syzbot: bluetooth subsystem

bluetooth subsystem

List(s): linux-bluetooth@vger.kernel.org
Maintainer(s): luiz.dentz@gmail.com, marcel@holtmann.org
Fixed bugs: 97
Parent subsystem(s): kernel (92)

open (42):
Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Discussions
INFO: task hung in get_signal (2) bluetooth	1	syz			1	5d02h	1d02h
KASAN: slab-use-after-free Write in hci_conn_drop (3) bluetooth	24	C	error		40	22h37m	3d17h	💬 1 [3d03h]
KASAN: slab-use-after-free Read in skb_pull bluetooth	19				1	13d	8d20h
KASAN: slab-use-after-free Read in hci_cmd_work (2) bluetooth	19				27015	18d	18d
memory leak in __hci_cmd_sync_sk bluetooth usb	3	C			1	14d	19d	💬 19 [13d]
linux-next test error: KASAN: slab-use-after-free Read in hci_cmd_work bluetooth	-1				4	19d	22d
INFO: trying to register non-static key in l2cap_unregister_user bluetooth	-1				1	55d	51d
KASAN: vmalloc-out-of-bounds Read in kcov_remote_start bluetooth	17				376	6m	63d
KASAN: slab-use-after-free Read in l2cap_disconn_ind (2) bluetooth	19				6	28d	63d
WARNING in hci_conn_drop (3) bluetooth	-1				2	32d	64d
BUG: unable to handle kernel paging request in l2cap_conn_del bluetooth	8				1	81d	77d
KASAN: slab-use-after-free Read in hidp_session_thread (2) bluetooth	19				2	37d	86d
WARNING in hci_devcd_register (2) bluetooth	-1				4	94d	113d
stack segment fault in kernfs_rename_ns bluetooth	2				23	2h11m	140d
KASAN: slab-use-after-free Read in hci_uart_write_work bluetooth	19	syz	error		15	3d19h	145d	💬 3 [138d]
INFO: task hung in hci_conn_failed (4) bluetooth	1	syz			17	1d19h	178d
INFO: task hung in hci_remote_features_evt (2) bluetooth	1	syz	error	inconclusive	9	69d	214d
possible deadlock in l2cap_conn_del bluetooth	4	syz	error		410	21h55m	250d
KASAN: wild-memory-access Read in l2cap_connect_cfm bluetooth	19	C	error		113	54m	264d	💬 1 [55d]
possible deadlock in l2cap_info_timeout bluetooth	4				46	22d	284d
general protection fault in h5_recv bluetooth	10	C	done		2560	2h55m	300d	💬 1 [9d16h]
KASAN: slab-use-after-free Read in msft_opcode_get bluetooth	19				19	96d	345d
KASAN: slab-use-after-free Read in force_devcd_write bluetooth	19	C			448	93d	347d	💬 4 [103d]
WARNING: held lock freed in bt_accept_dequeue bluetooth	4				16	29d	353d
WARNING in hci_conn_timeout (2) bluetooth	-1	C	error		1731	8m	354d
INFO: task hung in hci_cmd_sync_clear (3) bluetooth	1	syz	done		33	8h23m	392d
KASAN: slab-use-after-free Read in l2cap_unregister_user bluetooth	24	C	done		45397	1h12m	400d	PATCH [30d]
BUG: corrupted list in hci_cmd_sync_dequeue_once bluetooth	8				129	36d	411d
KASAN: slab-use-after-free Read in bt_accept_unlink bluetooth	19	syz			102	3d22h	411d	💬 1 [22d]
KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb bluetooth	19	syz	error		92	2d00h	411d	💬 3 [11d]
KASAN: slab-use-after-free Read in l2cap_sock_ready_cb (2) bluetooth	19				61	40d	431d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth	8	syz	error		46	43d	435d	💬 1 [164d]
WARNING: ODEBUG bug in hci_release_dev (2) bluetooth	-1	C	error		397	2d19h	500d
KASAN: slab-use-after-free Read in l2cap_recv_frame bluetooth	19	C	inconclusive	inconclusive	139	9d01h	588d	💬 2 [73d]
WARNING in hci_recv_frame bluetooth	-1	C	error		117	3d06h	589d	💬 1 [201d]
WARNING in l2cap_chan_send bluetooth	-1				52	18h29m	602d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth	19	C	error	error	3383	480d	608d	💬 2 [513d]
WARNING in l2cap_chan_del bluetooth	-1				331	3d01h	629d
general protection fault in lock_sock_nested bluetooth	19	C	done	done	3842	58m	817d
WARNING in call_timer_fn bluetooth	-1	C	unreliable		7746	16m	1116d	💬 8 [9d16h]
general protection fault in l2cap_chan_timeout (3) bluetooth	19	C	inconclusive	inconclusive	74	9d21h	1395d
general protection fault in skb_release_data (2) net bluetooth	24	C	done	error	703	250d	1914d

moderation (3):
Title	Rank 🛈	Count	Last	Reported
KCSAN: data-race in hci_uart_open / hci_uart_tty_close bluetooth	6	1	41d	41d
WARNING: refcount bug in hci_conn_del_sysfs bluetooth	13	1	79d	75d
KASAN: slab-use-after-free Read in skb_dequeue bluetooth	19	4	86d	183d