syzbot: bluetooth subsystem

bluetooth subsystem

List(s): linux-bluetooth@vger.kernel.org
Maintainer(s): luiz.dentz@gmail.com, marcel@holtmann.org
Fixed bugs: 93
Parent subsystem(s): kernel (93)

open (39):
Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Discussions
KASAN: slab-use-after-free Read in l2cap_disconn_ind (2) bluetooth	19				5	2d07h	2d07h
WARNING in hci_conn_drop (3) bluetooth	-1				1	7d05h	3d04h
BUG: unable to handle kernel paging request in l2cap_conn_del bluetooth	8				1	20d	16d
KASAN: slab-use-after-free Read in hidp_session_thread (2) bluetooth	19				1	29d	25d
WARNING in hci_devcd_register (2) bluetooth	-1				4	33d	52d
WARNING: kobject bug in hci_disconnect_all_sync bluetooth	-1				1	73d	69d
WARNING in l2cap_send_disconn_req (2) bluetooth	-1				1	80d	76d
stack segment fault in kernfs_rename_ns bluetooth	2				14	4d13h	78d
KASAN: slab-use-after-free Read in hci_uart_write_work bluetooth	19	syz			7	3d18h	84d	💬 3 [76d]
KASAN: slab-use-after-free Read in btusb_disconnect usb bluetooth	19	C			5	8d16h	94d	💬 1 [94d]
INFO: task hung in hci_conn_failed (4) bluetooth	1	syz			15	6d19h	117d
INFO: task hung in hci_remote_features_evt (2) bluetooth	1	syz	error	inconclusive	9	8d03h	152d
possible deadlock in l2cap_conn_del bluetooth	4	syz	error		295	15h34m	189d
KASAN: wild-memory-access Read in l2cap_connect_cfm bluetooth	19	syz	error		56	2h32m	203d	💬 1 [23d]
possible deadlock in l2cap_info_timeout bluetooth	4				41	16d	223d
general protection fault in h5_recv bluetooth	10	C	done		1854	3h03m	239d	💬 1 [12d]
general protection fault in hci_devcd_register bluetooth	17				31	56d	269d
KASAN: slab-use-after-free Read in msft_opcode_get bluetooth	19				19	35d	284d
KASAN: slab-use-after-free Read in force_devcd_write bluetooth	19	C			448	32d	285d	💬 4 [42d]
WARNING: held lock freed in bt_accept_dequeue bluetooth	4				10	34d	292d
WARNING in hci_conn_timeout (2) bluetooth	-1	C	error		756	5h34m	293d
KMSAN: uninit-value in hci_cmd_complete_evt bluetooth	7	C			31	18d	324d
INFO: task hung in hci_cmd_sync_clear (3) bluetooth	1	syz	done		18	6d18h	331d
KASAN: slab-use-after-free Read in l2cap_unregister_user bluetooth	24	C	done		43573	now	339d	💬 2 [12d]
BUG: corrupted list in hci_cmd_sync_dequeue_once bluetooth	8				119	2d20h	350d
KASAN: slab-use-after-free Read in bt_accept_unlink bluetooth	19				83	10d	350d
KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb bluetooth	19				67	7d17h	350d
KASAN: slab-use-after-free Read in l2cap_sock_ready_cb (2) bluetooth	19				59	25d	370d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth	8	syz	error		42	5d12h	374d	💬 1 [102d]
WARNING: ODEBUG bug in hci_release_dev (2) bluetooth	-1	C	error		366	18h41m	439d
KASAN: slab-use-after-free Read in l2cap_recv_frame bluetooth	19	C	inconclusive	inconclusive	139	18d	527d	💬 2 [12d]
WARNING in hci_recv_frame bluetooth	-1	C	error		95	2d13h	528d	💬 1 [140d]
WARNING in l2cap_chan_send bluetooth	-1				48	7d04h	540d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth	19	C	error	error	3383	418d	547d	💬 2 [452d]
WARNING in l2cap_chan_del bluetooth	-1				306	4d02h	568d
general protection fault in lock_sock_nested bluetooth	19	C	done	done	3491	1h24m	756d
WARNING in call_timer_fn bluetooth	-1	C	unreliable		7430	5h19m	1055d	💬 8 [12d]
general protection fault in l2cap_chan_timeout (3) bluetooth	19	C	inconclusive	inconclusive	65	1d16h	1334d
general protection fault in skb_release_data (2) net bluetooth	24	C	done	error	703	188d	1853d

moderation (7):
Title	Rank 🛈	Count	Last	Reported
WARNING: refcount bug in hci_conn_del_sysfs bluetooth	13	1	17d	13d
KASAN: slab-use-after-free Read in l2cap_register_user (2) bluetooth	19	1	29d	25d
KASAN: slab-use-after-free Read in l2cap_recv_acldata (2) bluetooth	19	2	27d	26d
KASAN: slab-use-after-free Read in full_proxy_write (2) bluetooth	19	3	42d	41d
general protection fault in skb_queue_tail (4) bluetooth	2	1	49d	45d
KASAN: slab-use-after-free Read in force_suspend_read (2) bluetooth	19	1	49d	45d
KASAN: slab-use-after-free Read in skb_dequeue bluetooth	19	4	25d	121d