syzbot

 sign-in | mailing list | source | docs
🐞 Open [851]
🐞 Fixed [138]
🐞 Invalid [973]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in h5_recv

Status: upstream: reported C repro on 2025/05/03 02:45
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+7767f099e39e2bf5f123@syzkaller.appspotmail.com
First crash: 241d, last: 17h01m
Bug presence (1)
Date Name Commit Repro Result
2025/05/09 upstream (ToT) 9c69f8884904 C [report] general protection fault in h5_recv
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in h5_recv bluetooth 10 C done 3017 now 323d 0/29 upstream: reported C repro on 2025/02/09 15:45
linux-5.15 general protection fault in h5_recv origin:upstream 8 C 16 4d22h 209d 0/3 upstream: reported C repro on 2025/06/04 06:57
linux-6.6 general protection fault in h5_recv origin:upstream 2 C 12 2d17h 181d 0/2 upstream: reported C repro on 2025/07/02 07:26
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/06/23 01:14 2h37m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc000000005f: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000002f8-0x00000000000002ff]
CPU: 1 PID: 10320 Comm: syz-executor198 Not tainted 6.1.137-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
RIP: 0010:h5_recv+0x149/0x8c0 drivers/bluetooth/hci_h5.c:569
Code: 89 54 24 70 48 89 4c 24 28 48 c1 e9 03 48 89 4c 24 30 48 89 44 24 38 48 c1 e8 03 48 89 44 24 68 4c 89 74 24 18 48 8b 44 24 40 <80> 3c 18 00 74 08 4c 89 f7 e8 69 7f 89 fa 4d 8b 36 31 ff 4c 89 f6
RSP: 0018:ffffc9000d487c40 EFLAGS: 00010202
RAX: 000000000000005f RBX: dffffc0000000000 RCX: 000000000000005e
RDX: 1ffff1100dc57d82 RSI: 000000000000005f RDI: 0000000000000000
RBP: ffffc9000d487d80 R08: dffffc0000000000 R09: ffffed100dc57d84
R10: ffffed100dc57d84 R11: 1ffff1100dc57d83 R12: 0000000000000001
R13: ffff88806e2bec00 R14: 00000000000002f8 R15: 0000000000000061
FS:  00007f8c6ae166c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc178905a48 CR3: 0000000076d09000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hci_uart_tty_receive+0x188/0x210 drivers/bluetooth/hci_ldisc.c:624
 tiocsti+0x1f6/0x280 drivers/tty/tty_io.c:2288
 tty_ioctl+0x34e/0xba0 drivers/tty/tty_io.c:2690
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f8c6b6875c9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8c6ae16168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8c6b708438 RCX: 00007f8c6b6875c9
RDX: 0000200000000140 RSI: 0000000000005412 RDI: 0000000000000006
RBP: 00007f8c6b708430 R08: 00007f8c6ae166c0 R09: 0000000000000000
R10: 00007f8c6ae166c0 R11: 0000000000000246 R12: 00007f8c6b70843c
R13: 000000000000006e R14: 00007ffd81b4f6e0 R15: 00007ffd81b4f7c8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:h5_recv+0x149/0x8c0 drivers/bluetooth/hci_h5.c:569
Code: 89 54 24 70 48 89 4c 24 28 48 c1 e9 03 48 89 4c 24 30 48 89 44 24 38 48 c1 e8 03 48 89 44 24 68 4c 89 74 24 18 48 8b 44 24 40 <80> 3c 18 00 74 08 4c 89 f7 e8 69 7f 89 fa 4d 8b 36 31 ff 4c 89 f6
RSP: 0018:ffffc9000d487c40 EFLAGS: 00010202

RAX: 000000000000005f RBX: dffffc0000000000 RCX: 000000000000005e
RDX: 1ffff1100dc57d82 RSI: 000000000000005f RDI: 0000000000000000
RBP: ffffc9000d487d80 R08: dffffc0000000000 R09: ffffed100dc57d84
R10: ffffed100dc57d84 R11: 1ffff1100dc57d83 R12: 0000000000000001
R13: ffff88806e2bec00 R14: 00000000000002f8 R15: 0000000000000061
FS:  00007f8c6ae166c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd81b4ece8 CR3: 0000000076d09000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	89 54 24 70          	mov    %edx,0x70(%rsp)
   4:	48 89 4c 24 28       	mov    %rcx,0x28(%rsp)
   9:	48 c1 e9 03          	shr    $0x3,%rcx
   d:	48 89 4c 24 30       	mov    %rcx,0x30(%rsp)
  12:	48 89 44 24 38       	mov    %rax,0x38(%rsp)
  17:	48 c1 e8 03          	shr    $0x3,%rax
  1b:	48 89 44 24 68       	mov    %rax,0x68(%rsp)
  20:	4c 89 74 24 18       	mov    %r14,0x18(%rsp)
  25:	48 8b 44 24 40       	mov    0x40(%rsp),%rax
* 2a:	80 3c 18 00          	cmpb   $0x0,(%rax,%rbx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 f7             	mov    %r14,%rdi
  33:	e8 69 7f 89 fa       	call   0xfa897fa1
  38:	4d 8b 36             	mov    (%r14),%r14
  3b:	31 ff                	xor    %edi,%edi
  3d:	4c 89 f6             	mov    %r14,%rsi

Crashes (32):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/08 22:44 linux-6.1.y ac7079a42ea5 dbf35fa1 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/03 14:03 linux-6.1.y b6736e03756f b0714e37 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/11 13:13 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/29 07:26 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/22 01:12 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/15 14:25 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/04 05:53 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/10/25 06:32 linux-6.1.y 8e6e2188d949 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/09/30 00:16 linux-6.1.y 7b34dc04e4ff 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/09/30 00:06 linux-6.1.y 7b34dc04e4ff 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/09/22 21:50 linux-6.1.y 363a599da6d9 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/08/29 16:04 linux-6.1.y f89b6e15694c 3e1beec6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/08/14 18:29 linux-6.1.y 3594f306da12 5d8c2ac2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/07/15 09:58 linux-6.1.y f2198ea7eb3e 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/23 19:44 linux-6.1.y da3c5173c55f f8cc0c83 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/20 04:11 linux-6.1.y 325285d9fc86 b84f0537 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/03 02:44 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/29 22:31 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/19 20:39 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/11 12:18 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/05 21:38 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/05 08:40 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/11/03 14:49 linux-6.1.y f6e38ae624cf 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/10/31 00:00 linux-6.1.y f6e38ae624cf 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/10/12 13:07 linux-6.1.y 882efbdd9d34 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/09/14 02:04 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/09/01 23:28 linux-6.1.y f89b6e15694c 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/07/28 08:38 linux-6.1.y 3594f306da12 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/07/22 19:27 linux-6.1.y 3369c6df2fae 8e9d1dc1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/07/12 15:37 linux-6.1.y dfc486ec9cce 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/07/04 20:39 linux-6.1.y 7e69c33e4858 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/05/04 09:05 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
* Struck through repros no longer work on HEAD.