syzbot



Linux

fixed (856):
Title Repro Count Last Reported Closed Patch
KASAN: use-after-free Write in ip6_dst_destroy 1 77d 77d 10d ipv6: use fib6_info_hold_safe() when necessary
KASAN: stack-out-of-bounds Read in fib_table_lookup 1 69d 69d 11d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in wiphy_register (2) C 8 37d 38d 12d mac80211_hwsim: require at least one channel
KASAN: use-after-free Read in tipc_group_fill_sock_diag syz 35 18d 35d 12d tipc: switch to rhashtable iterator
KASAN: global-out-of-bounds Read in ip6_xmit 2 192d 193d 12d l2tp: fix races with ipv4-mapped ipv6 addresses
WARNING in __fsnotify_recalc_mask syz 9 34d 35d 12d fsnotify: fix false positive warning on inode delete
KASAN: use-after-free Read in sctp_transport_get_next C 6 27d 30d 12d sctp: hold transport before accessing its asoc in sctp_transport_get_next
KASAN: stack-out-of-bounds Read in __schedule syz 4 23d 25d 12d bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
BUG: soft lockup in shrink_dcache_parent (2) 7 104d 111d 12d restore cond_resched() in shrink_dcache_parent()
INFO: task hung in fsnotify_mark_destroy_workfn syz 13 44d 158d 15d android: binder: Rate-limit debug and userspace triggered err msgs
KASAN: use-after-free Read in ip6_tnl_start_xmit 1 145d 145d 17d packet: in packet_snd start writing at link layer allocation
INFO: rcu detected stall in snd_pcm_oss_prepare 4 165d 168d 18d ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
WARNING in up_write C 725 125d 173d 18d locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
BUG: soft lockup in d_walk C 163 104d 149d 18d restore cond_resched() in shrink_dcache_parent()
general protection fault in vsscanf C 7 44d 74d 19d 9p: fix multiple NULL-pointer-dereferences
net-next boot error 66 53d 59d 25d virtio-net: correctly update XDP_TX counters
WARNING in input_alloc_absinfo C 318 28d 101d 25d Input: do not use WARN() in input_alloc_absinfo()
KASAN: use-after-free Read in ip6_hold_safe C 1 51d 51d 25d l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
KASAN: use-after-free Read in iotlb_access_ok 1 51d 47d 25d vhost: reset metadata cache when initializing new IOTLB
general protection fault in process_init_reply C 24 32d 67d 25d fuse: Fix oops at process_init_reply()
WARNING: suspicious RCU usage in bpf_prog_array_copy_core C 22873 26d 40d 25d bpf: fix a rcu usage warning in bpf_prog_array_copy_core()
WARNING: lock held when returning to user space in fuse_lock_inode C 1439 32d 72d 25d fuse: fix initial parallel dirops
WARNING: refcount bug in llc_sap_find C 18 45d 46d 25d llc: use refcount_inc_not_zero() for llc_sap_find()
possible deadlock in rhashtable_lookup_insert_fast C 28 37d 40d 25d ila: make lockdep happy again
KASAN: slab-out-of-bounds Write in crypto_dh_encode_key C 1401 48d 76d 25d crypto: dh - fix calculating encoded key size
KASAN: slab-out-of-bounds Read in _autofs_dev_ioctl C 5 38d 39d 25d autofs: fix autofs_sbi() does not check super block type
KASAN: use-after-free Write in ip6_hold_safe C 25 49d 60d 25d l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
general protection fault in validate_checkpoint 186 52d 52d 25d f2fs: fix invalid memory access
BUG: soft lockup in snd_virmidi_output_trigger 3 65d 167d 25d ALSA: virmidi: Fix too long output trigger loop
general protection fault in send_sigurg_to_task C 6 37d 41d 25d signal: Don't send signals to tasks that don't exist
KASAN: slab-out-of-bounds Write in eth_header_parse C 7 44d 57d 25d packet: refine ring v3 block size test to hold one frame
WARNING in __snd_rawmidi_transmit_ack (2) C 6 32d 39d 25d ALSA: seq: virmidi: Fix discarding the unsubscribed output
general protection fault in send_sigio_to_task C 176 37d 41d 25d signal: Don't send signals to tasks that don't exist
KASAN: use-after-free Read in do_shrink_slab 9 32d 35d 25d mm: check shrinker is memcg-aware in register_shrinker_prepared()
KMSAN: uninit-value in do_msgrcv C 8 25d 102d 25d ["ipc/util.c: use ipc_rcu_putref() for failues in ipc_addid()" "ipc: compute kern_ipc_perm.id under the ipc lock" "ipc: reorganize initialization of kern_ipc_perm.seq"]
WARNING: ODEBUG bug in vsock_stream_connect C 42 45d 54d 25d vsock: split dwork to avoid reinitializations
KASAN: slab-out-of-bounds Read in pdu_read C 267 41d 76d 25d ["9p: validate PDU length" "net/9p/client.c: version pointer uninitialized"]
WARNING in close_fs_devices C 137 66d 109d 25d btrfs: fix mount and ioctl device scan ioctl race
general protection fault in string (2) 1 51d 51d 25d net: check extack._msg before print
general protection fault in p9_fd_create_unix C 4 71d 75d 25d 9p: fix multiple NULL-pointer-dereferences
general protection fault in mount_fs C 1 171d 171d 25d hfsplus: don't return 0 when fill_super() failed
general protection fault in open_fs_devices C 8 77d 108d 25d btrfs: fix mount and ioctl device scan ioctl race
general protection fault in smc_ioctl (3) C 15 44d 46d 25d net/smc: move sock lock in smc_ioctl()
KASAN: slab-out-of-bounds Write in vmac_final C 2 102d 99d 25d crypto: vmac - separate tfm and request context
BUG: corrupted list in p9_fd_cancel C 34 62d 75d 25d net/9p/trans_fd.c: fix race by holding the lock
general protection fault in smc_tx_prepared_sends C 7 50d 52d 25d net/smc: move sock lock in smc_ioctl()
KASAN: use-after-free Read in p9_poll_workfn C 148 36d 76d 25d net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
WARNING: bad usercopy in __kvm_write_guest_page C 4 126d 119d 29d KVM: vmx: use local variable for current_vmptr when emulating VMPTRST
WARNING in refcount_inc (3) C 7 174d 175d 29d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Write in irq_bypass_register_consumer C 1632 66d 327d 29d KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
KASAN: slab-out-of-bounds Write in process_preds C 6020 89d 165d 29d tracing: Check for no filter when processing event filters
kernel BUG at net/ipv6/route.c:LINE! C 197 48d 70d 45d ipv6: use fib6_info_hold_safe() when necessary
possible deadlock in bond_get_stats C 11 51d 55d 45d bonding: avoid lockdep confusion in bond_get_stats()
kernel BUG at mm/memory.c:LINE! 1 77d 76d 45d mm: fix vma_is_anonymous() false-positives
WARNING in __ip6_make_skb C 1 70d 70d 45d ipv6: use fib6_info_hold_safe() when necessary
general protection fault in tcp_gso_segment 1 71d 71d 45d net: skb_segment() should not return NULL
KASAN: use-after-free Read in refcount_sub_and_test_checked 3 51d 52d 45d Revert "net/ipv6: fix metrics leak"
WARNING in ip6_sk_dst_lookup_flow C 2 51d 68d 45d ipv6: use fib6_info_hold_safe() when necessary
KMSAN: uninit-value in __nf_conntrack_find_get C 67 61d 67d 45d netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
KASAN: invalid-free in fat_fill_super 1 74d 73d 45d fat: fix memory allocation failure handling of match_strdup()
WARNING in ip6_setup_cork C 4 50d 70d 45d ipv6: use fib6_info_hold_safe() when necessary
KMSAN: kernel-infoleak in put_cmsg C 3 78d 67d 45d ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
BUG: unable to handle kernel paging request in neigh_update 1 65d 65d 45d ipv6: use fib6_info_hold_safe() when necessary
KMSAN: uninit-value in gc_worker 10 61d 73d 45d netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
kernel BUG at fs/userfaultfd.c:LINE! (2) C 8 51d 69d 45d userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
KASAN: use-after-free Write in dst_release (2) C 3 51d 52d 45d Revert "net/ipv6: fix metrics leak"
KMSAN: kernel-infoleak in _copy_to_iter C 285 61d 96d 45d xfrm_user: prevent leaking 2 bytes of kernel memory
general protection fault in __delayacct_blkio_end C 50 61d 156d 45d delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
unregister_netdevice: waiting for DEV to become free C 170521 45d 156d 45d xfrm: fix missing dst_release() after policy blocking lbcast and multicast
general protection fault in rds_ib_get_mr C 9 86d 185d 45d RDS: RDMA: Fix the NULL-ptr deref in rds_ib_get_mr
KASAN: out-of-bounds Read in bpf_test_finish 9 69d 76d 46d bpf: fix panic due to oob in bpf_prog_test_run_skb
KASAN: slab-out-of-bounds Read in ipv6_gso_pull_exthdrs C 4 85d 100d 46d nsh: set mac len based on inner packet
KASAN: stack-out-of-bounds Read in __d_lookup_rcu 1 66d 65d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING: refcount bug in smap_release_sock C 55 63d 101d 46d ["bpf: sockmap, consume_skb in close path" "bpf: sockmap, error path can not release psock in multi-map case"]
KASAN: stack-out-of-bounds Read in __handle_mm_fault (2) C 3 64d 66d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in vma_interval_tree_insert (2) 1 61d 61d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in kernfs_find_ns 1 66d 66d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in __snd_rawmidi_transmit_ack syz 2 69d 69d 46d ALSA: rawmidi: Change resized buffers atomically
KASAN: stack-out-of-bounds Read in rb_next (2) 1 66d 66d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in scheduler_tick C 1 76d 76d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in neigh_flush_dev 1 71d 69d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in copy_page_range 1 66d 66d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in __cgroup_account_cputime_field 1 66d 66d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in debug_check_no_obj_freed (5) 4 62d 68d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in unmap_page_range (3) 1 62d 62d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in cpuacct_account_field (2) 1 64d 63d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in lock_sock_nested 1 69d 69d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in netlink_has_listeners 1 69d 68d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
BUG: unable to handle kernel NULL pointer dereference in corrupted (2) C 1 67d 67d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: slab-out-of-bounds Read in corrupted C 1 67d 67d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in cpuacct_charge 1 61d 61d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in bpf_tcp_close C 1 66d 66d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in update_blocked_averages 1 72d 72d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KMSAN: uninit-value in af_alg_free_areq_sgls C 640 61d 168d 46d crypto: af_alg - Initialize sg_num_bytes in error code path
WARNING in bpf_check 3 66d 73d 46d bpf: don't leave partial mangled prog in jit_subprogs error path
KASAN: stack-out-of-bounds Read in __enqueue_entity 1 70d 70d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in account_system_index_time C 2 69d 76d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in sctp_assoc_update_frag_point 5 67d 89d 46d sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
kernel BUG at mm/slab.c:LINE! (2) C 701 61d 76d 46d bpf: fix panic due to oob in bpf_prog_test_run_skb
KASAN: stack-out-of-bounds Read in __task_pid_nr_ns 1 75d 75d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in locks_remove_posix C 1 64d 63d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in get_mem_cgroup_from_mm 1 74d 74d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in change_protection 1 69d 69d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in do_debug (2) 1 67d 67d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in __delayacct_add_tsk 1 73d 73d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in __sock_release 1 65d 65d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in add_wait_queue C 1 76d 76d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in ext4_symlink 1 69d 69d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
INFO: rcu detected stall in vprintk_emit syz 2 83d 89d 46d net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
WARNING: refcount bug in smc_tcp_listen_work 1 109d 108d 46d net/smc: reduce sock_put() for fallback sockets
WARNING in set_precision C 140 66d 107d 46d KEYS: DNS: fix parsing multiple options
BUG: unable to handle kernel paging request in cpuacct_charge syz 2 68d 68d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in __acct_update_integrals 2 64d 72d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: use-after-free Read in ipv6_gso_pull_exthdrs C 5 64d 96d 46d nsh: set mac len based on inner packet
general protection fault in rb_next 1 67d 67d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Write in __tlb_remove_page_size 1 63d 62d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in timerqueue_add C 4 64d 80d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in rb_insert_color (2) 1 70d 70d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in __tlb_remove_page_size 1 64d 63d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in enqueue_task_fair 1 67d 67d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
BUG: unable to handle kernel paging request in account_system_index_time 1 64d 63d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in find_inode_nowait 1 76d 76d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in iov_iter_revert C 74 66d 132d 46d tls: Stricter error checking in zerocopy sendmsg path
general protection fault in smc_ioctl (2) C 43 47d 69d 46d net/smc: take sock lock in smc_ioctl()
KASAN: stack-out-of-bounds Read in tlb_flush_mmu_free 2 72d 75d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in do_tcp_getsockopt C 9 65d 77d 46d tcp: cleanup copied_seq and urg_data in tcp_disconnect
KASAN: use-after-free Read in bpf_test_finish C 1211 61d 76d 46d bpf: fix panic due to oob in bpf_prog_test_run_skb
KASAN: use-after-free Write in skb_release_data C 1903 120d 173d 46d packet: reset network header if packet shorter than ll reserved space
KASAN: stack-out-of-bounds Read in rcu_process_callbacks C 1 70d 70d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
BUG: unable to handle kernel paging request in ttwu_do_activate 1 80d 80d 46d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in smc_unhash_sk C 155731 49d 211d 46d net/smc: reduce sock_put() for fallback sockets
kernel BUG at net/packet/af_packet.c:LINE! (3) syz 5 196d 243d 55d packet: fix bitfield update race
KASAN: slab-out-of-bounds Read in getname_kernel C 8 71d 170d 60d autofs: fix slab out of bounds read in getname_kernel()
kernel BUG at mm/gup.c:LINE! syz 4 83d 81d 60d ["fs, elf: make sure to page align bss in load_elf_library" "mm: do not bug_on on incorrect length in __mm_populate()"]
KASAN: global-out-of-bounds Write in string C 7 116d 172d 60d reiserfs: fix buffer overflow with long warning messages
KASAN: use-after-free Read in l2tp_session_create 119 183d 249d 64d l2tp: fix races in tunnel creation
KMSAN: uninit-value in ip_tunnel_xmit C 2594 67d 154d 67d packet: in packet_snd start writing at link layer allocation
KMSAN: uninit-value in br_nf_forward_arp 1 114d 111d 67d packet: in packet_snd start writing at link layer allocation
KMSAN: kernel-infoleak in vcs_read C 531 96d 106d 72d vt: prevent leaking uninitialized data to userspace via /dev/vcs*
WARNING: suspicious RCU usage in fib6_info_alloc syz 2 158d 157d 75d net/ipv6: Fix gfp_flags arg to addrconf_prefix_route
WARNING in kernfs_add_one C 174 76d 140d 75d driver core: Don't ignore class_dir_create_and_add() failure.
