syzbot

 sign-in | mailing list | source | docs
🐞 Open [1564]
Subsystems
🐞 Fixed [6185]
🐞 Invalid [15512]
Missing Backports [177]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

bluetooth subsystem


List(s): linux-bluetooth@vger.kernel.org
Maintainer(s): luiz.dentz@gmail.com, marcel@holtmann.org
Fixed bugs: 83
Parent subsystem(s): kernel (85)
open (53):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
possible deadlock in l2cap_conn_del bluetooth syz error 90 3d10h 13d
KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump bluetooth C 315 3h06m 13d
BUG: soft lockup in hci_cmd_timeout (2) bluetooth usb syz 1 29d 24d
KASAN: wild-memory-access Read in l2cap_connect_cfm bluetooth 5 4d13h 27d
WARNING in hci_send_cmd (2) bluetooth 1 51d 47d
possible deadlock in l2cap_info_timeout bluetooth 8 4d07h 47d
WARNING: refcount bug in sco_conn_put bluetooth 1 56d 51d
general protection fault in h5_close bluetooth C done 5 49d 52d
general protection fault in bcsp_close bluetooth C done 3 54d 52d
general protection fault in bcsp_recv bluetooth C error 122 9h31m 57d
general protection fault in h5_recv bluetooth C done 170 26m 63d 💬 1 [61d]
general protection fault in __timer_delete_sync bluetooth C done 3 61d 65d 💬 1 [64d]
general protection fault in qca_close bluetooth C done 94 47d 66d PATCH [66d]
KASAN: null-ptr-deref Write in l2cap_sock_resume_cb (3) bluetooth 8 30d 75d
KASAN: slab-use-after-free Read in sock_def_readable net bluetooth 3 60d 77d
KASAN: slab-use-after-free Read in force_suspend_read bluetooth 8 58d 85d
general protection fault in hci_devcd_register bluetooth 21 17h06m 93d
WARNING in hci_devcd_register bluetooth 3 20d 99d
KASAN: slab-use-after-free Read in full_proxy_write bluetooth C 36 37d 106d
KASAN: slab-use-after-free Read in msft_opcode_get bluetooth 14 34d 108d
KASAN: slab-use-after-free Read in force_devcd_write bluetooth syz 331 9h55m 110d 💬 1 [24d]
WARNING in sco_conn_put bluetooth 2 53d 113d
WARNING: held lock freed in bt_accept_dequeue bluetooth 3 13d 117d
WARNING in hci_conn_timeout (2) bluetooth C error 370 1d13h 117d
KASAN: slab-use-after-free Write in sco_conn_put bluetooth 95 19d 133d
KASAN: slab-use-after-free Read in l2cap_disconn_ind bluetooth 2 71d 142d
KMSAN: uninit-value in hci_cmd_complete_evt bluetooth C 17 11d 148d
INFO: task hung in hci_cmd_sync_clear (3) bluetooth syz done 4 27d 156d
KASAN: slab-use-after-free Read in l2cap_register_user bluetooth 9 19d 157d
KASAN: slab-use-after-free Read in l2cap_unregister_user bluetooth syz done 35012 now 163d 💬 1 [24d]
BUG: corrupted list in hci_cmd_sync_dequeue_once bluetooth 21 20h10m 175d
KASAN: slab-use-after-free Read in bt_accept_unlink bluetooth 27 19h41m 175d
KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb bluetooth 33 24d 175d
KASAN: slab-use-after-free Read in cmd_complete_rsp bluetooth 18 31d 175d
KASAN: slab-use-after-free Read in l2cap_sock_ready_cb (2) bluetooth 42 3d06h 194d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth 7 4d20h 198d
BUG: corrupted list in mgmt_pending_remove bluetooth C error 39 3d08h 225d 💬 1 [136d]
WARNING: ODEBUG bug in hci_release_dev (2) bluetooth C error 226 11h42m 263d
possible deadlock in sco_connect_cfm bluetooth 21 33d 279d
KASAN: slab-use-after-free Read in hci_sock_get_cookie (2) bluetooth 44 3d18h 298d
BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth C inconclusive 141 18d 335d 💬 2 [24d]
possible deadlock in mgmt_remove_adv_monitor_complete bluetooth C unreliable 39 26d 346d
KASAN: slab-use-after-free Read in l2cap_recv_frame bluetooth C inconclusive inconclusive 137 54d 352d 💬 2 [55d]
WARNING in hci_recv_frame bluetooth syz error 53 1d13h 352d 💬 1 [144d]
KASAN: slab-use-after-free Read in hci_disconnect bluetooth 26 8d21h 353d
WARNING in l2cap_chan_send bluetooth 42 23d 365d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth C error error 3383 243d 371d 💬 2 [277d]
WARNING in l2cap_chan_del bluetooth 192 2d23h 392d
general protection fault in lock_sock_nested bluetooth C done done 1712 49m 581d
WARNING in call_timer_fn bluetooth C unreliable 6462 16h37m 879d 💬 8 [24d]
general protection fault in l2cap_chan_timeout (3) bluetooth C inconclusive inconclusive 29 3d21h 1158d
general protection fault in skb_release_data (2) net bluetooth C done error 703 13d 1677d
WARNING: ODEBUG bug in put_device bluetooth syz done error 61 130d 1711d
moderation (1):
Title Repro Cause bisect Fix bisect Count Last Reported Discussions
KASAN: slab-use-after-free Read in hidp_session_thread bluetooth 3 9d06h 59d