syzbot



Upstream Linux Kernel

fixed (718):
Title Repro Count Last Reported Closed Patch
KMSAN: kernel-infoleak in vcs_read C 531 28d 38d 4d01h vt: prevent leaking uninitialized data to userspace via /dev/vcs*
WARNING: suspicious RCU usage in fib6_info_alloc syz 2 90d 89d 7d19h net/ipv6: Fix gfp_flags arg to addrconf_prefix_route
WARNING in kernfs_add_one C 174 8d09h 72d 7d19h driver core: Don't ignore class_dir_create_and_add() failure.
INFO: rcu detected stall in unwind_next_frame 2 57d 60d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
BUG: unable to handle kernel paging request in dput C 26 39d 42d 7d19h fix proc_fill_cache() in case of d_alloc_parallel() failure
general protection fault in fuse_ctl_remove_conn C 16 41d 80d 7d19h fuse: fix control dir setup and teardown
WARNING in bpf_int_jit_compile syz 11 15d 52d 7d19h bpf: reject any prog that failed read-only lock
possible deadlock in sock_hash_free C 45 49d 49d 7d19h bpf: sockhash fix omitted bucket lock in sock_close
possible deadlock in __might_fault (2) C 20 77d 80d 7d19h tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
KMSAN: uninit-value in _copy_to_iter (2) C 226 39d 84d 7d19h vhost: fix info leak due to uninitialized memory
BUG: unable to handle kernel NULL pointer dereference in do_select 45 17d 18d 7d19h net: handle NULL ->poll gracefully
kernel BUG at fs/f2fs/inode.c:LINE! C 1 87d 87d 7d19h f2fs: avoid bug_on on corrupted inode
WARNING: ODEBUG bug in sock_hash_free 1 21d 21d 7d19h bpf: sockhash fix omitted bucket lock in sock_close
KASAN: slab-out-of-bounds Write in sha512_final C 21 20d 37d 7d19h dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Write in rmd320_final C 44 19d 39d 7d19h dh key: fix rounding up KDF output length
INFO: rcu detected stall in kmem_cache_alloc_node_trace 1 95d 77d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Read in bpf_csum_update C 2 45d 43d 7d19h bpf: reject passing modified ctx to helper functions
KMSAN: uninit-value in ip_vs_lblcr_check_expire 2050 7d20h 84d 7d19h ipvs: initialize tbl->entries after allocation
general protection fault in wb_workfn (2) 38 27d 52d 7d19h bdi: Fix another oops in wb_workfn()
INFO: rcu detected stall in is_bpf_text_address C 1 58d 58d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in __vfs_write syz 14 36d 39d 7d19h bpfilter: fix race in pipe access
general protection fault in pipe_write syz 1 39d 39d 7d19h bpfilter: fix race in pipe access
possible deadlock in tcp_mmap C 1908 77d 80d 7d19h tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
KASAN: use-after-free Read in bpf_skb_change_proto 1 37d 36d 7d19h bpf: reject passing modified ctx to helper functions
KASAN: use-after-free Write in prb_fill_curr_block C 2 45d 46d 7d19h net/packet: refine check for priv area size
kernel BUG at fs/f2fs/node.c:LINE! C 1 87d 87d 7d19h ["f2fs: give message and set need_fsck given broken node id" "f2fs: give message and set need_fsck given broken node id"]
WARNING in skb_warn_bad_offload (2) C 6 80d 80d 7d19h udp: disable gso with no_check_tx
BUG: unable to handle kernel NULL pointer dereference in ep_item_poll C 15 17d 18d 7d19h net: handle NULL ->poll gracefully
WARNING in bpf_prog_select_runtime syz 45 31d 33d 7d19h bpf: reject any prog that failed read-only lock
KASAN: slab-out-of-bounds Read in bpf_skb_vlan_push syz 2 33d 33d 7d19h bpf: reject passing modified ctx to helper functions
WARNING: kernel stack regs has bad 'bp' value (3) C 7971 9d19h 164d 7d19h crypto: x86/salsa20 - remove x86 salsa20 implementations
general protection fault in __vfs_write syz 25 36d 39d 7d19h bpfilter: fix race in pipe access
INFO: task hung in n_tty_flush_buffer 6 16d 90d 7d19h n_tty: Access echo_* variables carefully.
KASAN: use-after-free Read in skb_ensure_writable C 4 36d 43d 7d19h bpf: reject passing modified ctx to helper functions
KASAN: use-after-free Read in build_segment_manager C 5 87d 87d 7d19h f2fs: sanity check for total valid node blocks
KASAN: use-after-free Read in bpf_tcp_close C 1748 13d 52d 7d19h bpf: sockhash fix omitted bucket lock in sock_close
KMSAN: uninit-value in nfqnl_recv_config (2) C 10 20d 36d 7d19h netfilter: nf_queue: augment nfqa_cfg_policy
KASAN: use-after-free Read in pipe_read C 3 38d 39d 7d19h bpfilter: fix race in pipe access
KASAN: slab-out-of-bounds Read in crypto_morus640_decrypt_chunk C 8 27d 34d 7d19h crypto: morus640 - Fix out-of-bounds access
WARNING in perf_trace_buf_alloc (2) C 22 147d 253d 7d19h bpf: remove tracepoints from bpf core
KASAN: use-after-free Read in finish_wait 8 37d 39d 7d19h bpfilter: fix race in pipe access
BUG: unable to handle kernel paging request in bpf_prog_select_runtime 1 23d 23d 7d19h bpf: undo prog rejection on read-only lock failure
WARNING: kmalloc bug in xdp_umem_create C 7 31d 37d 7d19h xsk: silence warning on memory allocation failure
KASAN: use-after-free Write in tls_push_record C 24 8d08h 52d 7d19h tls: fix use-after-free in tls_push_record
KASAN: use-after-free Read in fib6_table_lookup 1 30d 29d 7d19h net/ipv6: respect rcu grace period before freeing fib6_info
INFO: rcu detected stall in skb_free_head 4 46d 78d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in __kernel_write syz 7 36d 39d 7d19h bpfilter: fix race in pipe access
WARNING in ion_dma_buf_begin_cpu_access C 62 15d 37d 7d19h staging: android: ion: Return an ERR_PTR in ion_map_kernel
WARNING: lock held when returning to user space! (2) C 9 67d 69d 7d19h net/ipv6: fix lock imbalance in ip6_route_del()
INFO: rcu detected stall in corrupted syz 1 57d 56d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: rcu detected stall in ip_route_output_key_hash 2 58d 61d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
KMSAN: uninit-value in ebt_stp_mt_check (2) C 222 7d19h 39d 7d19h netfilter: x_tables: initialise match/target check parameter struct
kernel BUG at fs/f2fs/segment.c:LINE! syz 1 87d 87d 7d19h ["f2fs: sanity check for total valid node blocks" "f2fs: sanity check for total valid node blocks"]
BUG: unable to handle kernel NULL pointer dereference in corrupted C 5 38d 39d 7d19h smc: convert to ->poll_mask
KMSAN: uninit-value in eth_mac_addr 2 10d 43d 7d19h rtnetlink: validate attributes in do_setlink()
KASAN: slab-out-of-bounds Write in tgr192_final C 30 19d 38d 7d19h dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Write in wp384_final C 27 20d 39d 7d19h dh key: fix rounding up KDF output length
INFO: rcu detected stall in dev_queue_xmit_nit 1 53d 53d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Write in crypto_sha3_final C 68 20d 39d 7d19h dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto C 2 37d 36d 7d19h bpf: reject passing modified ctx to helper functions
BUG: unable to handle kernel paging request in build_segment_manager C 1 87d 87d 7d19h ["f2fs: sanity check on sit entry" "f2fs: sanity check on sit entry"]
KASAN: null-ptr-deref Write in simple_write_to_buffer C 5 48d 72d 7d19h PM / hibernate: Fix oops at snapshot_write()
INFO: rcu detected stall in sctp_packet_transmit 1 62d 62d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
general protection fault in touch_atime syz 6 36d 39d 7d19h bpfilter: fix race in pipe access
WARNING: possible circular locking dependency detected (4) C 27 81d 88d 7d19h tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
BUG: delta (-6195) <= 0 at net/dccp/ccids/ccid3.c:LINE/ccid3_hc_rx_send_feedback() 1 25d 25d 7d19h net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
INFO: rcu detected stall in sctp_chunk_put 1 46d 46d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Read in ip6_xmit (3) C 69 13d 55d 7d19h bpf: sockmap, fix crash when ipv6 sock is added
KASAN: slab-out-of-bounds Read in skb_ensure_writable C 9 34d 43d 7d19h bpf: reject passing modified ctx to helper functions
INFO: rcu detected stall in sctp_generate_heartbeat_event 2 60d 70d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in bpf_csum_update C 1 45d 43d 7d19h bpf: reject passing modified ctx to helper functions
BUG: soft lockup in do_raw_spin_unlock (2) 1 35d 35d 7d19h restore cond_resched() in shrink_dcache_parent()
BUG: unable to handle kernel paging request in bpf_int_jit_compile syz 2 19d 23d 7d19h bpf: undo prog rejection on read-only lock failure
general protection fault in __mnt_want_write 1 37d 37d 7d19h bpfilter: fix race in pipe access
KASAN: use-after-free Write in bpf_tcp_close C 67 15d 50d 7d19h bpf: sockhash fix omitted bucket lock in sock_close
general protection fault in bpf_tcp_close C 421 8d12h 52d 7d19h ["bpf: sockhash fix omitted bucket lock in sock_close" "bpf: sockmap, fix smap_list_map_remove when psock is in many maps"]
general protection fault in smc_ioctl C 5214 30d 59d 7d19h net/smc: return 0 for ioctl calls in states INIT and CLOSED
INFO: rcu detected stall in kfree_skbmem 4 47d 77d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: task hung in tty_set_termios 1 109d 107d 7d19h n_tty: Access echo_* variables carefully.
bpf-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 3 40d 42d 7d19h umh: fix race condition
WARNING in do_dentry_open C 26 31d 39d 7d19h bpf: implement dummy fops for bpf objects
KASAN: slab-out-of-bounds Write in prb_fill_curr_block C 2 46d 46d 7d19h net/packet: refine check for priv area size
KASAN: slab-out-of-bounds Read in build_segment_manager C 1 87d 87d 7d19h f2fs: sanity check for total valid node blocks
KASAN: use-after-free Read in xfs_inobt_init_key_from_rec C 1 104d 104d 7d19h xfs: fix inobt magic number check
WARNING: refcount bug in __udp_gso_segment 2 67d 67d 7d19h udp: avoid refcount_t saturation in __udp_gso_segment()
INFO: task hung in namespace_unlock 15 11d 20d 7d19h n_tty: Access echo_* variables carefully.
