general protection fault in h5

Date	Name	Commit	Repro	Result
2025/11/22	upstream (ToT)	89edd36fd801	C	[report] general protection fault in h5_recv
2026/01/07	upstream (ToT)	f0b9d8eb98df	C	Failed due to an error; will retry later

Date

Name

Commit

Repro

Result

2025/11/22

upstream (ToT)

89edd36fd801

[report] general protection fault in h5_recv

2026/01/07

upstream (ToT)

f0b9d8eb98df

Failed due to an error; will retry later

Kernel	Title	Rank 🛈	Repro	Cause bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in h5_recv bluetooth	10	C	done	3423	1h19m	342d	0/29	upstream: reported C repro on 2025/02/09 15:45
linux-5.15	general protection fault in h5_recv origin:upstream	8	C		19	2d07h	227d	0/3	upstream: reported C repro on 2025/06/04 06:57
linux-6.1	general protection fault in h5_recv origin:upstream	8	C		35	2d19h	260d	0/3	upstream: reported C repro on 2025/05/03 02:45

general protection fault, probably for non-canonical address 0xdffffc000000005f: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000002f8-0x00000000000002ff] CPU: 0 PID: 5964 Comm: syz.0.21 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 RIP: 0010:h5_recv+0x147/0x8c0 drivers/bluetooth/hci_h5.c:572 Code: 18 48 c1 ea 03 48 89 54 24 28 48 89 d8 48 c1 e8 03 48 89 44 24 50 44 89 64 24 14 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 30 <80> 3c 01 00 74 08 4c 89 ef e8 7b d7 57 fa 4d 8b 65 00 31 ff 4c 89 RSP: 0018:ffffc90003207c60 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 00000000000002e8 RCX: 000000000000005f RDX: 000000000000005e RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc90003207d80 R08: ffff888060213c1f R09: 1ffff1100c042783 R10: dffffc0000000000 R11: ffffed100c042784 R12: 0000000000000001 R13: 00000000000002f8 R14: ffff888060213c10 R15: ffffc90003207e20 FS: 00007f9a8ea076c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9a8ea06f98 CR3: 00000000761d0000 CR4: 00000000003506f0 Call Trace: <TASK> hci_uart_tty_receive+0x188/0x210 drivers/bluetooth/hci_ldisc.c:624 tiocsti+0x23e/0x2c0 drivers/tty/tty_io.c:2291 tty_ioctl+0x62e/0xdd0 drivers/tty/tty_io.c:2693 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:871 [inline] __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f9a8db8f749 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9a8ea07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f9a8dde6090 RCX: 00007f9a8db8f749 RDX: 0000200000000040 RSI: 0000000000005412 RDI: 0000000000000003 RBP: 00007f9a8dc13f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f9a8dde6128 R14: 00007f9a8dde6090 R15: 00007ffccba69c08 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:h5_recv+0x147/0x8c0 drivers/bluetooth/hci_h5.c:572 Code: 18 48 c1 ea 03 48 89 54 24 28 48 89 d8 48 c1 e8 03 48 89 44 24 50 44 89 64 24 14 48 b8 00 00 00 00 00 fc ff df 48 8b 4c 24 30 <80> 3c 01 00 74 08 4c 89 ef e8 7b d7 57 fa 4d 8b 65 00 31 ff 4c 89 RSP: 0018:ffffc90003207c60 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 00000000000002e8 RCX: 000000000000005f RDX: 000000000000005e RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc90003207d80 R08: ffff888060213c1f R09: 1ffff1100c042783 R10: dffffc0000000000 R11: ffffed100c042784 R12: 0000000000000001 R13: 00000000000002f8 R14: ffff888060213c10 R15: ffffc90003207e20 FS: 00007f9a8ea076c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c008405000 CR3: 00000000761d0000 CR4: 00000000003506f0 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 48 c1 ea 03 shr $0x3,%rdx 4: 48 89 54 24 28 mov %rdx,0x28(%rsp) 9: 48 89 d8 mov %rbx,%rax c: 48 c1 e8 03 shr $0x3,%rax 10: 48 89 44 24 50 mov %rax,0x50(%rsp) 15: 44 89 64 24 14 mov %r12d,0x14(%rsp) 1a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 21: fc ff df 24: 48 8b 4c 24 30 mov 0x30(%rsp),%rcx * 29: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1) <-- trapping instruction 2d: 74 08 je 0x37 2f: 4c 89 ef mov %r13,%rdi 32: e8 7b d7 57 fa call 0xfa57d7b2 37: 4d 8b 65 00 mov 0x0(%r13),%r12 3b: 31 ff xor %edi,%edi 3d: 4c rex.WR 3e: 89 .byte 0x89

Crashes (17):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/11/28 13:12	linux-6.6.y	1e89a1be4fe9	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/11/22 17:42	linux-6.6.y	0a805b6ea8cd	4fb8ef37	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2026/01/15 07:59	linux-6.6.y	c596736dadab	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2026/01/14 07:51	linux-6.6.y	c596736dadab	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2026/01/13 19:12	linux-6.6.y	c596736dadab	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2026/01/08 18:09	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2026/01/03 16:08	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/12/27 22:19	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/12/22 23:55	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/12/17 06:44	linux-6.6.y	5fa4793a2d2d	d6526ea3	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/11/22 15:29	linux-6.6.y	0a805b6ea8cd	4fb8ef37	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/10/22 09:43	linux-6.6.y	f231f248323d	252fbbad	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/08/25 17:52	linux-6.6.y	bb9c90ab9c5a	bf27483f	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/08/19 22:38	linux-6.6.y	bb9c90ab9c5a	254a27c1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/08/01 16:42	linux-6.6.y	3a8ababb8b6a	40127d41	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/07/21 23:35	linux-6.6.y	d96eb99e2f0e	56d87229	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv
2025/07/02 07:25	linux-6.6.y	3f5b4c104b7d	bc80e4f0	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	general protection fault in h5_recv

Crashes (17):

Assets (help?)

2025/11/28 13:12

linux-6.6.y