syzbot

Out of 95 bugs, 87 were automatically obsoleted (85 due to revoked reproducers), 8 were invalidated by users.
Applied filters: WithRepro (drop) Label=subsystems:bluetooth (drop)

Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported
possible deadlock in l2cap_conn_del bluetooth	4	syz	error	error	569	88d	447d
KASAN: slab-use-after-free Write in hci_conn_drop (3) bluetooth prio:high	22	C	error		1023	80d	200d
KASAN: slab-use-after-free Read in __hci_req_sync bluetooth	19	C	error	error	3383	676d	805d
general protection fault in skb_release_data (2) bluetooth net	22	C	done	error	703	446d	2111d
general protection fault in h5_recv bluetooth	10	C	done		3515	134d	497d
INFO: task hung in hci_conn_failed (4) bluetooth	1	syz			17	198d	375d
memory leak in __hci_cmd_sync_sk bluetooth usb	3	C			1	211d	216d
BUG: corrupted list in _hci_cmd_sync_cancel_entry bluetooth	8	syz	error	error	46	240d	632d
BUG: sleeping function called from invalid context in lock_sock_nested (3) bluetooth	19	C	inconclusive	error	153	291d	769d
general protection fault in __timer_delete_sync bluetooth	2	C	done		3	495d	499d
possible deadlock in mgmt_remove_adv_monitor_complete bluetooth	4	C	unreliable	done	39	399d	779d
BUG: soft lockup in hci_cmd_timeout (2) bluetooth usb	1	syz			1	462d	458d
general protection fault in qca_close arm-msm bluetooth	2	C	done		94	481d	500d
general protection fault in h5_close bluetooth	2	C	done		5	483d	486d
KASAN: slab-use-after-free Read in full_proxy_write bluetooth	19	C			36	471d	539d
general protection fault in bcsp_close bluetooth	2	C	done		3	487d	486d
KASAN: slab-use-after-free Read in l2cap_connect_cfm bluetooth	19	syz	inconclusive		36	472d	551d
KASAN: slab-use-after-free Read in __timer_delete bluetooth	19	C	done	done	1	572d	571d
possible deadlock in mgmt_set_connectable_complete bluetooth	4	syz			44	571d	763d
KASAN: slab-use-after-free Write in sco_conn_del bluetooth	22	C	done		87	601d	1118d
WARNING in l2cap_do_send (2) bluetooth	-1	syz			1	894d	907d
possible deadlock in rfcomm_dlc_exists bluetooth	4	C	error	done	13649	614d	1248d
KASAN: slab-use-after-free Read in skb_release_head_state bluetooth	19	syz	error	error	135	648d	790d
KASAN: slab-use-after-free Read in sk_skb_reason_drop bluetooth	19	syz	error	error	412	675d	727d
BUG: workqueue leaked atomic, lock or RCU: kworker/u9:NUM[NUM] bluetooth	-1	C			28	685d	712d
KASAN: slab-use-after-free Read in __lock_sock (2) bluetooth	19	C			5	721d	735d
general protection fault in l2cap_publish_rx_avail bluetooth	2	C			6	734d	734d
WARNING in hci_conn_set_handle bluetooth	-1	C	error	done	7	746d	798d
KASAN: use-after-free Read in __queue_work (3) bluetooth	19	syz	done	done	83	1314d	2142d
KASAN: use-after-free Read in __sco_sock_close bluetooth	19	syz	error	error	1	2147d	2147d
KASAN: slab-out-of-bounds Read in rfcomm_sock_setsockopt bluetooth	17	C	error	error	8	794d	807d
KASAN: slab-out-of-bounds Read in hci_sock_setsockopt bluetooth	17	C	done	unreliable	5	802d	807d
WARNING in ida_free (2) bluetooth	-1	C			14	858d	859d
KASAN: slab-out-of-bounds Read in sco_sock_setsockopt bluetooth	17	C	unreliable		28	794d	807d
KASAN: slab-out-of-bounds Read in l2cap_sock_setsockopt bluetooth	17	C			36	797d	807d
KASAN: slab-use-after-free Write in hci_conn_drop (2) bluetooth	22	C	done		7	830d	961d
INFO: task hung in hci_conn_failed bluetooth	1	C	done		1	832d	875d
possible deadlock in hci_dev_do_close (2) bluetooth	4	C	done		10	781d	786d
BUG: sleeping function called from invalid context in hci_cmd_sync_submit bluetooth	19	C	done	done	3400	839d	1083d
KMSAN: uninit-value in eir_get_service_data bluetooth	7	C			22	840d	902d
INFO: task hung in hci_release_dev bluetooth	1	C	done		18	868d	865d
KASAN: slab-use-after-free Read in hci_send_acl bluetooth	19	C	done	done	1323	862d	1035d
KASAN: slab-use-after-free Write in __sco_sock_close bluetooth	22	C	done	done	63	878d	1024d
KASAN: slab-use-after-free Read in __lock_sock bluetooth	19	C			1	942d	942d
INFO: task can't die in __lock_sock bluetooth	1	C	done	error	1067	957d	1771d
memory leak in hci_conn_add (2) bluetooth	3	C			65	964d	1022d
