syzbot: bluetooth subsystem

bluetooth subsystem

List(s): linux-bluetooth@vger.kernel.org
Maintainer(s): luiz.dentz@gmail.com, marcel@holtmann.org
Fixed bugs: 88
Parent subsystem(s): kernel (82)

open (44):
Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Discussions
WARNING in hci_conn_drop (2) bluetooth				1	36d	32d
INFO: task hung in hci_remote_features_evt (2) bluetooth	syz	error		7	9d02h	34d
KASAN: slab-use-after-free Read in bt_accept_dequeue (2) bluetooth				1	47d	42d
possible deadlock in l2cap_conn_del bluetooth	syz	error		151	49m	70d
KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump bluetooth	C			810	2h26m	70d	💬 3 [1d06h]
BUG: soft lockup in hci_cmd_timeout (2) bluetooth usb	syz			1	85d	81d
KASAN: wild-memory-access Read in l2cap_connect_cfm bluetooth				6	1d01h	84d
WARNING in hci_send_cmd (2) bluetooth				2	42d	103d
possible deadlock in l2cap_info_timeout bluetooth				15	9d16h	104d
general protection fault in bcsp_recv bluetooth	C	error		343	31m	114d
general protection fault in h5_recv bluetooth	C	done		566	4h18m	120d	💬 1 [18d]
general protection fault in __timer_delete_sync bluetooth	C	done		3	118d	122d	💬 1 [121d]
KASAN: null-ptr-deref Write in l2cap_sock_resume_cb (3) bluetooth				8	87d	132d
general protection fault in hci_devcd_register bluetooth				26	30d	150d
WARNING in hci_devcd_register bluetooth				3	77d	155d
KASAN: slab-use-after-free Read in msft_opcode_get bluetooth				17	1d13h	165d
KASAN: slab-use-after-free Read in force_devcd_write bluetooth	syz			350	3h51m	167d	💬 1 [18d]
WARNING: held lock freed in bt_accept_dequeue bluetooth				8	7d18h	173d
WARNING in hci_conn_timeout (2) bluetooth	C	error		478	7m	174d
KMSAN: uninit-value in hci_cmd_complete_evt bluetooth	C			23	6h37m	205d
INFO: task hung in hci_cmd_sync_clear (3) bluetooth	syz	done		7	10d	212d
KASAN: slab-use-after-free Read in l2cap_register_user bluetooth				12	20d	214d
KASAN: slab-use-after-free Read in l2cap_unregister_user bluetooth	syz	done		39323	26m	220d	💬 1 [18d]
BUG: corrupted list in hci_cmd_sync_dequeue_once bluetooth				47	1d04h	231d
KASAN: slab-use-after-free Read in bt_accept_unlink bluetooth				42	11d	231d
KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb bluetooth				41	3h00m	231d
KASAN: slab-use-after-free Read in cmd_complete_rsp bluetooth				18	88d	231d
KASAN: slab-use-after-free Read in l2cap_sock_ready_cb (2) bluetooth				47	10d	251d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth				15	31d	255d
WARNING: ODEBUG bug in hci_release_dev (2) bluetooth	C	error		250	6d09h	320d
possible deadlock in sco_connect_cfm bluetooth				21	90d	336d
KASAN: slab-use-after-free Read in hci_sock_get_cookie (2) bluetooth				47	28d	355d
BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth	C	inconclusive	error	141	75d	392d	💬 2 [81d]
possible deadlock in mgmt_remove_adv_monitor_complete bluetooth	C	unreliable		39	23d	403d
KASAN: slab-use-after-free Read in l2cap_recv_frame bluetooth	C	inconclusive	inconclusive	139	1d22h	408d	💬 2 [112d]
WARNING in hci_recv_frame bluetooth	C	error		70	8h19m	409d	💬 1 [21d]
KASAN: slab-use-after-free Read in hci_disconnect bluetooth				27	38d	410d
WARNING in l2cap_chan_send bluetooth				43	50d	422d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth	C	error	error	3383	300d	428d	💬 2 [333d]
WARNING in l2cap_chan_del bluetooth				246	18h15m	449d
general protection fault in lock_sock_nested bluetooth	C	done	done	2591	now	637d
WARNING in call_timer_fn bluetooth	C	unreliable		6880	1h19m	936d	💬 8 [18d]
general protection fault in l2cap_chan_timeout (3) bluetooth	C	inconclusive	inconclusive	37	5d07h	1215d
general protection fault in skb_release_data (2) net bluetooth	C	done	error	703	70d	1734d

moderation (2):
Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Discussions
KASAN: slab-use-after-free Read in skb_dequeue bluetooth				1	7d05h	3d05h
KASAN: slab-use-after-free Read in hidp_session_thread bluetooth				3	66d	116d