INFO: rcu detected stall in unwind_next_frame 2 125d 128d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
BUG: unable to handle kernel paging request in dput C 26 107d 109d 75d fix proc_fill_cache() in case of d_alloc_parallel() failure
general protection fault in fuse_ctl_remove_conn C 16 109d 148d 75d fuse: fix control dir setup and teardown
WARNING in bpf_int_jit_compile syz 11 83d 120d 75d bpf: reject any prog that failed read-only lock
possible deadlock in sock_hash_free C 45 117d 117d 75d bpf: sockhash fix omitted bucket lock in sock_close
possible deadlock in __might_fault (2) C 20 145d 148d 75d tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
KMSAN: uninit-value in _copy_to_iter (2) C 226 107d 152d 75d vhost: fix info leak due to uninitialized memory
BUG: unable to handle kernel NULL pointer dereference in do_select 45 85d 86d 75d net: handle NULL ->poll gracefully
kernel BUG at fs/f2fs/inode.c:LINE! C 1 155d 155d 75d f2fs: avoid bug_on on corrupted inode
WARNING: ODEBUG bug in sock_hash_free 1 89d 89d 75d bpf: sockhash fix omitted bucket lock in sock_close
KASAN: slab-out-of-bounds Write in sha512_final C 21 88d 105d 75d dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Write in rmd320_final C 44 87d 107d 75d dh key: fix rounding up KDF output length
INFO: rcu detected stall in kmem_cache_alloc_node_trace 1 163d 145d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Read in bpf_csum_update C 2 113d 111d 75d bpf: reject passing modified ctx to helper functions
KMSAN: uninit-value in ip_vs_lblcr_check_expire 2050 75d 152d 75d ipvs: initialize tbl->entries after allocation
general protection fault in wb_workfn (2) 38 95d 120d 75d bdi: Fix another oops in wb_workfn()
INFO: rcu detected stall in is_bpf_text_address C 1 126d 126d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in __vfs_write syz 14 104d 107d 75d bpfilter: fix race in pipe access
general protection fault in pipe_write syz 1 107d 106d 75d bpfilter: fix race in pipe access
possible deadlock in tcp_mmap C 1908 145d 148d 75d tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
KASAN: use-after-free Read in bpf_skb_change_proto 1 105d 104d 75d bpf: reject passing modified ctx to helper functions
KASAN: use-after-free Write in prb_fill_curr_block C 2 113d 114d 75d net/packet: refine check for priv area size
kernel BUG at fs/f2fs/node.c:LINE! C 1 155d 154d 75d ["f2fs: give message and set need_fsck given broken node id" "f2fs: give message and set need_fsck given broken node id"]
WARNING in skb_warn_bad_offload (2) C 6 148d 148d 75d udp: disable gso with no_check_tx
BUG: unable to handle kernel NULL pointer dereference in ep_item_poll C 15 85d 86d 75d net: handle NULL ->poll gracefully
WARNING in bpf_prog_select_runtime syz 45 99d 101d 75d bpf: reject any prog that failed read-only lock
KASAN: slab-out-of-bounds Read in bpf_skb_vlan_push syz 2 101d 101d 75d bpf: reject passing modified ctx to helper functions
WARNING: kernel stack regs has bad 'bp' value (3) C 7971 77d 232d 75d crypto: x86/salsa20 - remove x86 salsa20 implementations
general protection fault in __vfs_write syz 25 104d 107d 75d bpfilter: fix race in pipe access
INFO: task hung in n_tty_flush_buffer 6 84d 158d 75d n_tty: Access echo_* variables carefully.
KASAN: use-after-free Read in skb_ensure_writable C 4 104d 111d 75d bpf: reject passing modified ctx to helper functions
KASAN: use-after-free Read in build_segment_manager C 5 155d 155d 75d f2fs: sanity check for total valid node blocks
KASAN: use-after-free Read in bpf_tcp_close C 1748 81d 120d 75d bpf: sockhash fix omitted bucket lock in sock_close
KMSAN: uninit-value in nfqnl_recv_config (2) C 10 88d 104d 75d netfilter: nf_queue: augment nfqa_cfg_policy
KASAN: use-after-free Read in pipe_read C 3 106d 107d 75d bpfilter: fix race in pipe access
KASAN: slab-out-of-bounds Read in crypto_morus640_decrypt_chunk C 8 95d 102d 75d crypto: morus640 - Fix out-of-bounds access
WARNING in perf_trace_buf_alloc (2) C 22 215d 321d 75d bpf: remove tracepoints from bpf core
KASAN: use-after-free Read in finish_wait 8 105d 107d 75d bpfilter: fix race in pipe access
BUG: unable to handle kernel paging request in bpf_prog_select_runtime 1 91d 91d 75d bpf: undo prog rejection on read-only lock failure
WARNING: kmalloc bug in xdp_umem_create C 7 99d 105d 75d xsk: silence warning on memory allocation failure
KASAN: use-after-free Write in tls_push_record C 24 76d 120d 75d tls: fix use-after-free in tls_push_record
KASAN: use-after-free Read in fib6_table_lookup 1 98d 97d 75d net/ipv6: respect rcu grace period before freeing fib6_info
INFO: rcu detected stall in skb_free_head 4 114d 146d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in __kernel_write syz 7 104d 107d 75d bpfilter: fix race in pipe access
WARNING in ion_dma_buf_begin_cpu_access C 62 83d 105d 75d staging: android: ion: Return an ERR_PTR in ion_map_kernel
WARNING: lock held when returning to user space! (2) C 9 135d 137d 75d net/ipv6: fix lock imbalance in ip6_route_del()
INFO: rcu detected stall in corrupted syz 1 125d 124d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: rcu detected stall in ip_route_output_key_hash 2 126d 129d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KMSAN: uninit-value in ebt_stp_mt_check (2) C 222 75d 107d 75d netfilter: x_tables: initialise match/target check parameter struct
kernel BUG at fs/f2fs/segment.c:LINE! syz 1 155d 155d 75d ["f2fs: sanity check for total valid node blocks" "f2fs: sanity check for total valid node blocks"]
BUG: unable to handle kernel NULL pointer dereference in corrupted C 5 106d 106d 75d smc: convert to ->poll_mask
KMSAN: uninit-value in eth_mac_addr 2 78d 111d 75d rtnetlink: validate attributes in do_setlink()
KASAN: slab-out-of-bounds Write in tgr192_final C 30 87d 106d 75d dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Write in wp384_final C 27 88d 107d 75d dh key: fix rounding up KDF output length
INFO: rcu detected stall in dev_queue_xmit_nit 1 121d 121d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Write in crypto_sha3_final C 68 88d 107d 75d dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto C 2 105d 104d 75d bpf: reject passing modified ctx to helper functions
BUG: unable to handle kernel paging request in build_segment_manager C 1 155d 155d 75d ["f2fs: sanity check on sit entry" "f2fs: sanity check on sit entry"]
KASAN: null-ptr-deref Write in simple_write_to_buffer C 5 116d 140d 75d PM / hibernate: Fix oops at snapshot_write()
INFO: rcu detected stall in sctp_packet_transmit 1 130d 130d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
general protection fault in touch_atime syz 6 104d 107d 75d bpfilter: fix race in pipe access
WARNING: possible circular locking dependency detected (4) C 27 149d 156d 75d tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
BUG: delta (-6195) <= 0 at net/dccp/ccids/ccid3.c:LINE/ccid3_hc_rx_send_feedback() 1 93d 93d 75d net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
INFO: rcu detected stall in sctp_chunk_put 1 114d 114d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Read in ip6_xmit (3) C 69 81d 123d 75d bpf: sockmap, fix crash when ipv6 sock is added
KASAN: slab-out-of-bounds Read in skb_ensure_writable C 9 102d 111d 75d bpf: reject passing modified ctx to helper functions
INFO: rcu detected stall in sctp_generate_heartbeat_event 2 128d 138d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in bpf_csum_update C 1 113d 111d 75d bpf: reject passing modified ctx to helper functions
BUG: soft lockup in do_raw_spin_unlock (2) 1 103d 103d 75d restore cond_resched() in shrink_dcache_parent()
BUG: unable to handle kernel paging request in bpf_int_jit_compile syz 2 87d 91d 75d bpf: undo prog rejection on read-only lock failure
general protection fault in __mnt_want_write 1 105d 105d 75d bpfilter: fix race in pipe access
KASAN: use-after-free Write in bpf_tcp_close C 67 82d 118d 75d bpf: sockhash fix omitted bucket lock in sock_close
general protection fault in bpf_tcp_close C 421 76d 120d 75d ["bpf: sockhash fix omitted bucket lock in sock_close" "bpf: sockmap, fix smap_list_map_remove when psock is in many maps"]
general protection fault in smc_ioctl C 5214 97d 127d 75d net/smc: return 0 for ioctl calls in states INIT and CLOSED
INFO: rcu detected stall in kfree_skbmem 4 115d 145d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: task hung in tty_set_termios 1 177d 175d 75d n_tty: Access echo_* variables carefully.
bpf-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 3 108d 110d 75d umh: fix race condition
WARNING in do_dentry_open C 26 99d 106d 75d bpf: implement dummy fops for bpf objects
KASAN: slab-out-of-bounds Write in prb_fill_curr_block C 2 114d 114d 75d net/packet: refine check for priv area size
KASAN: slab-out-of-bounds Read in build_segment_manager C 1 155d 155d 75d f2fs: sanity check for total valid node blocks
KASAN: use-after-free Read in xfs_inobt_init_key_from_rec C 1 172d 172d 75d xfs: fix inobt magic number check
WARNING: refcount bug in __udp_gso_segment 2 135d 135d 75d udp: avoid refcount_t saturation in __udp_gso_segment()
INFO: task hung in namespace_unlock 15 79d 88d 75d n_tty: Access echo_* variables carefully.
KMSAN: uninit-value in rtnetlink_put_metrics syz 3 109d 111d 75d net: metrics: add proper netlink validation
KASAN: slab-out-of-bounds Read in bpf_skb_change_head C 2 101d 101d 75d bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Write in sha1_finup C 119 87d 107d 75d dh key: fix rounding up KDF output length
WARNING: kmalloc bug in map_get_next_key C 5 129d 129d 75d bpf: fix sock hashmap kmalloc warning
unexpected kernel reboot (2) C 2073 75d 166d 75d kvm: vmx: Nested VM-entry prereqs for event inj.