KMSAN: uninit-value in rtnetlink_put_metrics syz 3 41d 43d 7d19h net: metrics: add proper netlink validation
KASAN: slab-out-of-bounds Read in bpf_skb_change_head C 2 33d 33d 7d19h bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Write in sha1_finup C 119 19d 40d 7d19h dh key: fix rounding up KDF output length
WARNING: kmalloc bug in map_get_next_key C 5 61d 61d 7d19h bpf: fix sock hashmap kmalloc warning
unexpected kernel reboot (2) C 2073 7d21h 98d 7d19h kvm: vmx: Nested VM-entry prereqs for event inj.
BUG: workqueue lockup (3) C 1215 11d 64d 7d19h restore cond_resched() in shrink_dcache_parent()
INFO: rcu detected stall in ipv6_addr_label 1 142d 141d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
WARNING: kernel stack frame pointer has bad value C 1108 10d 88d 7d19h crypto: don't optimize keccakf()
KASAN: use-after-free Read in fuse_kill_sb_blk 4 58d 77d 7d19h fuse: don't keep dead fuse_conn at fuse_fill_super().
general protection fault in vfs_read syz 2 37d 39d 7d19h bpfilter: fix race in pipe access
KASAN: use-after-free Read in ip6_route_mpath_notify C 25 40d 45d 7d19h net/ipv6: prevent use after free in ip6_route_mpath_notify
BUG: unable to handle kernel NULL pointer dereference in do_sys_poll C 297 17d 18d 7d19h net: handle NULL ->poll gracefully
WARNING in ebt_do_table C 13 16d 41d 7d19h netfilter: ebtables: reject non-bridge targets
WARNING in sysfs_remove_group C 11125 9d05h 263d 7d19h loop: remember whether sysfs_create_group() was done
KASAN: null-ptr-deref Write in xdp_umem_unaccount_pages C 25 36d 39d 7d19h bpf, xdp: fix crash in xdp_umem_unaccount_pages
WARNING: kernel stack regs at (ptrval) in syzkaller has bad 'bp' value (ptrval) C 3 84d 85d 7d19h crypto: don't optimize keccakf()
KASAN: slab-out-of-bounds Write in tls_push_record 2 23d 37d 7d19h tls: fix use-after-free in tls_push_record
WARNING: suspicious RCU usage in rt6_remove_exception_rt syz 1761 83d 84d 7d19h net/ipv6: fix LOCKDEP issue in rt6_remove_exception_rt()
INFO: task hung in blk_queue_enter C 1595 7d20h 80d 7d19h block: don't use blocking queue entered for recursive bio submits
KASAN: use-after-free Read in skb_dequeue C 4 26d 26d 7d19h net/packet: fix use-after-free
KASAN: slab-out-of-bounds Write in sha1_final C 201 19d 39d 7d19h dh key: fix rounding up KDF output length
KASAN: use-after-free Read in corrupted C 2 62d 65d 7d19h fuse: don't keep dead fuse_conn at fuse_fill_super().
WARNING in ion_buffer_destroy C 7901 37d 188d 7d19h staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
KASAN: slab-out-of-bounds Write in tgr160_final C 55 20d 39d 7d19h dh key: fix rounding up KDF output length
KASAN: use-after-free Read in crypto_morus640_decrypt_chunk C 3 33d 33d 7d19h crypto: morus640 - Fix out-of-bounds access
WARNING: ODEBUG bug in del_timer (2) C 6 60d 61d 7d19h net/smc: init conn.tx_work & conn.send_lock sooner
INFO: task hung in jbd2_journal_stop 1 103d 103d 7d19h n_tty: Access echo_* variables carefully.
INFO: rcu detected stall in n_tty_receive_char_special C 3 79d 102d 7d19h n_tty: Fix stall at n_tty_receive_char_special().
net-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 8 39d 51d 7d19h umh: fix race condition
KMSAN: uninit-value in ip_vs_lblc_check_expire C 1431 7d22h 84d 7d19h ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()
KASAN: null-ptr-deref Read in refcount_sub_and_test C 4 87d 89d 7d19h net/ipv6: Fix ip6_convert_metrics() bug
INFO: rcu detected stall in __ipv6_dev_get_saddr 1 48d 48d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
WARNING: suspicious RCU usage in rt6_check_expired 4 84d 85d 7d19h net/ipv6: add rcu locking to ip6_negative_advice
INFO: rcu detected stall in blkdev_ioctl C 249 38d 213d 7d19h loop: add recursion validation to LOOP_CHANGE_FD
INFO: rcu detected stall in __save_stack_trace 3 8d10h 141d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: task hung in commit_echoes 1 16d 12d 7d19h n_tty: Access echo_* variables carefully.
WARNING: kmalloc bug in memdup_user (3) C 137 61d 61d 7d19h bpf: fix sock hashmap kmalloc warning
KASAN: slab-out-of-bounds Write in sha512_finup C 25 20d 37d 7d19h dh key: fix rounding up KDF output length
INFO: rcu detected stall in d_walk C 25680 33d 95d 7d19h restore cond_resched() in shrink_dcache_parent()
KASAN: use-after-free Read in pipe_wait 2 36d 37d 7d19h bpfilter: fix race in pipe access
INFO: rcu detected stall in save_stack_trace C 1 58d 56d 7d19h sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: rcu detected stall in __process_echoes C 326 15d 111d 7d19h n_tty: Access echo_* variables carefully.
INFO: task hung in blk_freeze_queue C 188 9d14h 160d 7d19h loop: add recursion validation to LOOP_CHANGE_FD
upstream boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 5 37d 38d 7d19h umh: fix race condition
possible deadlock in bpf_tcp_close C 152 49d 49d 7d19h bpf: sockhash fix omitted bucket lock in sock_close
WARNING in arch_uprobe_analyze_insn C 2 64d 63d 7d19h uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
KASAN: use-after-free Read in rds_cong_queue_updates C 18168 13d 145d 7d19h ["rds: avoid unenecessary cong_update in loop transport" "rds: clean up loopback rds_connections on netns deletion"]
KASAN: use-after-free Read in iput C 2 90d 90d 9d10h tracing: Fix bad use of igrab in trace_uprobe.c
INFO: task hung in ucma_destroy_id C 46 89d 126d 12d RDMA/ucma: ucma_context reference leak in error path
BUG: corrupted list in tipc_nametbl_unsubscribe C 40 70d 129d 12d tipc: fix unbalanced reference counter
general protection fault in kernel_sock_shutdown C 3329 86d 143d 12d net/smc: fix shutdown in state SMC_LISTEN
INFO: trying to register non-static key in tun_do_read C 28 64d 70d 28d tuntap: fix use after free during release
KASAN: use-after-free Read in iptunnel_handle_offloads C 133 54d 99d 28d packet: fix reserve calculation
WARNING: suspicious RCU usage in rds_loop_conn_alloc C 34303 147d 154d 34d rds: do not call ->conn_alloc with GFP_KERNEL
WARNING in kcm_exit_net (3) syz 5 47d 47d 39d kcm: Fix use-after-free caused by clonned sockets
BUG: unable to handle kernel paging request in nla_strlcpy 1 48d 48d 39d netfilter: provide correct argument to nla_strlcpy()
KASAN: use-after-free Read in nla_strlcpy C 59 43d 56d 39d netfilter: provide correct argument to nla_strlcpy()
KASAN: slab-out-of-bounds Read in nla_strlcpy C 34 43d 56d 39d netfilter: provide correct argument to nla_strlcpy()
KASAN: use-after-free Read in __dev_queue_xmit (2) C 2 57d 57d 39d packet: in packet_snd start writing at link layer allocation
general protection fault in mr_mfc_find_parent 2 52d 58d 39d ipmr: properly check rhltable_init() return value
KASAN: use-after-free Read in __sk_free 1 60d 60d 39d sock_diag: fix use-after-free read in __sk_free
KASAN: use-after-free Read in timer_is_static_object 1 61d 60d 39d dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
kernel BUG at lib/string.c:LINE! (4) C 2 61d 61d 39d ipvs: fix buffer overflow with sync daemon and service
KASAN: use-after-free Read in sock_recv_errqueue 1 63d 63d 39d packet: in packet_snd start writing at link layer allocation
general protection fault in shmem_unused_huge_count 8 61d 64d 39d fs: don't scan the inode cache before SB_BORN is set
general protection fault in kernfs_kill_sb (2) C 22 53d 65d 39d kernfs: deal with kernfs_fill_super() failures
BUG: soft lockup in _decode_session6 C 1 66d 66d 39d xfrm6: avoid potential infinite loop in _decode_session6()
BUG: spinlock bad magic in tun_do_read syz 1 70d 70d 39d tun: fix use after free for ptr_ring
kernel BUG at include/linux/mm.h:LINE! syz 68 40d 77d 39d x86/kexec: Avoid double free_page() upon do_kexec_load() failure
WARNING in __mutex_unlock_slowpath C 2 76d 78d 39d idr: fix invalid ptr dereference on item delete
general protection fault in __radix_tree_delete C 38 52d 78d 39d idr: fix invalid ptr dereference on item delete
KASAN: stack-out-of-bounds Write in compat_copy_entries syz 10 45d 83d 39d netfilter: ebtables: handle string from userspace with care
KMSAN: uninit-value in ebt_stp_mt_check C 211 40d 85d 39d netfilter: bridge: stp fix reference to uninitialized data
WARNING: ODEBUG bug in hfsplus_fill_super C 1 108d 107d 39d hfsplus: stop workqueue when fill_super() failed
KASAN: use-after-free Read in radix_tree_next_chunk C 2749 56d 107d 39d fs: don't scan the inode cache before SB_BORN is set
KASAN: use-after-free Read in skb_copy_datagram_iter C 7 75d 113d 39d packet: in packet_snd start writing at link layer allocation
BUG: unable to handle kernel paging request in smc_ib_remember_port_attr C 112 57d 113d 39d net/smc: check for missing nlattrs in SMC_PNETID messages
KASAN: use-after-free Read in copyout C 11 57d 113d 39d packet: in packet_snd start writing at link layer allocation
KASAN: use-after-free Read in remove_wait_queue (2) C 4 128d 138d 39d ppp: remove the PPPIOCDETACH ioctl
kernel BUG at net/ipv4/tcp_output.c:LINE! (2) syz 23 71d 176d 39d tcp: purge write queue in tcp_connect_init()
WARNING in dev_vprintk_emit C 77 53d 180d 39d cfg80211: further limit wiphy names to 64 bytes
KASAN: slab-out-of-bounds Read in __ext4_check_dir_entry C 18 106d 107d 49d ext4: force revalidation of directory pointer after seekdir(2)
general protection fault in gfn_to_rmap syz 7 149d 258d 60d KVM: x86: fix vcpu initialization with userspace lapic
KMSAN: uninit-value in move_addr_to_user (2) C 44 62d 69d 61d tipc: fix one byte leak in tipc_sk_set_orig_addr()
KASAN: use-after-free Read in sctp_do_sm 2 69d 69d 61d sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
BUG: bad usercopy in __check_object_size 1 71d 71d 61d llc: better deal with too small mtu
KASAN: use-after-free Read in tls_sk_proto_close (2) C 297 66d 73d 61d tls: fix use after free in tls_sk_proto_close
KMSAN: uninit-value in strcmp C 3 72d 74d 61d tipc: eliminate KMSAN uninit-value in strcmp complaint
WARNING in __snd_pcm_lib_xfer syz 6 74d 76d 61d ALSA: pcm: Check PCM state at xfern compat ioctl
BUG: MAX_LOCK_DEPTH too low! 1 76d 76d 61d nsh: fix infinite loop
KASAN: use-after-free Read in perf_trace_rpc_stats_latency 1 78d 77d 61d sunrpc: Fix latency trace point crashes
KASAN: use-after-free Read in debugfs_remove (2) 1 87d 85d 61d bdi: Fix use after free bug in debugfs_remove()
general protection fault in wb_workfn 63 62d 88d 61d bdi: Fix oops in wb_workfn()
INFO: task hung in __do_page_fault 1 92d 92d 61d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in do_vfs_ioctl 2 76d 93d 61d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in get_timespec64 1 96d 96d 61d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in handle_userfault 3 75d 97d 61d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in sock_sendmsg 1 98d 98d 61d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in do_set_master 1 101d 101d 61d bdi: wake up concurrent wb_shutdown() callers.
