syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1349]
Subsystems
🐞 Fixed [7121]
🐞 Invalid [18828]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KASAN: slab-use-after-free Read in bt_accept_unlink

Status: upstream: reported syz repro on 2024/10/21 08:47
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+a1595e656a83ea5b78eb@syzkaller.appspotmail.com
First crash: 605d, last: 3d08h
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
bc8b49da-e509-432a-9ebe-8f74b430fb4a assessment-security 💥 KASAN: slab-use-after-free Read in bt_accept_unlink 2026/05/24 15:18 2026/05/24 15:18 2026/05/24 15:18 c69befb30ac10e158cc9d1557b508ee3f0eca1de failed to run ["git" "-c" "core.hooksPath=/dev/null" "fetch" "--force" "--tags" "433dfd5a8a5d80bbf0669b14e9ed908911a52dd6" "59e4d31a0470503dc922bad1970fc6a1c7dfd76b"]: exit status 128 fatal: remote error: upload-pack: not our ref 59e4d31a0470503dc922bad1970fc6a1c7dfd76b
e1fd46c6-c571-47bf-b5c8-1b7272d4cb09 patching 💥 KASAN: slab-use-after-free Read in bt_accept_unlink 2026/05/20 18:08 2026/05/20 23:14 2026/05/20 23:42 cf874a1cf36318c06202027159ddac14acf00db7 reproducer did not crash
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in bt_accept_unlink 1 (4) 2025/11/15 01:42
Similar bugs (10)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 KASAN: slab-use-after-free Read in bt_accept_unlink 19 1 238d 238d 0/2 auto-obsoleted due to no activity on 2026/01/11 02:55
linux-6.1 KASAN: use-after-free Read in bt_accept_unlink 19 1 353d 353d 0/3 auto-obsoleted due to no activity on 2025/09/18 23:51
linux-5.15 BUG: corrupted list in bt_accept_unlink 17 3 375d 416d 0/3 auto-obsoleted due to no activity on 2025/08/27 17:34
linux-5.15 KASAN: use-after-free Read in bt_accept_unlink 19 1 118d 118d 0/3 auto-obsoleted due to no activity on 2026/05/11 03:38
linux-6.1 KASAN: slab-out-of-bounds Read in bt_accept_unlink 19 6 21d 153d 0/3 upstream: reported on 2025/12/27 18:50
linux-6.6 KASAN: slab-out-of-bounds Read in bt_accept_unlink 17 1 347d 347d 0/2 auto-obsoleted due to no activity on 2025/09/25 00:09
upstream general protection fault in bt_accept_unlink (2) bluetooth 2 1 1913d 1909d 0/29 auto-closed as invalid on 2021/07/01 06:33
linux-5.15 KASAN: slab-out-of-bounds Read in bt_accept_unlink 17 1 234d 234d 0/3 auto-obsoleted due to no activity on 2026/01/15 10:51
upstream BUG: corrupted list in bt_accept_unlink bluetooth 8 syz error error 1 2114d 2114d 0/29 auto-obsoleted due to no activity on 2022/09/07 16:27
linux-4.14 BUG: corrupted list in bt_accept_unlink 8 syz unreliable 1 1999d 2119d 0/1 upstream: reported syz repro on 2020/08/09 08:38
Last patch testing requests (3)
Created Duration User Patch Repo Result
2026/02/25 06:32 3h00m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci error
2026/02/25 06:32 2h44m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci error
2025/11/15 00:45 28m hdanton@sina.com patch git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci OK log

Sample crash report:
==================================================================
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x8c/0x1b4 lib/list_debug.c:62
Read of size 8 at addr ffff0000f6548578 by task syz-executor/6742

