syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1334]
Subsystems
🐞 Fixed [7143]
🐞 Invalid [18889]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb (4)

Status: moderation: reported on 2026/05/14 19:02
Subsystems: bluetooth
Labels: prio:high
[Documentation on labels]
Reported-by: syzbot+01fdd60c7fce19a1f6e7@syzkaller.appspotmail.com
First crash: 28d, last: 20d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
1ca4790c-47a6-4845-838b-a59ca362864b assessment-security DenialOfService: ✅ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ✅ UserNamespace: ✅ VMGuestTrigger: ❌ VMHostTrigger: ❌ KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb (4) 2026/06/01 06:58 2026/06/01 06:58 2026/06/01 08:09 6b4a844333e83556da95d61d7f207e7ef5cd4bc6
ca1567ff-7aa4-4a97-8472-7e856bdc6c84 assessment-security 💥 KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb (4) 2026/05/15 10:34 2026/05/15 10:34 2026/05/15 10:34 9cd3beaadf14b3a22d15fd97a0bf081ee41ebe01 failed to run ["git" "-c" "core.hooksPath=/dev/null" "checkout" "aa54b1d27fe0c2b78e664a34fd0fdf7cd1960d71"]: exit status 128 fatal: sha1 file '/app/workdir/repo/linux/.git/index.lock' write error. Out of diskspace
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb 12 1 337d 337d 0/2 auto-obsoleted due to no activity on 2025/10/13 20:35
upstream KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb bluetooth 12 1 997d 991d 0/29 auto-obsoleted due to no activity on 2023/12/23 09:03
upstream KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb (2) bluetooth 12 2 323d 326d 0/29 closed as invalid on 2025/08/19 19:15
upstream KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb (3) bluetooth 12 3 171d 180d 0/29 auto-obsoleted due to no activity on 2026/03/29 02:38

Sample crash report:
kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
Bluetooth: hci2: failed to register connection device
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:97 [inline]
BUG: KASAN: null-ptr-deref in set_bit include/asm-generic/bitops/instrumented-atomic.h:28 [inline]
BUG: KASAN: null-ptr-deref in l2cap_sock_suspend_cb+0x4a/0x80 net/bluetooth/l2cap_sock.c:1784
Write of size 8 at addr 0000000000000798 by task kworker/u9:1/4915

CPU: 1 UID: 0 PID: 4915 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: hci2 hci_rx_work
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x264/0x2c0 mm/kasan/generic.c:200
 instrument_atomic_write include/linux/instrumented.h:97 [inline]
 set_bit include/asm-generic/bitops/instrumented-atomic.h:28 [inline]
 l2cap_sock_suspend_cb+0x4a/0x80 net/bluetooth/l2cap_sock.c:1784
 l2cap_chan_ready+0x15b/0x230 net/bluetooth/l2cap_core.c:1273
 l2cap_le_start+0x25b/0x1960 net/bluetooth/l2cap_core.c:1391
 l2cap_conn_ready net/bluetooth/l2cap_core.c:1644 [inline]
 l2cap_connect_cfm+0x8d5/0x1560 net/bluetooth/l2cap_core.c:7419
 hci_connect_cfm+0x95/0x140 include/net/bluetooth/hci_core.h:2139
 le_conn_complete_evt+0x1134/0x16b0 net/bluetooth/hci_event.c:5865
 hci_le_conn_complete_evt+0x187/0x470 net/bluetooth/hci_event.c:5891
 hci_event_func net/bluetooth/hci_event.c:7793 [inline]
 hci_event_packet+0x659/0xef0 net/bluetooth/hci_event.c:7847
 hci_rx_work+0x3ee/0x1040 net/bluetooth/hci_core.c:4077
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3397
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
==================================================================

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/19 00:15 upstream 4d3a2a466b8d 9f74d399 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb
2026/05/10 18:56 upstream aa54b1d27fe0 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb
2026/05/12 03:19 upstream 50897c955902 d168f260 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb
2026/05/12 02:18 upstream 50897c955902 d168f260 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb
* Struck through repros no longer work on HEAD.