> 3c 08 00 74 08 48 89 df e8 6c 92 4e fa 48 8d 84 24 80 00 00 00
RSP: 0018:ffffc9000303e7c0 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff888072a36f69
RBP: ffffc9000303e978 R08: 0000000000000000 R09: ffff888072a36f2e
R10: dffffc0000000000 R11: ffffed100e546ded R12: 1ffff1100e6c4006
R13: ffff888073620030 R14: ffff888073620388 R15: 1ffff92000607d04
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fec5d9b3f00 CR3: 0000000072a3d000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rng_get_data drivers/char/hw_random/core.c:196 [inline]
 add_early_randomness+0x7a/0x150 drivers/char/hw_random/core.c:74
 hwrng_register+0x42d/0x4b0 drivers/char/hw_random/core.c:526
 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:597
 u2fzero_probe+0x26e/0x2f0 drivers/hid/hid-u2fzero.c:336
 hid_device_probe+0x271/0x360 drivers/hid/hid-core.c:2323
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x184/0x210 drivers/base/bus.c:429
 __device_attach+0x2a8/0x480 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 hid_add_device+0x389/0x530 drivers/hid/hid-core.c:2475
 usbhid_probe+0xb92/0xf40 drivers/hid/usbhid/hid-core.c:1442
 usb_probe_interface+0x5c5/0xb20 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x184/0x210 drivers/base/bus.c:429
 __device_attach+0x2a8/0x480 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_set_configuration+0x1991/0x1fd0 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x89/0x150 drivers/usb/core/generic.c:238
 usb_probe_device+0x139/0x270 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x184/0x210 drivers/base/bus.c:429
 __device_attach+0x2a8/0x480 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_new_device+0xd65/0x1660 drivers/usb/core/hub.c:2632
 hub_port_connect drivers/usb/core/hub.c:5497 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5637 [inline]
 port_event drivers/usb/core/hub.c:5799 [inline]
 hub_event+0x2e4a/0x55e0 drivers/usb/core/hub.c:5881
 process_one_work+0x85f/0x1010 kernel/workqueue.c:2310
 worker_thread+0xaa6/0x1290 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Modules linked in:
---[ end trace ae4cdb07f37cd721 ]---
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline]
RIP: 0010:u2fzero_rng_read+0x256/0x750 drivers/hid/hid-u2fzero.c:202
Code: d9 74 12 4c 89 ef e8 19 92 4e fa 48 b9 00 00 00 00 00 fc ff df bb a8 00 00 00 4c 89 6c 24 18 49 03 5d 00 48 89 d8 48 c1 e8 03 <80> 3c 08 00 74 08 48 89 df e8 6c 92 4e fa 48 8d 84 24 80 00 00 00
RSP: 0018:ffffc9000303e7c0 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff888072a36f69
RBP: ffffc9000303e978 R08: 0000000000000000 R09: ffff888072a36f2e
R10: dffffc0000000000 R11: ffffed100e546ded R12: 1ffff1100e6c4006
R13: ffff888073620030 R14: ffff888073620388 R15: 1ffff92000607d04
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fec5d9b3f00 CR3: 0000000072a3d000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	d9 74 12 4c          	fnstenv 0x4c(%rdx,%rdx,1)
   4:	89 ef                	mov    %ebp,%edi
   6:	e8 19 92 4e fa       	call   0xfa4e9224
   b:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  12:	fc ff df
  15:	bb a8 00 00 00       	mov    $0xa8,%ebx
  1a:	4c 89 6c 24 18       	mov    %r13,0x18(%rsp)
  1f:	49 03 5d 00          	add    0x0(%r13),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	48 89 df             	mov    %rbx,%rdi
  33:	e8 6c 92 4e fa       	call   0xfa4e92a4
  38:	48 8d 84 24 80 00 00 	lea    0x80(%rsp),%rax
  3f:	00

Crashes (259):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/04/05 00:55 linux-5.15.y 91d48252ad4b 4440e7c2 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/22 00:05 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/07 23:29 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/30 13:37 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/16 19:49 linux-5.15.y c16c81c81336 40a34ec9 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/11/04 11:02 linux-5.15.y 72244eab0dad f00eed24 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/27 06:47 linux-5.15.y 7c6d66f0266f 46eb10b7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/04/05 00:22 linux-5.15.y 91d48252ad4b 4440e7c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/03/30 02:03 linux-5.15.y 91d48252ad4b b5ceaad2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/03/29 14:00 linux-5.15.y 91d48252ad4b b5ceaad2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/03/18 04:08 linux-5.15.y 91d48252ad4b c8810548 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/03/09 03:10 linux-5.15.y 91d48252ad4b 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/03/08 06:25 linux-5.15.y 91d48252ad4b 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/03/04 09:11 linux-5.15.y 3330a8d33e08 4180d919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/03/01 15:57 linux-5.15.y 3330a8d33e08 43249bac .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/02/25 17:30 linux-5.15.y 3330a8d33e08 94a9671e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/02/21 00:25 linux-5.15.y 3330a8d33e08 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/02/21 00:25 linux-5.15.y 3330a8d33e08 6e7b5511 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/02/20 15:58 linux-5.15.y 3330a8d33e08 17d780d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/02/19 23:24 linux-5.15.y 3330a8d33e08 c8d8c52d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/02/19 12:25 linux-5.15.y e45d5d41c134 746545b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/02/15 23:53 linux-5.15.y e45d5d41c134 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/02/08 21:03 linux-5.15.y 7b232985052f 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/25 03:58 linux-5.15.y 9eec9a14ee10 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/15 19:45 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/14 20:55 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/14 14:47 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/07 13:54 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/06 14:09 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/04 14:42 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/30 09:21 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/30 03:34 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/30 03:33 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/25 21:36 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/21 23:39 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/13 05:02 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/04 10:50 linux-5.15.y cc5ec8769306 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/04 03:11 linux-5.15.y cc5ec8769306 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/29 05:32 linux-5.15.y cc5ec8769306 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/27 20:25 linux-5.15.y cc5ec8769306 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/22 10:19 linux-5.15.y cc5ec8769306 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/22 01:17 linux-5.15.y cc5ec8769306 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/09 06:01 linux-5.15.y cc5ec8769306 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/03 07:37 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/31 10:36 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/31 04:24 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/21 22:17 linux-5.15.y ac56c046adf4 9832ed61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/13 23:04 linux-5.15.y 29e53a5b1c4f b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/12 14:55 linux-5.15.y 29e53a5b1c4f ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/07 18:32 linux-5.15.y 29e53a5b1c4f 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/03 20:12 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/29 10:25 linux-5.15.y 43bb85222e53 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/19 04:21 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/26 05:49 linux-5.15.y 7c6d66f0266f 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/25 00:54 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/08/21 17:34 linux-5.15.y c79648372d02 3e79b825 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.