CPU: 0 UID: 0 PID: 6742 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xa8/0x238 mm/kasan/report.c:378
 print_report+0x68/0x84 mm/kasan/report.c:482
 kasan_report+0xb0/0x110 mm/kasan/report.c:595
 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381
 __list_del_entry_valid_or_report+0x8c/0x1b4 lib/list_debug.c:62
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 bt_accept_unlink+0x40/0x26c net/bluetooth/af_bluetooth.c:259
 l2cap_sock_teardown_cb+0x148/0x388 net/bluetooth/l2cap_sock.c:1616
 l2cap_chan_del+0xb8/0x498 net/bluetooth/l2cap_core.c:656
 l2cap_conn_del+0x2b8/0x53c net/bluetooth/l2cap_core.c:1788
 l2cap_disconn_cfm+0x90/0x104 net/bluetooth/l2cap_core.c:7326
 hci_disconn_cfm include/net/bluetooth/hci_core.h:2146 [inline]
 hci_conn_hash_flush+0x108/0x23c net/bluetooth/hci_conn.c:2637
 hci_dev_close_sync+0x65c/0xfd0 net/bluetooth/hci_sync.c:5326
 hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]
 hci_unregister_dev+0x204/0x52c net/bluetooth/hci_core.c:2715
 vhci_release+0x12c/0x17c drivers/bluetooth/hci_vhci.c:690
 __fput+0x340/0x75c fs/file_table.c:468
 ____fput+0x20/0x58 fs/file_table.c:496
 task_work_run+0x1dc/0x260 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x52c/0x1a1c kernel/exit.c:971
 do_group_exit+0x194/0x22c kernel/exit.c:1112
 get_signal+0x11dc/0x12f8 kernel/signal.c:3034
 arch_do_signal_or_restart+0x268/0x46d4 arch/arm64/kernel/signal.c:1619
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x88/0x18c kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline]
 arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline]
 el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

Allocated by task 12523:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:78
 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:570
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __do_kmalloc_node mm/slub.c:5657 [inline]
 __kmalloc_node_track_caller_noprof+0x510/0x778 mm/slub.c:5764
 kmalloc_reserve+0x124/0x268 net/core/skbuff.c:608
 pskb_expand_head+0x150/0xe80 net/core/skbuff.c:2282
 netlink_trim+0x198/0x2c0 net/netlink/af_netlink.c:1299
 netlink_broadcast_filtered+0xc4/0xde8 net/netlink/af_netlink.c:1512
 nlmsg_multicast_filtered include/net/netlink.h:1165 [inline]
 nlmsg_multicast include/net/netlink.h:1184 [inline]
 nlmsg_notify+0xfc/0x1e0 net/netlink/af_netlink.c:2593
 rtnl_notify net/core/rtnetlink.c:958 [inline]
 rtmsg_ifinfo_send net/core/rtnetlink.c:4436 [inline]
 rtmsg_ifinfo_event net/core/rtnetlink.c:4452 [inline]
 rtmsg_ifinfo+0x138/0x188 net/core/rtnetlink.c:4458
 __dev_notify_flags+0xec/0x464 net/core/dev.c:9771
 netif_change_flags+0xd0/0x15c net/core/dev.c:9804
 do_setlink+0xa58/0x3658 net/core/rtnetlink.c:3158
 rtnl_changelink net/core/rtnetlink.c:3776 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3935 [inline]
 rtnl_newlink+0x1104/0x15e8 net/core/rtnetlink.c:4072
 rtnetlink_rcv_msg+0x664/0x97c net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6985
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x36c/0x4f4 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2209
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

