syzbot

 sign-in | mailing list | source | docs
🐞 Open [1428]
Subsystems
🐞 Fixed [6905]
🐞 Invalid [17970]
Missing Backports [224]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: slab-use-after-free Read in bt_accept_unlink

Status: upstream: reported syz repro on 2024/10/21 08:47
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+a1595e656a83ea5b78eb@syzkaller.appspotmail.com
First crash: 494d, last: 6d21h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in bt_accept_unlink 1 (4) 2025/11/15 01:42
Similar bugs (10)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 KASAN: slab-use-after-free Read in bt_accept_unlink 19 1 127d 127d 0/2 auto-obsoleted due to no activity on 2026/01/11 02:55
linux-6.1 KASAN: use-after-free Read in bt_accept_unlink 19 1 241d 241d 0/3 auto-obsoleted due to no activity on 2025/09/18 23:51
linux-5.15 BUG: corrupted list in bt_accept_unlink 17 3 264d 304d 0/3 auto-obsoleted due to no activity on 2025/08/27 17:34
linux-5.15 KASAN: use-after-free Read in bt_accept_unlink 19 1 7d20h 7d20h 0/3 upstream: reported on 2026/01/31 03:37
linux-6.1 KASAN: slab-out-of-bounds Read in bt_accept_unlink 19 2 7d07h 42d 0/3 upstream: reported on 2025/12/27 18:50
linux-6.6 KASAN: slab-out-of-bounds Read in bt_accept_unlink 17 1 235d 235d 0/2 auto-obsoleted due to no activity on 2025/09/25 00:09
upstream general protection fault in bt_accept_unlink (2) bluetooth 2 1 1802d 1798d 0/29 auto-closed as invalid on 2021/07/01 06:33
linux-5.15 KASAN: slab-out-of-bounds Read in bt_accept_unlink 17 1 123d 123d 0/3 auto-obsoleted due to no activity on 2026/01/15 10:51
upstream BUG: corrupted list in bt_accept_unlink bluetooth 8 syz error error 1 2003d 2003d 0/29 auto-obsoleted due to no activity on 2022/09/07 16:27
linux-4.14 BUG: corrupted list in bt_accept_unlink 8 syz unreliable 1 1888d 2008d 0/1 upstream: reported syz repro on 2020/08/09 08:38
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/11/15 00:45 28m hdanton@sina.com patch git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci OK log

Sample crash report:
==================================================================
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x8c/0x1b4 lib/list_debug.c:62
Read of size 8 at addr ffff0000f6548578 by task syz-executor/6742

CPU: 0 UID: 0 PID: 6742 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_address_description+0xa8/0x238 mm/kasan/report.c:378
 print_report+0x68/0x84 mm/kasan/report.c:482
 kasan_report+0xb0/0x110 mm/kasan/report.c:595
 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381
 __list_del_entry_valid_or_report+0x8c/0x1b4 lib/list_debug.c:62
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 bt_accept_unlink+0x40/0x26c net/bluetooth/af_bluetooth.c:259
 l2cap_sock_teardown_cb+0x148/0x388 net/bluetooth/l2cap_sock.c:1616
 l2cap_chan_del+0xb8/0x498 net/bluetooth/l2cap_core.c:656
 l2cap_conn_del+0x2b8/0x53c net/bluetooth/l2cap_core.c:1788
 l2cap_disconn_cfm+0x90/0x104 net/bluetooth/l2cap_core.c:7326
 hci_disconn_cfm include/net/bluetooth/hci_core.h:2146 [inline]
 hci_conn_hash_flush+0x108/0x23c net/bluetooth/hci_conn.c:2637
 hci_dev_close_sync+0x65c/0xfd0 net/bluetooth/hci_sync.c:5326
 hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]
 hci_unregister_dev+0x204/0x52c net/bluetooth/hci_core.c:2715
 vhci_release+0x12c/0x17c drivers/bluetooth/hci_vhci.c:690
 __fput+0x340/0x75c fs/file_table.c:468
 ____fput+0x20/0x58 fs/file_table.c:496
 task_work_run+0x1dc/0x260 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x52c/0x1a1c kernel/exit.c:971
 do_group_exit+0x194/0x22c kernel/exit.c:1112
 get_signal+0x11dc/0x12f8 kernel/signal.c:3034
 arch_do_signal_or_restart+0x268/0x46d4 arch/arm64/kernel/signal.c:1619
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x88/0x18c kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline]
 arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline]
 el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