BUG: workqueue lockup (3) C 1215 79d 132d 75d restore cond_resched() in shrink_dcache_parent()
INFO: rcu detected stall in ipv6_addr_label 1 210d 209d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
WARNING: kernel stack frame pointer has bad value C 1108 78d 156d 75d crypto: don't optimize keccakf()
KASAN: use-after-free Read in fuse_kill_sb_blk 4 126d 145d 75d fuse: don't keep dead fuse_conn at fuse_fill_super().
general protection fault in vfs_read syz 2 105d 107d 75d bpfilter: fix race in pipe access
KASAN: use-after-free Read in ip6_route_mpath_notify C 25 108d 113d 75d net/ipv6: prevent use after free in ip6_route_mpath_notify
BUG: unable to handle kernel NULL pointer dereference in do_sys_poll C 297 85d 86d 75d net: handle NULL ->poll gracefully
WARNING in ebt_do_table C 13 84d 109d 75d netfilter: ebtables: reject non-bridge targets
WARNING in sysfs_remove_group C 11125 77d 331d 75d loop: remember whether sysfs_create_group() was done
KASAN: null-ptr-deref Write in xdp_umem_unaccount_pages C 25 104d 107d 75d bpf, xdp: fix crash in xdp_umem_unaccount_pages
WARNING: kernel stack regs at (ptrval) in syzkaller has bad 'bp' value (ptrval) C 3 152d 153d 75d crypto: don't optimize keccakf()
KASAN: slab-out-of-bounds Write in tls_push_record 2 91d 105d 75d tls: fix use-after-free in tls_push_record
WARNING: suspicious RCU usage in rt6_remove_exception_rt syz 1761 151d 152d 75d net/ipv6: fix LOCKDEP issue in rt6_remove_exception_rt()
INFO: task hung in blk_queue_enter C 1595 75d 148d 75d block: don't use blocking queue entered for recursive bio submits
KASAN: use-after-free Read in skb_dequeue C 4 94d 94d 75d net/packet: fix use-after-free
KASAN: slab-out-of-bounds Write in sha1_final C 201 87d 107d 75d dh key: fix rounding up KDF output length
KASAN: use-after-free Read in corrupted C 2 130d 133d 75d fuse: don't keep dead fuse_conn at fuse_fill_super().
WARNING in ion_buffer_destroy C 7901 105d 256d 75d staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
KASAN: slab-out-of-bounds Write in tgr160_final C 55 88d 107d 75d dh key: fix rounding up KDF output length
KASAN: use-after-free Read in crypto_morus640_decrypt_chunk C 3 101d 101d 75d crypto: morus640 - Fix out-of-bounds access
WARNING: ODEBUG bug in del_timer (2) C 6 128d 129d 75d net/smc: init conn.tx_work & conn.send_lock sooner
INFO: task hung in jbd2_journal_stop 1 171d 170d 75d n_tty: Access echo_* variables carefully.
INFO: rcu detected stall in n_tty_receive_char_special C 3 147d 170d 75d n_tty: Fix stall at n_tty_receive_char_special().
net-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 8 107d 119d 75d umh: fix race condition
KMSAN: uninit-value in ip_vs_lblc_check_expire C 1431 75d 152d 75d ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()
KASAN: null-ptr-deref Read in refcount_sub_and_test C 4 155d 157d 75d net/ipv6: Fix ip6_convert_metrics() bug
INFO: rcu detected stall in __ipv6_dev_get_saddr 1 116d 116d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
WARNING: suspicious RCU usage in rt6_check_expired 4 152d 153d 75d net/ipv6: add rcu locking to ip6_negative_advice
INFO: rcu detected stall in blkdev_ioctl C 249 106d 281d 75d loop: add recursion validation to LOOP_CHANGE_FD
INFO: rcu detected stall in __save_stack_trace 3 76d 209d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: task hung in commit_echoes 1 84d 80d 75d n_tty: Access echo_* variables carefully.
WARNING: kmalloc bug in memdup_user (3) C 137 129d 129d 75d bpf: fix sock hashmap kmalloc warning
KASAN: slab-out-of-bounds Write in sha512_finup C 25 88d 105d 75d dh key: fix rounding up KDF output length
INFO: rcu detected stall in d_walk C 25680 101d 163d 75d restore cond_resched() in shrink_dcache_parent()
KASAN: use-after-free Read in pipe_wait 2 104d 105d 75d bpfilter: fix race in pipe access
INFO: rcu detected stall in save_stack_trace C 1 126d 124d 75d sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: rcu detected stall in __process_echoes C 326 83d 179d 75d n_tty: Access echo_* variables carefully.
INFO: task hung in blk_freeze_queue C 188 77d 228d 75d loop: add recursion validation to LOOP_CHANGE_FD
upstream boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 5 105d 106d 75d umh: fix race condition
possible deadlock in bpf_tcp_close C 152 117d 117d 75d bpf: sockhash fix omitted bucket lock in sock_close
WARNING in arch_uprobe_analyze_insn C 2 132d 131d 75d uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
KASAN: use-after-free Read in rds_cong_queue_updates C 18168 81d 213d 75d ["rds: avoid unenecessary cong_update in loop transport" "rds: clean up loopback rds_connections on netns deletion"]
KASAN: use-after-free Read in iput C 2 158d 158d 77d tracing: Fix bad use of igrab in trace_uprobe.c
INFO: task hung in ucma_destroy_id C 46 157d 194d 80d RDMA/ucma: ucma_context reference leak in error path
BUG: corrupted list in tipc_nametbl_unsubscribe C 40 138d 197d 80d tipc: fix unbalanced reference counter
general protection fault in kernel_sock_shutdown C 3329 153d 211d 80d net/smc: fix shutdown in state SMC_LISTEN
INFO: trying to register non-static key in tun_do_read C 28 132d 138d 96d tuntap: fix use after free during release
KASAN: use-after-free Read in iptunnel_handle_offloads C 133 121d 167d 96d packet: fix reserve calculation
WARNING: suspicious RCU usage in rds_loop_conn_alloc C 34303 215d 222d 102d rds: do not call ->conn_alloc with GFP_KERNEL
WARNING in kcm_exit_net (3) syz 5 115d 115d 107d kcm: Fix use-after-free caused by clonned sockets
BUG: unable to handle kernel paging request in nla_strlcpy 1 116d 116d 107d netfilter: provide correct argument to nla_strlcpy()
KASAN: use-after-free Read in nla_strlcpy C 59 111d 124d 107d netfilter: provide correct argument to nla_strlcpy()
KASAN: slab-out-of-bounds Read in nla_strlcpy C 34 111d 124d 107d netfilter: provide correct argument to nla_strlcpy()
KASAN: use-after-free Read in __dev_queue_xmit (2) C 2 125d 125d 107d packet: in packet_snd start writing at link layer allocation
general protection fault in mr_mfc_find_parent 2 120d 125d 107d ipmr: properly check rhltable_init() return value
KASAN: use-after-free Read in __sk_free 1 128d 128d 107d sock_diag: fix use-after-free read in __sk_free
KASAN: use-after-free Read in timer_is_static_object 1 129d 128d 107d dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
kernel BUG at lib/string.c:LINE! (4) C 2 129d 129d 107d ipvs: fix buffer overflow with sync daemon and service
KASAN: use-after-free Read in sock_recv_errqueue 1 131d 131d 107d packet: in packet_snd start writing at link layer allocation
general protection fault in shmem_unused_huge_count 8 129d 132d 107d fs: don't scan the inode cache before SB_BORN is set
general protection fault in kernfs_kill_sb (2) C 22 121d 133d 107d kernfs: deal with kernfs_fill_super() failures
BUG: soft lockup in _decode_session6 C 1 134d 134d 107d xfrm6: avoid potential infinite loop in _decode_session6()
BUG: spinlock bad magic in tun_do_read syz 1 138d 138d 107d tun: fix use after free for ptr_ring
kernel BUG at include/linux/mm.h:LINE! syz 68 108d 145d 107d x86/kexec: Avoid double free_page() upon do_kexec_load() failure
WARNING in __mutex_unlock_slowpath C 2 144d 146d 107d idr: fix invalid ptr dereference on item delete
general protection fault in __radix_tree_delete C 38 120d 146d 107d idr: fix invalid ptr dereference on item delete
KASAN: stack-out-of-bounds Write in compat_copy_entries syz 10 113d 151d 107d netfilter: ebtables: handle string from userspace with care
KMSAN: uninit-value in ebt_stp_mt_check C 211 108d 153d 107d netfilter: bridge: stp fix reference to uninitialized data
WARNING: ODEBUG bug in hfsplus_fill_super C 1 176d 175d 107d hfsplus: stop workqueue when fill_super() failed
KASAN: use-after-free Read in radix_tree_next_chunk C 2749 124d 175d 107d fs: don't scan the inode cache before SB_BORN is set
KASAN: use-after-free Read in skb_copy_datagram_iter C 7 143d 181d 107d packet: in packet_snd start writing at link layer allocation
BUG: unable to handle kernel paging request in smc_ib_remember_port_attr C 112 125d 181d 107d net/smc: check for missing nlattrs in SMC_PNETID messages
KASAN: use-after-free Read in copyout C 11 125d 181d 107d packet: in packet_snd start writing at link layer allocation
KASAN: use-after-free Read in remove_wait_queue (2) C 4 196d 206d 107d ppp: remove the PPPIOCDETACH ioctl
kernel BUG at net/ipv4/tcp_output.c:LINE! (2) syz 23 139d 244d 107d tcp: purge write queue in tcp_connect_init()
WARNING in dev_vprintk_emit C 77 121d 248d 107d cfg80211: further limit wiphy names to 64 bytes
KASAN: slab-out-of-bounds Read in __ext4_check_dir_entry C 18 174d 175d 117d ext4: force revalidation of directory pointer after seekdir(2)
general protection fault in gfn_to_rmap syz 7 217d 326d 128d KVM: x86: fix vcpu initialization with userspace lapic
KMSAN: uninit-value in move_addr_to_user (2) C 44 130d 137d 129d tipc: fix one byte leak in tipc_sk_set_orig_addr()
KASAN: use-after-free Read in sctp_do_sm 2 137d 137d 129d sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
BUG: bad usercopy in __check_object_size 1 139d 139d 129d llc: better deal with too small mtu
KASAN: use-after-free Read in tls_sk_proto_close (2) C 297 134d 141d 129d tls: fix use after free in tls_sk_proto_close
KMSAN: uninit-value in strcmp C 3 140d 142d 129d tipc: eliminate KMSAN uninit-value in strcmp complaint
WARNING in __snd_pcm_lib_xfer syz 6 142d 144d 129d ALSA: pcm: Check PCM state at xfern compat ioctl
BUG: MAX_LOCK_DEPTH too low! 1 144d 144d 129d nsh: fix infinite loop
KASAN: use-after-free Read in perf_trace_rpc_stats_latency 1 146d 145d 129d sunrpc: Fix latency trace point crashes
KASAN: use-after-free Read in debugfs_remove (2) 1 155d 153d 129d bdi: Fix use after free bug in debugfs_remove()
general protection fault in wb_workfn 63 130d 156d 129d bdi: Fix oops in wb_workfn()
INFO: task hung in __do_page_fault 1 160d 160d 129d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in do_vfs_ioctl 2 144d 161d 129d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in get_timespec64 1 164d 164d 129d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in handle_userfault 3 143d 165d 129d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in sock_sendmsg 1 166d 166d 129d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in do_set_master 1 169d 169d 129d bdi: wake up concurrent wb_shutdown() callers.
WARNING in add_uevent_var C 5 174d 174d 129d cfg80211: limit wiphy names to 128 bytes
INFO: task hung in wb_shutdown (2) 5064 141d 174d 129d bdi: wake up concurrent wb_shutdown() callers.
WARNING in xfrm6_tunnel_net_exit syz 14002 131d 262d 129d xfrm: Fix warning in xfrm6_tunnel_net_exit.