general protection fault in hci_uart_tty_ioctl bluetooth	2	C	error	done	4	1027d	1405d
KASAN: use-after-free Write in hci_conn_del bluetooth	22	syz	done	inconclusive	3	1733d	2147d
WARNING: bad unlock balance in l2cap_disconnect_rsp bluetooth	4	C			72	1133d	1159d
general protection fault in hci_phy_link_complete_evt bluetooth	2	C	done	unreliable	50	2022d	2149d
WARNING: locking bug in finish_task_switch bluetooth net	4	C	done	inconclusive	131	1239d	2351d
BUG: corrupted list in kobject_add_internal (4) bluetooth	8	C	error	done	4	1379d	1375d
INFO: task hung in hci_dev_do_open (2) bluetooth	1	C	done	done	166	1414d	1499d
BUG: corrupted list in klist_release bluetooth	19	C	unreliable	inconclusive	34	1359d	2013d
KASAN: use-after-free Read in l2cap_conn_del bluetooth	19	C	error		12	1333d	1364d
KASAN: use-after-free Read in h5_rx_3wire_hdr bluetooth	19	syz	error		3	1760d	2526d
WARNING: refcount bug in l2cap_global_chan_by_psm bluetooth	13	C	done	inconclusive	26	1784d	2146d
KASAN: use-after-free Read in hci_chan_del bluetooth	19	C	done	done	87	1870d	2149d
WARNING: held lock freed in l2cap_conn_del bluetooth	4	C	done	error	13	1334d	1366d
INFO: task hung in hci_power_on bluetooth	1	C	done	inconclusive	37	1445d	1480d
WARNING in cancel_delayed_work bluetooth	-1	C	done	done	611	1465d	2151d
BUG: unable to handle kernel NULL pointer dereference in device_find_child bluetooth	10	C			5	1333d	1350d
BUG: corrupted list in hci_conn_del_sysfs bluetooth	8	C			14	1333d	1344d
BUG: unable to handle kernel NULL pointer dereference in klist_next bluetooth	10	C			1	1355d	1355d
WARNING: ODEBUG bug in cancel_delayed_work (2) bluetooth	-1	C	inconclusive	inconclusive	13	1439d	1660d
BUG: corrupted list in klist_dec_and_del bluetooth	19	C	inconclusive	inconclusive	3	1362d	1899d
KASAN: use-after-free Read in h4_recv_buf bluetooth	19	C	inconclusive	done	3	1770d	1767d
BUG: corrupted list in kobj_kset_join bluetooth	8	C			1	1379d	1375d
KASAN: use-after-free Write in hci_sock_bind (2) bluetooth	22	C	done	unreliable	26	2028d	2302d
INFO: trying to register non-static key in l2cap_chan_close bluetooth	-1	syz	done		1	2144d	2144d
KASAN: use-after-free Read in hci_get_auth_info bluetooth	19	syz	error	error	1	2144d	2143d
WARNING: locking bug in hci_dev_reset bluetooth	4	syz	done	inconclusive	1	1865d	2146d
KMSAN: uninit-value in process_adv_report bluetooth	7	C			10	2001d	2149d
WARNING: refcount bug in bt_accept_dequeue bluetooth	13	syz	error	error	2	1501d	2144d
memory leak in mgmt_cmd_status bluetooth	3	C			2	1903d	2111d
general protection fault in klist_next bluetooth	17	C	error		33	1355d	1409d
general protection fault in skb_dequeue (2) bluetooth	19	C	inconclusive	done	9	1715d	1799d
KASAN: slab-out-of-bounds Read in lock_sock_nested bluetooth	17	syz	unreliable	done	23	1700d	2140d
general protection fault in sco_sock_getsockopt bluetooth	2	C	done		2256	2013d	2315d
KMSAN: uninit-value in vsscanf bluetooth	7	syz			9	1572d	1638d
KMSAN: uninit-value in hci_conn_request_evt bluetooth	7	C			3	1630d	1696d
general protection fault in skb_put bluetooth	2	C	done	error	43	2112d	2694d
memory leak in hci_conn_add bluetooth	3	syz			1	2144d	2144d
KMSAN: uninit-value in hci_phy_link_complete_evt bluetooth	7	C			3	1707d	1704d
KASAN: slab-out-of-bounds Read in bacpy bluetooth	17	C	done	inconclusive	21	2195d	2722d
KMSAN: uninit-value in hci_event_packet (3) bluetooth	7	C			10	1819d	1910d
memory leak in hci_inquiry_cache_update bluetooth	3	syz			5	2178d	2487d
KMSAN: uninit-value in hci_chan_lookup_handle bluetooth	7	C			3	2135d	2136d
WARNING: locking bug in l2cap_chan_del bluetooth	4	syz	inconclusive	inconclusive	83	1866d	2144d
KASAN: use-after-free Write in hci_sock_release bluetooth	22	C	done	done	8	2257d	2798d
KASAN: use-after-free Read in skb_release_data (2) bluetooth	19	syz	done	done	1	2303d	2303d
WARNING: refcount bug in l2cap_chan_hold bluetooth	13	C			8	1502d	1498d
BUG: corrupted list in bt_accept_unlink bluetooth	8	syz	error	error	1	2137d	2136d
KMSAN: uninit-value in hci_inquiry_cache_update bluetooth	7	C			2	2624d	2624d
KMSAN: uninit-value in kfree_skb bluetooth	7	C			11	2449d	2507d