Allocated by task 12523:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:78
 kasan_save_alloc_info+0x44/0x54 mm/kasan/generic.c:570
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x9c/0xb4 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __do_kmalloc_node mm/slub.c:5657 [inline]
 __kmalloc_node_track_caller_noprof+0x510/0x778 mm/slub.c:5764
 kmalloc_reserve+0x124/0x268 net/core/skbuff.c:608
 pskb_expand_head+0x150/0xe80 net/core/skbuff.c:2282
 netlink_trim+0x198/0x2c0 net/netlink/af_netlink.c:1299
 netlink_broadcast_filtered+0xc4/0xde8 net/netlink/af_netlink.c:1512
 nlmsg_multicast_filtered include/net/netlink.h:1165 [inline]
 nlmsg_multicast include/net/netlink.h:1184 [inline]
 nlmsg_notify+0xfc/0x1e0 net/netlink/af_netlink.c:2593
 rtnl_notify net/core/rtnetlink.c:958 [inline]
 rtmsg_ifinfo_send net/core/rtnetlink.c:4436 [inline]
 rtmsg_ifinfo_event net/core/rtnetlink.c:4452 [inline]
 rtmsg_ifinfo+0x138/0x188 net/core/rtnetlink.c:4458
 __dev_notify_flags+0xec/0x464 net/core/dev.c:9771
 netif_change_flags+0xd0/0x15c net/core/dev.c:9804
 do_setlink+0xa58/0x3658 net/core/rtnetlink.c:3158
 rtnl_changelink net/core/rtnetlink.c:3776 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3935 [inline]
 rtnl_newlink+0x1104/0x15e8 net/core/rtnetlink.c:4072
 rtnetlink_rcv_msg+0x664/0x97c net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6985
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x36c/0x4f4 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2209
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

Freed by task 12523:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:78
 kasan_save_free_info+0x58/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x74/0xa4 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6670 [inline]
 kfree+0x1c4/0x5fc mm/slub.c:6878
 skb_kfree_head net/core/skbuff.c:1068 [inline]
 skb_free_head+0xe4/0x198 net/core/skbuff.c:1080
 skb_release_data+0x4d4/0x664 net/core/skbuff.c:1107
 skb_release_all net/core/skbuff.c:1182 [inline]
 __kfree_skb net/core/skbuff.c:1196 [inline]
 consume_skb+0xb0/0x130 net/core/skbuff.c:1428
 netlink_broadcast_filtered+0xc60/0xde8 net/netlink/af_netlink.c:1535
 nlmsg_multicast_filtered include/net/netlink.h:1165 [inline]
 nlmsg_multicast include/net/netlink.h:1184 [inline]
 nlmsg_notify+0xfc/0x1e0 net/netlink/af_netlink.c:2593
 rtnl_notify net/core/rtnetlink.c:958 [inline]
 rtmsg_ifinfo_send net/core/rtnetlink.c:4436 [inline]
 rtmsg_ifinfo_event net/core/rtnetlink.c:4452 [inline]
 rtmsg_ifinfo+0x138/0x188 net/core/rtnetlink.c:4458
 __dev_notify_flags+0xec/0x464 net/core/dev.c:9771
 netif_change_flags+0xd0/0x15c net/core/dev.c:9804
 do_setlink+0xa58/0x3658 net/core/rtnetlink.c:3158
 rtnl_changelink net/core/rtnetlink.c:3776 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3935 [inline]
 rtnl_newlink+0x1104/0x15e8 net/core/rtnetlink.c:4072
 rtnetlink_rcv_msg+0x664/0x97c net/core/rtnetlink.c:6958
 netlink_rcv_skb+0x220/0x3fc net/netlink/af_netlink.c:2550
 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6985
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x694/0x8c4 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x648/0x930 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x36c/0x4f4 net/socket.c:2206
 __do_sys_sendto net/socket.c:2213 [inline]
 __se_sys_sendto net/socket.c:2209 [inline]
 __arm64_sys_sendto+0xd8/0xf8 net/socket.c:2209
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596