KASAN: slab-out-of-bounds Read in pfkey_add C 835 134d 281d 129d af_key: Always verify length of provided sadb_key
KMSAN: uninit-value in __sctp_v6_cmp_addr C 1109 130d 130d 129d sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
BUG: unable to handle kernel NULL pointer dereference in smc_getsockopt C 9 130d 135d 130d net/smc: keep clcsock reference in smc_tcp_listen_work()
kernel BUG at kernel/softirq.c:LINE! 1 143d 143d 130d dccp: fix tasklet usage
KMSAN: uninit-value in put_cmsg C 2 143d 143d 130d rds: do not leak kernel memory to user land
WARNING: ODEBUG bug in del_timer C 200 130d 146d 130d net/smc: restrict non-blocking connect finish
KMSAN: uninit-value in rt6_multipath_hash C 3 130d 148d 130d ipv6: fix uninit-value in ip6_multipath_l3_keys()
general protection fault in smc_set_keepalive C 6 146d 151d 130d net/smc: keep clcsock reference in smc_tcp_listen_work()
KASAN: slab-out-of-bounds Read in __sctp_v6_cmp_addr C 3202 141d 153d 130d sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
WARNING: kobject bug in br_add_if 41 138d 164d 130d ["bridge: check iface upper dev when setting master via ioctl" "kobject: don't use WARN for registration failures"]
WARNING in tracepoint_probe_unregister (2) 120 138d 194d 130d tracepoint: Do not warn on ENOMEM
WARNING in tracepoint_probe_register_prio (2) C 849 130d 194d 130d tracepoint: Do not warn on ENOMEM
general protection fault in smc_getsockopt C 577 142d 202d 130d net/smc: keep clcsock reference in smc_tcp_listen_work()
general protection fault in smc_setsockopt C 504 142d 206d 130d net/smc: keep clcsock reference in smc_tcp_listen_work()
general protection fault in smc_getname C 44 142d 206d 130d net/smc: keep clcsock reference in smc_tcp_listen_work()
WARNING in tcp_sacktag_write_queue C 8 146d 218d 130d tcp: fix TCP_REPAIR_QUEUE bound checking
WARNING in tcp_mark_head_lost C 18 139d 221d 130d net-backports: tcp: ignore Fast Open on repair mode
WARNING: kmalloc bug in memdup_user (2) 1 180d 180d 132d RDMA/ucma: Correct option size check using optlen
WARNING: suspicious RCU usage in tipc_bearer_find C 21 225d 225d 132d tipc: Fix missing RTNL lock protection during setting link properties
KASAN: slab-out-of-bounds Read in clusterip_tg_check C 22 231d 237d 132d netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
general protection fault in account_system_index_time C 2 179d 179d 132d net: Fix untag for vlan packets without ethernet header
general protection fault in rdma_addr_size C 2 190d 183d 132d RDMA/ucma: Ensure that CM_ID exists prior to access it
INFO: trying to register non-static key in del_timer_sync C 89 211d 237d 132d netfilter: x_tables: fix missing timer initialization in xt_LED
BUG: unable to handle kernel paging request in memset_erms (2) C 11 231d 246d 132d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
BUG: unable to handle kernel paging request in cgroup_mt_destroy_v1 C 3 234d 234d 133d netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
KASAN: null-ptr-deref Write in linear_transfer C 116 178d 261d 133d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
KASAN: use-after-free Write in xt_rateest_put C 7 235d 236d 133d netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
BUG: workqueue lockup (2) C 406 135d 293d 133d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
WARNING: bad unlock balance in xfs_iunlock C 1 173d 173d 137d xfs: don't iunlock the quota ip when quota block
KASAN: out-of-bounds Read in ip6_xmit 2 196d 237d 137d l2tp: fix races with ipv4-mapped ipv6 addresses
KASAN: use-after-free Read in work_is_static_object 3 242d 258d 137d kcm: lock lower socket in kcm_attach
KASAN: use-after-free Read in ip6_xmit C 5174 184d 262d 137d tls: Use correct sk->sk_prot for IPV6
KASAN: use-after-free Read in __dev_queue_xmit C 10 144d 262d 137d flow_dissector: properly cap thoff field
KMSAN: uninit-value in strlcpy C 2 140d 140d 137d vti6: better validate user provided tunnel names
inconsistent lock state in fs_reclaim_acquire C 36235 138d 148d 137d random: fix possible sleeping allocation from irq context
KMSAN: uninit-value in pppoe_connect 47 137d 153d 137d pppoe: check sockaddr length in pppoe_connect()
KMSAN: uninit-value in pppol2tp_connect C 13 138d 153d 137d l2tp: check sockaddr length in pppol2tp_connect()
WARNING in __might_sleep 6 150d 153d 137d random: fix possible sleeping allocation from irq context
WARNING: suspicious RCU usage in crng_reseed 39 139d 153d 137d random: fix possible sleeping allocation from irq context
WARNING: inconsistent lock state C 22 149d 153d 137d random: fix possible sleeping allocation from irq context
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected C 2126 138d 153d 137d random: fix possible sleeping allocation from irq context
KASAN: null-ptr-deref Read in refcount_inc_not_zero C 2352 151d 153d 137d llc: fix NULL pointer deref for SOCK_ZAPPED
KMSAN: uninit-value in fib6_new_table C 3 154d 154d 137d ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
general protection fault in snd_rawmidi_ioctl_compat 1 164d 156d 137d ALSA: rawmidi: Fix missing input substream checks in compat ioctls
KASAN: use-after-free Read in llc_conn_tmr_common_cb 1 159d 156d 137d llc: delete timers synchronously in llc_sk_free()
KASAN: use-after-free Read in llc_conn_ac_send_sabme_cmd_p_set_x 1 160d 160d 137d llc: hold llc_sap before release_sock()
KASAN: use-after-free Read in tipc_nametbl_stop C 12 156d 160d 137d tipc: fix use-after-free in tipc_nametbl_stop
general protection fault in __tipc_nl_net_set syz 4 159d 160d 137d tipc: fix possible crash in __tipc_nl_net_set()
KMSAN: uninit-value in packet_set_ring C 6 144d 161d 137d net: af_packet: fix race in PACKET_{R|T}X_RING
KASAN: slab-out-of-bounds Write in perf_callchain_user syz 2 164d 164d 137d perf: Fix sample_max_stack maximum check
KMSAN: uninit-value in netif_skb_features C 119 137d 164d 137d vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
BUG: corrupted list in team_nl_cmd_options_set C 2 161d 164d 137d team: avoid adding twice the same option to the event list
BUG: unable to handle kernel paging request in snd_pcm_format_set_silence syz 11 138d 164d 137d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
KMSAN: uninit-value in neigh_dump_info C 6 150d 164d 137d net: validate attribute sizes in neigh_dump_table()
KASAN: use-after-free Read in tipc_sub_unsubscribe (2) C 5 157d 164d 137d tipc: fix unbalanced reference counter
KASAN: stack-out-of-bounds Read in __free_filter C 41 155d 165d 137d tracing: Enforce passing in filter=NULL to create_filter()
KMSAN: uninit-value in tcp_parse_options C 38 139d 165d 137d tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
KASAN: stack-out-of-bounds Write in ip6_tnl_locate 4 164d 165d 137d ip6_tunnel: better validate user provided tunnel names
KASAN: null-ptr-deref Read in xattr_getsecurity 68 154d 166d 137d commoncap: Handle memory allocation failure.
KMSAN: uninit-value in inet_getpeer C 54 137d 167d 137d inetpeer: fix uninit-value in inet_getpeer
KMSAN: uninit-value in sctp_sendmsg syz 27 138d 168d 137d sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
KMSAN: uninit-value in sctp_do_bind C 31 138d 168d 137d sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
KMSAN: uninit-value in tipc_node_get_mtu C 139 138d 168d 137d tipc: fix missing initializer in tipc_sendmsg()
KMSAN: uninit-value in __skb_try_recv_from_queue C 108 138d 168d 137d net: initialize skb->peeked when cloning
KMSAN: uninit-value in inet6_rtm_delroute C 9 157d 168d 137d net: fix rtnh_ok()
KMSAN: uninit-value in memcmp C 30 139d 168d 137d net: fix uninit-value in __hw_addr_add_ex()
KMSAN: uninit-value in inet_csk_bind_conflict C 446 137d 168d 137d soreuseport: initialise timewait reuseport field
KMSAN: uninit-value in move_addr_to_user C 74 138d 168d 137d sctp: do not leak kernel memory to user space
KMSAN: uninit-value in ip_route_output_key_hash_rcu 179 137d 168d 137d ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
KMSAN: uninit-value in fib_create_info C 19 162d 168d 137d net: fix rtnh_ok()
KMSAN: uninit-value in alg_bind C 1950 137d 168d 137d crypto: af_alg - fix possible uninit-value in alg_bind()
KMSAN: uninit-value in netlink_sendmsg C 2493 137d 168d 137d netlink: fix uninit-value in netlink_sendmsg
KMSAN: uninit-value in iptable_mangle_hook C 1134 137d 168d 137d dccp: initialize ireq->ir_mark
KMSAN: uninit-value in ip6table_mangle_hook C 601 137d 168d 137d dccp: initialize ireq->ir_mark
kernel BUG at drivers/vhost/vhost.c:LINE! (2) C 139 139d 169d 137d vhost: fix vhost_vq_access_ok() log check
WARNING in kmem_cache_free 1 170d 169d 137d crypto: drbg - set freed buffers to NULL
WARNING: lock held when returning to user space! C 40 155d 169d 137d loop: fix LOOP_GET_STATUS lock imbalance
INFO: rcu detected stall in io_playback_transfer 9 165d 170d 137d ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
INFO: rcu detected stall in __snd_pcm_lib_xfer (2) C 1064 165d 170d 137d ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
WARNING in snd_pcm_hw_params C 56 165d 170d 137d ALSA: pcm: Remove WARN_ON() at snd_pcm_hw_params() error
KASAN: stack-out-of-bounds Write in ipip6_tunnel_locate C 33 163d 171d 137d ipv6: sit: better validate user provided tunnel names
KASAN: stack-out-of-bounds Write in __ip_tunnel_create C 29 164d 171d 137d ip_tunnel: better validate user provided tunnel names
KASAN: stack-out-of-bounds Write in ip6gre_tunnel_locate C 923 163d 171d 137d ip6_gre: better validate user provided tunnel names
KASAN: use-after-free Read in binder_release_work C 6 151d 172d 137d ANDROID: binder: prevent transactions into own process.
general protection fault in ucma_set_ib_path (2) C 6 165d 172d 137d RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
KASAN: use-after-free Write in dst_release C 832 163d 173d 137d pptp: remove a buggy dst release in pptp_connect()
WARNING in ext4_superblock_csum_set C 1 174d 173d 137d ext4: always initialize the crc32c checksum driver
INFO: rcu detected stall in bitmap_parselist 8 146d 174d 137d lib: fix stall in __bitmap_parselist()
kernel BUG at fs/ext4/extents.c:LINE! C 1 175d 174d 137d ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
general protection fault in kernfs_kill_sb C 29 138d 174d 137d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in alloc_pid C 7 165d 175d 137d mm,vmscan: Allow preallocating memory for register_shrinker().
kernel BUG at drivers/tty/tty_ldisc.c:LINE! 6 159d 175d 137d ["tty: Avoid possible error pointer dereference at tty_ldisc_restore()." "tty: Use __GFP_NOFAIL for tty_ldisc_get()"]
BUG: corrupted list in __dentry_kill C 35 155d 175d 137d rpc_pipefs: fix double-dput()
general protection fault in __list_del_entry_valid (3) C 40 175d 175d 137d tipc: Fix missing list initializations in struct tipc_subscription
WARNING: refcount bug in nfs_alloc_client 2 174d 175d 137d mm,vmscan: Allow preallocating memory for register_shrinker().
WARNING: kobject bug in gfs2_sys_fs_add C 49 149d 175d 137d kobject: don't use WARN for registration failures
WARNING: refcount bug in put_pid_ns syz 6 175d 175d 137d mm,vmscan: Allow preallocating memory for register_shrinker().
