syzbot

 sign-in | mailing list | source | docs
🐞 Open [334]
🐞 Fixed [2]
🐞 Invalid [1]
Missing Backports [9]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb

Status: upstream: reported on 2025/07/05 20:35
Reported-by: syzbot+f71734cbee2497be9eae@syzkaller.appspotmail.com
First crash: 63d, last: 63d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb bluetooth 12 1 723d 717d 0/29 auto-obsoleted due to no activity on 2023/12/23 09:03
upstream KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb (2) bluetooth 12 2 49d 52d 0/29 closed as invalid on 2025/08/19 19:15

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]
BUG: KASAN: null-ptr-deref in set_bit include/asm-generic/bitops/instrumented-atomic.h:28 [inline]
BUG: KASAN: null-ptr-deref in l2cap_sock_suspend_cb+0x4c/0x80 net/bluetooth/l2cap_sock.c:1726
Write of size 8 at addr 0000000000000528 by task kworker/u5:3/15776

CPU: 1 PID: 15776 Comm: kworker/u5:3 Not tainted 6.6.95-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: hci2 hci_rx_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 kasan_report+0x117/0x150 mm/kasan/report.c:588
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x288/0x290 mm/kasan/generic.c:187
 instrument_atomic_write include/linux/instrumented.h:82 [inline]
 set_bit include/asm-generic/bitops/instrumented-atomic.h:28 [inline]
 l2cap_sock_suspend_cb+0x4c/0x80 net/bluetooth/l2cap_sock.c:1726
 l2cap_chan_ready net/bluetooth/l2cap_core.c:1257 [inline]
 l2cap_le_start+0xa9d/0x1370 net/bluetooth/l2cap_core.c:1375
 l2cap_conn_ready net/bluetooth/l2cap_core.c:1628 [inline]
 l2cap_connect_cfm+0x6b9/0x1030 net/bluetooth/l2cap_core.c:7252
 hci_connect_cfm+0x8f/0x130 include/net/bluetooth/hci_core.h:1968
 le_conn_complete_evt+0xcd0/0x1220 net/bluetooth/hci_event.c:5772
 hci_le_conn_complete_evt+0x187/0x440 net/bluetooth/hci_event.c:5798
 hci_event_func net/bluetooth/hci_event.c:7433 [inline]
 hci_event_packet+0x795/0x1210 net/bluetooth/hci_event.c:7488
 hci_rx_work+0x43a/0xd80 net/bluetooth/hci_core.c:3992
 process_one_work kernel/workqueue.c:2634 [inline]
 process_scheduled_works+0xa45/0x15b0 kernel/workqueue.c:2711
 worker_thread+0xa55/0xfc0 kernel/workqueue.c:2792
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/07/05 20:35 linux-6.6.y 3f5b4c104b7d 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan KASAN: null-ptr-deref Write in l2cap_sock_suspend_cb
* Struck through repros no longer work on HEAD.