syzbot

 sign-in | mailing list | source | docs
🐞 Open [826]
🐞 Fixed [87]
🐞 Invalid [1180]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in u2fzero_rng_read

Status: upstream: reported C repro on 2024/07/26 05:50
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+eee3da306b650209ce68@syzkaller.appspotmail.com
First crash: 535d, last: 4d23h
Bug presence (2)
Date Name Commit Repro Result
2024/07/27 linux-5.15.y (ToT) 7e89efd3ae1c C [report] general protection fault in u2fzero_rng_read
2024/07/27 upstream (ToT) 3a7e02c040b1 C Didn't crash
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 general protection fault in u2fzero_rng_read origin:lts-only 8 C inconclusive 317 1d13h 535d 0/3 upstream: reported C repro on 2024/07/26 11:32
linux-6.6 general protection fault in u2fzero_rng_read origin:lts-only 2 C inconclusive 117 11d 205d 0/2 upstream: reported C repro on 2025/06/21 06:00
Last patch testing requests (7)
Created Duration User Patch Repo Result
2025/06/28 13:21 14m retest repro linux-5.15.y report log
2025/06/28 13:21 14m retest repro linux-5.15.y report log
2025/06/28 13:21 9m retest repro linux-5.15.y report log
2025/06/28 13:21 9m retest repro linux-5.15.y report log
2024/12/16 20:26 9m retest repro linux-5.15.y report log
2024/11/18 15:20 11m retest repro linux-5.15.y report log
2024/10/05 21:19 11m retest repro linux-5.15.y report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/10/29 05:34 7h51m fix candidate upstream OK (2) job log

Sample crash report:
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: unknown main item tag 0x0
hid-u2fzero 0003:10C4:8ACF.0001: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0
hid-u2fzero 0003:10C4:8ACF.0001: U2F Zero LED initialised
general protection fault, probably for non-canonical address 0xdffffc0000000015: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000a8-0x00000000000000af]
CPU: 0 PID: 2238 Comm: kworker/0:2 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: usb_hub_wq hub_event
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline]
RIP: 0010:u2fzero_rng_read+0x1fd/0x660 drivers/hid/hid-u2fzero.c:202
Code: 03 41 80 7c 1d 00 00 74 08 4c 89 ff e8 0c 97 5f fa bb a8 00 00 00 49 03 1f 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 65 97 5f fa 48 8d 44 24 60 48 89 03
RSP: 0018:ffffc900060be800 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88805c539369
RBP: ffffc900060be998 R08: 0000000000000001 R09: ffff88805c53932e
R10: ffffed100b8a726d R11: 1ffff1100b8a7265 R12: 1ffff1100f64aa71
R13: 1ffff1100f64aa06 R14: ffff88807b255388 R15: ffff88807b255030
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf005a7e9c CR3: 0000000072c99000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rng_get_data drivers/char/hw_random/core.c:196 [inline]
 add_early_randomness+0x7a/0x150 drivers/char/hw_random/core.c:74
 hwrng_register+0x42d/0x4b0 drivers/char/hw_random/core.c:526
 devm_hwrng_register+0x43/0xb0 drivers/char/hw_random/core.c:597
 u2fzero_probe+0x26e/0x2f0 drivers/hid/hid-u2fzero.c:336
 hid_device_probe+0x271/0x360 drivers/hid/hid-core.c:2318
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 hid_add_device+0x389/0x530 drivers/hid/hid-core.c:2470
 usbhid_probe+0xb92/0xf40 drivers/hid/usbhid/hid-core.c:1427
 usb_probe_interface+0x5a0/0xaf0 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_set_configuration+0x1991/0x1fd0 drivers/usb/core/message.c:2165
 usb_generic_driver_probe+0x89/0x150 drivers/usb/core/generic.c:238
 usb_probe_device+0x139/0x270 drivers/usb/core/driver.c:293
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x284/0xc80 drivers/base/dd.c:595
 __driver_probe_device+0x18c/0x330 drivers/base/dd.c:755
 driver_probe_device+0x4f/0x420 drivers/base/dd.c:785
 __device_attach_driver+0x2b0/0x500 drivers/base/dd.c:907
 bus_for_each_drv+0x175/0x200 drivers/base/bus.c:429
 __device_attach+0x29b/0x460 drivers/base/dd.c:979
 bus_probe_device+0xbc/0x1e0 drivers/base/bus.c:489
 device_add+0xa00/0xfb0 drivers/base/core.c:3412
 usb_new_device+0xd53/0x1640 drivers/usb/core/hub.c:2632
 hub_port_connect drivers/usb/core/hub.c:5497 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5637 [inline]
 port_event drivers/usb/core/hub.c:5799 [inline]
 hub_event+0x2dd9/0x5560 drivers/usb/core/hub.c:5881
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Modules linked in:
---[ end trace c3b6b7d203e1d057 ]---
RIP: 0010:u2fzero_recv drivers/hid/hid-u2fzero.c:116 [inline]
RIP: 0010:u2fzero_rng_read+0x1fd/0x660 drivers/hid/hid-u2fzero.c:202
Code: 03 41 80 7c 1d 00 00 74 08 4c 89 ff e8 0c 97 5f fa bb a8 00 00 00 49 03 1f 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 65 97 5f fa 48 8d 44 24 60 48 89 03
RSP: 0018:ffffc900060be800 EFLAGS: 00010202
RAX: 0000000000000015 RBX: 00000000000000a8 RCX: dffffc0000000000
RDX: 000000000000003b RSI: 0000000000000000 RDI: ffff88805c539369
RBP: ffffc900060be998 R08: 0000000000000001 R09: ffff88805c53932e
R10: ffffed100b8a726d R11: 1ffff1100b8a7265 R12: 1ffff1100f64aa71
R13: 1ffff1100f64aa06 R14: ffff88807b255388 R15: ffff88807b255030
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf005a7e9c CR3: 00000000256bc000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	03 41 80             	add    -0x80(%rcx),%eax
   3:	7c 1d                	jl     0x22
   5:	00 00                	add    %al,(%rax)
   7:	74 08                	je     0x11
   9:	4c 89 ff             	mov    %r15,%rdi
   c:	e8 0c 97 5f fa       	call   0xfa5f971d
  11:	bb a8 00 00 00       	mov    $0xa8,%ebx
  16:	49 03 1f             	add    (%r15),%rbx
  19:	48 89 d8             	mov    %rbx,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	48 89 df             	mov    %rbx,%rdi
  33:	e8 65 97 5f fa       	call   0xfa5f979d
  38:	48 8d 44 24 60       	lea    0x60(%rsp),%rax
  3d:	48 89 03             	mov    %rax,(%rbx)