Freed by task 12523:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:78
 kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x74/0xa4 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6670 [inline]
 kfree+0x1c4/0x5fc mm/slub.c:6878
 skb_kfree_head net/core/skbuff.c:1068 [inline]
 skb_free_head+0xe4/0x198 net/core/skbuff.c:1080
 skb_release_data+0x4d4/0x664 net/core/skbuff.c:1107
 skb_release_all net/core/skbuff.c:1182 [inline]
 __kfree_skb net/core/skbuff.c:1196 [inline]
 consume_skb+0xb0/0x130 net/core/skbuff.c:1428
 netlink_broadcast_filtered+0xc60/0xde8 net/netlink/af_netlink.c:1535
 nlmsg_multicast_filtered include/net/netlink.h:1165 [inline]
 nlmsg_multicast include/net/netlink.h:1184 [inline]
 nlmsg_notify+0xfc/0x1e0 net/netlink/af_netlink.c:2593
 rtnl_notify net/core/rtnetlink.c:958 [inline]
 rtmsg_ifinfo_send net/core/rtnetlink.c:4436 [inline]
 rtmsg_ifinfo_event net/core/rtnetlink.c:4452 [inline]
 rtmsg_ifinfo+0x138/0x188 net/core/rtnetlink.c:4458
 __dev_notify_flags+0xec/0x464 net/core/dev.c:9771
 netif_change_flags+0xd0/0x15c net/core/dev.c:9804
 do_setlink+0xa58/0x3658 net/core/rtnetlink.c:3158
 rtnl_changelink net/core/rtnetlink.c:3776 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3935 [inline]
 rtnl_newlink+0x1104/0x15e8 net/core/rtnetlink.c:4072
 rtnetlink_rcv_msg+0x664/0x97c net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6985
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x36c/0x4f4 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2209
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

The buggy address belongs to the object at ffff0000f6548000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 1400 bytes inside of
 freed 2048-byte region [ffff0000f6548000, ffff0000f6548800)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x136548
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 05ffc00000000040 ffff0000c0002000 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 05ffc00000000040 ffff0000c0002000 dead000000000100 dead000000000122
head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 05ffc00000000003 fffffdffc3d95201 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000f6548400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000f6548480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff0000f6548500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                                ^
 ffff0000f6548580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000f6548600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
 slab kmalloc-2k start ffff0000f6548000 pointer offset 1400 size 2048
list_del corruption. prev->next should be ffff0000dd1c9578, but was 0000000000000000. (prev=ffff0000f6548578)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:64!
Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6742 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62
lr : __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62
sp : ffff8000a0757370
x29: ffff8000a0757370 x28: ffff0000c63172c0 x27: dfff800000000000
x26: ffff0000dd1cc00c x25: 1fffe0001ba39802 x24: dfff800000000000
x23: 1fffe0001eca90af x22: dfff800000000000 x21: ffff0000f6548578
x20: ffff0000f6548578 x19: ffff0000dd1c9578 x18: 1fffe00033781890
x17: 20747562202c3837 x16: ffff800082e5e68c x15: 0000000000000001
x14: 1ffff000140eadac x13: 0000000000000000 x12: 0000000000000000
x11: 00000000000142bb x10: 0000000000ff0100 x9 : a5faaa464cdb0f00
x8 : a5faaa464cdb0f00 x7 : 000000000027ad20 x6 : ffff8000805761f8
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000006d
Call trace:
 __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62 (P)
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 bt_accept_unlink+0x40/0x26c net/bluetooth/af_bluetooth.c:259
 l2cap_sock_teardown_cb+0x148/0x388 net/bluetooth/l2cap_sock.c:1616
 l2cap_chan_del+0xb8/0x498 net/bluetooth/l2cap_core.c:656
 l2cap_conn_del+0x2b8/0x53c net/bluetooth/l2cap_core.c:1788
 l2cap_disconn_cfm+0x90/0x104 net/bluetooth/l2cap_core.c:7326
 hci_disconn_cfm include/net/bluetooth/hci_core.h:2146 [inline]
 hci_conn_hash_flush+0x108/0x23c net/bluetooth/hci_conn.c:2637
 hci_dev_close_sync+0x65c/0xfd0 net/bluetooth/hci_sync.c:5326
 hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]
 hci_unregister_dev+0x204/0x52c net/bluetooth/hci_core.c:2715
 vhci_release+0x12c/0x17c drivers/bluetooth/hci_vhci.c:690
 __fput+0x340/0x75c fs/file_table.c:468
 ____fput+0x20/0x58 fs/file_table.c:496
 task_work_run+0x1dc/0x260 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x52c/0x1a1c kernel/exit.c:971
 do_group_exit+0x194/0x22c kernel/exit.c:1112
 get_signal+0x11dc/0x12f8 kernel/signal.c:3034
 arch_do_signal_or_restart+0x268/0x46d4 arch/arm64/kernel/signal.c:1619
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x88/0x18c kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline]
 arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline]
 el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
Code: 91058000 aa1303e1 aa1503e3 974a97c3 (d4210000) 
---[ end trace 0000000000000000 ]---

