syzbot

 sign-in | mailing list | source | docs
🐞 Open [1432]
Subsystems
🐞 Fixed [6900]
🐞 Invalid [17952]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-use-after-free Read in hci_uart_write_work

Status: upstream: reported syz repro on 2025/07/14 17:09
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+fde6bd779f78e6e0992e@syzkaller.appspotmail.com
First crash: 206d, last: 3d20h
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work 3 (9) 2025/07/22 02:07
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-6-12 KASAN: slab-use-after-free Read in hci_uart_write_work 19 1 146d 146d 0/1 auto-obsoleted due to no activity on 2025/12/10 04:09
linux-6.1 KASAN: use-after-free Read in hci_uart_write_work 19 1 12d 12d 0/3 upstream: reported on 2026/01/23 06:14
android-5-15 KASAN: use-after-free Read in hci_uart_write_work 19 1 131d 131d 0/2 auto-obsoleted due to no activity on 2025/12/25 00:53
android-6-1 KASAN: use-after-free Read in hci_uart_write_work 19 7 129d 149d 0/2 auto-obsoleted due to no activity on 2025/12/27 01:39
android-5-10 KASAN: use-after-free Read in hci_uart_write_work 19 2 97d 110d 0/2 auto-obsoleted due to no activity on 2026/01/28 02:36
Last patch testing requests (7)
Created Duration User Patch Repo Result
2025/11/07 03:22 19m retest repro upstream report log
2025/10/17 03:42 20m retest repro upstream report log
2025/07/27 13:44 19m retest repro upstream report log
2025/07/22 02:07 21m ipravdin.official@gmail.com git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git master report log
2025/07/15 08:32 20m hdanton@sina.com patch upstream OK log
2025/07/15 04:30 20m hdanton@sina.com patch upstream report log
2025/07/15 01:09 20m hdanton@sina.com patch upstream report log

Sample crash report:
==================================================================
BUG: KASAN: slab-use-after-free in hci_uart_write_work+0x81c/0x950 drivers/bluetooth/hci_ldisc.c:165
Read of size 4 at addr ffff888073b0e2f0 by task kworker/0:2/118

CPU: 0 UID: 0 PID: 118 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
Workqueue: events hci_uart_write_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0x156/0x4c9 mm/kasan/report.c:482
 kasan_report+0xdf/0x1a0 mm/kasan/report.c:595
 hci_uart_write_work+0x81c/0x950 drivers/bluetooth/hci_ldisc.c:165
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>

Allocated by task 118:
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_node_noprof+0x303/0x880 mm/slub.c:5315
 __alloc_skb+0x156/0x410 net/core/skbuff.c:679
 alloc_skb include/linux/skbuff.h:1383 [inline]
 bcsp_prepare_pkt+0xe0/0xa90 drivers/bluetooth/hci_bcsp.c:218
 bcsp_dequeue+0x237/0x4b0 drivers/bluetooth/hci_bcsp.c:308
 hci_uart_dequeue drivers/bluetooth/hci_ldisc.c:107 [inline]
 hci_uart_write_work+0x4d9/0x950 drivers/bluetooth/hci_ldisc.c:161
 process_one_work+0x9c2/0x1840 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x5da/0xe40 kernel/workqueue.c:3421
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246

The buggy address belongs to the object at ffff888073b0e280
 which belongs to the cache skbuff_head_cache of size 240
The buggy address is located 112 bytes inside of
 freed 240-byte region [ffff888073b0e280, ffff888073b0e370)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73b0e
ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000000 ffff88801e6ac8c0 ffffea0001ceccc0 0000000000000003
raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5742, tgid 5742 (sshd-session), ts 52751848685, free_ts 52648047880
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1e1/0x250 mm/page_alloc.c:1884
 prep_new_page mm/page_alloc.c:1892 [inline]
 get_page_from_freelist+0xe3d/0x2e10 mm/page_alloc.c:3945
 __alloc_frozen_pages_noprof+0x26c/0x2410 mm/page_alloc.c:5240
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2486
 alloc_slab_page mm/slub.c:3075 [inline]
 allocate_slab mm/slub.c:3248 [inline]
 new_slab+0x2c4/0x440 mm/slub.c:3302
 ___slab_alloc+0xda3/0x1ca0 mm/slub.c:4656
 __slab_alloc.isra.0+0x63/0x110 mm/slub.c:4779
 __slab_alloc_node mm/slub.c:4855 [inline]
 slab_alloc_node mm/slub.c:5251 [inline]
 kmem_cache_alloc_noprof+0x4ec/0x780 mm/slub.c:5270
 skb_clone+0x190/0x400 net/core/skbuff.c:2087
 dev_queue_xmit_nit+0x255/0xa60 net/core/dev.c:2568
 xmit_one net/core/dev.c:3862 [inline]
 dev_hard_start_xmit+0x2fb/0x6c0 net/core/dev.c:3882
 sch_direct_xmit+0x1b2/0xc60 net/sched/sch_generic.c:347
 __dev_xmit_skb net/core/dev.c:4182 [inline]
 __dev_queue_xmit+0x24bd/0x46f0 net/core/dev.c:4798
 dev_queue_xmit include/linux/netdevice.h:3381 [inline]
 neigh_hh_output include/net/neighbour.h:540 [inline]
 neigh_output include/net/neighbour.h:554 [inline]
 ip_finish_output2+0xf34/0x24b0 net/ipv4/ip_output.c:237
 __ip_finish_output.part.0+0x444/0x6f0 net/ipv4/ip_output.c:315
 __ip_finish_output net/ipv4/ip_output.c:303 [inline]
 ip_finish_output net/ipv4/ip_output.c:325 [inline]
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x39b/0xec0 net/ipv4/ip_output.c:438
page last free pid 5746 tgid 5746 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0x822/0x1130 mm/page_alloc.c:2973
 __folio_put+0x3b4/0x540 mm/swap.c:112
 folio_put include/linux/mm.h:1616 [inline]
 put_page include/linux/mm.h:1685 [inline]
 anon_pipe_put_page fs/pipe.c:139 [inline]
 anon_pipe_buf_release+0x40c/0x530 fs/pipe.c:147
 pipe_buf_release include/linux/pipe_fs_i.h:273 [inline]
 pipe_update_tail fs/pipe.c:242 [inline]
 anon_pipe_read+0x5cd/0x1200 fs/pipe.c:361
 new_sync_read fs/read_write.c:491 [inline]
 vfs_read+0x957/0xb30 fs/read_write.c:572
 ksys_read+0x1f8/0x250 fs/read_write.c:715
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888073b0e180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff888073b0e200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
>ffff888073b0e280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                             ^
 ffff888073b0e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
 ffff888073b0e380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
==================================================================