WARNING in format_decode C 1 175d 175d 137d fs/reiserfs/journal.c: add missing resierfs_warning() arg
general protection fault in __mem_cgroup_free C 22 164d 175d 137d memcg: fix per_node_info cleanup
WARNING in kill_block_super C 51 159d 177d 137d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in snd_pcm_timer_resolution C 3 177d 177d 137d ALSA: pcm: Fix UAF at PCM release via PCM timer access
possible deadlock in perf_event_detach_bpf_prog 1 178d 177d 137d bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog
WARNING: kobject bug in device_add C 563 138d 177d 137d kobject: don't use WARN for registration failures
INFO: task hung in stop_sync_thread (2) C 9 161d 178d 137d ipvs: fix rtnl_lock lockups caused by start_sync_thread
possible deadlock in rtnl_lock (5) C 1009 151d 180d 137d ipvs: fix rtnl_lock lockups caused by start_sync_thread
general protection fault in tipc_sk_fill_sock_diag C 180 163d 181d 137d ["tipc: Fix namespace violation in tipc_sk_fill_sock_diag" "tipc: use the right skb in tipc_sk_fill_sock_diag()"]
WARNING in __debug_object_init C 192 171d 181d 137d alarmtimer: Init nanosleep alarm timer on stack
KASAN: use-after-free Read in pppol2tp_connect (3) C 22 164d 182d 137d l2tp: fix races in tunnel creation
WARNING in __local_bh_enable_ip (2) 23 182d 192d 137d rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock
BUG: corrupted list in sctp_association_free 1 198d 194d 137d sctp: fix error return code in sctp_sendmsg_new_asoc()
KASAN: use-after-free Read in sctp_association_free (2) C 2 198d 197d 137d sctp: Fix double free in sctp_sendmsg_to_asoc
WARNING: kobject bug in netdev_queue_update_kobjects C 27 139d 201d 137d kobject: don't use WARN for registration failures
WARNING: refcount bug in free_nsproxy 4 177d 201d 137d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in mac80211_hwsim_del_radio 11 176d 206d 137d mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
WARNING: refcount bug in should_fail C 3 176d 207d 137d mm,vmscan: Allow preallocating memory for register_shrinker().
general protection fault in rds_sendmsg C 2 212d 212d 137d rds: rds_msg_zcopy should return error of null rm->data.op_mmp_znotifier
general protection fault in tipc_conn_close C 3 215d 216d 137d tipc: fix bug on error path in tipc_topsrv_kern_subscr()
BUG: sleeping function called from invalid context at net/core/sock.c:LINE (3) C 234 215d 218d 137d tipc: don't call sock_release() in atomic context
WARNING in strp_done C 2336 172d 220d 137d kcm: Call strp_stop before strp_done in kcm_attach
general protection fault in loopback_pos_update C 4 245d 243d 137d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
INFO: task hung in __blkdev_get C 662 162d 288d 137d block/loop: fix deadlock after loop_set_status
kernel panic: n_tty: init_tty C 141 138d 322d 137d tty: Don't call panic() at tty_ldisc_init()
WARNING in tty_set_ldisc syz 177 146d 322d 137d tty: Avoid possible error pointer dereference at tty_ldisc_restore().
KASAN: use-after-free Read in shm_get_unmapped_area 19 233d 324d 137d ipc/shm: fix use-after-free of shm file via remap_file_pages()
possible deadlock in smc_close_non_accepted C 4 205d 205d 141d net/smc: simplify wait when closing listen socket
BUG: unable to handle kernel paging request in compat_copy_entries syz 5 203d 202d 151d netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
KASAN: slab-out-of-bounds Write in tcp_v6_syn_recv_sock C 1063 246d 263d 151d net/tls: Only attach to sockets in ESTABLISHED state
possible deadlock in ftrace_profile_set_filter (2) C 1007 234d 293d 151d perf/core: Fix another perf,trace,cpuhp lock inversion
KASAN: use-after-free Read in perf_trace_lock_acquire (2) C 188 233d 305d 151d vhost_net: stop device during reset owner
possible deadlock in perf_trace_destroy (2) C 2006 234d 320d 151d perf/core: Fix lock inversion between perf,trace,cpuhp
possible deadlock in __neigh_create 1 175d 175d 165d ipv6: fix possible deadlock in rt6_age_examine_exception()
WARNING in binder_send_failed_reply C 206 212d 295d 167d ANDROID: binder: remove WARN() for redundant txn error
WARNING in skb_warn_bad_offload C 6527 202d 325d 167d net: avoid skb_warn_bad_offload on IS_ERR
KASAN: use-after-free Read in disk_unblock_events C 65 221d 327d 167d genhd: Fix use after free in __blkdev_get()
general protection fault in try_to_wake_up syz 1 181d 177d 169d vlan: Fix vlan insertion for packets without ethernet header
kernel BUG at lib/string.c:LINE! (3) C 5 178d 179d 169d RDMA/ucma: Introduce safer rdma_addr_size() variants
BUG: unable to handle kernel (2) syz 1 179d 179d 169d vlan: Fix vlan insertion for packets without ethernet header
general protection fault in timerqueue_add C 2 179d 180d 169d vlan: Fix vlan insertion for packets without ethernet header
BUG: unable to handle kernel paging request in __memmove 1 180d 180d 169d vlan: Fix vlan insertion for packets without ethernet header
BUG: unable to handle kernel paging request in netdev_queue_update_kobjects syz 1 180d 180d 169d vlan: Fix vlan insertion for packets without ethernet header
general protection fault in qlist_move_cache 1 180d 180d 169d vlan: Fix vlan insertion for packets without ethernet header
possible deadlock in handle_rx C 4 181d 181d 169d vhost_net: add missing lock nesting notation
general protection fault in rdma_notify C 3 186d 183d 169d RDMA/ucma: Check that device exists prior to accessing it
general protection fault in rdma_init_qp_attr (2) C 753 177d 183d 169d RDMA/ucma: Check that device is connected prior to access it
kernel BUG at ./include/linux/skbuff.h:LINE! (2) C 5 206d 184d 169d ipv6: the entire IPv6 header chain must fit the first fragment
possible deadlock in __ipv6_dev_mc_dec 1 184d 184d 169d ipv6: fix possible deadlock in rt6_age_examine_exception()
BUG: corrupted list in remove_wait_queue C 5 182d 185d 169d vhost: correctly remove wait queue during poll failure
kernel BUG at drivers/vhost/vhost.c:LINE! C 152 169d 188d 169d vhost: validate log when IOTLB is enabled
WARNING in xt_cluster_mt C 4 207d 207d 169d netfilter: drop template ct when conntrack is skipped.
general protection fault in native_write_cr4 C 132300 172d 277d 169d KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
KASAN: use-after-free Read in worker_thread (2) syz 6 309d 318d 169d kcm: Only allow TCP sockets to be attached to a KCM mux
general protection fault in ucma_connect C 2 191d 190d 183d RDMA/ucma: Ensure that CM_ID exists prior to access it
WARNING in kmalloc_slab (4) 1 195d 194d 183d xfrm_user: uncoditionally validate esn replay attribute struct
kernel BUG at lib/string.c:LINE! (2) syz 2 194d 194d 183d RDMA/ucma: Don't allow join attempts for unsupported AF family
KASAN: null-ptr-deref Write in rdma_resolve_addr C 66 186d 197d 183d RDMA/ucma: Check AF family prior resolving address
WARNING in __proc_create C 12 204d 197d 183d netfilter: x_tables: add and use xt_check_proc_name
KASAN: use-after-free Read in snd_pcm_oss_get_formats C 3 197d 197d 183d ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
KASAN: use-after-free Read in pppol2tp_connect (2) C 10 184d 199d 183d l2tp: do not accept arbitrary sockets
BUG: unable to handle kernel paging request in ebt_among_mt_check (2) C 946 183d 199d 183d netfilter: bridge: ebt_among: add more missing match size checks
general protection fault in rdma_init_qp_attr C 2096 183d 199d 183d RDMA/ucma: Check that user doesn't overflow QP state
general protection fault in rdma_join_multicast C 258 186d 200d 183d RDMA/ucma: Fix access to non-initialized CM_ID object
KASAN: use-after-free Read in ucma_close C 176 186d 200d 183d RDMA/ucma: Fix use-after-free access in ucma_close
KASAN: slab-out-of-bounds Read in ip6_xmit (2) C 259 186d 200d 183d l2tp: fix races with ipv4-mapped ipv6 addresses
WARNING: kmalloc bug in memdup_user C 441 184d 200d 183d RDMA/ucma: Limit possible option size
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C 4 201d 201d 183d l2tp: do not accept arbitrary sockets
general protection fault in lowpan_device_event C 79 184d 201d 183d ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
possible deadlock in __might_fault C 8978 192d 208d 183d staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
INFO: rcu detected stall in xfrm_confirm_neigh 7 199d 222d 183d xfrm: Fix infinite loop in xfrm_get_dst_nexthop with transport mode.
WARNING: kmalloc bug in xfrm_add_sa C 109 183d 222d 183d xfrm_user: uncoditionally validate esn replay attribute struct
possible deadlock in get_user_pages_unlocked C 5 210d 233d 183d mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT
KASAN: stack-out-of-bounds Read in xfrm_state_find (4) C 102 183d 234d 183d xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
general protection fault in dccp_write_xmit C 5 201d 237d 183d dccp: check sk for closed state in dccp_sendmsg()
kernel panic: Out of memory and no killable processes... (2) C 1 238d 237d 183d netfilter: x_tables: make allocation less aggressive
WARNING in __xlate_proc_name C 11 202d 238d 183d netfilter: x_tables: add and use xt_check_proc_name
KASAN: use-after-free Read in pfifo_fast_enqueue C 20 185d 249d 183d net: sched: fix uses after free
possible deadlock in shmem_file_llseek C 4432 192d 256d 183d staging: android: ashmem: Fix lockdep issue during llseek
WARNING in ata_bmdma_qc_issue C 1 407d 327d 183d libata: don't try to pass through NCQ commands to non-NCQ devices
BUG: unable to handle kernel paging request in ata_bmdma_qc_prep C 13 319d 327d 183d libata: fix length validation of ATAPI-relayed SCSI commands
WARNING in ata_qc_issue C 35 312d 331d 183d libata: remove WARN() for DMA or PIO command without data
KASAN: use-after-free Read in get_work_pool syz 8 309d 331d 183d kcm: lock lower socket in kcm_attach
WARNING in kvm_arch_vcpu_ioctl_run (2) C 61018 237d 325d 194d KVM: VMX: Fix rflags cache during vCPU reset
WARNING in tracepoint_probe_unregister C 115 195d 322d 195d blktrace: fix unlocked registration of tracepoints
kernel BUG at arch/x86/kvm/x86.c:LINE! syz 20 298d 331d 195d KVM: x86: Exit to user-mode on #UD intercept when emulator requires
WARNING in tracepoint_probe_register_prio C 830 195d 331d 195d blktrace: fix unlocked registration of tracepoints
KASAN: use-after-free Read in strp_data_ready C 204 241d 333d 195d kcm: Only allow TCP sockets to be attached to a KCM mux
WARNING in refcount_sub_and_test C 75150 232d 333d 195d sctp: reset owner sk for data chunks on out queues when migrating a sock
general protection fault in hrtimer_active (2) C 10612 203d 208d 200d KVM: x86: fix vcpu initialization with userspace lapic
general protection fault in smc_create C 2 209d 208d 200d net/smc: fix NULL pointer dereference on sock_create_kern() error path
KASAN: slab-out-of-bounds Read in ip6_route_me_harder C 66 202d 209d 200d netfilter: use skb_to_full_sk in ip6_route_me_harder
KASAN: use-after-free Read in ip6_route_me_harder C 44 202d 209d 200d netfilter: use skb_to_full_sk in ip6_route_me_harder
KASAN: use-after-free Write in nf_nat_ipv6_manip_pkt C 2 216d 216d 200d netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
BUG: unable to handle kernel paging request in ebt_among_mt_check C 823 200d 216d 200d netfilter: bridge: ebt_among: add missing match size checks
WARNING in compat_copy_entries C 434 201d 216d 200d netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
WARNING in debug_print_object C 2 233d 233d 200d l2tp: fix tunnel lookup use-after-free race
KASAN: use-after-free Read in inet_shutdown C 22 203d 249d 200d l2tp: fix tunnel lookup use-after-free race
general protection fault in pppol2tp_connect C 1025 201d 250d 200d l2tp: fix tunnel lookup use-after-free race
KASAN: use-after-free Read in pppol2tp_connect C 25 201d 250d 200d l2tp: fix tunnel lookup use-after-free race
KASAN: slab-out-of-bounds Read in ip6_xmit C 156 202d 252d 200d tls: Use correct sk->sk_prot for IPV6
kernel BUG at arch/x86/kvm/mmu.c:LINE! C 695 208d 325d 200d KVM: mmu: Fix overlap between public and private memslots
WARNING in __x86_set_memory_region C 716 208d 326d 200d KVM/x86: remove WARN_ON() for when vm_munmap() fails
WARNING in handle_ept_misconfig C 238 209d 331d 200d KVM: X86: Fix SMRAM accessing even if VM is shutdown
general protection fault in arpt_do_table C 3 213d 213d 208d netfilter: add back stackpointer size checks
WARNING: ODEBUG bug in __queue_work C 2 218d 214d 208d netfilter: IDLETIMER: be syzkaller friendly
WARNING in __queue_work C 1 218d 218d 208d netfilter: IDLETIMER: be syzkaller friendly
WARNING: kmalloc bug in cpu_map_update_elem C 2677 208d 220d 208d bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
WARNING in kvmalloc_node C 513 215d 221d 208d bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
WARNING: kmalloc bug in bpf_prog_array_copy_info C 4424 208d 221d 208d bpf: fix bpf_prog_array_copy_to_user warning from perf event prog query
WARNING: ODEBUG bug in led_tg_destroy C 4 214d 222d 208d netfilter: x_tables: fix missing timer initialization in xt_LED
general protection fault in SyS_bpf (2) C 1065 208d 222d 208d bpf: fix sock_map_alloc() error path
divide error in nf_nat_l4proto_unique_tuple C 2 223d 222d 208d netfilter: nat: cope with negative port range
lost connection to test machine (4) C 1189 208d 222d 208d bpf: fix mlock precharge on arraymaps
KASAN: use-after-free Read in remove_wait_queue C 7 213d 222d 208d ANDROID: binder: synchronize_rcu() when using POLLFREE.