WARNING in add_uevent_var C 5 106d 106d 61d cfg80211: limit wiphy names to 128 bytes
INFO: task hung in wb_shutdown (2) 5064 73d 106d 61d bdi: wake up concurrent wb_shutdown() callers.
WARNING in xfrm6_tunnel_net_exit syz 14002 63d 194d 61d xfrm: Fix warning in xfrm6_tunnel_net_exit.
KASAN: slab-out-of-bounds Read in pfkey_add C 835 66d 213d 61d af_key: Always verify length of provided sadb_key
KMSAN: uninit-value in __sctp_v6_cmp_addr C 1109 62d 62d 61d sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
BUG: unable to handle kernel NULL pointer dereference in smc_getsockopt C 9 62d 67d 62d net/smc: keep clcsock reference in smc_tcp_listen_work()
kernel BUG at kernel/softirq.c:LINE! 1 75d 75d 62d dccp: fix tasklet usage
KMSAN: uninit-value in put_cmsg C 2 75d 75d 62d rds: do not leak kernel memory to user land
WARNING: ODEBUG bug in del_timer C 200 62d 78d 62d net/smc: restrict non-blocking connect finish
KMSAN: uninit-value in rt6_multipath_hash C 3 62d 80d 62d ipv6: fix uninit-value in ip6_multipath_l3_keys()
general protection fault in smc_set_keepalive C 6 78d 83d 62d net/smc: keep clcsock reference in smc_tcp_listen_work()
KASAN: slab-out-of-bounds Read in __sctp_v6_cmp_addr C 3202 73d 85d 62d sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
WARNING: kobject bug in br_add_if 41 70d 96d 62d ["bridge: check iface upper dev when setting master via ioctl" "kobject: don't use WARN for registration failures"]
WARNING in tracepoint_probe_unregister (2) 120 70d 126d 62d tracepoint: Do not warn on ENOMEM
WARNING in tracepoint_probe_register_prio (2) C 849 62d 126d 62d tracepoint: Do not warn on ENOMEM
general protection fault in smc_getsockopt C 577 74d 134d 62d net/smc: keep clcsock reference in smc_tcp_listen_work()
general protection fault in smc_setsockopt C 504 74d 138d 62d net/smc: keep clcsock reference in smc_tcp_listen_work()
general protection fault in smc_getname C 44 74d 138d 62d net/smc: keep clcsock reference in smc_tcp_listen_work()
WARNING in tcp_sacktag_write_queue C 8 78d 150d 62d tcp: fix TCP_REPAIR_QUEUE bound checking
WARNING in tcp_mark_head_lost C 18 71d 153d 62d net-backports: tcp: ignore Fast Open on repair mode
WARNING: kmalloc bug in memdup_user (2) 1 112d 112d 64d RDMA/ucma: Correct option size check using optlen
WARNING: suspicious RCU usage in tipc_bearer_find C 21 157d 157d 64d tipc: Fix missing RTNL lock protection during setting link properties
KASAN: slab-out-of-bounds Read in clusterip_tg_check C 22 163d 169d 64d netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
general protection fault in account_system_index_time C 2 111d 111d 64d net: Fix untag for vlan packets without ethernet header
general protection fault in rdma_addr_size C 2 122d 115d 64d RDMA/ucma: Ensure that CM_ID exists prior to access it
INFO: trying to register non-static key in del_timer_sync C 89 143d 169d 64d netfilter: x_tables: fix missing timer initialization in xt_LED
BUG: unable to handle kernel paging request in memset_erms (2) C 11 163d 178d 64d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
BUG: unable to handle kernel paging request in cgroup_mt_destroy_v1 C 3 166d 166d 65d netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
KASAN: null-ptr-deref Write in linear_transfer C 116 110d 193d 65d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
KASAN: use-after-free Write in xt_rateest_put C 7 167d 168d 65d netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
BUG: workqueue lockup (2) C 406 67d 225d 65d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
WARNING: bad unlock balance in xfs_iunlock C 1 105d 105d 69d xfs: don't iunlock the quota ip when quota block
KASAN: out-of-bounds Read in ip6_xmit 2 128d 169d 69d l2tp: fix races with ipv4-mapped ipv6 addresses
KASAN: use-after-free Read in work_is_static_object 3 174d 190d 69d kcm: lock lower socket in kcm_attach
KASAN: use-after-free Read in ip6_xmit C 5174 116d 194d 69d tls: Use correct sk->sk_prot for IPV6
KASAN: use-after-free Read in __dev_queue_xmit C 10 76d 194d 69d flow_dissector: properly cap thoff field
KMSAN: uninit-value in strlcpy C 2 72d 72d 69d vti6: better validate user provided tunnel names
inconsistent lock state in fs_reclaim_acquire C 36235 70d 80d 69d random: fix possible sleeping allocation from irq context
KMSAN: uninit-value in pppoe_connect 47 69d 85d 69d pppoe: check sockaddr length in pppoe_connect()
KMSAN: uninit-value in pppol2tp_connect C 13 70d 85d 69d l2tp: check sockaddr length in pppol2tp_connect()
WARNING in __might_sleep 6 82d 85d 69d random: fix possible sleeping allocation from irq context
WARNING: suspicious RCU usage in crng_reseed 39 71d 85d 69d random: fix possible sleeping allocation from irq context
WARNING: inconsistent lock state C 22 81d 85d 69d random: fix possible sleeping allocation from irq context
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected C 2126 70d 85d 69d random: fix possible sleeping allocation from irq context
KASAN: null-ptr-deref Read in refcount_inc_not_zero C 2352 83d 85d 69d llc: fix NULL pointer deref for SOCK_ZAPPED
KMSAN: uninit-value in fib6_new_table C 3 86d 86d 69d ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
general protection fault in snd_rawmidi_ioctl_compat 1 96d 88d 69d ALSA: rawmidi: Fix missing input substream checks in compat ioctls
KASAN: use-after-free Read in llc_conn_tmr_common_cb 1 91d 88d 69d llc: delete timers synchronously in llc_sk_free()
KASAN: use-after-free Read in llc_conn_ac_send_sabme_cmd_p_set_x 1 92d 92d 69d llc: hold llc_sap before release_sock()
KASAN: use-after-free Read in tipc_nametbl_stop C 12 88d 92d 69d tipc: fix use-after-free in tipc_nametbl_stop
general protection fault in __tipc_nl_net_set syz 4 91d 92d 69d tipc: fix possible crash in __tipc_nl_net_set()
KMSAN: uninit-value in packet_set_ring C 6 76d 93d 69d net: af_packet: fix race in PACKET_{R|T}X_RING
KASAN: slab-out-of-bounds Write in perf_callchain_user syz 2 96d 96d 69d perf: Fix sample_max_stack maximum check
KMSAN: uninit-value in netif_skb_features C 119 69d 96d 69d vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
BUG: corrupted list in team_nl_cmd_options_set C 2 93d 96d 69d team: avoid adding twice the same option to the event list
BUG: unable to handle kernel paging request in snd_pcm_format_set_silence syz 11 70d 96d 69d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
KMSAN: uninit-value in neigh_dump_info C 6 82d 96d 69d net: validate attribute sizes in neigh_dump_table()
KASAN: use-after-free Read in tipc_sub_unsubscribe (2) C 5 89d 96d 69d tipc: fix unbalanced reference counter
KASAN: stack-out-of-bounds Read in __free_filter C 41 87d 97d 69d tracing: Enforce passing in filter=NULL to create_filter()
KMSAN: uninit-value in tcp_parse_options C 38 71d 97d 69d tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
KASAN: stack-out-of-bounds Write in ip6_tnl_locate 4 96d 97d 69d ip6_tunnel: better validate user provided tunnel names
KASAN: null-ptr-deref Read in xattr_getsecurity 68 86d 98d 69d commoncap: Handle memory allocation failure.
KMSAN: uninit-value in inet_getpeer C 54 69d 99d 69d inetpeer: fix uninit-value in inet_getpeer
KMSAN: uninit-value in sctp_sendmsg syz 27 70d 100d 69d sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
KMSAN: uninit-value in sctp_do_bind C 31 70d 100d 69d sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
KMSAN: uninit-value in tipc_node_get_mtu C 139 70d 100d 69d tipc: fix missing initializer in tipc_sendmsg()
KMSAN: uninit-value in __skb_try_recv_from_queue C 108 70d 100d 69d net: initialize skb->peeked when cloning
KMSAN: uninit-value in inet6_rtm_delroute C 9 89d 100d 69d net: fix rtnh_ok()
KMSAN: uninit-value in memcmp C 30 71d 100d 69d net: fix uninit-value in __hw_addr_add_ex()
KMSAN: uninit-value in inet_csk_bind_conflict C 446 69d 100d 69d soreuseport: initialise timewait reuseport field
KMSAN: uninit-value in move_addr_to_user C 74 70d 100d 69d sctp: do not leak kernel memory to user space
KMSAN: uninit-value in ip_route_output_key_hash_rcu 179 69d 100d 69d ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
KMSAN: uninit-value in fib_create_info C 19 94d 100d 69d net: fix rtnh_ok()
KMSAN: uninit-value in alg_bind C 1950 69d 100d 69d crypto: af_alg - fix possible uninit-value in alg_bind()
KMSAN: uninit-value in netlink_sendmsg C 2493 69d 100d 69d netlink: fix uninit-value in netlink_sendmsg
KMSAN: uninit-value in iptable_mangle_hook C 1134 69d 100d 69d dccp: initialize ireq->ir_mark
KMSAN: uninit-value in ip6table_mangle_hook C 601 69d 101d 69d dccp: initialize ireq->ir_mark
kernel BUG at drivers/vhost/vhost.c:LINE! (2) C 139 71d 101d 69d vhost: fix vhost_vq_access_ok() log check
WARNING in kmem_cache_free 1 102d 101d 69d crypto: drbg - set freed buffers to NULL
WARNING: lock held when returning to user space! C 40 87d 102d 69d loop: fix LOOP_GET_STATUS lock imbalance
INFO: rcu detected stall in io_playback_transfer 9 97d 102d 69d ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
INFO: rcu detected stall in __snd_pcm_lib_xfer (2) C 1064 97d 102d 69d ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
WARNING in snd_pcm_hw_params C 56 97d 102d 69d ALSA: pcm: Remove WARN_ON() at snd_pcm_hw_params() error
KASAN: stack-out-of-bounds Write in ipip6_tunnel_locate C 33 95d 103d 69d ipv6: sit: better validate user provided tunnel names
KASAN: stack-out-of-bounds Write in __ip_tunnel_create C 29 96d 103d 69d ip_tunnel: better validate user provided tunnel names
KASAN: stack-out-of-bounds Write in ip6gre_tunnel_locate C 923 95d 103d 69d ip6_gre: better validate user provided tunnel names
KASAN: use-after-free Read in binder_release_work C 6 83d 104d 69d ANDROID: binder: prevent transactions into own process.