Crashes (78):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/22 21:21 upstream a66191c590b3 2367ed1e .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/11/24 03:54 upstream d13f3ac64efb 4fb8ef37 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2 (clean fs)] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/10/24 03:10 upstream ab431bc39741 c0460fcd .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/07/13 13:35 upstream 3f31a806a62e 3cda49cf .config console log report syz / log [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/23 09:16 upstream c072629f05d7 82c9c083 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/22 19:59 upstream a66191c590b3 2367ed1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/13 06:36 upstream b71e635feefc d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/11/24 01:28 upstream d13f3ac64efb 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/11/24 01:20 upstream d13f3ac64efb 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/11/24 00:33 upstream d13f3ac64efb 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/09/24 03:13 upstream cec1e6e5d1ab 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/09/22 01:37 upstream 07e27ad16399 67c37560 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/27 01:21 upstream 3f0e9c8cefa9 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in hci_uart_write_work
2025/11/25 05:47 upstream ac3fd01e4c1e bf6fe8fe .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/10/23 23:45 upstream ab431bc39741 c0460fcd .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in hci_uart_write_work
2025/10/03 03:11 upstream f79e772258df 49379ee0 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in hci_uart_write_work
2025/10/02 02:02 upstream d3479214c05d 267f56c6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in hci_uart_write_work
2025/10/01 12:57 upstream 50c19e20ed2e 3af39644 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in hci_uart_write_work
2025/07/13 08:56 upstream 3f31a806a62e 3cda49cf .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root KASAN: slab-use-after-free Read in hci_uart_write_work
2026/02/01 00:21 upstream 162b42445b58 6b8752f2 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/29 11:41 upstream 8dfce8991b95 aeb6fdd5 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/28 15:39 upstream 1f97d9dcf536 1f9bbf06 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/26 10:09 upstream 63804fed149a 55756628 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/23 07:42 upstream c072629f05d7 82c9c083 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/23 06:14 upstream c072629f05d7 82c9c083 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/20 07:14 upstream 24d479d26b25 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/17 01:24 upstream b62ce2547fe8 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/14 18:39 upstream c537e12daeec d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/12 18:43 upstream 0f61b1860cc3 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/12 18:06 upstream 0f61b1860cc3 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/12 15:59 upstream 0f61b1860cc3 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/07 15:31 upstream f0b9d8eb98df d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/06 21:59 upstream f0b9d8eb98df d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2026/01/06 20:54 upstream f0b9d8eb98df d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 11:14 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 10:59 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 10:57 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 10:56 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 10:45 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 10:35 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 10:31 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 09:21 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 09:20 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 09:15 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 09:14 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 09:13 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/31 09:10 upstream c8ebd433459b d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/26 09:37 upstream ccd1cdca5cd4 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/26 09:29 upstream ccd1cdca5cd4 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/24 17:35 upstream b927546677c8 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/19 01:28 upstream 516471569089 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/19 01:26 upstream 516471569089 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/19 01:22 upstream 516471569089 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/19 01:14 upstream 516471569089 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/19 01:12 upstream 516471569089 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/18 23:30 upstream 516471569089 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/18 23:30 upstream 516471569089 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/17 17:38 upstream ea1013c15392 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in hci_uart_write_work
2025/12/03 09:42 linux-next b2c27842ba85 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in hci_uart_write_work
* Struck through repros no longer work on HEAD.