syzbot

 sign-in | mailing list | source | docs
🐞 Open [884]
🐞 Fixed [141]
🐞 Invalid [1015]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in h5_recv

Status: upstream: reported C repro on 2025/05/03 02:45
Reported-by: syzbot+7767f099e39e2bf5f123@syzkaller.appspotmail.com
First crash: 290d, last: 33d
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2026/02/16 upstream (ToT) 970296997869 C Failed due to an error; will retry later
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in h5_recv bluetooth 10 C done 3515 10d 373d 0/29 upstream: reported C repro on 2025/02/09 15:45
linux-5.15 general protection fault in h5_recv 8 C 19 19d 258d 0/3 upstream: reported C repro on 2025/06/04 06:57
linux-6.6 general protection fault in h5_recv origin:upstream 2 C error 17 33d 230d 0/2 upstream: reported C repro on 2025/07/02 07:26
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2026/02/14 10:22 0m bisect fix linux-6.1.y error job log
2025/06/23 01:14 2h37m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
Unable to handle kernel paging request at virtual address dfff80000000005f
KASAN: null-ptr-deref in range [0x00000000000002f8-0x00000000000002ff]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff80000000005f] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4514 Comm: syz.0.33 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 22400005 (nzCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : h5_recv+0x11c/0x7c0 drivers/bluetooth/hci_h5.c:569
lr : h5_recv+0xc4/0x7c0 drivers/bluetooth/hci_h5.c:566
sp : ffff800020957a80
x29: ffff800020957b70 x28: 0000000000000308 x27: 0000000000000004
x26: dfff800000000000 x25: ffff0000cc778400 x24: dfff800000000000
x23: 00000000000002e8 x22: 00000000000002f8 x21: ffff800020957c40
x20: 0000000000000001 x19: 000000000000005f x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d2558 x15: 0000000000000000
x14: 0000000080045440 x13: 1ffff00002a0a0b1 x12: 0000000000ff0100
x11: ff0080000eb1402c x10: 0000000000000061 x9 : 1fffe000198ef082
x8 : 000000000000005e x7 : ffff80000eb09024 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000131d1d20
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
 h5_recv+0x11c/0x7c0 drivers/bluetooth/hci_h5.c:-1
 hci_uart_tty_receive+0x140/0x1d4 drivers/bluetooth/hci_ldisc.c:624
 tiocsti+0x234/0x2d8 drivers/tty/tty_io.c:2288
 tty_ioctl+0x35c/0xd8c drivers/tty/tty_io.c:2690
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: f9001fe9 d343fd29 f90023e8 f9001be9 (387a6a68) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	f9001fe9 	str	x9, [sp, #56]
   4:	d343fd29 	lsr	x9, x9, #3
   8:	f90023e8 	str	x8, [sp, #64]
   c:	f9001be9 	str	x9, [sp, #48]
* 10:	387a6a68 	ldrb	w8, [x19, x26] <-- trapping instruction

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/11 13:13 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2026/01/10 09:20 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2026/01/05 22:13 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/29 07:26 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/22 01:12 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/15 14:25 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/12/04 05:53 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/10/25 06:32 linux-6.1.y 8e6e2188d949 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/09/30 00:16 linux-6.1.y 7b34dc04e4ff 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/09/30 00:06 linux-6.1.y 7b34dc04e4ff 86341da6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/09/22 21:50 linux-6.1.y 363a599da6d9 0ac7291c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/08/29 16:04 linux-6.1.y f89b6e15694c 3e1beec6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/08/14 18:29 linux-6.1.y 3594f306da12 5d8c2ac2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/07/15 09:58 linux-6.1.y f2198ea7eb3e 03fcfc4b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/23 19:44 linux-6.1.y da3c5173c55f f8cc0c83 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/20 04:11 linux-6.1.y 325285d9fc86 b84f0537 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/08 22:44 linux-6.1.y ac7079a42ea5 dbf35fa1 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/03 14:03 linux-6.1.y b6736e03756f b0714e37 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2025/05/03 02:44 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in h5_recv
2026/01/15 09:38 linux-6.1.y bec0e10ee67e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/29 22:31 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/19 20:39 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/11 12:18 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/05 21:38 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/12/05 08:40 linux-6.1.y f6e38ae624cf d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/11/03 14:49 linux-6.1.y f6e38ae624cf 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/10/31 00:00 linux-6.1.y f6e38ae624cf 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/10/12 13:07 linux-6.1.y 882efbdd9d34 ff1712fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/09/14 02:04 linux-6.1.y 3db754f56897 e2beed91 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/09/01 23:28 linux-6.1.y f89b6e15694c 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/07/28 08:38 linux-6.1.y 3594f306da12 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/07/22 19:27 linux-6.1.y 3369c6df2fae 8e9d1dc1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/07/12 15:37 linux-6.1.y dfc486ec9cce 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/07/04 20:39 linux-6.1.y 7e69c33e4858 d869b261 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
2025/05/04 09:05 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 BUG: unable to handle kernel paging request in h5_recv
* Struck through repros no longer work on HEAD.