kernel BUG at kernel/time/timer.c:LINE! C 18 211d 222d 208d netfilter: x_tables: fix missing timer initialization in xt_LED
WARNING: bad unlock balance in hashlimit_mt_common C 2059 211d 223d 208d netfilter: xt_hashlimit: fix lock imbalance
possible deadlock in xt_find_table_lock (2) 4 226d 224d 208d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ip_getsockopt (2) 206 211d 225d 208d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ipv6_setsockopt (2) 3642 210d 226d 208d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ip_setsockopt (3) 3731 210d 227d 208d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in rtnl_lock (4) C 73333 210d 227d 208d netfilter: drop outermost socket lock in getsockopt()
WARNING: kmalloc bug in relay_open_buf C 10 213d 228d 208d kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
WARNING: proc registration bug in clusterip_tg_check C 779 211d 228d 208d netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation
general protection fault in ip6t_do_table C 8077 212d 238d 208d netfilter: add back stackpointer size checks
WARNING in check_flush_dependency C 2205 211d 243d 208d mac80211_hwsim: don't use WQ_MEM_RECLAIM
WARNING in kmalloc_slab (3) C 1901 209d 293d 208d kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
BUG: unable to handle kernel NULL pointer dereference in sha512_mb_mgr_get_comp_job_avx2 syz 32 240d 293d 208d crypto: sha512-mb - initialize pending lengths correctly
general protection fault in binder_poll C 159 212d 295d 208d binder: check for binder_thread allocation failure in binder_poll()
KASAN: use-after-free Read in rds_find_bound 1 271d 267d 220d rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management
KASAN: slab-out-of-bounds Read in string C 129 231d 241d 220d netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
KASAN: use-after-free Read in rds_tcp_tune 12 244d 254d 220d rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management
INFO: rcu detected stall in memcpy 12 258d 262d 220d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in tty_ioctl C 12 264d 276d 220d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
INFO: rcu detected stall in n_tty_ioctl 24 263d 276d 220d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
KASAN: use-after-free Read in __do_page_fault syz 679 316d 327d 220d x86/mm: fix use-after-free of vma during userfaultfd fault
possible deadlock in lru_add_drain_all 1300 281d 331d 220d mm: drop hotplug lock from lru_add_drain_all()
KASAN: use-after-free Read in __schedule C 145 275d 276d 220d KVM: x86: don't forget vcpu_put() in kvm_arch_vcpu_ioctl_set_sregs()
KASAN: stack-out-of-bounds Read in csum_and_copy_from_iter_full 1 300d 296d 220d net: ipv4: fix for a race condition in raw_sendmsg
KASAN: use-after-free Read in sock_release 1 302d 298d 220d fix kcm_clone()
KASAN: use-after-free Read in rds_tcp_dev_event 1 326d 319d 220d rds: tcp: correctly sequence cleanup on netns deletion.
possible deadlock in flush_work (2) 3 319d 322d 220d SUNRPC: Destroy transport from the system workqueue
KASAN: stack-out-of-bounds Read in memcmp 1 263d 260d 222d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
KASAN: stack-out-of-bounds Read in xfrm_selector_match 368 254d 261d 222d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
KASAN: use-after-free Read in __fput 23 291d 325d 222d fix kcm_clone()
WARNING in drm_modeset_lock_all 35 324d 331d 222d drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
WARNING: kmalloc bug in tun_device_event C 15 226d 228d 222d ["ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE" "ptr_ring: try vmalloc() when kmalloc() fails"]
WARNING: suspicious RCU usage in bpf_prog_array_copy_info C 17842 222d 228d 222d bpf: fix bpf_prog_array_copy_to_user() issues
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (4) C 7264 228d 232d 222d bpf: fix bpf_prog_array_copy_to_user() issues
general protection fault in ___bpf_prog_run C 8 228d 235d 222d bpf: fix null pointer deref in bpf_prog_test_run_xdp
KASAN: use-after-free Write in xt_rateest_tg_checkentry C 2 235d 236d 222d netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
general protection fault in cgroup_mt_destroy_v1 C 91 225d 237d 222d netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
WARNING in usercopy_warn C 171 228d 246d 222d net: Whitelist the skbuff_head_cache "cb" field
KASAN: double-free or invalid-free in relay_open C 106 228d 326d 222d kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
WARNING in do_debug C 905 227d 327d 222d KVM: x86: fix escape of guest dr6 to the host
possible deadlock in rtnl_lock (3) C 3633 227d 228d 227d netfilter: on sockopt() acquire sock lock only in the required scope
possible deadlock in do_ip_setsockopt (2) 59 227d 230d 227d netfilter: on sockopt() acquire sock lock only in the required scope
WARNING: bad unlock balance in ipmr_mfc_seq_stop C 286 234d 281d 228d ip6mr: fix stale iterator
possible deadlock in rtnl_lock (2) C 10369 230d 233d 230d netfilter: on sockopt() acquire sock lock only in the required scope
suspicious RCU usage at ./include/linux/inetdevice.h:LINE (2) C 4 233d 233d 230d net: igmp: add a missing rcu locking section
possible deadlock in do_ip_getsockopt 22 232d 237d 230d netfilter: on sockopt() acquire sock lock only in the required scope
possible deadlock in xt_find_target 34 231d 238d 230d netfilter: on sockopt() acquire sock lock only in the required scope
WARNING in reuseport_add_sock C 7 243d 253d 230d soreuseport: fix mem leak in reuseport_add_sock()
WARNING in ion_ioctl C 8888 233d 261d 230d staging: android: ion: Switch from WARN to pr_warn
WARNING in __alloc_pages_slowpath C 9435 233d 261d 230d staging: android: ion: Add __GFP_NOWARN for system contig heap
lost connection to test machine (3) C 4251 230d 269d 230d netfilter: x_tables: fix int overflow in xt_alloc_table_info()
WARNING in register_lock_class C 2 277d 273d 230d ANDROID: binder: remove waitqueue when thread exits.
WARNING in sysfs_warn_dup 11 235d 278d 230d sysfs: turn WARN() into pr_warn()
KASAN: use-after-free Read in __lock_acquire (2) C 589 233d 308d 230d ANDROID: binder: remove waitqueue when thread exits.
WARNING in __check_heap_object C 5173 247d 319d 230d sctp: Define usercopy region in SCTP proto slab cache
KASAN: use-after-free Read in __list_add_valid (3) 16 234d 241d 231d vhost_net: stop device during reset owner
KASAN: use-after-free Read in fib6_lookup_1 11 251d 253d 231d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_remove_prefsrc 4 251d 253d 231d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_age 3 251d 253d 231d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in mon_bin_vma_fault 7 257d 268d 231d USB: fix usbmon BUG trigger
INFO: task hung in bpf_exit_net 1 291d 278d 231d sctp: fix the handling of ICMP Frag Needed for too small MTUs
INFO: trying to register non-static key in pfifo_fast_reset C 4 277d 280d 231d net_sched: properly check for empty skb array on error path
general protection fault in trie_get_next_key C 3 240d 240d 233d bpf: fix kernel page fault in lpm map trie_get_next_key
KASAN: use-after-free Read in tipc_group_size C 8 250d 257d 233d tipc: fix race between poll() and setsockopt()
suspicious RCU usage at net/ipv6/ip6_fib.c:LINE C 56 241d 263d 233d ipv6: remove null_entry before adding default route
BUG: Bad page state (3) C 3 258d 265d 233d USB: fix usbmon BUG trigger
WARNING in usb_submit_urb C 2 328d 319d 233d USB: usbfs: Filter flags passed in from user space
WARNING in task_participate_group_stop C 29 312d 327d 233d kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
general protection fault in __netlink_ns_capable C 74 256d 263d 233d rtnetlink: give a user socket to get_target_net()
KASAN: double-free or invalid-free in skb_free_head C 13 272d 279d 233d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel NULL pointer dereference in page_mapping C 4 277d 279d 233d RDS: null pointer dereference in rds_atomic_free_op
general protection fault in page_mapping C 46 257d 284d 233d RDS: null pointer dereference in rds_atomic_free_op
inconsistent lock state in est_fetch_counters C 5829 234d 238d 234d net_sched: gen_estimator: fix lockdep splat
WARNING in vhost_dev_cleanup C 4 235d 241d 234d vhost_net: stop device during reset owner
general protection fault in tun_queue_purge C 4 239d 241d 234d Revert "net: ptr_ring: otherwise safe empty checks can overrun array bounds"
KASAN: use-after-free Read in __wake_up_common C 888 234d 243d 234d vhost_net: stop device during reset owner
general protection fault in nfs_idmap_legacy_upcall C 4 247d 246d 234d NFS: reject request for id_legacy key without auxdata
KASAN: use-after-free Read in map_lookup_elem C 6 249d 253d 234d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in check_memory_region C 10 250d 253d 234d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in __bpf_prog_put 1 255d 255d 234d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in fib6_add (2) C 3143 256d 263d 234d ipv6: fix general protection fault in fib6_add()
kernel BUG at fs/userfaultfd.c:LINE! C 3 277d 274d 234d userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
KASAN: slab-out-of-bounds Write in sha3_update (2) C 49 235d 274d 234d crypto: hash - prevent using keyed hashes without setting key
KASAN: stack-out-of-bounds Read in rds_sendmsg C 120 264d 288d 234d RDS: Check cmsg_len before dereferencing CMSG_DATA
KASAN: slab-out-of-bounds Read in sctp_send_reset_streams C 73 276d 288d 234d sctp: make sure stream nums can match optlen in sctp_setsockopt_reset_streams
kernel BUG at drivers/android/binder_alloc.c:LINE! C 856 291d 295d 234d ANDROID: binder: fix transaction leak.