Crashes (163):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/01 02:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 35764559 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/11/14 23:12 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci db9030a787e3 f7988ea4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/26 17:57 upstream e8c2f9fdadee a3e47276 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/25 13:43 upstream e7ae89a0c97c c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/25 13:16 upstream e7ae89a0c97c c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/24 23:28 upstream 6a97c4d5262d c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/23 20:02 upstream 79bd2dded182 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/22 14:24 upstream 6779b50faa56 e16cf9f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/19 01:16 upstream 4d3a2a466b8d 9f74d399 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/16 21:21 upstream 6916d5703ddf de5aae85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/16 05:33 upstream d458a240344c 81fb92f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/15 04:44 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/08 13:46 upstream 917719c412c4 5633175a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/08 06:48 upstream 917719c412c4 5633175a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/25 12:22 upstream 27d128c1cff6 9c2d0995 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/22 06:59 upstream 4ee64205ffaa 0b6ab7ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/19 04:53 upstream eb5249b12507 303e2802 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/16 09:28 upstream aec2f682d47c df15c5f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/15 04:17 upstream 508fed679541 e2e976a8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/12 16:10 upstream f5459048c38a 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/03/28 14:30 upstream 7df48e363130 356bdfc9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/03/12 06:27 upstream 80234b5ab240 2d88ab01 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/03/08 17:01 upstream c23719abc330 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/02/11 04:56 upstream dc855b77719f 441e25b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/01/25 19:29 upstream 913fb068e259 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/03/02 22:33 upstream 11439c4635ed b9dd6534 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2026/02/28 17:05 upstream 4d349ee5c778 43249bac .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2024/10/10 10:49 upstream d3d1556696c1 a156c552 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2024/10/01 18:11 upstream e32cde8d2bd7 e9f6e118 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/12 00:51 upstream 50897c955902 d168f260 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/11 19:55 upstream 5d6919055dec d168f260 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/16 21:46 upstream 1d51b370a0f8 4743f87d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/26 03:17 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/25 05:31 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/23 14:48 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/23 12:56 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/23 08:36 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/22 12:38 linux-next 550604d6c9b9 e16cf9f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/20 04:42 linux-next 6a50ba100ace 0909d65f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/11 09:51 linux-next e98d21c170b0 e6eb7c0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/07 08:10 linux-next 735d2f48cada f250db59 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/30 15:46 linux-next b9303e6bff70 a7464baf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/30 02:45 linux-next 0787c45ea08a 005438fc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/29 03:56 linux-next 9974969c1403 95008c03 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/04/19 06:01 linux-next c7275b05bc42 303e2802 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/03/04 06:46 linux-next c025f6cf4209 4180d919 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2026/01/14 22:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2026/01/01 20:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2026/05/19 13:30 upstream ab5fce87a778 223544dc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/05/18 11:24 upstream 5200f5f493f7 55156e84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/04/18 22:48 upstream eb5249b12507 303e2802 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/04/11 18:20 upstream e774d5f1bc27 38c8e246 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: corrupted list in bt_accept_unlink
2026/03/04 11:57 upstream 0031c06807cf e6b6b96b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/04/30 08:05 upstream 57b8e2d666a3 005438fc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/02/28 14:21 upstream 4d349ee5c778 43249bac .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/05/07 00:34 linux-next 735d2f48cada cbcd9ea0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/05/06 09:26 linux-next 4cd074ae20bb 26da2c66 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/04/14 08:47 linux-next 1c7cc4904160 1a086e7c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: use-after-free Read in bt_accept_unlink
2026/01/13 19:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in bt_accept_unlink
* Struck through repros no longer work on HEAD.