general protection fault in ucma_set_ib_path (2) C 6 97d 104d 69d RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
KASAN: use-after-free Write in dst_release C 832 95d 105d 69d pptp: remove a buggy dst release in pptp_connect()
WARNING in ext4_superblock_csum_set C 1 106d 105d 69d ext4: always initialize the crc32c checksum driver
INFO: rcu detected stall in bitmap_parselist 8 78d 106d 69d lib: fix stall in __bitmap_parselist()
kernel BUG at fs/ext4/extents.c:LINE! C 1 107d 106d 69d ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
general protection fault in kernfs_kill_sb C 29 70d 106d 69d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in alloc_pid C 7 97d 107d 69d mm,vmscan: Allow preallocating memory for register_shrinker().
kernel BUG at drivers/tty/tty_ldisc.c:LINE! 6 91d 107d 69d ["tty: Avoid possible error pointer dereference at tty_ldisc_restore()." "tty: Use __GFP_NOFAIL for tty_ldisc_get()"]
BUG: corrupted list in __dentry_kill C 35 87d 107d 69d rpc_pipefs: fix double-dput()
general protection fault in __list_del_entry_valid (3) C 40 107d 107d 69d tipc: Fix missing list initializations in struct tipc_subscription
WARNING: refcount bug in nfs_alloc_client 2 106d 107d 69d mm,vmscan: Allow preallocating memory for register_shrinker().
WARNING: kobject bug in gfs2_sys_fs_add C 49 81d 107d 69d kobject: don't use WARN for registration failures
WARNING: refcount bug in put_pid_ns syz 6 107d 107d 69d mm,vmscan: Allow preallocating memory for register_shrinker().
WARNING in format_decode C 1 107d 107d 69d fs/reiserfs/journal.c: add missing resierfs_warning() arg
general protection fault in __mem_cgroup_free C 22 96d 107d 69d memcg: fix per_node_info cleanup
WARNING in kill_block_super C 51 91d 109d 69d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in snd_pcm_timer_resolution C 3 109d 109d 69d ALSA: pcm: Fix UAF at PCM release via PCM timer access
possible deadlock in perf_event_detach_bpf_prog 1 110d 109d 69d bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog
WARNING: kobject bug in device_add C 563 70d 109d 69d kobject: don't use WARN for registration failures
INFO: task hung in stop_sync_thread (2) C 9 93d 110d 69d ipvs: fix rtnl_lock lockups caused by start_sync_thread
possible deadlock in rtnl_lock (5) C 1009 83d 112d 69d ipvs: fix rtnl_lock lockups caused by start_sync_thread
general protection fault in tipc_sk_fill_sock_diag C 180 95d 113d 69d ["tipc: Fix namespace violation in tipc_sk_fill_sock_diag" "tipc: use the right skb in tipc_sk_fill_sock_diag()"]
WARNING in __debug_object_init C 192 103d 113d 69d alarmtimer: Init nanosleep alarm timer on stack
KASAN: use-after-free Read in pppol2tp_connect (3) C 22 96d 114d 69d l2tp: fix races in tunnel creation
WARNING in __local_bh_enable_ip (2) 23 114d 124d 69d rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock
BUG: corrupted list in sctp_association_free 1 130d 126d 69d sctp: fix error return code in sctp_sendmsg_new_asoc()
KASAN: use-after-free Read in sctp_association_free (2) C 2 130d 129d 69d sctp: Fix double free in sctp_sendmsg_to_asoc
WARNING: kobject bug in netdev_queue_update_kobjects C 27 71d 133d 69d kobject: don't use WARN for registration failures
WARNING: refcount bug in free_nsproxy 4 109d 133d 69d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in mac80211_hwsim_del_radio 11 108d 138d 69d mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
WARNING: refcount bug in should_fail C 3 108d 139d 69d mm,vmscan: Allow preallocating memory for register_shrinker().
general protection fault in rds_sendmsg C 2 144d 144d 69d rds: rds_msg_zcopy should return error of null rm->data.op_mmp_znotifier
general protection fault in tipc_conn_close C 3 147d 148d 69d tipc: fix bug on error path in tipc_topsrv_kern_subscr()
BUG: sleeping function called from invalid context at net/core/sock.c:LINE (3) C 234 147d 150d 69d tipc: don't call sock_release() in atomic context
WARNING in strp_done C 2336 104d 152d 69d kcm: Call strp_stop before strp_done in kcm_attach
general protection fault in loopback_pos_update C 4 177d 175d 69d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
INFO: task hung in __blkdev_get C 662 94d 220d 69d block/loop: fix deadlock after loop_set_status
kernel panic: n_tty: init_tty C 141 70d 254d 69d tty: Don't call panic() at tty_ldisc_init()
WARNING in tty_set_ldisc syz 177 78d 254d 69d tty: Avoid possible error pointer dereference at tty_ldisc_restore().
KASAN: use-after-free Read in shm_get_unmapped_area 19 166d 256d 69d ipc/shm: fix use-after-free of shm file via remap_file_pages()
possible deadlock in smc_close_non_accepted C 4 137d 137d 73d net/smc: simplify wait when closing listen socket
BUG: unable to handle kernel paging request in compat_copy_entries syz 5 135d 134d 83d netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
KASAN: slab-out-of-bounds Write in tcp_v6_syn_recv_sock C 1063 178d 195d 83d net/tls: Only attach to sockets in ESTABLISHED state
possible deadlock in ftrace_profile_set_filter (2) C 1007 166d 225d 83d perf/core: Fix another perf,trace,cpuhp lock inversion
KASAN: use-after-free Read in perf_trace_lock_acquire (2) C 188 165d 237d 83d vhost_net: stop device during reset owner
possible deadlock in perf_trace_destroy (2) C 2006 166d 252d 83d perf/core: Fix lock inversion between perf,trace,cpuhp
possible deadlock in __neigh_create 1 107d 107d 97d ipv6: fix possible deadlock in rt6_age_examine_exception()
WARNING in binder_send_failed_reply C 206 144d 227d 99d ANDROID: binder: remove WARN() for redundant txn error
WARNING in skb_warn_bad_offload C 6527 134d 257d 99d net: avoid skb_warn_bad_offload on IS_ERR
KASAN: use-after-free Read in disk_unblock_events C 65 153d 259d 99d genhd: Fix use after free in __blkdev_get()
general protection fault in try_to_wake_up syz 1 113d 109d 101d vlan: Fix vlan insertion for packets without ethernet header
kernel BUG at lib/string.c:LINE! (3) C 5 110d 111d 101d RDMA/ucma: Introduce safer rdma_addr_size() variants
BUG: unable to handle kernel (2) syz 1 111d 111d 101d vlan: Fix vlan insertion for packets without ethernet header
general protection fault in timerqueue_add C 2 111d 112d 101d vlan: Fix vlan insertion for packets without ethernet header
BUG: unable to handle kernel paging request in __memmove 1 112d 112d 101d vlan: Fix vlan insertion for packets without ethernet header
BUG: unable to handle kernel paging request in netdev_queue_update_kobjects syz 1 112d 112d 101d vlan: Fix vlan insertion for packets without ethernet header
general protection fault in qlist_move_cache 1 112d 112d 101d vlan: Fix vlan insertion for packets without ethernet header
possible deadlock in handle_rx C 4 113d 113d 101d vhost_net: add missing lock nesting notation
general protection fault in rdma_notify C 3 118d 115d 101d RDMA/ucma: Check that device exists prior to accessing it
general protection fault in rdma_init_qp_attr (2) C 753 109d 115d 101d RDMA/ucma: Check that device is connected prior to access it
kernel BUG at ./include/linux/skbuff.h:LINE! (2) C 5 138d 116d 101d ipv6: the entire IPv6 header chain must fit the first fragment
possible deadlock in __ipv6_dev_mc_dec 1 116d 116d 101d ipv6: fix possible deadlock in rt6_age_examine_exception()
BUG: corrupted list in remove_wait_queue C 5 114d 117d 101d vhost: correctly remove wait queue during poll failure
kernel BUG at drivers/vhost/vhost.c:LINE! C 152 101d 120d 101d vhost: validate log when IOTLB is enabled
WARNING in xt_cluster_mt C 4 139d 139d 101d netfilter: drop template ct when conntrack is skipped.
general protection fault in native_write_cr4 C 132300 104d 209d 101d KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
KASAN: use-after-free Read in worker_thread (2) syz 6 242d 251d 101d kcm: Only allow TCP sockets to be attached to a KCM mux
general protection fault in ucma_connect C 2 123d 122d 115d RDMA/ucma: Ensure that CM_ID exists prior to access it
WARNING in kmalloc_slab (4) 1 127d 126d 115d xfrm_user: uncoditionally validate esn replay attribute struct
kernel BUG at lib/string.c:LINE! (2) syz 2 126d 126d 115d RDMA/ucma: Don't allow join attempts for unsupported AF family
KASAN: null-ptr-deref Write in rdma_resolve_addr C 66 118d 129d 115d RDMA/ucma: Check AF family prior resolving address
WARNING in __proc_create C 12 136d 129d 115d netfilter: x_tables: add and use xt_check_proc_name
KASAN: use-after-free Read in snd_pcm_oss_get_formats C 3 129d 129d 115d ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
KASAN: use-after-free Read in pppol2tp_connect (2) C 10 116d 131d 115d l2tp: do not accept arbitrary sockets
BUG: unable to handle kernel paging request in ebt_among_mt_check (2) C 946 115d 131d 115d netfilter: bridge: ebt_among: add more missing match size checks
general protection fault in rdma_init_qp_attr C 2096 115d 131d 115d RDMA/ucma: Check that user doesn't overflow QP state
general protection fault in rdma_join_multicast C 258 118d 132d 115d RDMA/ucma: Fix access to non-initialized CM_ID object
KASAN: use-after-free Read in ucma_close C 176 118d 132d 115d RDMA/ucma: Fix use-after-free access in ucma_close
KASAN: slab-out-of-bounds Read in ip6_xmit (2) C 259 118d 132d 115d l2tp: fix races with ipv4-mapped ipv6 addresses
WARNING: kmalloc bug in memdup_user C 441 116d 132d 115d RDMA/ucma: Limit possible option size
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C 4 133d 133d 115d l2tp: do not accept arbitrary sockets
general protection fault in lowpan_device_event C 79 116d 133d 115d ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
possible deadlock in __might_fault C 8978 124d 140d 115d staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
INFO: rcu detected stall in xfrm_confirm_neigh 7 131d 154d 115d xfrm: Fix infinite loop in xfrm_get_dst_nexthop with transport mode.
