Hillf,
first of all I should say that I'm new to bluetooth and may misunderstand something.
IIUC your patch at https://syzkaller.appspot.com/text?tag=Patch&x=15faf610e80000
assumes that an instances of 'struct sco_conn' can share the same 'struct sock'
(that's why an extra calls to 'sock_hold()' was added). OTOH my patch at
https://lore.kernel.org/linux-bluetooth/[email protected]/T/#t
assumes that this is wrong because SCO (by definition) is a point-to-point
link between the master device and a specific slave device, and prevents
from creating such a sharing instead. So the question is: should we always
assume 1:1 relationship between SCO connection and kernel socket?
Any comments are highly appreciated, thanks in advance.
Dmitry