syzbot

 sign-in | mailing list | source | docs
🐞 Open [1576]
Subsystems
🐞 Fixed [6252]
🐞 Invalid [15832]
Missing Backports [185]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

bluetooth subsystem


List(s): linux-bluetooth@vger.kernel.org
Maintainer(s): luiz.dentz@gmail.com, marcel@holtmann.org
Fixed bugs: 84
Parent subsystem(s): kernel (84)
open (51):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_complete (3) bluetooth C 1 15h45m 10d
WARNING in hci_conn_drop (2) bluetooth 1 19d 15d
INFO: task hung in hci_remote_features_evt (2) bluetooth syz error 6 17h54m 17d
KASAN: slab-out-of-bounds Read in hci_cmd_sync_alloc bluetooth C 4 10d 20d
KASAN: slab-use-after-free Read in bt_accept_dequeue (2) bluetooth 1 31d 26d
possible deadlock in l2cap_conn_del bluetooth syz error 130 1d01h 54d
KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump bluetooth C 698 10h10m 54d 💬 1 [2d07h]
BUG: soft lockup in hci_cmd_timeout (2) bluetooth usb syz 1 69d 65d
KASAN: wild-memory-access Read in l2cap_connect_cfm bluetooth 5 45d 68d
WARNING in hci_send_cmd (2) bluetooth 2 26d 87d
possible deadlock in l2cap_info_timeout bluetooth 14 6d17h 88d
WARNING: refcount bug in sco_conn_put bluetooth 1 96d 92d
general protection fault in bcsp_recv bluetooth C error 288 37m 98d
general protection fault in h5_recv bluetooth C done 427 37m 104d 💬 1 [2d07h]
general protection fault in __timer_delete_sync bluetooth C done 3 102d 106d 💬 1 [105d]
KASAN: null-ptr-deref Write in l2cap_sock_resume_cb (3) bluetooth 8 70d 116d
KASAN: slab-use-after-free Read in force_suspend_read bluetooth 8 99d 126d
general protection fault in hci_devcd_register bluetooth 26 14d 134d
WARNING in hci_devcd_register bluetooth 3 61d 139d
KASAN: slab-use-after-free Read in msft_opcode_get bluetooth 15 30d 149d
KASAN: slab-use-after-free Read in force_devcd_write bluetooth syz 347 6d16h 150d 💬 1 [2d07h]
WARNING in sco_conn_put bluetooth 2 93d 153d
WARNING: held lock freed in bt_accept_dequeue bluetooth 4 23d 157d
WARNING in hci_conn_timeout (2) bluetooth C error 449 1h55m 158d
KASAN: slab-use-after-free Write in sco_conn_put bluetooth 95 59d 173d
KMSAN: uninit-value in hci_cmd_complete_evt bluetooth C 21 1d08h 189d
INFO: task hung in hci_cmd_sync_clear (3) bluetooth syz done 5 13d 196d
KASAN: slab-use-after-free Read in l2cap_register_user bluetooth 12 4d00h 198d
KASAN: slab-use-after-free Read in l2cap_unregister_user bluetooth syz done 38115 5m 204d 💬 1 [2d07h]
BUG: corrupted list in hci_cmd_sync_dequeue_once bluetooth 37 5h22m 215d
KASAN: slab-use-after-free Read in bt_accept_unlink bluetooth 41 13h55m 215d
KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb bluetooth 38 3d02h 215d
KASAN: slab-use-after-free Read in cmd_complete_rsp bluetooth 18 71d 215d
KASAN: slab-use-after-free Read in l2cap_sock_ready_cb (2) bluetooth 45 28d 235d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth 15 14d 239d
BUG: corrupted list in mgmt_pending_remove bluetooth C error 43 9d21h 265d 💬 1 [1d12h]
WARNING: ODEBUG bug in hci_release_dev (2) bluetooth C error 249 3d04h 304d
possible deadlock in sco_connect_cfm bluetooth 21 74d 320d
KASAN: slab-use-after-free Read in hci_sock_get_cookie (2) bluetooth 47 12d 339d
BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive error 141 58d 376d 💬 2 [64d]
possible deadlock in mgmt_remove_adv_monitor_complete bluetooth C unreliable 39 6d16h 386d
KASAN: slab-use-after-free Read in l2cap_recv_frame bluetooth C inconclusive inconclusive 137 24d 392d 💬 2 [96d]
WARNING in hci_recv_frame bluetooth C error 65 1d00h 393d 💬 1 [5d03h]
KASAN: slab-use-after-free Read in hci_disconnect bluetooth 27 22d 393d
WARNING in l2cap_chan_send bluetooth 43 33d 405d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth C error error 3383 283d 412d 💬 2 [317d]
WARNING in l2cap_chan_del bluetooth 224 7h12m 433d
general protection fault in lock_sock_nested bluetooth C done done 2397 5h01m 621d
WARNING in call_timer_fn bluetooth C unreliable 6754 2h42m 920d 💬 8 [2d07h]
general protection fault in l2cap_chan_timeout (3) bluetooth C inconclusive inconclusive 35 4d15h 1199d
general protection fault in skb_release_data (2) net bluetooth C done error 703 53d 1718d
moderation (1):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
KASAN: slab-use-after-free Read in hidp_session_thread bluetooth 3 49d 100d