syzbot

 sign-in | mailing list | source | docs
🐞 Open [1413]
Subsystems
🐞 Fixed [5827]
🐞 Invalid [14217]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

bluetooth subsystem


List(s): linux-bluetooth@vger.kernel.org
Maintainer(s): luiz.dentz@gmail.com, marcel@holtmann.org
Fixed bugs: 77
Parent subsystem(s): kernel (72)
open (47):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
KMSAN: uninit-value in hci_cmd_complete_evt bluetooth 1 8d17h 4d17h
KASAN: slab-use-after-free Write in sk_skb_reason_drop bluetooth 1 11d 7d14h
WARNING in emon bluetooth 1 12d 8d19h
INFO: task hung in hci_cmd_sync_clear (3) bluetooth syz 4 6d11h 12d
KASAN: slab-use-after-free Read in l2cap_register_user bluetooth 1 17d 13d
KASAN: slab-use-after-free Read in l2cap_unregister_user bluetooth syz 4716 now 19d 💬 1 [19d]
KASAN: slab-use-after-free Read in hci_send_acl (2) bluetooth 1 26d 20d
KASAN: slab-use-after-free Read in bt_accept_dequeue bluetooth 2 74d 30d
BUG: corrupted list in hci_cmd_sync_dequeue_once bluetooth 3 54d 30d
KASAN: slab-use-after-free Read in bt_accept_unlink bluetooth 4 7d05h 30d
KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb bluetooth 13 2d10h 30d
KASAN: slab-use-after-free Read in cmd_complete_rsp bluetooth 14 20h11m 30d
KASAN: slab-use-after-free Read in hci_req_cmd_complete bluetooth 1 45d 38d
KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_complete bluetooth 1 56d 38d
possible deadlock in touch_wq_lockdep_map (2) bluetooth 5 30d 40d
KASAN: slab-use-after-free Read in l2cap_sock_ready_cb (2) bluetooth 5 15d 50d
KASAN: slab-use-after-free Write in mgmt_device_connected bluetooth 1 77d 54d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth 2 37d 54d
KASAN: slab-use-after-free Read in sco_chan_del (2) bluetooth 2 30d 58d
BUG: corrupted list in mgmt_pending_remove bluetooth 14 13d 80d
WARNING: ODEBUG bug in hci_release_dev (2) bluetooth syz error 42 27d 119d
KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_sync bluetooth 21 19d 119d
possible deadlock in sco_connect_cfm bluetooth 11 3d11h 135d
KASAN: slab-use-after-free Read in hci_sock_get_cookie (2) bluetooth 12 9d11h 154d
possible deadlock in mgmt_set_connectable_complete bluetooth syz 39 1h00m 186d
KASAN: slab-use-after-free Read in skb_queue_purge_reason (2) bluetooth 51 1d21h 187d
BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive 79 1d23h 191d 💬 2 [5d15h]
WARNING in sco_chan_del bluetooth 10 11d 194d
possible deadlock in mgmt_remove_adv_monitor_complete bluetooth 18 1d13h 202d
KASAN: slab-use-after-free Read in l2cap_recv_frame bluetooth C inconclusive 130 40d 207d 💬 2 [36d]
WARNING in hci_recv_frame bluetooth syz 22 21h03m 208d 💬 1 [17h58m]
KASAN: slab-use-after-free Read in hci_disconnect bluetooth 19 11d 209d
WARNING in l2cap_chan_send bluetooth 38 12h33m 221d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth C error error 3383 99d 227d 💬 2 [132d]
BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt bluetooth C done 369 5h04m 227d 💬 2 [5d15h]
WARNING in l2cap_chan_del bluetooth 46 3h39m 248d
KASAN: slab-use-after-free Read in l2cap_send_cmd bluetooth 28 53d 268d
WARNING in hci_send_cmd bluetooth 8 35d 282d
WARNING in l2cap_do_send (2) bluetooth syz 1 316d 330d 💬 2 [328d]
general protection fault in lock_sock_nested bluetooth C done done 466 5h55m 436d
WARNING: refcount bug in sco_sock_timeout (2) bluetooth 10 31d 511d 💬 1 [345d]
KASAN: slab-use-after-free Write in sco_conn_del bluetooth C done 87 24d 540d 💬 2 [36d]
possible deadlock in rfcomm_dlc_exists bluetooth C error done 13649 36d 670d PATCH [197d]
WARNING in call_timer_fn bluetooth C unreliable 4774 now 735d 💬 8 [9d02h]
general protection fault in l2cap_chan_timeout (3) bluetooth C inconclusive inconclusive 9 9d17h 1014d
general protection fault in skb_release_data (2) net bluetooth C done error 695 7d00h 1533d
WARNING: ODEBUG bug in put_device bluetooth syz done error 53 3d07h 1566d