Crashes (225):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/22 00:05 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/07 23:29 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/05/30 13:37 linux-5.15.y 98f47d0e9b8c 3d2f584d .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/02/16 19:49 linux-5.15.y c16c81c81336 40a34ec9 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/11/04 11:02 linux-5.15.y 72244eab0dad f00eed24 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/27 06:47 linux-5.15.y 7c6d66f0266f 46eb10b7 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/07 13:54 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/06 14:09 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2026/01/04 14:42 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/30 09:21 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/30 03:34 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/30 03:33 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/25 21:36 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/21 23:39 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/13 05:02 linux-5.15.y 68efe5a6c16a d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/04 10:50 linux-5.15.y cc5ec8769306 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/12/04 03:11 linux-5.15.y cc5ec8769306 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/29 05:32 linux-5.15.y cc5ec8769306 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/27 20:25 linux-5.15.y cc5ec8769306 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/22 10:19 linux-5.15.y cc5ec8769306 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/22 01:17 linux-5.15.y cc5ec8769306 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/09 06:01 linux-5.15.y cc5ec8769306 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/11/03 07:37 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/31 10:36 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/31 04:24 linux-5.15.y cc5ec8769306 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/21 22:17 linux-5.15.y ac56c046adf4 9832ed61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/13 23:04 linux-5.15.y 29e53a5b1c4f b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/12 14:55 linux-5.15.y 29e53a5b1c4f ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/07 18:32 linux-5.15.y 29e53a5b1c4f 8ef35d49 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/10/03 20:12 linux-5.15.y 29e53a5b1c4f 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/29 10:25 linux-5.15.y 43bb85222e53 001c9061 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/19 04:21 linux-5.15.y 43bb85222e53 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/10 12:10 linux-5.15.y de9476bb4f1b fdeaa69b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/09/07 23:00 linux-5.15.y 7a6c2d093c45 d291dd2d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/29 04:43 linux-5.15.y 01879f56bdde d401b9d7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/24 22:48 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/24 12:10 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/16 16:54 linux-5.15.y c79648372d02 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/09 19:56 linux-5.15.y c79648372d02 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/09 08:07 linux-5.15.y c79648372d02 32a0e5ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/06 13:16 linux-5.15.y c79648372d02 ffe1dd46 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/05 04:01 linux-5.15.y c79648372d02 f5bcc8dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/04 02:57 linux-5.15.y c79648372d02 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/01 09:15 linux-5.15.y c79648372d02 0c075d67 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/29 03:19 linux-5.15.y c79648372d02 6654ea9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/24 16:42 linux-5.15.y c79648372d02 65d60d73 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/18 15:49 linux-5.15.y c79648372d02 88248e14 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/18 01:16 linux-5.15.y 89950c454265 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/17 22:19 linux-5.15.y 89950c454265 0d1223f1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/16 18:45 linux-5.15.y 89950c454265 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/16 17:32 linux-5.15.y 89950c454265 124ec9cc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/07/06 03:46 linux-5.15.y 3dea0e7f549e 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2024/07/26 05:49 linux-5.15.y 7c6d66f0266f 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in u2fzero_rng_read
2025/08/25 00:54 linux-5.15.y c79648372d02 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
2025/08/21 17:34 linux-5.15.y c79648372d02 3e79b825 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in u2fzero_rng_read
* Struck through repros no longer work on HEAD.