syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1343]
Subsystems
🐞 Fixed [7090]
🐞 Invalid [18712]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

general protection fault in status_show

Status: upstream: reported C repro on 2025/01/17 06:14
Subsystems: usb
[Documentation on labels]
Reported-by: syzbot+83976e47ec1ef91e66f1@syzkaller.appspotmail.com
First crash: 487d, last: 2d19h
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
be75570d-aafc-4261-a110-f285b5bc9676 assessment-security 💥 general protection fault in status_show 2026/05/14 13:34 2026/05/14 13:34 2026/05/14 13:36 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/fbcd2f9e4237bb52f7d22d3d24f00fc9af728a02" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: error: unable to open output file 'lib/raid/xor/xor-core.o': 'No such file or directory' error: unable to open output file 'drivers/char/xillybus/xillybus_class.o': 'No such file or directory' * * Restart config... * * * General architecture-dependent options * SMT (Hyperthreading) scheduler support (SCHED_SMT) [Y/?] y Cluster scheduler support (SCHED_CLUSTER) [Y/n/?] y Multi-Core Cache (MC) scheduler support (SCHED_MC) [Y/n/?] y Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Stack Protector buffer overflow detection (STACKPROTECTOR) [Y/n/?] y Strong Stack Protector (STACKPROTECTOR_STRONG) [Y/n/?] y Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Enable Clang's AutoFDO build (EXPERIMENTAL) (AUTOFDO_CLANG) [N/y/?] (NEW) Error in reading or end of file. Enable Clang's Propeller build (PROPELLER_CLANG) [N/y/?] (NEW) Error in reading or end of file. Use Kernel Control Flow Integrity (kCFI) (CFI) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 MMU page size > 1. 4KiB pages (PAGE_SIZE_4KB) choice[1]: 1 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Memory initialization * Initialize kernel stack variables at function entry 1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE) 2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) > 3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) choice[1-3?]: 3 Poison kernel stack before returning from syscalls (KSTACK_ERASE) [N/y/?] (NEW) Error in reading or end of file. Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [Y/n/?] y Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. /app/workdir/cache/src/1e39944fbafaaa3768fe503059b27f6727d79506/lib/maple_tree.c:3514:20: warning: stack frame size (2424) exceeds limit (2048) in 'mas_wr_store_entry' [-Wframe-larger-than] 3514 | static inline void mas_wr_store_entry(struct ma_wr_state *wr_mas) | ^ 1 warning generated. /app/workdir/cache/src/1e39944fbafaaa3768fe503059b27f6727d79506/security/apparmor/apparmorfs.c:177:28: warning: unused function 'get_loaddata_common_ref' [-Wunused-function] 177 | static struct aa_loaddata *get_loaddata_common_ref(struct aa_common_ref *ref) | ^~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. /app/workdir/cache/src/1e39944fbafaaa3768fe503059b27f6727d79506/sound/usb/mixer_s1810c.c:634:5: warning: stack frame size (2360) exceeds limit (2048) in 'snd_sc1810_init_mixer' [-Wframe-larger-than] 634 | int snd_sc1810_init_mixer(struct usb_mixer_interface *mixer) | ^ 1 warning generated. /app
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 1/2] usbip: vhci-hcd: do not show port status if the latter is not ready 2 (2) 2025/06/18 09:40
[syzbot] [usb?] general protection fault in status_show 3 (9) 2025/01/25 10:44
[PATCH v3] USB: usbip: fix null-ptr-deref in status_show_vhci() 2 (2) 2025/01/22 16:08
[PATCH v2] USB: usbip: fix null-ptr-deref in status_show_vhci() 2 (2) 2025/01/22 12:30
Re: [PATCH] USB: usbip: fix null-ptr-deref in status_show_vhci() 1 (1) 2025/01/22 12:23
[PATCH] USB: usbip: fix null-ptr-deref in status_show_vhci() 2 (2) 2025/01/22 08:56
Last patch testing requests (15)
Created Duration User Patch Repo Result
2026/05/11 17:45 24m retest repro upstream report log
2026/05/11 17:45 23m retest repro upstream report log
2026/04/27 17:06 24m retest repro upstream report log
2026/04/13 16:31 16m retest repro upstream report log
2026/02/23 05:21 15m retest repro upstream report log
2026/02/23 05:21 16m retest repro upstream report log
2026/02/02 16:15 15m retest repro upstream report log
2026/02/02 16:15 15m retest repro upstream report log
2025/12/15 04:30 16m retest repro upstream report log
2025/12/15 04:30 16m retest repro upstream report log
2025/01/25 10:23 19m hdanton@sina.com patch upstream log
2025/01/24 11:18 13m hdanton@sina.com patch upstream report log
2025/01/23 11:31 12m hdanton@sina.com patch upstream error
2025/01/22 22:19 13m skhan@linuxfoundation.org https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux.git usbip_test report log
2025/01/17 15:41 19m qasdev00@gmail.com patch upstream OK log

