syzbot

 sign-in | mailing list | source | docs
🐞 Open [1297]
Subsystems
🐞 Fixed [5494]
🐞 Invalid [13048]
Missing Backports [117]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

bluetooth subsystem


List(s): linux-bluetooth@vger.kernel.org
Maintainer(s): luiz.dentz@gmail.com, marcel@holtmann.org
Fixed bugs: 69
Parent subsystem(s): kernel (86)
open (58):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
BUG: workqueue leaked atomic, lock or RCU: kworker/u33:NUM[NUM] bluetooth C 9 15h09m 11h33m
WARNING: ODEBUG bug in hci_release_dev (2) bluetooth 4 1d04h 2d10h
KASAN: null-ptr-deref Write in l2cap_sock_resume_cb bluetooth 1 5d11h 2d10h
WARNING in l2cap_send_cmd bluetooth 1 4d03h 2d14h
KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_sync bluetooth 5 2d14h 2d14h
KMSAN: uninit-value in hci_rx_work bluetooth 11 2d18h 3d02h
WARNING in hci_send_acl (3) bluetooth 1 10d 6d01h
KASAN: slab-use-after-free Read in set_powered_sync bluetooth 10 8h45m 11d
WARNING in __hci_cmd_sync_sk bluetooth syz 36 2d07h 17d
BUG: workqueue leaked atomic, lock or RCU: kworker/u9:NUM[NUM] bluetooth C 21 2d03h 18d 💬 1 [15d]
possible deadlock in sco_connect_cfm bluetooth 7 5d23h 18d
WARNING: locking bug in sco_conn_del (2) bluetooth 1 26d 22d
KASAN: slab-use-after-free Read in l2cap_recv_acldata bluetooth 1 27d 23d
KASAN: slab-use-after-free Read in hci_chan_sent bluetooth 1 51d 30d
KASAN: slab-use-after-free Read in l2cap_connect (2) bluetooth 6 2d06h 32d
KASAN: slab-use-after-free Read in __sock_queue_rcv_skb bluetooth 7 25d 32d
KASAN: slab-use-after-free Read in sk_skb_reason_drop bluetooth syz 411 17d 32d 💬 2 [15d]
KASAN: slab-use-after-free Read in hci_sock_get_cookie (2) bluetooth 2 17d 37d
general protection fault in l2cap_publish_rx_avail bluetooth C 6 39d 39d 💬 1 [38d]
WARNING in l2cap_send_disconn_req bluetooth 1 44d 40d
KASAN: slab-use-after-free Read in __lock_sock (2) bluetooth C 5 26d 40d 💬 1 [39d]
KASAN: slab-use-after-free Read in hci_req_sync_complete bluetooth 8 24d 49d
KASAN: slab-use-after-free Read in l2cap_sock_ready_cb bluetooth 1 60d 56d
possible deadlock in mgmt_set_connectable_complete bluetooth 2 6d19h 68d
KASAN: slab-use-after-free Read in skb_queue_purge_reason (2) bluetooth 21 9h42m 70d
BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive 44 18h30m 74d 💬 2 [27d]
WARNING in sco_chan_del bluetooth 6 6d07h 76d
KFENCE: invalid free in __hci_req_sync bluetooth 35 22d 83d
possible deadlock in mgmt_remove_adv_monitor_complete bluetooth 3 4d03h 84d
KASAN: slab-use-after-free Read in l2cap_recv_frame bluetooth syz 38 21h40m 90d
WARNING in hci_recv_frame bluetooth 3 6d21h 91d
KASAN: slab-use-after-free Read in hci_disconnect bluetooth 14 4d11h 91d
KASAN: slab-use-after-free Read in skb_release_head_state bluetooth syz 128 3d19h 95d 💬 1 [86d]
WARNING in hci_conn_set_handle bluetooth C error done 7 51d 103d 💬 1 [1d00h]
WARNING in l2cap_chan_send bluetooth 23 6d22h 103d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth C error 3382 17d 110d 💬 2 [15d]
BUG: sleeping function called from invalid context in hci_le_create_big_complete_evt bluetooth C done 66 2h13m 110d 💬 2 [109d]
KASAN: slab-out-of-bounds Read in rfcomm_sock_setsockopt bluetooth C error error 8 99d 112d PATCH [108d]
WARNING in l2cap_chan_del bluetooth 11 8d18h 131d
possible deadlock in touch_wq_lockdep_map bluetooth C 939 1h12m 132d 💬 2 [14h50m]
KASAN: slab-use-after-free Read in hci_cmd_timeout bluetooth 27 14d 132d
KASAN: slab-use-after-free Read in l2cap_send_cmd bluetooth 17 2d19h 151d
WARNING in hci_send_cmd bluetooth 6 5d11h 165d
WARNING in l2cap_do_send (2) bluetooth syz 1 199d 213d 💬 2 [211d]
KASAN: slab-use-after-free Write in sco_sock_timeout bluetooth C done 250 12h52m 253d PATCH [251d]
INFO: trying to register non-static key in sco_sock_timeout (2) bluetooth 5 90d 256d
general protection fault in lock_sock_nested bluetooth C done done 269 2h44m 319d
WARNING: refcount bug in sco_sock_timeout (2) bluetooth 8 21d 394d 💬 1 [228d]
KASAN: slab-use-after-free Write in sco_conn_del bluetooth C done 71 2h34m 423d 💬 2 [77d]
possible deadlock in rfcomm_dlc_exists bluetooth C error 13175 3h30m 553d PATCH [80d]
WARNING in call_timer_fn bluetooth syz unreliable 3424 2h48m 618d 💬 8 [15d]
general protection fault in l2cap_chan_timeout (3) bluetooth C inconclusive inconclusive 5 20d 897d
possible deadlock in rfcomm_sk_state_change bluetooth C done 22013 12h41m 1047d PATCH [80d]
general protection fault in skb_release_data (2) bluetooth net C done error 683 4d08h 1416d
KASAN: use-after-free Read in __queue_work (3) bluetooth syz done done 83 619d 1448d 💬 1 [1169d]
WARNING: ODEBUG bug in put_device bluetooth syz done error 44 128d 1449d
KASAN: use-after-free Read in __sco_sock_close bluetooth syz error error 1 1452d 1452d
WARNING in hci_conn_timeout bluetooth C done 5556 4h18m 1455d PATCH [344d]
moderation (6):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
KASAN: slab-use-after-free Read in hci_cmd_work bluetooth 1 10d 6d12h
KASAN: slab-use-after-free Read in bt_accept_dequeue bluetooth 1 14d 10d
BUG: corrupted list in hci_cmd_sync_dequeue_once bluetooth 1 32d 32d
general protection fault in hci_release_dev (2) bluetooth 1 43d 39d
BUG: corrupted list in mgmt_pending_remove bluetooth 2 32d 45d
KASAN: slab-use-after-free Read in skb_free_head bluetooth 2 26d 45d