syzbot

Out of 95 bugs, 87 were automatically obsoleted (85 due to revoked reproducers), 8 were invalidated by users.
Applied filters: WithRepro (drop) Label=subsystems:bluetooth (drop)

Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported
possible deadlock in l2cap_conn_del bluetooth	4	syz	error	error	569	91d	450d
KASAN: slab-use-after-free Write in hci_conn_drop (3) bluetooth prio:high	22	C	error		1023	84d	203d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth	19	C	error	error	3383	680d	808d
general protection fault in skb_release_data (2) bluetooth net	22	C	done	error	703	450d	2115d
general protection fault in h5_recv bluetooth	10	C	done		3515	137d	500d
INFO: task hung in hci_conn_failed (4) bluetooth	1	syz			17	202d	378d
memory leak in __hci_cmd_sync_sk bluetooth usb	3	C			1	214d	219d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth	8	syz	error	error	46	244d	635d
BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth	19	C	inconclusive	error	153	294d	772d
general protection fault in __timer_delete_sync bluetooth	2	C	done		3	499d	502d
possible deadlock in mgmt_remove_adv_monitor_complete bluetooth	4	C	unreliable	done	39	403d	783d
BUG: soft lockup in hci_cmd_timeout (2) bluetooth usb	1	syz			1	466d	462d
general protection fault in qca_close arm-msm bluetooth	2	C	done		94	485d	503d
general protection fault in h5_close bluetooth	2	C	done		5	486d	489d
KASAN: slab-use-after-free Read in full_proxy_write bluetooth	19	C			36	474d	543d
general protection fault in bcsp_close bluetooth	2	C	done		3	491d	489d
KASAN: slab-use-after-free Read in l2cap_connect_cfm bluetooth	19	syz	inconclusive		36	475d	554d
KASAN: slab-use-after-free Read in __timer_delete bluetooth	19	C	done	done	1	575d	574d
possible deadlock in mgmt_set_connectable_complete bluetooth	4	syz			44	575d	767d
KASAN: slab-use-after-free Write in sco_conn_del bluetooth	22	C	done		87	605d	1122d
WARNING in l2cap_do_send (2) bluetooth	-1	syz			1	897d	911d
possible deadlock in rfcomm_dlc_exists bluetooth	4	C	error	done	13649	618d	1251d
KASAN: slab-use-after-free Read in skb_release_head_state bluetooth	19	syz	error	error	135	652d	794d
KASAN: slab-use-after-free Read in sk_skb_reason_drop bluetooth	19	syz	error	error	412	678d	730d
BUG: workqueue leaked atomic, lock or RCU: kworker/u9:NUM[NUM] bluetooth	-1	C			28	689d	716d
KASAN: slab-use-after-free Read in __lock_sock (2) bluetooth	19	C			5	724d	739d
general protection fault in l2cap_publish_rx_avail bluetooth	2	C			6	737d	737d
WARNING in hci_conn_set_handle bluetooth	-1	C	error	done	7	750d	802d
KASAN: use-after-free Read in __queue_work (3) bluetooth	19	syz	done	done	83	1317d	2146d
KASAN: use-after-free Read in __sco_sock_close bluetooth	19	syz	error	error	1	2151d	2150d
KASAN: slab-out-of-bounds Read in rfcomm_sock_setsockopt bluetooth	17	C	error	error	8	797d	811d
KASAN: slab-out-of-bounds Read in hci_sock_setsockopt bluetooth	17	C	done	unreliable	5	806d	811d
WARNING in ida_free (2) bluetooth	-1	C			14	862d	862d
KASAN: slab-out-of-bounds Read in sco_sock_setsockopt bluetooth	17	C	unreliable		28	797d	811d
KASAN: slab-out-of-bounds Read in l2cap_sock_setsockopt bluetooth	17	C			36	800d	811d
KASAN: slab-use-after-free Write in hci_conn_drop (2) bluetooth	22	C	done		7	834d	965d
INFO: task hung in hci_conn_failed bluetooth	1	C	done		1	836d	879d
possible deadlock in hci_dev_do_close (2) bluetooth	4	C	done		10	784d	789d
BUG: sleeping function called from invalid context in hci_cmd_sync_submit bluetooth	19	C	done	done	3400	843d	1087d
KMSAN: uninit-value in eir_get_service_data bluetooth	7	C			22	844d	906d
INFO: task hung in hci_release_dev bluetooth	1	C	done		18	871d	869d
KASAN: slab-use-after-free Read in hci_send_acl bluetooth	19	C	done	done	1323	865d	1038d
KASAN: slab-use-after-free Write in __sco_sock_close bluetooth	22	C	done	done	63	882d	1028d
KASAN: slab-use-after-free Read in __lock_sock bluetooth	19	C			1	945d	945d
INFO: task can't die in __lock_sock bluetooth	1	C	done	error	1067	960d	1774d
memory leak in hci_conn_add (2) bluetooth	3	C			65	968d	1026d