The buggy address belongs to the object at ffff0000f6548000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 1400 bytes inside of
 freed 2048-byte region [ffff0000f6548000, ffff0000f6548800)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x136548
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 05ffc00000000040 ffff0000c0002000 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 05ffc00000000040 ffff0000c0002000 dead000000000100 dead000000000122
head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 05ffc00000000003 fffffdffc3d95201 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000f6548400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000f6548480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff0000f6548500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                                ^
 ffff0000f6548580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff0000f6548600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
 slab kmalloc-2k start ffff0000f6548000 pointer offset 1400 size 2048
list_del corruption. prev->next should be ffff0000dd1c9578, but was 0000000000000000. (prev=ffff0000f6548578)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:64!
Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6742 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62
lr : __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62
sp : ffff8000a0757370
x29: ffff8000a0757370 x28: ffff0000c63172c0 x27: dfff800000000000
x26: ffff0000dd1cc00c x25: 1fffe0001ba39802 x24: dfff800000000000
x23: 1fffe0001eca90af x22: dfff800000000000 x21: ffff0000f6548578
x20: ffff0000f6548578 x19: ffff0000dd1c9578 x18: 1fffe00033781890
x17: 20747562202c3837 x16: ffff800082e5e68c x15: 0000000000000001
x14: 1ffff000140eadac x13: 0000000000000000 x12: 0000000000000000
x11: 00000000000142bb x10: 0000000000ff0100 x9 : a5faaa464cdb0f00
x8 : a5faaa464cdb0f00 x7 : 000000000027ad20 x6 : ffff8000805761f8
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000006d
Call trace:
 __list_del_entry_valid_or_report+0x17c/0x1b4 lib/list_debug.c:62 (P)
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 bt_accept_unlink+0x40/0x26c net/bluetooth/af_bluetooth.c:259
 l2cap_sock_teardown_cb+0x148/0x388 net/bluetooth/l2cap_sock.c:1616
 l2cap_chan_del+0xb8/0x498 net/bluetooth/l2cap_core.c:656
 l2cap_conn_del+0x2b8/0x53c net/bluetooth/l2cap_core.c:1788
 l2cap_disconn_cfm+0x90/0x104 net/bluetooth/l2cap_core.c:7326
 hci_disconn_cfm include/net/bluetooth/hci_core.h:2146 [inline]
 hci_conn_hash_flush+0x108/0x23c net/bluetooth/hci_conn.c:2637
 hci_dev_close_sync+0x65c/0xfd0 net/bluetooth/hci_sync.c:5326
 hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]
 hci_unregister_dev+0x204/0x52c net/bluetooth/hci_core.c:2715
 vhci_release+0x12c/0x17c drivers/bluetooth/hci_vhci.c:690
 __fput+0x340/0x75c fs/file_table.c:468
 ____fput+0x20/0x58 fs/file_table.c:496
 task_work_run+0x1dc/0x260 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x52c/0x1a1c kernel/exit.c:971
 do_group_exit+0x194/0x22c kernel/exit.c:1112
 get_signal+0x11dc/0x12f8 kernel/signal.c:3034
 arch_do_signal_or_restart+0x268/0x46d4 arch/arm64/kernel/signal.c:1619
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x88/0x18c kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:242 [inline]
 arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:81 [inline]
 el0_svc+0x17c/0x26c arch/arm64/kernel/entry-common.c:725
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
Code: 91058000 aa1303e1 aa1503e3 974a97c3 (d4210000) 
---[ end trace 0000000000000000 ]---