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000080: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000400-0x0000000000000407]
CPU: 0 UID: 0 PID: 5880 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:status_show_vhci drivers/usb/usbip/vhci_sysfs.c:80 [inline]
RIP: 0010:status_show+0x1c9/0xb90 drivers/usb/usbip/vhci_sysfs.c:160
Code: 03 80 3c 02 00 0f 85 c0 09 00 00 48 8b 9b 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 00 04 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a1 09 00 00 48 8b 83 00 04 00 00 41 c1 e6 04 45
RSP: 0018:ffffc900032afaa8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87bece32
RDX: 0000000000000080 RSI: ffffffff87beceb8 RDI: 0000000000000400
RBP: ffff8880799ac000 R08: 0000000000000005 R09: 0000000000000000
R10: 000000000000000f R11: 64666b636f732020 R12: dffffc0000000000
R13: ffff8880799ac02d R14: 000000000000000f R15: 1ffff92000655f5f
FS:  000055555bcfe500(0000) GS:ffff888124377000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2de63fff CR3: 0000000076228000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 dev_attr_show+0x52/0xa0 drivers/base/core.c:2421
 sysfs_kf_seq_show+0x217/0x3a0 fs/sysfs/file.c:65
 seq_read_iter+0x32f/0x1270 fs/seq_file.c:231
 kernfs_fop_read_iter+0x46c/0x610 fs/kernfs/file.c:297
 new_sync_read fs/read_write.c:493 [inline]
 vfs_read+0x825/0xb30 fs/read_write.c:574
 ksys_read+0x12a/0x250 fs/read_write.c:717
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd9a139cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe1490e368 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007fd9a1615fa0 RCX: 00007fd9a139cdd9
RDX: 000000000000101c RSI: 0000200000001280 RDI: 0000000000000003
RBP: 00007fd9a1432d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fd9a1615fac R14: 00007fd9a1615fa0 R15: 00007fd9a1615fa0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:status_show_vhci drivers/usb/usbip/vhci_sysfs.c:80 [inline]
RIP: 0010:status_show+0x1c9/0xb90 drivers/usb/usbip/vhci_sysfs.c:160
Code: 03 80 3c 02 00 0f 85 c0 09 00 00 48 8b 9b 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 00 04 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a1 09 00 00 48 8b 83 00 04 00 00 41 c1 e6 04 45
RSP: 0018:ffffc900032afaa8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff87bece32
RDX: 0000000000000080 RSI: ffffffff87beceb8 RDI: 0000000000000400
RBP: ffff8880799ac000 R08: 0000000000000005 R09: 0000000000000000
R10: 000000000000000f R11: 64666b636f732020 R12: dffffc0000000000
R13: ffff8880799ac02d R14: 000000000000000f R15: 1ffff92000655f5f
FS:  000055555bcfe500(0000) GS:ffff888124377000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2de63fff CR3: 0000000076228000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	03 80 3c 02 00 0f    	add    0xf00023c(%rax),%eax
   6:	85 c0                	test   %eax,%eax
   8:	09 00                	or     %eax,(%rax)
   a:	00 48 8b             	add    %cl,-0x75(%rax)
   d:	9b                   	fwait
   e:	88 00                	mov    %al,(%rax)
  10:	00 00                	add    %al,(%rax)
  12:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  19:	fc ff df
  1c:	48 8d bb 00 04 00 00 	lea    0x400(%rbx),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 a1 09 00 00    	jne    0x9d5
  34:	48 8b 83 00 04 00 00 	mov    0x400(%rbx),%rax
  3b:	41 c1 e6 04          	shl    $0x4,%r14d
  3f:	45                   	rex.RB

Crashes (16):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/12 15:28 upstream 50897c955902 07aeade5 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/12/01 04:11 upstream e69c7c175115 d1b870e1 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/01/13 08:15 upstream be548645527a 6dbc6a9b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/01/13 07:33 upstream be548645527a 6dbc6a9b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/01/13 06:47 upstream be548645527a 6dbc6a9b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2026/05/12 14:13 upstream 50897c955902 07aeade5 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2026/01/19 15:58 upstream 24d479d26b25 d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2026/01/17 08:23 upstream 39d3389331ab d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2026/01/07 22:08 upstream f0b9d8eb98df d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/12/20 17:59 upstream dd9b004b7ff3 d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/12/01 02:08 upstream e69c7c175115 d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/06/20 03:19 upstream 24770983ccfe ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/06/04 08:04 upstream 5abc7438f1e9 a30356b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/05/19 09:09 upstream a5806cd506af f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/01/27 18:18 upstream 9c5968db9e62 d99a33ad .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
2025/01/13 06:09 upstream be548645527a 6dbc6a9b .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in status_show
* Struck through repros no longer work on HEAD.