syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6234]
🐞 Invalid [15800]
Missing Backports [184]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

bluetooth subsystem


List(s): linux-bluetooth@vger.kernel.org
Maintainer(s): luiz.dentz@gmail.com, marcel@holtmann.org
Fixed bugs: 84
Parent subsystem(s): kernel (88)
open (52):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_complete (3) bluetooth C 1 11d 7d02h
WARNING in hci_conn_drop (2) bluetooth 1 16d 12d
INFO: task hung in hci_remote_features_evt (2) bluetooth syz error 5 8d21h 14d
KASAN: slab-out-of-bounds Read in hci_cmd_sync_alloc bluetooth C 4 6d21h 17d
KASAN: slab-use-after-free Read in bt_accept_dequeue (2) bluetooth 1 27d 22d
possible deadlock in l2cap_conn_del bluetooth syz error 125 2h37m 50d
KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump bluetooth C 675 6h07m 50d 💬 1 [27d]
BUG: soft lockup in hci_cmd_timeout (2) bluetooth usb syz 1 65d 61d
KASAN: wild-memory-access Read in l2cap_connect_cfm bluetooth 5 41d 64d
WARNING in hci_send_cmd (2) bluetooth 2 22d 84d
possible deadlock in l2cap_info_timeout bluetooth 14 3d03h 84d
WARNING: refcount bug in sco_conn_put bluetooth 1 93d 88d
general protection fault in bcsp_recv bluetooth C error 270 38m 94d
general protection fault in h5_recv bluetooth C done 388 2h40m 100d 💬 1 [28d]
general protection fault in __timer_delete_sync bluetooth C done 3 98d 102d 💬 1 [101d]
KASAN: null-ptr-deref Write in l2cap_sock_resume_cb (3) bluetooth 8 67d 112d
KASAN: slab-use-after-free Read in sock_def_readable bluetooth net 3 97d 113d
KASAN: slab-use-after-free Read in force_suspend_read bluetooth 8 95d 122d
general protection fault in hci_devcd_register bluetooth 26 11d 130d
WARNING in hci_devcd_register bluetooth 3 57d 135d
KASAN: slab-use-after-free Read in msft_opcode_get bluetooth 15 27d 145d
KASAN: slab-use-after-free Read in force_devcd_write bluetooth syz 347 3d02h 147d 💬 1 [28d]
WARNING in sco_conn_put bluetooth 2 90d 149d
WARNING: held lock freed in bt_accept_dequeue bluetooth 4 19d 153d
WARNING in hci_conn_timeout (2) bluetooth C error 437 10h43m 154d
KASAN: slab-use-after-free Write in sco_conn_put bluetooth 95 56d 169d
KMSAN: uninit-value in hci_cmd_complete_evt bluetooth C 17 48d 185d
INFO: task hung in hci_cmd_sync_clear (3) bluetooth syz done 5 10d 193d
KASAN: slab-use-after-free Read in l2cap_register_user bluetooth 12 9h47m 194d
KASAN: slab-use-after-free Read in l2cap_unregister_user bluetooth syz done 37803 7m 200d 💬 1 [28d]
BUG: corrupted list in hci_cmd_sync_dequeue_once bluetooth 36 1h51m 211d
KASAN: slab-use-after-free Read in bt_accept_unlink bluetooth 40 6h53m 211d
KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb bluetooth 37 8h23m 211d
KASAN: slab-use-after-free Read in cmd_complete_rsp bluetooth 18 68d 211d
KASAN: slab-use-after-free Read in l2cap_sock_ready_cb (2) bluetooth 45 24d 231d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth 15 11d 235d
BUG: corrupted list in mgmt_pending_remove bluetooth C error 43 6d07h 261d 💬 1 [173d]
WARNING: ODEBUG bug in hci_release_dev (2) bluetooth C error 248 4d00h 300d
possible deadlock in sco_connect_cfm bluetooth 21 70d 316d
KASAN: slab-use-after-free Read in hci_sock_get_cookie (2) bluetooth 47 8d10h 335d
BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive error 141 55d 372d 💬 2 [61d]
possible deadlock in mgmt_remove_adv_monitor_complete bluetooth C unreliable 39 3d01h 383d
KASAN: slab-use-after-free Read in l2cap_recv_frame bluetooth C inconclusive inconclusive 137 20d 388d 💬 2 [92d]
WARNING in hci_recv_frame bluetooth C error 64 1d13h 389d 💬 1 [1d13h]
KASAN: slab-use-after-free Read in hci_disconnect bluetooth 27 18d 390d
WARNING in l2cap_chan_send bluetooth 43 30d 402d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth C error error 3383 280d 408d 💬 2 [313d]
WARNING in l2cap_chan_del bluetooth 220 1h27m 429d
general protection fault in lock_sock_nested bluetooth C done done 2343 1h30m 617d
WARNING in call_timer_fn bluetooth C unreliable 6727 5h43m 916d 💬 8 [28d]
general protection fault in l2cap_chan_timeout (3) bluetooth C inconclusive inconclusive 35 1d01h 1195d
general protection fault in skb_release_data (2) net bluetooth C done error 703 50d 1714d
moderation (1):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
KASAN: slab-use-after-free Read in hidp_session_thread bluetooth 3 46d 96d