BUG: sleeping function called from invalid context at net/core/sock.c:LINE (2) 185 298d 296d 234d crypto: af_alg - remove locking in async callback
general protection fault in sidtab_search_core syz 1306 289d 296d 234d selinux: skip bounded transition processing if the policy isn't loaded
general protection fault in show_timer C 10 278d 297d 234d posix-timer: Properly check sigevent->sigev_notify
WARNING: kernel stack regs has bad 'bp' value (2) C 16238 234d 298d 234d crypto: x86/twofish-3way - Fix %rbp usage
KASAN: slab-out-of-bounds Read in strcmp C 150 290d 299d 234d selinux: ensure the context is NUL terminated in security_context_to_sid_core()
KASAN: slab-out-of-bounds Read in xfrm_hash_rebuild C 18 252d 319d 234d xfrm: skip policies marked as dead while rehashing
BUG: looking up invalid subclass: 8 C 5 320d 320d 234d ALSA: seq: Avoid invalid lockdep class warning
BUG: unable to handle kernel paging request in devpts_mntget C 21 247d 324d 234d devpts: fix error handling in devpts_mntget()
suspicious RCU usage at ./include/linux/inetdevice.h:LINE 28 317d 325d 234d fib: fib_dump_info can no longer use __in_dev_get_rtnl
KASAN: use-after-free Read in __xfrm_state_lookup C 7 326d 325d 234d xfrm: defer daddr pointer assignment after spi parsing
KASAN: use-after-free Read in sctp_association_free C 20 310d 325d 234d sctp: do not free asoc when it is already dead in sctp_sendmsg
BUG: sleeping function called from invalid context at mm/slab.h:LINE (2) 2 242d 242d 234d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: slab-out-of-bounds Read in erspan_build_header C 30 234d 243d 234d net: erspan: fix use-after-free
suspicious RCU usage at mm/slab.h:LINE 1 243d 243d 234d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: slab-out-of-bounds Read in erspan_xmit C 51 241d 243d 234d net: erspan: fix use-after-free
KASAN: use-after-free Read in erspan_xmit C 68 241d 243d 234d net: erspan: fix use-after-free
KASAN: use-after-free Read in erspan_build_header C 60 234d 243d 234d net: erspan: fix use-after-free
WARNING in xdp_rxq_info_unreg C 198 243d 243d 234d tun: avoid calling xdp_rxq_info_unreg() twice
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (3) C 5087 235d 243d 234d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: use-after-free Read in tipc_group_is_open C 1 250d 250d 234d tipc: fix race between poll() and setsockopt()
general protection fault in get_info C 760 250d 253d 234d netfilter: x_tables: don't return garbage pointer on modprobe failure
KASAN: use-after-free Read in rb_first_postorder C 17267 247d 256d 234d tipc: fix a potental access after delete in tipc_sk_join()
general protection fault in free_verifier_state (2) C 2 258d 258d 234d bpf: fix verifier GPF in kmalloc failure path
suspicious RCU usage at net/netfilter/ipset/ip_set_core.c:LINE C 38048 255d 261d 234d netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
general protection fault in copy_verifier_state C 2 267d 263d 234d bpf: fix verifier GPF in kmalloc failure path
possible deadlock in rtnl_lock C 15711 234d 291d 234d tuntap: fix possible deadlock when fail to register netdev
BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free 2 278d 276d 235d sctp: fix error path in sctp_stream_init
WARNING in fpu__copy 8 277d 277d 235d kvm: x86: fix WARN due to uninitialized guest FPU state
general protection fault in __rds_rdma_map C 12 287d 299d 235d rds: Fix NULL pointer dereference in __rds_rdma_map
WARNING in xfrm_state_fini C 2231 250d 306d 235d xfrm: check id proto in validate_tmpl()
general protection fault in __list_del_entry_valid (2) C 21 249d 306d 235d sget(): handle failures of register_shrinker()
KASAN: stack-out-of-bounds Read in xfrm_state_find (3) C 10353 239d 306d 235d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
general protection fault in sctp_stream_free 17 281d 322d 235d sctp: fix error path in sctp_stream_init
possible deadlock in vhost_chr_write_iter C 25952 241d 243d 237d vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
KASAN: slab-out-of-bounds Read in __dev_queue_xmit C 6 259d 247d 237d net: qdisc_pkt_len_init() should be more robust
KASAN: use-after-free Read in psock_write_space C 6 245d 257d 237d kcm: Only allow TCP sockets to be attached to a KCM mux
kernel BUG at net/l2tp/l2tp_ppp.c:LINE! C 22 241d 263d 237d kcm: Check if sk_user_data already set in kcm_attach
general protection fault in skb_segment C 7 257d 267d 237d gso: validate gso_type in GSO handlers
kernel BUG at net/core/skbuff.c:LINE! (2) C 562 238d 327d 237d pppoe: take ->needed_headroom of lower device into account on xmit
BUG: unable to handle kernel NULL pointer dereference in proc_flush_task syz 1 281d 277d 238d pid: Handle failure to allocate the first pid in a pid namespace
KASAN: stack-out-of-bounds Read in write_mmio C 3 285d 296d 238d KVM: Fix stack-out-of-bounds read in write_mmio
general protection fault in proc_flush_task syz 2 280d 297d 238d pid: Handle failure to allocate the first pid in a pid namespace
general protection fault in lockdep_invariant_state (2) C 114 290d 319d 238d locking/lockdep: Fix possible NULL deref
general protection fault in __lock_acquire (2) C 15 239d 325d 238d tipc: fix a null pointer deref on error path
BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:LINE C 19609 301d 327d 239d KVM: x86: fix em_fxstor() sleeping while in atomic
KASAN: use-after-free Read in fib6_add_1 C 4 251d 253d 241d net-backports: ipv6: don't let tb6_root node share routes with other node
WARNING in free_loaded_vmcs C 170 298d 306d 241d KVM: VMX: Fix vmx->nested freeing when no SMI handler
KASAN: slab-out-of-bounds Read in map_lookup_elem C 6 250d 253d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
possible deadlock in snd_seq_deliver_event C 6 320d 331d 243d ALSA: seq: Fix nested rwsem annotation for lockdep splat
general protection fault in ip6_xmit 16 244d 246d 243d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_ifup (2) C 18 250d 247d 243d ipv6: don't let tb6_root node share routes with other node
general protection fault in strlen C 53 246d 247d 243d netlink: reset extack earlier in netlink_rcv_skb
KASAN: stack-out-of-bounds Read in __nla_put C 57 246d 249d 243d netlink: reset extack earlier in netlink_rcv_skb
WARNING in canfd_rcv C 4 251d 249d 243d can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
WARNING in can_rcv C 5 250d 249d 243d can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
KASAN: slab-out-of-bounds Write in array_map_update_elem C 6 251d 250d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Write in array_map_update_elem C 11 249d 250d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in __bpf_map_put 1 253d 252d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
WARNING in rfkill_alloc C 6 251d 252d 243d cfg80211: check dev_set_name() return value
WARNING in wiphy_register C 15 250d 252d 243d mac80211_hwsim: validate number of different channels
divide error in ___bpf_prog_run C 28 246d 253d 243d bpf: fix 32-bit divide by zero
BUG: unable to handle kernel paging request in bpf_fd_array_map_lookup_elem 5 249d 253d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in dst_release 113 249d 254d 243d ipv6: ip6_make_skb() needs to clear cork.base.dst
KASAN: slab-out-of-bounds Read in bpf_fd_array_map_lookup_elem 7 250d 254d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in bpf_fd_array_map_lookup_elem 21 249d 255d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
WARNING in snd_interval_mulkdiv C 21 249d 255d 243d ALSA: pcm: Remove yet superfluous WARN_ON()
general protection fault in sctp_v6_get_dst C 6 255d 255d 243d sctp: do not allow the v4 socket to bind a v4mapped v6 address
WARNING in ___bpf_prog_run C 28 249d 255d 243d bpf: arsh is not supported in 32 bit alu thus reject it
WARNING in netlink_ack (2) C 6 255d 255d 243d netlink: extack needs to be reset each time through loop
BUG: unable to handle kernel paging request in fd_array_map_delete_elem 11 249d 255d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in __bpf_prog_put C 212 249d 255d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in cgroup_fd_array_put_ptr C 219 249d 255d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: slab-out-of-bounds Read in perf_event_fd_array_release C 96 249d 255d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in __bpf_map_put C 331 249d 255d 243d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in tls_sk_proto_close C 9 249d 256d 243d net/tls: Only attach to sockets in ESTABLISHED state
WARNING: held lock freed! C 497 247d 258d 243d sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:LINE 20 252d 260d 243d xfrm: don't call xfrm_policy_cache_flush while holding spinlock
kernel BUG at ./include/linux/skbuff.h:LINE! C 4502 249d 261d 243d esp: Fix GRO when the headers not fully in the linear part of the skb.
possible deadlock in ppp_dev_uninit C 6 249d 262d 243d ppp: unlock all_ppp_mutex before registering device
WARNING in adjust_ptr_min_max_vals C 252 246d 263d 243d bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (2) C 174 245d 324d 243d xfrm: fix rcu usage in xfrm_get_type_offload
KASAN: use-after-free Read in fib6_ifdown C 26 250d 254d 247d ipv6: remove null_entry before adding default route
KASAN: use-after-free Read in rt6_mtu_change_route 5 251d 254d 247d ipv6: remove null_entry before adding default route
INFO: task hung in snd_pcm_oss_write syz 2 255d 255d 247d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in snd_pcm_plug_write_transfer 1 255d 255d 247d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in mulaw_transfer 37 258d 261d 247d ALSA: aloop: Fix racy hw constraints adjustment
general protection fault in nf_tables_dump_obj_done C 976 256d 261d 247d netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done()
suspicious RCU usage at sound/core/pcm_lib.c:LINE 1 263d 262d 247d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
BUG: unable to handle kernel paging request in memset_erms C 35 247d 262d 247d ALSA: aloop: Fix inconsistent format due to incomplete rule
WARNING in rds_cmsg_rdma_args C 6 263d 263d 247d RDS: Heap OOB write in rds_message_alloc_sgs()
WARNING in snd_pcm_hw_param_first C 2905 255d 265d 247d ALSA: pcm: Remove incorrect snd_BUG_ON() usages
kernel BUG at ./include/linux/mm.h:LINE! (3) C 621 252d 269d 247d USB: fix usbmon BUG trigger
BUG: soft lockup (2) C 29 258d 286d 247d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
general protection fault in crypto_remove_spawns C 85 261d 299d 247d crypto: algapi - fix NULL dereference in crypto_remove_spawns()
WARNING in strp_data_ready C 59034 263d 333d 248d strparser: Call sock_owned_by_user_nocheck
KASAN: double-free or invalid-free in kvm_arch_vcpu_uninit 1 256d 252d 251d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in alg_setsockopt 5 263d 260d 255d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in do_syslog 1 264d 261d 255d crypto: pcrypt - fix freeing pcrypt instances
KASAN: slab-out-of-bounds Read in cap_inode_getsecurity C 11 260d 261d 255d capabilities: fix buffer overread on very short xattr
KASAN: slab-out-of-bounds Read in cap_convert_nscap C 4148 260d 264d 255d capabilities: fix buffer overread on very short xattr
BUG: bad usercopy in strncpy_from_user 1 270d 266d 255d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel paging request in ipcget 2 277d 274d 255d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in rw_copy_check_uvector 7 259d 274d 255d crypto: pcrypt - fix freeing pcrypt instances
general protection fault in skcipher_walk_done C 8 257d 277d 255d crypto: chacha20poly1305 - validate the digest size
KASAN: use-after-free Read in __list_del_entry_valid (2) C 11 277d 279d 255d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel NULL pointer dereference in blkcipher_walk_done C 2 282d 282d 255d crypto: chacha20poly1305 - validate the digest size
BUG: unable to handle kernel NULL pointer dereference in scatterwalk_copychunks C 3 281d 283d 255d crypto: chacha20poly1305 - validate the digest size
KASAN: wild-memory-access Write in scatterwalk_copychunks C 15 260d 286d 255d crypto: chacha20poly1305 - validate the digest size
general protection fault in scatterwalk_copychunks (2) C 141 261d 288d 255d crypto: chacha20poly1305 - validate the digest size
KASAN: use-after-free Read in handle_userfault C 151 268d 331d 256d userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
INFO: task hung in cleanup_net 1 290d 278d 263d net: Fix double free and memory corruption in get_net_ns_by_id()
KASAN: global-out-of-bounds Read in crypto_chacha20_crypt C 74 277d 280d 263d crypto: skcipher - set walk.iv for zero-length inputs
general protection fault in blkcipher_walk_first C 7 274d 285d 263d crypto: af_alg - wait for data at beginning of recvmsg
possible deadlock (2) 2 284d 286d 263d crypto: skcipher - set walk.iv for zero-length inputs