WARNING: kmalloc bug in xfrm_add_sa C 109 116d 155d 115d xfrm_user: uncoditionally validate esn replay attribute struct
possible deadlock in get_user_pages_unlocked C 5 142d 165d 115d mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT
KASAN: stack-out-of-bounds Read in xfrm_state_find (4) C 102 115d 166d 115d xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
general protection fault in dccp_write_xmit C 5 133d 169d 115d dccp: check sk for closed state in dccp_sendmsg()
kernel panic: Out of memory and no killable processes... (2) C 1 170d 169d 115d netfilter: x_tables: make allocation less aggressive
WARNING in __xlate_proc_name C 11 134d 170d 115d netfilter: x_tables: add and use xt_check_proc_name
KASAN: use-after-free Read in pfifo_fast_enqueue C 20 117d 181d 115d net: sched: fix uses after free
possible deadlock in shmem_file_llseek C 4432 124d 188d 115d staging: android: ashmem: Fix lockdep issue during llseek
WARNING in ata_bmdma_qc_issue C 1 339d 259d 115d libata: don't try to pass through NCQ commands to non-NCQ devices
BUG: unable to handle kernel paging request in ata_bmdma_qc_prep C 13 251d 259d 115d libata: fix length validation of ATAPI-relayed SCSI commands
WARNING in ata_qc_issue C 35 244d 263d 115d libata: remove WARN() for DMA or PIO command without data
KASAN: use-after-free Read in get_work_pool syz 8 241d 263d 115d kcm: lock lower socket in kcm_attach
WARNING in kvm_arch_vcpu_ioctl_run (2) C 61018 169d 257d 126d KVM: VMX: Fix rflags cache during vCPU reset
WARNING in tracepoint_probe_unregister C 115 127d 254d 127d blktrace: fix unlocked registration of tracepoints
kernel BUG at arch/x86/kvm/x86.c:LINE! syz 20 230d 263d 127d KVM: x86: Exit to user-mode on #UD intercept when emulator requires
WARNING in tracepoint_probe_register_prio C 830 127d 263d 127d blktrace: fix unlocked registration of tracepoints
KASAN: use-after-free Read in strp_data_ready C 204 173d 265d 127d kcm: Only allow TCP sockets to be attached to a KCM mux
WARNING in refcount_sub_and_test C 75150 164d 265d 127d sctp: reset owner sk for data chunks on out queues when migrating a sock
general protection fault in hrtimer_active (2) C 10612 135d 140d 132d KVM: x86: fix vcpu initialization with userspace lapic
general protection fault in smc_create C 2 141d 140d 132d net/smc: fix NULL pointer dereference on sock_create_kern() error path
KASAN: slab-out-of-bounds Read in ip6_route_me_harder C 66 134d 141d 132d netfilter: use skb_to_full_sk in ip6_route_me_harder
KASAN: use-after-free Read in ip6_route_me_harder C 44 134d 141d 132d netfilter: use skb_to_full_sk in ip6_route_me_harder
KASAN: use-after-free Write in nf_nat_ipv6_manip_pkt C 2 148d 148d 132d netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
BUG: unable to handle kernel paging request in ebt_among_mt_check C 823 133d 148d 132d netfilter: bridge: ebt_among: add missing match size checks
WARNING in compat_copy_entries C 434 133d 148d 132d netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
WARNING in debug_print_object C 2 165d 165d 132d l2tp: fix tunnel lookup use-after-free race
KASAN: use-after-free Read in inet_shutdown C 22 135d 181d 132d l2tp: fix tunnel lookup use-after-free race
general protection fault in pppol2tp_connect C 1025 133d 182d 132d l2tp: fix tunnel lookup use-after-free race
KASAN: use-after-free Read in pppol2tp_connect C 25 133d 182d 132d l2tp: fix tunnel lookup use-after-free race
KASAN: slab-out-of-bounds Read in ip6_xmit C 156 134d 184d 132d tls: Use correct sk->sk_prot for IPV6
kernel BUG at arch/x86/kvm/mmu.c:LINE! C 695 140d 257d 132d KVM: mmu: Fix overlap between public and private memslots
WARNING in __x86_set_memory_region C 716 140d 259d 132d KVM/x86: remove WARN_ON() for when vm_munmap() fails
WARNING in handle_ept_misconfig C 238 141d 263d 132d KVM: X86: Fix SMRAM accessing even if VM is shutdown
general protection fault in arpt_do_table C 3 145d 145d 140d netfilter: add back stackpointer size checks
WARNING: ODEBUG bug in __queue_work C 2 150d 146d 140d netfilter: IDLETIMER: be syzkaller friendly
WARNING in __queue_work C 1 150d 150d 140d netfilter: IDLETIMER: be syzkaller friendly
WARNING: kmalloc bug in cpu_map_update_elem C 2677 140d 152d 140d bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
WARNING in kvmalloc_node C 513 147d 153d 140d bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
WARNING: kmalloc bug in bpf_prog_array_copy_info C 4424 140d 153d 140d bpf: fix bpf_prog_array_copy_to_user warning from perf event prog query
WARNING: ODEBUG bug in led_tg_destroy C 4 146d 154d 140d netfilter: x_tables: fix missing timer initialization in xt_LED
general protection fault in SyS_bpf (2) C 1065 140d 154d 140d bpf: fix sock_map_alloc() error path
divide error in nf_nat_l4proto_unique_tuple C 2 155d 154d 140d netfilter: nat: cope with negative port range
lost connection to test machine (4) C 1189 140d 154d 140d bpf: fix mlock precharge on arraymaps
KASAN: use-after-free Read in remove_wait_queue C 7 145d 154d 140d ANDROID: binder: synchronize_rcu() when using POLLFREE.
kernel BUG at kernel/time/timer.c:LINE! C 18 143d 154d 140d netfilter: x_tables: fix missing timer initialization in xt_LED
WARNING: bad unlock balance in hashlimit_mt_common C 2059 143d 155d 140d netfilter: xt_hashlimit: fix lock imbalance
possible deadlock in xt_find_table_lock (2) 4 158d 156d 140d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ip_getsockopt (2) 206 143d 157d 140d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ipv6_setsockopt (2) 3642 143d 158d 140d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ip_setsockopt (3) 3731 143d 159d 140d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in rtnl_lock (4) C 73333 143d 159d 140d netfilter: drop outermost socket lock in getsockopt()
WARNING: kmalloc bug in relay_open_buf C 10 145d 160d 140d kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
WARNING: proc registration bug in clusterip_tg_check C 779 143d 160d 140d netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation
general protection fault in ip6t_do_table C 8077 144d 170d 140d netfilter: add back stackpointer size checks
WARNING in check_flush_dependency C 2205 143d 175d 140d mac80211_hwsim: don't use WQ_MEM_RECLAIM
WARNING in kmalloc_slab (3) C 1901 141d 225d 140d kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
BUG: unable to handle kernel NULL pointer dereference in sha512_mb_mgr_get_comp_job_avx2 syz 32 172d 225d 140d crypto: sha512-mb - initialize pending lengths correctly
general protection fault in binder_poll C 159 144d 227d 140d binder: check for binder_thread allocation failure in binder_poll()
KASAN: use-after-free Read in rds_find_bound 1 203d 199d 152d rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management
KASAN: slab-out-of-bounds Read in string C 129 163d 173d 152d netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
KASAN: use-after-free Read in rds_tcp_tune 12 176d 186d 152d rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management
INFO: rcu detected stall in memcpy 12 190d 194d 152d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in tty_ioctl C 12 196d 208d 152d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
INFO: rcu detected stall in n_tty_ioctl 24 195d 208d 152d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
KASAN: use-after-free Read in __do_page_fault syz 679 248d 259d 152d x86/mm: fix use-after-free of vma during userfaultfd fault
possible deadlock in lru_add_drain_all 1300 213d 263d 152d mm: drop hotplug lock from lru_add_drain_all()
KASAN: use-after-free Read in __schedule C 145 207d 208d 152d KVM: x86: don't forget vcpu_put() in kvm_arch_vcpu_ioctl_set_sregs()
KASAN: stack-out-of-bounds Read in csum_and_copy_from_iter_full 1 232d 228d 152d net: ipv4: fix for a race condition in raw_sendmsg
KASAN: use-after-free Read in sock_release 1 234d 230d 152d fix kcm_clone()
KASAN: use-after-free Read in rds_tcp_dev_event 1 258d 251d 152d rds: tcp: correctly sequence cleanup on netns deletion.