general protection fault in hci_uart_tty_ioctl bluetooth	2	C	error	done	4	1030d	1408d
KASAN: use-after-free Write in hci_conn_del bluetooth	22	syz	done	inconclusive	3	1737d	2150d
WARNING: bad unlock balance in l2cap_disconnect_rsp bluetooth	4	C			72	1137d	1163d
general protection fault in hci_phy_link_complete_evt bluetooth	2	C	done	unreliable	50	2025d	2152d
WARNING: locking bug in finish_task_switch bluetooth net	4	C	done	inconclusive	131	1243d	2354d
BUG: corrupted list in kobject_add_internal (4) bluetooth	8	C	error	done	4	1383d	1379d
INFO: task hung in hci_dev_do_open (2) bluetooth	1	C	done	done	166	1418d	1503d
BUG: corrupted list in klist_release bluetooth	19	C	unreliable	inconclusive	34	1363d	2017d
KASAN: use-after-free Read in l2cap_conn_del bluetooth	19	C	error		12	1337d	1367d
KASAN: use-after-free Read in h5_rx_3wire_hdr bluetooth	19	syz	error		3	1763d	2529d
WARNING: refcount bug in l2cap_global_chan_by_psm bluetooth	13	C	done	inconclusive	26	1788d	2150d
KASAN: use-after-free Read in hci_chan_del bluetooth	19	C	done	done	87	1873d	2152d
WARNING: held lock freed in l2cap_conn_del bluetooth	4	C	done	error	13	1338d	1370d
INFO: task hung in hci_power_on bluetooth	1	C	done	inconclusive	37	1448d	1484d
WARNING in cancel_delayed_work bluetooth	-1	C	done	done	611	1468d	2155d
BUG: unable to handle kernel NULL pointer dereference in device_find_child bluetooth	10	C			5	1336d	1353d
BUG: corrupted list in hci_conn_del_sysfs bluetooth	8	C			14	1336d	1348d
BUG: unable to handle kernel NULL pointer dereference in klist_next bluetooth	10	C			1	1358d	1358d
WARNING: ODEBUG bug in cancel_delayed_work (2) bluetooth	-1	C	inconclusive	inconclusive	13	1443d	1664d
BUG: corrupted list in klist_dec_and_del bluetooth	19	C	inconclusive	inconclusive	3	1366d	1902d
KASAN: use-after-free Read in h4_recv_buf bluetooth	19	C	inconclusive	done	3	1774d	1771d
BUG: corrupted list in kobj_kset_join bluetooth	8	C			1	1382d	1378d
KASAN: use-after-free Write in hci_sock_bind (2) bluetooth	22	C	done	unreliable	26	2032d	2306d
INFO: trying to register non-static key in l2cap_chan_close bluetooth	-1	syz	done		1	2148d	2148d
KASAN: use-after-free Read in hci_get_auth_info bluetooth	19	syz	error	error	1	2147d	2147d
WARNING: locking bug in hci_dev_reset bluetooth	4	syz	done	inconclusive	1	1869d	2150d
KMSAN: uninit-value in process_adv_report bluetooth	7	C			10	2005d	2152d
WARNING: refcount bug in bt_accept_dequeue bluetooth	13	syz	error	error	2	1505d	2148d
memory leak in mgmt_cmd_status bluetooth	3	C			2	1906d	2115d
general protection fault in klist_next bluetooth	17	C	error		33	1359d	1413d
general protection fault in skb_dequeue (2) bluetooth	19	C	inconclusive	done	9	1718d	1803d
KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth	17	syz	unreliable	done	23	1703d	2143d
general protection fault in sco_sock_getsockopt bluetooth	2	C	done		2256	2017d	2319d
KMSAN: uninit-value in vsscanf bluetooth	7	syz			9	1575d	1641d
KMSAN: uninit-value in hci_conn_request_evt bluetooth	7	C			3	1634d	1700d
general protection fault in skb_put bluetooth	2	C	done	error	43	2116d	2697d
memory leak in hci_conn_add bluetooth	3	syz			1	2148d	2148d
KMSAN: uninit-value in hci_phy_link_complete_evt bluetooth	7	C			3	1711d	1707d
KASAN: slab-out-of-bounds Read in bacpy bluetooth	17	C	done	inconclusive	21	2198d	2725d
KMSAN: uninit-value in hci_event_packet (3) bluetooth	7	C			10	1822d	1913d
memory leak in hci_inquiry_cache_update bluetooth	3	syz			5	2182d	2490d
KMSAN: uninit-value in hci_chan_lookup_handle bluetooth	7	C			3	2139d	2139d
WARNING: locking bug in l2cap_chan_del bluetooth	4	syz	inconclusive	inconclusive	83	1869d	2148d
KASAN: use-after-free Write in hci_sock_release bluetooth	22	C	done	done	8	2260d	2801d
KASAN: use-after-free Read in skb_release_data (2) bluetooth	19	syz	done	done	1	2306d	2306d
WARNING: refcount bug in l2cap_chan_hold bluetooth	13	C			8	1505d	1502d
BUG: corrupted list in bt_accept_unlink bluetooth	8	syz	error	error	1	2140d	2140d
KMSAN: uninit-value in hci_inquiry_cache_update bluetooth	7	C			2	2628d	2628d
KMSAN: uninit-value in kfree_skb bluetooth	7	C			11	2453d	2511d