BUG: unable to handle kernel paging request in kvm_arch_vcpu_ioctl_run 1 290d 286d 263d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in copy_siginfo_to_user 1 291d 287d 263d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in match_subs_info 1 293d 288d 263d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in __put_user_8 1 294d 288d 263d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in __schedule 2 293d 288d 263d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
KASAN: use-after-free Write in aead_recvmsg C 21 275d 292d 263d crypto: af_alg - fix race accessing cipher request
BUG: unable to handle kernel paging request in __switch_to 1 297d 293d 263d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
general protection fault in crypto_chacha20_crypt C 2374 267d 298d 263d crypto: skcipher - set walk.iv for zero-length inputs
general protection fault in blkcipher_walk_done C 47 264d 299d 263d crypto: af_alg - wait for data at beginning of recvmsg
WARNING in netlink_ack C 6 273d 274d 270d netlink: fix netlink_ack() extack race
general protection fault in free_verifier_state C 2 276d 276d 270d bpf: fix verifier NULL pointer dereference
KASAN: use-after-free in aead_recvmsg 2 287d 287d 270d crypto: algif_aead - fix reference counting of null skcipher
kernel BUG at net/packet/af_packet.c:LINE! (2) 2 293d 296d 270d make sock_alloc_file() do sock_release() on failures
WARNING in refcount_dec (2) 1 304d 304d 270d net/packet: fix a race in packet_bind() and packet_notifier()
WARNING in lock_release C 72 278d 311d 274d alloc_super(): do ->s_umount initialization earlier
general protection fault in ___cache_free 1 286d 282d 276d crypto: salsa20 - fix blkcipher_walk API usage
general protection fault in kfree 13 287d 296d 276d crypto: salsa20 - fix blkcipher_walk API usage
general protection fault in strcmp 1 297d 296d 276d KEYS: reject NULL restriction string when type is specified
WARNING in initialize_timer 2 296d 297d 276d ALSA: seq: Remove spurious WARN_ON() at timer check
WARNING: suspicious RCU usage (3) 16 297d 298d 276d crypto: salsa20 - fix blkcipher_walk API usage
KASAN: stack-out-of-bounds Write in sha3_update C 5 302d 298d 276d crypto: hmac - require that the underlying hash algorithm is unkeyed
general protection fault in af_alg_free_areq_sgls C 2916 280d 299d 276d crypto: af_alg - fix NULL pointer dereference in
KASAN: use-after-free Read in aead_recvmsg C 4338 280d 299d 276d crypto: algif_aead - fix reference counting of null skcipher
general protection fault in scatterwalk_copychunks C 414 289d 298d 289d crypto: algif_aead - skip SGL entries with NULL page
kernel BUG at net/core/dev.c:LINE! C 5 300d 305d 289d net-backports: net/packet: fix a race in packet_bind() and packet_notifier()
possible deadlock in blk_trace_remove 5 300d 308d 289d blktrace: fix trace mutex deadlock
general protection fault in fanout_demux_rollover 3 302d 322d 289d packet: fix crash in fanout_demux_rollover()
kernel panic: softlockup: hung tasks 2 369d 339d 289d SUNRPC: Allow connect to return EHOSTUNREACH
general protection fault in dax_alloc_inode 1 320d 313d 293d dax: fix general protection fault in dax_alloc_inode
kernel BUG at net/key/af_key.c:LINE! C 63 341d 333d 293d xfrm: Copy policy family in clone_policy
WARNING in snd_timer_user_info_compat C 174 303d 305d 299d ALSA: timer: Remove kernel warning at compat ioctl error paths
KASAN: use-after-free Read in tcp_ack 68 312d 314d 299d net-backports: tcp: highest_sack fix
KASAN: use-after-free Read in mpi_free C 27 309d 317d 299d crypto: dh - Fix double free of ctx->p
WARNING in free_kthread_struct C 136405 316d 319d 299d kthread: zero the kthread data structure
INFO: trying to register non-static key. (2) C 8624 318d 320d 299d tcp: fix a lockdep issue in tcp_fastopen_reset_cipher()
possible deadlock in generic_file_write_iter C 61506 299d 322d 299d block, locking/lockdep: Assign a lock_class per gendisk used for wait_for_completion()
KASAN: use-after-free Read in fsnotify 1 360d 324d 299d dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
KASAN: use-after-free Read in tipc_send_group_bcast 4 334d 325d 299d tipc: fix a dangling pointer
general protection fault in bpf_check 3 320d 325d 299d bpf: fix verifier NULL pointer dereference
general protection fault in iov_iter_fault_in_readable 5 316d 325d 299d tun: do not arm flow_gc_timer in tun_flow_init()
kernel BUG at fs/notify/dnotify/dnotify.c:LINE! 19 315d 327d 299d dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
KASAN: use-after-free Write in detach_if_pending C 4169 336d 331d 299d tun: do not arm flow_gc_timer in tun_flow_init()
KASAN: slab-out-of-bounds Read in tipc_nametbl_lookup_dst_nodes C 22388 311d 333d 299d tipc: eliminate KASAN warning
BUG: unable to handle kernel paging request in vsock_diag_dump C 6 331d 333d 299d vsock: always call vsock_init_tables()
KASAN: use-after-free Read in tipc_group_self C 2942 316d 333d 299d tipc: fix a dangling pointer
general protection fault in do_raw_spin_lock 8 331d 336d 299d net-backports: ipv6: add ip6_null_entry check in rt6_select()
general protection fault in tun_flow_cleanup 1 371d 339d 299d tun: do not arm flow_gc_timer in tun_flow_init()
KASAN: use-after-free Read in free_netdev C 42 316d 340d 299d net-tun: fix panics at dismantle time
general protection fault in hrtimer_active C 669 316d 340d 299d net-tun: fix panics at dismantle time
WARNING in fib6_add C 8225 316d 340d 299d ipv6: prevent user from adding cached routes
WARNING in tun_get_user C 17398 316d 341d 299d net-backports: tun: relax check on eth_get_headlen() return value
BUG: sleeping function called from invalid context at net/core/sock.c:LINE C 407 300d 339d 300d strparser: Use delayed work instead of timer for msg timeout
KASAN: use-after-free Read in snd_timer_user_info_compat syz 2 341d 331d 305d ALSA: timer: Add missing mutex lock for compat ioctls
WARNING in tcp_update_reordering 748 309d 306d 305d tcp: fix tcp_fastretrans_alert warning
general protection fault in asn1_ber_decoder C 5009 316d 320d 309d KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
BUG: soft lockup C 466 312d 325d 309d ALSA: timer: Limit max instances per timer
BUG: unable to handle kernel paging request in snd_seq_oss_readq_puts C 389 319d 325d 309d ALSA: seq: Fix OSS sysex delivery in OSS emulation
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) C 93 317d 325d 309d xfrm: Fix stack-out-of-bounds read in xfrm_state_find.
WARNING in refcount_add_not_zero 70 309d 326d 309d tcp: gso: avoid refcount_t warning from tcp_gso_segment()
KASAN: slab-out-of-bounds Read in asn1_ber_decoder C 17 317d 322d 316d KEYS: fix out-of-bounds read during ASN.1 parsing
KASAN: use-after-free Read in __lock_acquire syz 894 316d 325d 316d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
KASAN: use-after-free Read in do_raw_spin_unlock syz 3 325d 327d 316d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
BUG: workqueue lockup C 172 316d 327d 316d tun/tap: sanitize TUNSETSNDBUF input
WARNING in get_pi_state C 42 325d 327d 316d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
INFO: rcu detected stall (2) C 56 316d 327d 316d net-backports: tun/tap: sanitize TUNSETSNDBUF input
general protection fault in __list_del_entry_valid C 72 319d 333d 316d ipsec: Fix aborted xfrm policy dump crash
WARNING in kmalloc_slab (2) C 2478 316d 334d 316d ipv6: flowlabel: do not leave opt->tot_len with garbage
KASAN: use-after-free Read in packet_getsockopt (2) syz 12 329d 338d 316d packet: avoid panic in packet_getsockopt()
WARNING in refcount_dec 9 316d 340d 316d ipv6: addrconf: increment ifp refcount before ipv6_del_addr()
general protection fault in ip6_setup_cork 56 331d 340d 316d net-backports: ipv6: flowlabel: do not leave opt->tot_len with garbage
WARNING in reuseport_alloc C 408 316d 340d 316d soreuseport: fix initialization race
KASAN: use-after-free Read in ip_queue_xmit 1 341d 341d 316d net-backports: tcp/dccp: fix ireq->opt races
KASAN: use-after-free Write in __run_timers 6144 336d 396d 316d net-backports: tun: call dev_get_valid_name() before register_netdevice()
kernel BUG at net/ipv4/tcp_output.c:LINE! 37 376d 388d 319d tcp: add an ability to dump and restore window parameters
WARNING in sk_stream_kill_queues syz 96 403d 406d 319d net-backports: dccp: purge write queue in dccp_destroy_sock()
general protection fault in refcount_sub_and_test 1 420d 404d 320d ipv6: fix NULL dereference in ip6_route_dev_notify()
KASAN: use-after-free Read in dev_queue_xmit_nit C 13 363d 375d 321d packet: hold bind lock when rebinding to fanout hook
WARNING in fib6_del 24 382d 395d 321d ipv6: fib: Unlink replaced routes from their nodes
KASAN: use-after-free Read in ccid2_hc_tx_rto_expire 5 399d 403d 321d dccp: defer ccid_hc_tx_delete() at dismantle time
BUG: unable to handle kernel NULL pointer dereference in free_fib_info_rcu 3 404d 404d 321d ipv4: fix NULL dereference in free_fib_info_rcu()
KASAN: double-free or invalid-free in selinux_tun_dev_free_security C 12033 397d 407d 321d tun: handle register_netdevice() failures properly
kernel BUG at net/core/skbuff.c:LINE! 5 334d 404d 331d ipv4: better IP_MAX_MTU enforcement
general protection fault in kvm_cpuid C 20 363d 382d 333d KVM: MMU: check guest CR3 reserved bits based on its physical address width.
KASAN: use-after-free Read in __list_add_valid syz 26 337d 385d 333d packet: hold bind lock when rebinding to fanout hook
general protection fault in skb_clone syz 3 403d 402d 333d tun: make tun_build_skb() thread safe
BUG: unable to handle kernel paging request in skb_release_data syz 15 402d 403d 333d tun: make tun_build_skb() thread safe
kernel BUG at lib/string.c:LINE! C 73 348d 364d 334d netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
WARNING in __local_bh_enable_ip 22 364d 371d 334d bpf: do not disable/enable BH in bpf_map_free_id()
WARNING in __switch_to C 535 361d 407d 334d x86/fpu: Don't let userspace set bogus xcomp_bv
WARNING: kernel stack regs has bad 'bp' value C 66131 362d 407d 334d crypto: x86/sha256-avx2 - Fix RBP usage
general protection fault in __ip_options_echo (2) C 2 383d 383d 334d udp: drop head states only when all skb references are gone
general protection fault in perf_trace_block_get_rq C 180 374d 383d 334d block: tolerate tracing of NULL bio
kernel BUG at mm/slab.c:LINE! C 860 381d 385d 334d bpf: fix numa_node validation
possible deadlock in kcm_sendpage syz 14 386d 389d 334d kcm: do not attach PF_KCM sockets to avoid deadlock
general protection fault in SyS_bpf C 10 393d 394d 334d bpf: fix a return in sockmap_get_from_fd()
WARNING in refcount_inc 7 387d 395d 334d net_sched: fix a refcount_t issue with noop_qdisc
general protection fault in __lock_acquire 5 344d 396d 334d ipv6: reset fn->rr_ptr when replacing route
KASAN: slab-out-of-bounds Read in skb_release_data 1 402d 402d 334d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in get_mm_exe_file C 2 397d 402d 334d fork: fix incorrect fput of ->exe_file causing use-after-free
KASAN: wild-memory-access Read in skb_copy_ubufs C 23 402d 403d 334d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in skb_release_data syz 7 403d 403d 334d tun: make tun_build_skb() thread safe
general protection fault in skb_release_data syz 198 402d 403d 334d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in skb_push 4 398d 404d 334d tipc: fix use-after-free
general protection fault in fib6_add 18 398d 404d 334d ipv6: repair fib6 tree in failure case
BUG: Bad page state C 2 403d 404d 334d mm/madvise.c: fix freeing of locked page with MADV_FREE
KASAN: use-after-free Read in ip6_pol_route 249 397d 405d 334d ipv6: reset fn->rr_ptr when replacing route
KASAN: use-after-free Read in free_ldt_struct C 109 391d 405d 334d x86/mm: Fix use-after-free of ldt_struct
BUG: unable to handle kernel NULL pointer dereference at ADDR C 63 391d 405d 334d strparser: initialize all callbacks
WARNING in kmalloc_slab C 22353 334d 406d 334d ptr_ring: use kmalloc_array()
WARNING in idr_replace C 1209 374d 406d 334d idr: remove WARN_ON_ONCE() when trying to replace negative ID
general protection fault in __skb_flow_dissect C 37 404d 406d 334d dsa: fix flow disector null pointer
general protection fault in fib_dump_info C 428 397d 407d 334d net: check and errout if res->fi is NULL when RTM_F_FIB_MATCH is set
suspicious RCU usage at ./include/linux/kvm_host.h:LINE C 103402 362d 407d 334d KVM: fix rcu warning on VM_CREATE errors
INFO: task hung C 13878 362d 427d 362d tcp: fix hang in tcp_sendpage_locked()
WARNING in kvm_arch_vcpu_ioctl_run C 20284 362d 427d 362d KVM: X86: Fix residual mmio emulation request to userspace
inconsistent lock state in sk_clone_lock C 16 404d 407d 382d tcp: fix possible deadlock in TCP stack vs BPF filter
BUG: sleeping function called from invalid context at mm/slab.h:LINE C 8 404d 407d 382d af_key: do not use GFP_KERNEL in atomic contexts
kernel BUG at mm/usercopy.c:LINE! C 23 403d 407d 382d udp: harden copy_linear_skb()