possible deadlock in flush_work (2) 3 251d 254d 152d SUNRPC: Destroy transport from the system workqueue
KASAN: stack-out-of-bounds Read in memcmp 1 195d 192d 154d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
KASAN: stack-out-of-bounds Read in xfrm_selector_match 368 187d 193d 154d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
KASAN: use-after-free Read in __fput 23 223d 257d 154d fix kcm_clone()
WARNING in drm_modeset_lock_all 35 256d 263d 154d drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
WARNING: kmalloc bug in tun_device_event C 15 158d 160d 154d ["ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE" "ptr_ring: try vmalloc() when kmalloc() fails"]
WARNING: suspicious RCU usage in bpf_prog_array_copy_info C 17842 154d 160d 154d bpf: fix bpf_prog_array_copy_to_user() issues
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (4) C 7264 160d 164d 154d bpf: fix bpf_prog_array_copy_to_user() issues
general protection fault in ___bpf_prog_run C 8 160d 167d 154d bpf: fix null pointer deref in bpf_prog_test_run_xdp
KASAN: use-after-free Write in xt_rateest_tg_checkentry C 2 167d 168d 154d netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
general protection fault in cgroup_mt_destroy_v1 C 91 157d 169d 154d netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
WARNING in usercopy_warn C 171 160d 178d 154d net: Whitelist the skbuff_head_cache "cb" field
KASAN: double-free or invalid-free in relay_open C 106 160d 259d 154d kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
WARNING in do_debug C 905 159d 259d 154d KVM: x86: fix escape of guest dr6 to the host
possible deadlock in rtnl_lock (3) C 3633 159d 160d 159d netfilter: on sockopt() acquire sock lock only in the required scope
possible deadlock in do_ip_setsockopt (2) 59 160d 162d 159d netfilter: on sockopt() acquire sock lock only in the required scope
WARNING: bad unlock balance in ipmr_mfc_seq_stop C 286 166d 213d 160d ip6mr: fix stale iterator
possible deadlock in rtnl_lock (2) C 10369 162d 165d 162d netfilter: on sockopt() acquire sock lock only in the required scope
suspicious RCU usage at ./include/linux/inetdevice.h:LINE (2) C 4 165d 166d 162d net: igmp: add a missing rcu locking section
possible deadlock in do_ip_getsockopt 22 164d 169d 162d netfilter: on sockopt() acquire sock lock only in the required scope
possible deadlock in xt_find_target 34 163d 170d 162d netfilter: on sockopt() acquire sock lock only in the required scope
WARNING in reuseport_add_sock C 7 175d 185d 162d soreuseport: fix mem leak in reuseport_add_sock()
WARNING in ion_ioctl C 8888 165d 193d 162d staging: android: ion: Switch from WARN to pr_warn
WARNING in __alloc_pages_slowpath C 9435 165d 193d 162d staging: android: ion: Add __GFP_NOWARN for system contig heap
lost connection to test machine (3) C 4251 162d 201d 162d netfilter: x_tables: fix int overflow in xt_alloc_table_info()
WARNING in register_lock_class C 2 209d 205d 162d ANDROID: binder: remove waitqueue when thread exits.
WARNING in sysfs_warn_dup 11 167d 210d 162d sysfs: turn WARN() into pr_warn()
KASAN: use-after-free Read in __lock_acquire (2) C 589 165d 240d 162d ANDROID: binder: remove waitqueue when thread exits.
WARNING in __check_heap_object C 5173 179d 251d 162d sctp: Define usercopy region in SCTP proto slab cache
KASAN: use-after-free Read in __list_add_valid (3) 16 166d 173d 163d vhost_net: stop device during reset owner
KASAN: use-after-free Read in fib6_lookup_1 11 183d 185d 163d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_remove_prefsrc 4 183d 185d 163d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_age 3 183d 185d 163d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in mon_bin_vma_fault 7 189d 200d 163d USB: fix usbmon BUG trigger
INFO: task hung in bpf_exit_net 1 223d 210d 163d sctp: fix the handling of ICMP Frag Needed for too small MTUs
INFO: trying to register non-static key in pfifo_fast_reset C 4 209d 212d 163d net_sched: properly check for empty skb array on error path
general protection fault in trie_get_next_key C 3 172d 172d 165d bpf: fix kernel page fault in lpm map trie_get_next_key
KASAN: use-after-free Read in tipc_group_size C 8 182d 189d 165d tipc: fix race between poll() and setsockopt()
suspicious RCU usage at net/ipv6/ip6_fib.c:LINE C 56 173d 195d 165d ipv6: remove null_entry before adding default route
BUG: Bad page state (3) C 3 190d 197d 165d USB: fix usbmon BUG trigger
WARNING in usb_submit_urb C 2 260d 251d 165d USB: usbfs: Filter flags passed in from user space
WARNING in task_participate_group_stop C 29 244d 259d 165d kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
general protection fault in __netlink_ns_capable C 74 188d 195d 165d rtnetlink: give a user socket to get_target_net()
KASAN: double-free or invalid-free in skb_free_head C 13 204d 211d 165d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel NULL pointer dereference in page_mapping C 4 209d 211d 165d RDS: null pointer dereference in rds_atomic_free_op
general protection fault in page_mapping C 46 189d 216d 165d RDS: null pointer dereference in rds_atomic_free_op
inconsistent lock state in est_fetch_counters C 5829 166d 170d 166d net_sched: gen_estimator: fix lockdep splat
WARNING in vhost_dev_cleanup C 4 167d 173d 166d vhost_net: stop device during reset owner
general protection fault in tun_queue_purge C 4 172d 173d 166d Revert "net: ptr_ring: otherwise safe empty checks can overrun array bounds"
KASAN: use-after-free Read in __wake_up_common C 888 166d 175d 166d vhost_net: stop device during reset owner
general protection fault in nfs_idmap_legacy_upcall C 4 179d 178d 166d NFS: reject request for id_legacy key without auxdata
KASAN: use-after-free Read in map_lookup_elem C 6 181d 185d 166d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in check_memory_region C 10 182d 185d 166d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in __bpf_prog_put 1 187d 187d 166d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in fib6_add (2) C 3143 188d 195d 166d ipv6: fix general protection fault in fib6_add()
kernel BUG at fs/userfaultfd.c:LINE! C 3 209d 206d 166d userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
KASAN: slab-out-of-bounds Write in sha3_update (2) C 49 167d 206d 166d crypto: hash - prevent using keyed hashes without setting key
KASAN: stack-out-of-bounds Read in rds_sendmsg C 120 196d 220d 166d RDS: Check cmsg_len before dereferencing CMSG_DATA
KASAN: slab-out-of-bounds Read in sctp_send_reset_streams C 73 208d 220d 166d sctp: make sure stream nums can match optlen in sctp_setsockopt_reset_streams
kernel BUG at drivers/android/binder_alloc.c:LINE! C 856 223d 227d 166d ANDROID: binder: fix transaction leak.
BUG: sleeping function called from invalid context at net/core/sock.c:LINE (2) 185 230d 228d 166d crypto: af_alg - remove locking in async callback
general protection fault in sidtab_search_core syz 1306 221d 228d 166d selinux: skip bounded transition processing if the policy isn't loaded
general protection fault in show_timer C 10 210d 229d 166d posix-timer: Properly check sigevent->sigev_notify
WARNING: kernel stack regs has bad 'bp' value (2) C 16238 166d 230d 166d crypto: x86/twofish-3way - Fix %rbp usage
KASAN: slab-out-of-bounds Read in strcmp C 150 222d 231d 166d selinux: ensure the context is NUL terminated in security_context_to_sid_core()
KASAN: slab-out-of-bounds Read in xfrm_hash_rebuild C 18 184d 251d 166d xfrm: skip policies marked as dead while rehashing
BUG: looking up invalid subclass: 8 C 5 252d 252d 166d ALSA: seq: Avoid invalid lockdep class warning
BUG: unable to handle kernel paging request in devpts_mntget C 21 179d 256d 166d devpts: fix error handling in devpts_mntget()
suspicious RCU usage at ./include/linux/inetdevice.h:LINE 28 249d 257d 166d fib: fib_dump_info can no longer use __in_dev_get_rtnl
KASAN: use-after-free Read in __xfrm_state_lookup C 7 258d 257d 166d xfrm: defer daddr pointer assignment after spi parsing
KASAN: use-after-free Read in sctp_association_free C 20 242d 257d 166d sctp: do not free asoc when it is already dead in sctp_sendmsg
BUG: sleeping function called from invalid context at mm/slab.h:LINE (2) 2 174d 175d 166d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: slab-out-of-bounds Read in erspan_build_header C 30 166d 175d 166d net: erspan: fix use-after-free
suspicious RCU usage at mm/slab.h:LINE 1 175d 175d 166d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: slab-out-of-bounds Read in erspan_xmit C 51 173d 175d 166d net: erspan: fix use-after-free
KASAN: use-after-free Read in erspan_xmit C 68 173d 175d 166d net: erspan: fix use-after-free
KASAN: use-after-free Read in erspan_build_header C 60 166d 175d 166d net: erspan: fix use-after-free
WARNING in xdp_rxq_info_unreg C 198 175d 175d 166d tun: avoid calling xdp_rxq_info_unreg() twice
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (3) C 5087 167d 175d 166d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: use-after-free Read in tipc_group_is_open C 1 182d 182d 166d tipc: fix race between poll() and setsockopt()
general protection fault in get_info C 760 182d 185d 166d netfilter: x_tables: don't return garbage pointer on modprobe failure
KASAN: use-after-free Read in rb_first_postorder C 17267 179d 188d 166d tipc: fix a potental access after delete in tipc_sk_join()
general protection fault in free_verifier_state (2) C 2 190d 190d 166d bpf: fix verifier GPF in kmalloc failure path
suspicious RCU usage at net/netfilter/ipset/ip_set_core.c:LINE C 38048 187d 193d 166d netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
general protection fault in copy_verifier_state C 2 199d 195d 166d bpf: fix verifier GPF in kmalloc failure path
possible deadlock in rtnl_lock C 15711 166d 223d 166d tuntap: fix possible deadlock when fail to register netdev
BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free 2 210d 208d 167d sctp: fix error path in sctp_stream_init
WARNING in fpu__copy 8 209d 209d 167d kvm: x86: fix WARN due to uninitialized guest FPU state
general protection fault in __rds_rdma_map C 12 219d 231d 167d rds: Fix NULL pointer dereference in __rds_rdma_map
WARNING in xfrm_state_fini C 2231 182d 238d 167d xfrm: check id proto in validate_tmpl()
general protection fault in __list_del_entry_valid (2) C 21 181d 238d 167d sget(): handle failures of register_shrinker()
KASAN: stack-out-of-bounds Read in xfrm_state_find (3) C 10353 171d 238d 167d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
general protection fault in sctp_stream_free 17 213d 254d 167d sctp: fix error path in sctp_stream_init
possible deadlock in vhost_chr_write_iter C 25952 173d 175d 169d vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
KASAN: slab-out-of-bounds Read in __dev_queue_xmit C 6 191d 179d 169d net: qdisc_pkt_len_init() should be more robust