Crashes (111):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/01 02:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 35764559 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/11/14 23:12 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci db9030a787e3 f7988ea4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2026/01/25 19:29 upstream 913fb068e259 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/12/24 17:02 upstream b927546677c8 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/12/23 14:58 upstream b927546677c8 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/10/27 07:49 upstream 4bb1f7e19c4a c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/10/24 22:19 upstream 6fab32bb6508 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/09/24 12:39 upstream cec1e6e5d1ab 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/08/30 01:28 upstream fb679c832b64 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/31 08:27 upstream e8d780dcd957 f8f2b4da .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/26 16:32 upstream 5f33ebd2018c fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/25 12:24 upstream 2942242dde89 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/24 06:39 upstream 01a412d06bc5 0c1d6ded .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/22 20:08 upstream 89be9a83ccf1 85deaf45 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/19 17:45 upstream 4871b7cb27f4 7117feec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/13 06:48 upstream 3f31a806a62e 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/10 23:13 upstream bc9ff192a6c9 19d4829f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in bt_accept_unlink
2025/11/07 06:27 upstream c2c2ccfd4ba7 4e1406b4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2025/10/24 20:23 upstream 6fab32bb6508 c0460fcd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2025/08/20 23:44 upstream 41cd3fd15263 0b9605c8 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/24 10:17 upstream f9af7b5d9349 0c1d6ded .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/10 03:28 upstream 8c2e52ebbe88 956bd956 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2024/10/10 10:49 upstream d3d1556696c1 a156c552 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2024/10/01 18:11 upstream e32cde8d2bd7 e9f6e118 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Read in bt_accept_unlink
2025/09/21 02:28 upstream 3b08f56fbbb9 67c37560 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/09/26 00:32 linux-next 8e2755d7779a 0abd0691 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: slab-use-after-free Read in bt_accept_unlink
2026/01/14 22:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2026/01/01 20:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/12/22 06:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/12/14 01:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05c93f3395ed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/12/03 07:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 05c93f3395ed d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/11/12 18:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 74c964729281 07e030de .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/11/06 00:36 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci dcb6fa37fd7b a6c9c731 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/11/04 04:38 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci dcb6fa37fd7b 686bf657 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/08/19 11:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 523f460e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/08/17 16:07 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f5ae30d69d7 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/27 03:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 fb8f743d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/07/16 13:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ec4801305969 c118d736 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in bt_accept_unlink
2025/10/19 00:39 upstream f406055cb18c 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in bt_accept_unlink
2025/10/15 07:49 upstream 9b332cece987 b6605ba8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2025/08/31 05:29 upstream c8bc81a52d5a 807a3b61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2025/08/25 11:44 upstream 1b237f190eb3 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2025/08/25 08:02 upstream c330cb607721 bf27483f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in bt_accept_unlink
2025/08/07 02:01 upstream 479058002c32 4bd24a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2025/07/17 05:04 upstream e2291551827f 44f8051e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root BUG: corrupted list in bt_accept_unlink
2025/07/14 03:02 upstream 5d5d62298b8b 3cda49cf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-out-of-bounds Read in bt_accept_unlink
2025/11/30 20:55 upstream e69c7c175115 d1b870e1 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: use-after-free Read in bt_accept_unlink
2025/10/13 23:46 upstream 3a8660878839 b6605ba8 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-out-of-bounds Read in bt_accept_unlink
2025/11/06 07:38 upstream dc77806cf3b4 a6c9c731 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-out-of-bounds Read in bt_accept_unlink
2025/11/26 15:40 linux-next 663d0d1af3fa d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in bt_accept_unlink
2025/11/02 05:42 linux-next 98bd8b16ae57 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: slab-out-of-bounds Read in bt_accept_unlink
2026/01/13 19:11 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in bt_accept_unlink
2025/11/01 11:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci dcb6fa37fd7b 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in bt_accept_unlink
2025/10/27 17:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci b98c94eed4a9 fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-out-of-bounds Read in bt_accept_unlink
2025/10/23 20:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci b98c94eed4a9 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in bt_accept_unlink
2025/08/03 10:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 82af5ea7c611 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: use-after-free Read in bt_accept_unlink
* Struck through repros no longer work on HEAD.