KASAN: use-after-free Read in psock_write_space C 6 177d 189d 169d kcm: Only allow TCP sockets to be attached to a KCM mux
kernel BUG at net/l2tp/l2tp_ppp.c:LINE! C 22 173d 195d 169d kcm: Check if sk_user_data already set in kcm_attach
general protection fault in skb_segment C 7 190d 199d 169d gso: validate gso_type in GSO handlers
kernel BUG at net/core/skbuff.c:LINE! (2) C 562 170d 259d 169d pppoe: take ->needed_headroom of lower device into account on xmit
BUG: unable to handle kernel NULL pointer dereference in proc_flush_task syz 1 213d 209d 170d pid: Handle failure to allocate the first pid in a pid namespace
KASAN: stack-out-of-bounds Read in write_mmio C 3 217d 228d 170d KVM: Fix stack-out-of-bounds read in write_mmio
general protection fault in proc_flush_task syz 2 212d 229d 170d pid: Handle failure to allocate the first pid in a pid namespace
general protection fault in lockdep_invariant_state (2) C 114 222d 251d 170d locking/lockdep: Fix possible NULL deref
general protection fault in __lock_acquire (2) C 15 171d 257d 170d tipc: fix a null pointer deref on error path
BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:LINE C 19609 233d 259d 171d KVM: x86: fix em_fxstor() sleeping while in atomic
KASAN: use-after-free Read in fib6_add_1 C 4 183d 185d 173d net-backports: ipv6: don't let tb6_root node share routes with other node
WARNING in free_loaded_vmcs C 170 230d 238d 173d KVM: VMX: Fix vmx->nested freeing when no SMI handler
KASAN: slab-out-of-bounds Read in map_lookup_elem C 6 182d 185d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
possible deadlock in snd_seq_deliver_event C 6 252d 263d 175d ALSA: seq: Fix nested rwsem annotation for lockdep splat
general protection fault in ip6_xmit 16 176d 178d 175d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_ifup (2) C 18 182d 179d 175d ipv6: don't let tb6_root node share routes with other node
general protection fault in strlen C 53 178d 179d 175d netlink: reset extack earlier in netlink_rcv_skb
KASAN: stack-out-of-bounds Read in __nla_put C 57 178d 181d 175d netlink: reset extack earlier in netlink_rcv_skb
WARNING in canfd_rcv C 4 183d 181d 175d can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
WARNING in can_rcv C 5 182d 181d 175d can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
KASAN: slab-out-of-bounds Write in array_map_update_elem C 6 183d 182d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Write in array_map_update_elem C 11 181d 182d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in __bpf_map_put 1 185d 184d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
WARNING in rfkill_alloc C 6 183d 184d 175d cfg80211: check dev_set_name() return value
WARNING in wiphy_register C 15 182d 184d 175d mac80211_hwsim: validate number of different channels
divide error in ___bpf_prog_run C 28 178d 185d 175d bpf: fix 32-bit divide by zero
BUG: unable to handle kernel paging request in bpf_fd_array_map_lookup_elem 5 181d 185d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in dst_release 113 181d 186d 175d ipv6: ip6_make_skb() needs to clear cork.base.dst
KASAN: slab-out-of-bounds Read in bpf_fd_array_map_lookup_elem 7 182d 186d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in bpf_fd_array_map_lookup_elem 21 181d 187d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
WARNING in snd_interval_mulkdiv C 21 181d 187d 175d ALSA: pcm: Remove yet superfluous WARN_ON()
general protection fault in sctp_v6_get_dst C 6 187d 187d 175d sctp: do not allow the v4 socket to bind a v4mapped v6 address
WARNING in ___bpf_prog_run C 28 181d 187d 175d bpf: arsh is not supported in 32 bit alu thus reject it
WARNING in netlink_ack (2) C 6 187d 187d 175d netlink: extack needs to be reset each time through loop
BUG: unable to handle kernel paging request in fd_array_map_delete_elem 11 181d 188d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in __bpf_prog_put C 212 181d 188d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in cgroup_fd_array_put_ptr C 219 181d 188d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: slab-out-of-bounds Read in perf_event_fd_array_release C 96 181d 188d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in __bpf_map_put C 331 181d 188d 175d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in tls_sk_proto_close C 9 181d 188d 175d net/tls: Only attach to sockets in ESTABLISHED state
WARNING: held lock freed! C 497 179d 190d 175d sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:LINE 20 184d 192d 175d xfrm: don't call xfrm_policy_cache_flush while holding spinlock
kernel BUG at ./include/linux/skbuff.h:LINE! C 4502 181d 193d 175d esp: Fix GRO when the headers not fully in the linear part of the skb.
possible deadlock in ppp_dev_uninit C 6 181d 194d 175d ppp: unlock all_ppp_mutex before registering device
WARNING in adjust_ptr_min_max_vals C 252 178d 195d 175d bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (2) C 174 177d 256d 175d xfrm: fix rcu usage in xfrm_get_type_offload
KASAN: use-after-free Read in fib6_ifdown C 26 182d 186d 179d ipv6: remove null_entry before adding default route
KASAN: use-after-free Read in rt6_mtu_change_route 5 183d 186d 179d ipv6: remove null_entry before adding default route
INFO: task hung in snd_pcm_oss_write syz 2 187d 187d 179d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in snd_pcm_plug_write_transfer 1 187d 187d 179d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in mulaw_transfer 37 190d 193d 179d ALSA: aloop: Fix racy hw constraints adjustment
general protection fault in nf_tables_dump_obj_done C 976 188d 193d 179d netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done()
suspicious RCU usage at sound/core/pcm_lib.c:LINE 1 195d 194d 179d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
BUG: unable to handle kernel paging request in memset_erms C 35 179d 194d 179d ALSA: aloop: Fix inconsistent format due to incomplete rule
WARNING in rds_cmsg_rdma_args C 6 195d 195d 179d RDS: Heap OOB write in rds_message_alloc_sgs()
WARNING in snd_pcm_hw_param_first C 2905 187d 197d 179d ALSA: pcm: Remove incorrect snd_BUG_ON() usages
kernel BUG at ./include/linux/mm.h:LINE! (3) C 621 184d 201d 179d USB: fix usbmon BUG trigger
BUG: soft lockup (2) C 29 190d 218d 179d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
general protection fault in crypto_remove_spawns C 85 193d 231d 179d crypto: algapi - fix NULL dereference in crypto_remove_spawns()
WARNING in strp_data_ready C 59034 195d 265d 180d strparser: Call sock_owned_by_user_nocheck
KASAN: double-free or invalid-free in kvm_arch_vcpu_uninit 1 188d 184d 183d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in alg_setsockopt 5 195d 192d 187d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in do_syslog 1 196d 193d 187d crypto: pcrypt - fix freeing pcrypt instances
KASAN: slab-out-of-bounds Read in cap_inode_getsecurity C 11 192d 193d 187d capabilities: fix buffer overread on very short xattr
KASAN: slab-out-of-bounds Read in cap_convert_nscap C 4148 192d 196d 187d capabilities: fix buffer overread on very short xattr
BUG: bad usercopy in strncpy_from_user 1 202d 198d 187d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel paging request in ipcget 2 209d 206d 187d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in rw_copy_check_uvector 7 191d 206d 187d crypto: pcrypt - fix freeing pcrypt instances
general protection fault in skcipher_walk_done C 8 189d 209d 187d crypto: chacha20poly1305 - validate the digest size
KASAN: use-after-free Read in __list_del_entry_valid (2) C 11 209d 211d 187d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel NULL pointer dereference in blkcipher_walk_done C 2 214d 214d 187d crypto: chacha20poly1305 - validate the digest size
BUG: unable to handle kernel NULL pointer dereference in scatterwalk_copychunks C 3 213d 215d 187d crypto: chacha20poly1305 - validate the digest size
KASAN: wild-memory-access Write in scatterwalk_copychunks C 15 192d 218d 187d crypto: chacha20poly1305 - validate the digest size
general protection fault in scatterwalk_copychunks (2) C 141 193d 220d 187d crypto: chacha20poly1305 - validate the digest size
KASAN: use-after-free Read in handle_userfault C 151 200d 263d 188d userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
INFO: task hung in cleanup_net 1 222d 210d 195d net: Fix double free and memory corruption in get_net_ns_by_id()
KASAN: global-out-of-bounds Read in crypto_chacha20_crypt C 74 209d 212d 195d crypto: skcipher - set walk.iv for zero-length inputs
general protection fault in blkcipher_walk_first C 7 206d 217d 195d crypto: af_alg - wait for data at beginning of recvmsg
possible deadlock (2) 2 216d 218d 195d crypto: skcipher - set walk.iv for zero-length inputs
BUG: unable to handle kernel paging request in kvm_arch_vcpu_ioctl_run 1 222d 218d 195d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in copy_siginfo_to_user 1 223d 219d 195d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in match_subs_info 1 225d 220d 195d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in __put_user_8 1 226d 220d 195d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in __schedule 2 225d 220d 195d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
KASAN: use-after-free Write in aead_recvmsg C 21 207d 224d 195d crypto: af_alg - fix race accessing cipher request
BUG: unable to handle kernel paging request in __switch_to 1 229d 225d 195d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
general protection fault in crypto_chacha20_crypt C 2374 199d 230d 195d crypto: skcipher - set walk.iv for zero-length inputs
general protection fault in blkcipher_walk_done C 47 196d 231d 195d crypto: af_alg - wait for data at beginning of recvmsg
WARNING in netlink_ack C 6 205d 206d 202d netlink: fix netlink_ack() extack race
general protection fault in free_verifier_state C 2 208d 208d 202d bpf: fix verifier NULL pointer dereference
KASAN: use-after-free in aead_recvmsg 2 219d 219d 202d crypto: algif_aead - fix reference counting of null skcipher
kernel BUG at net/packet/af_packet.c:LINE! (2) 2 225d 228d 202d make sock_alloc_file() do sock_release() on failures
WARNING in refcount_dec (2) 1 236d 236d 202d net/packet: fix a race in packet_bind() and packet_notifier()
WARNING in lock_release C 72 210d 243d 206d alloc_super(): do ->s_umount initialization earlier
general protection fault in ___cache_free 1 218d 214d 208d crypto: salsa20 - fix blkcipher_walk API usage
general protection fault in kfree 13 219d 228d 208d crypto: salsa20 - fix blkcipher_walk API usage
general protection fault in strcmp 1 229d 228d 208d KEYS: reject NULL restriction string when type is specified
WARNING in initialize_timer 2 228d 229d 208d ALSA: seq: Remove spurious WARN_ON() at timer check
WARNING: suspicious RCU usage (3) 16 229d 230d 208d crypto: salsa20 - fix blkcipher_walk API usage
KASAN: stack-out-of-bounds Write in sha3_update C 5 234d 230d 208d crypto: hmac - require that the underlying hash algorithm is unkeyed
general protection fault in af_alg_free_areq_sgls C 2916 212d 231d 208d crypto: af_alg - fix NULL pointer dereference in
KASAN: use-after-free Read in aead_recvmsg C 4338 212d 231d 208d crypto: algif_aead - fix reference counting of null skcipher
general protection fault in scatterwalk_copychunks C 414 221d 230d 221d crypto: algif_aead - skip SGL entries with NULL page
kernel BUG at net/core/dev.c:LINE! C 5 232d 237d 221d net-backports: net/packet: fix a race in packet_bind() and packet_notifier()
possible deadlock in blk_trace_remove 5 232d 240d 221d blktrace: fix trace mutex deadlock
general protection fault in fanout_demux_rollover 3 234d 254d 221d packet: fix crash in fanout_demux_rollover()
kernel panic: softlockup: hung tasks 2 301d 271d 221d SUNRPC: Allow connect to return EHOSTUNREACH
general protection fault in dax_alloc_inode 1 252d 245d 225d dax: fix general protection fault in dax_alloc_inode
kernel BUG at net/key/af_key.c:LINE! C 63 273d 265d 225d xfrm: Copy policy family in clone_policy
WARNING in snd_timer_user_info_compat C 174 235d 237d 231d ALSA: timer: Remove kernel warning at compat ioctl error paths
KASAN: use-after-free Read in tcp_ack 68 244d 246d 231d net-backports: tcp: highest_sack fix
KASAN: use-after-free Read in mpi_free C 27 241d 249d 231d crypto: dh - Fix double free of ctx->p
WARNING in free_kthread_struct C 136405 248d 251d 231d kthread: zero the kthread data structure
INFO: trying to register non-static key. (2) C 8624 250d 252d 231d tcp: fix a lockdep issue in tcp_fastopen_reset_cipher()
possible deadlock in generic_file_write_iter C 61506 231d 254d 231d block, locking/lockdep: Assign a lock_class per gendisk used for wait_for_completion()
KASAN: use-after-free Read in fsnotify 1 292d 256d 231d dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
KASAN: use-after-free Read in tipc_send_group_bcast 4 266d 257d 231d tipc: fix a dangling pointer
general protection fault in bpf_check 3 252d 257d 231d bpf: fix verifier NULL pointer dereference
general protection fault in iov_iter_fault_in_readable 5 248d 257d 231d tun: do not arm flow_gc_timer in tun_flow_init()
kernel BUG at fs/notify/dnotify/dnotify.c:LINE! 19 247d 259d 231d dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
KASAN: use-after-free Write in detach_if_pending C 4169 268d 263d 231d tun: do not arm flow_gc_timer in tun_flow_init()
KASAN: slab-out-of-bounds Read in tipc_nametbl_lookup_dst_nodes C 22388 243d 265d 231d tipc: eliminate KASAN warning
BUG: unable to handle kernel paging request in vsock_diag_dump C 6 263d 265d 231d vsock: always call vsock_init_tables()
KASAN: use-after-free Read in tipc_group_self C 2942 248d 265d 231d tipc: fix a dangling pointer
general protection fault in do_raw_spin_lock 8 263d 268d 231d net-backports: ipv6: add ip6_null_entry check in rt6_select()
general protection fault in tun_flow_cleanup 1 303d 271d 231d tun: do not arm flow_gc_timer in tun_flow_init()
KASAN: use-after-free Read in free_netdev C 42 248d 272d 231d net-tun: fix panics at dismantle time
general protection fault in hrtimer_active C 669 248d 272d 231d net-tun: fix panics at dismantle time
WARNING in fib6_add C 8225 248d 272d 231d ipv6: prevent user from adding cached routes
WARNING in tun_get_user C 17398 248d 273d 231d net-backports: tun: relax check on eth_get_headlen() return value
BUG: sleeping function called from invalid context at net/core/sock.c:LINE C 407 232d 271d 232d strparser: Use delayed work instead of timer for msg timeout
KASAN: use-after-free Read in snd_timer_user_info_compat syz 2 273d 263d 237d ALSA: timer: Add missing mutex lock for compat ioctls
WARNING in tcp_update_reordering 748 241d 238d 237d tcp: fix tcp_fastretrans_alert warning
general protection fault in asn1_ber_decoder C 5009 248d 252d 241d KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
BUG: soft lockup C 466 244d 257d 241d ALSA: timer: Limit max instances per timer
BUG: unable to handle kernel paging request in snd_seq_oss_readq_puts C 389 251d 257d 241d ALSA: seq: Fix OSS sysex delivery in OSS emulation
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) C 93 249d 257d 241d xfrm: Fix stack-out-of-bounds read in xfrm_state_find.
WARNING in refcount_add_not_zero 70 241d 258d 241d tcp: gso: avoid refcount_t warning from tcp_gso_segment()
KASAN: slab-out-of-bounds Read in asn1_ber_decoder C 17 249d 254d 248d KEYS: fix out-of-bounds read during ASN.1 parsing
KASAN: use-after-free Read in __lock_acquire syz 894 248d 257d 248d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
KASAN: use-after-free Read in do_raw_spin_unlock syz 3 257d 259d 248d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
BUG: workqueue lockup C 172 248d 259d 248d tun/tap: sanitize TUNSETSNDBUF input
WARNING in get_pi_state C 42 257d 259d 248d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
INFO: rcu detected stall (2) C 56 248d 259d 248d net-backports: tun/tap: sanitize TUNSETSNDBUF input
general protection fault in __list_del_entry_valid C 72 251d 265d 248d ipsec: Fix aborted xfrm policy dump crash
WARNING in kmalloc_slab (2) C 2478 248d 266d 248d ipv6: flowlabel: do not leave opt->tot_len with garbage
KASAN: use-after-free Read in packet_getsockopt (2) syz 12 261d 270d 248d packet: avoid panic in packet_getsockopt()
WARNING in refcount_dec 9 248d 272d 248d ipv6: addrconf: increment ifp refcount before ipv6_del_addr()
general protection fault in ip6_setup_cork 56 263d 272d 248d net-backports: ipv6: flowlabel: do not leave opt->tot_len with garbage
WARNING in reuseport_alloc C 408 248d 272d 248d soreuseport: fix initialization race
KASAN: use-after-free Read in ip_queue_xmit 1 273d 273d 248d net-backports: tcp/dccp: fix ireq->opt races
KASAN: use-after-free Write in __run_timers 6144 268d 328d 248d net-backports: tun: call dev_get_valid_name() before register_netdevice()
kernel BUG at net/ipv4/tcp_output.c:LINE! 37 308d 320d 251d tcp: add an ability to dump and restore window parameters
WARNING in sk_stream_kill_queues syz 96 335d 338d 251d net-backports: dccp: purge write queue in dccp_destroy_sock()
general protection fault in refcount_sub_and_test 1 352d 336d 252d ipv6: fix NULL dereference in ip6_route_dev_notify()
KASAN: use-after-free Read in dev_queue_xmit_nit C 13 295d 307d 253d packet: hold bind lock when rebinding to fanout hook
WARNING in fib6_del 24 314d 327d 253d ipv6: fib: Unlink replaced routes from their nodes
KASAN: use-after-free Read in ccid2_hc_tx_rto_expire 5 331d 335d 253d dccp: defer ccid_hc_tx_delete() at dismantle time
BUG: unable to handle kernel NULL pointer dereference in free_fib_info_rcu 3 336d 336d 253d ipv4: fix NULL dereference in free_fib_info_rcu()
KASAN: double-free or invalid-free in selinux_tun_dev_free_security C 12033 329d 339d 253d tun: handle register_netdevice() failures properly
kernel BUG at net/core/skbuff.c:LINE! 5 266d 336d 263d ipv4: better IP_MAX_MTU enforcement
general protection fault in kvm_cpuid C 20 295d 314d 265d KVM: MMU: check guest CR3 reserved bits based on its physical address width.
KASAN: use-after-free Read in __list_add_valid syz 26 269d 317d 265d packet: hold bind lock when rebinding to fanout hook
general protection fault in skb_clone syz 3 335d 334d 265d tun: make tun_build_skb() thread safe
BUG: unable to handle kernel paging request in skb_release_data syz 15 334d 335d 265d tun: make tun_build_skb() thread safe
kernel BUG at lib/string.c:LINE! C 73 280d 296d 266d netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
WARNING in __local_bh_enable_ip 22 296d 303d 266d bpf: do not disable/enable BH in bpf_map_free_id()
WARNING in __switch_to C 535 293d 339d 266d x86/fpu: Don't let userspace set bogus xcomp_bv
WARNING: kernel stack regs has bad 'bp' value C 66131 294d 339d 266d crypto: x86/sha256-avx2 - Fix RBP usage
general protection fault in __ip_options_echo (2) C 2 315d 315d 266d udp: drop head states only when all skb references are gone
general protection fault in perf_trace_block_get_rq C 180 306d 315d 266d block: tolerate tracing of NULL bio
kernel BUG at mm/slab.c:LINE! C 860 313d 317d 266d bpf: fix numa_node validation
possible deadlock in kcm_sendpage syz 14 318d 321d 266d kcm: do not attach PF_KCM sockets to avoid deadlock
general protection fault in SyS_bpf C 10 325d 326d 266d bpf: fix a return in sockmap_get_from_fd()
WARNING in refcount_inc 7 319d 327d 266d net_sched: fix a refcount_t issue with noop_qdisc
general protection fault in __lock_acquire 5 276d 328d 266d ipv6: reset fn->rr_ptr when replacing route
KASAN: slab-out-of-bounds Read in skb_release_data 1 334d 334d 266d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in get_mm_exe_file C 2 329d 334d 266d fork: fix incorrect fput of ->exe_file causing use-after-free
KASAN: wild-memory-access Read in skb_copy_ubufs C 23 334d 335d 266d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in skb_release_data syz 7 335d 335d 266d tun: make tun_build_skb() thread safe
general protection fault in skb_release_data syz 198 334d 335d 266d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in skb_push 4 330d 336d 266d tipc: fix use-after-free
general protection fault in fib6_add 18 330d 336d 266d ipv6: repair fib6 tree in failure case
BUG: Bad page state C 2 335d 336d 266d mm/madvise.c: fix freeing of locked page with MADV_FREE
KASAN: use-after-free Read in ip6_pol_route 249 329d 337d 266d ipv6: reset fn->rr_ptr when replacing route
KASAN: use-after-free Read in free_ldt_struct C 109 323d 337d 266d x86/mm: Fix use-after-free of ldt_struct
BUG: unable to handle kernel NULL pointer dereference at ADDR C 63 323d 337d 266d strparser: initialize all callbacks
WARNING in kmalloc_slab C 22353 266d 338d 266d ptr_ring: use kmalloc_array()
WARNING in idr_replace C 1209 306d 338d 266d idr: remove WARN_ON_ONCE() when trying to replace negative ID
general protection fault in __skb_flow_dissect C 37 336d 338d 266d dsa: fix flow disector null pointer
general protection fault in fib_dump_info C 428 329d 339d 266d net: check and errout if res->fi is NULL when RTM_F_FIB_MATCH is set
suspicious RCU usage at ./include/linux/kvm_host.h:LINE C 103402 294d 339d 266d KVM: fix rcu warning on VM_CREATE errors
INFO: task hung C 13878 294d 359d 294d tcp: fix hang in tcp_sendpage_locked()
WARNING in kvm_arch_vcpu_ioctl_run C 20284 294d 359d 294d KVM: X86: Fix residual mmio emulation request to userspace
inconsistent lock state in sk_clone_lock C 16 336d 339d 314d tcp: fix possible deadlock in TCP stack vs BPF filter
BUG: sleeping function called from invalid context at mm/slab.h:LINE C 8 336d 339d 314d af_key: do not use GFP_KERNEL in atomic contexts
kernel BUG at mm/usercopy.c:LINE! C 23 335d 339d 314d udp: harden copy_linear_skb()