syzbot



Linux

fixed (1036):
Title Repro Count Last Reported Closed Patch
general protection fault in keyctl_pkey_params_get C 85 14d 74d 1d00h ["KEYS: fix parsing invalid pkey info string" "security: don't use a negative Opt_err token index"]
KASAN: stack-out-of-bounds Read in keyctl_pkey_params_get 2 15d 14d 1d07h KEYS: fix parsing invalid pkey info string
general protection fault in encode_rpcb_string C 6 178d 274d 1d07h sunrpc: handle ENOMEM in rpcb_getport_async
KMSAN: uninit-value in vti6_tnl_xmit syz 60 6d04h 29d 1d07h ip: validate header length on virtual device xmit
general protection fault in lo_ioctl (2) syz 2 260d 259d 1d07h block/loop: Use global lock for ioctl() operation.
inconsistent lock state in nr_find_socket C 19 3d02h 18d 1d07h netrom: fix locking in nr_find_socket()
KASAN: invalid-free in x25_asy_free C 67 12d 19d 1d07h net/wan: fix a double free in x25_asy_open_tty()
WARNING in kmem_cache_create_usercopy C 10 16d 75d 1d07h 9p/net: put a lower bound on msize
possible deadlock in blkdev_reread_part C 5736 20d 441d 1d07h ["loop: Fix deadlock when calling blkdev_reread_part()" "loop: Move loop_reread_partitions() out of loop_ctl_mutex"]
KMSAN: uninit-value in check_6rd C 81 7d08h 29d 1d07h ip: validate header length on virtual device xmit
WARNING: locking bug in loop_control_ioctl C 4018 40d 68d 1d07h loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
WARNING: ODEBUG bug in tipc_enable_bearer C 3 21d 24d 1d07h tipc: fix a double free in tipc_enable_bearer()
kernel BUG at kernel/time/timer.c:LINE! (2) C 5 13d 15d 1d07h net/hamradio/6pack: use mod_timer() to rearm timers
KASAN: slab-out-of-bounds Read in tun_net_xmit (2) C 10 17d 184d 1d07h ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
KASAN: use-after-free Read in nr_rx_frame syz 2 8d06h 14d 1d07h netrom: fix locking in nr_find_socket()
possible deadlock in nr_destroy_socket syz 20 4d15h 14d 1d07h netrom: fix locking in nr_find_socket()
INFO: task hung in loop_control_ioctl 4 97d 291d 1d07h loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
KASAN: use-after-free Read in posix_lock_inode syz 5 14d 14d 1d07h locks: fix error in locks_move_blocks()
general protection fault in transparent_hugepage_enabled C 626 14d 23d 1d07h mm, thp, proc: report THP eligibility for each vma
KMSAN: kernel-infoleak in capi_unlocked_ioctl C 109 6d04h 16d 1d07h isdn: fix kernel-infoleak in capi_unlocked_ioctl
INFO: task hung in lo_open (2) 10 62d 291d 1d07h loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
KASAN: user-memory-access Write in n_tty_set_termios C 85 19d 290d 1d07h tty: Hold tty_ldisc_lock() during tty_reopen()
KASAN: use-after-free Read in ax25_fillin_cb syz 4 22d 19d 1d07h ax25: fix a use-after-free in ax25_fillin_cb()
INFO: task hung in lo_release 1 182d 182d 1d07h loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
KASAN: use-after-free Read in locks_delete_block syz 4 42d 65d 1d07h fs/locks: always delete_block after waiting.
general protection fault in fdb_find_rcu C 3 21d 17d 1d07h net: rtnetlink: address is mandatory for rtnl_fdb_get
general protection fault in kvm_arch_vcpu_ioctl_run C 12 28d 43d 6d02h KVM: X86: Fix NULL deref in vcpu_scan_ioapic
general protection fault in __vb2_queue_free C 38 22d 78d 6d02h media: vb2: check memory model for VIDIOC_CREATE_BUFS
WARNING in static_key_enable_cpuslocked 1 52d 52d 6d02h udp: fix jump label misuse
WARNING in static_key_disable_cpuslocked syz 5 42d 60d 6d02h udp: fix jump label misuse
BUG: corrupted list in ___neigh_create C 706 34d 37d 6d02h neighbor: gc_list changes should be protected by table lock
WARNING in __rcu_read_unlock C 2 24d 32d 6d02h fou: Prevent unbounded recursion in GUE error handler
KASAN: use-after-free Read in __ipv6_addr_type 1 26d 26d 6d02h ipv6: tunnels: fix two use-after-free
BUG: corrupted list in neigh_mark_dead C 4117 34d 37d 6d02h neighbor: gc_list changes should be protected by table lock
KMSAN: kernel-infoleak in sctp_getsockopt syz 147 6d11h 42d 6d02h sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
KASAN: use-after-free Read in tipc_group_bc_cong C 280 27d 37d 6d02h tipc: check tsk->group in tipc_wait_for_cond()
KASAN: use-after-free Read in tipc_mcast_xmit syz 7 23d 30d 6d02h tipc: check group dests after tipc_wait_for_cond()
KMSAN: uninit-value in __inet6_bind C 56 7d08h 37d 6d02h ipv6: explicitly initialize udp6_addr in udp_sock_create6()
INFO: task hung in flush_workqueue C 293 25d 76d 6d02h media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
KASAN: slab-out-of-bounds Read in neigh_mark_dead 12 35d 37d 6d02h neighbor: gc_list changes should be protected by table lock
KASAN: slab-out-of-bounds Read in ___neigh_create 1 38d 37d 6d02h neighbor: gc_list changes should be protected by table lock
KASAN: null-ptr-deref Write in kthread_stop C 2527 22d 79d 6d02h media: vivid: fix error handling of kthread_run
KASAN: use-after-free Read in kfree_skb (2) C 66 27d 37d 6d02h tipc: fix a double kfree_skb()
KASAN: use-after-free Read in skcipher_recvmsg 6 52d 76d 6d02h crypto: user - fix use_after_free of struct xxx_request
BUG: sleeping function called from invalid context at mm/slab.h:LINE (4) C 36 30d 191d 6d02h crypto: x86/chacha - avoid sleeping under kernel_fpu_begin()
general protection fault in inet_lhash2_lookup C 1137 29d 32d 6d02h net: dccp: initialize (addr,port) listening hashtable
divide error in alarm_forward 1 31d 30d 6d02h posix-timers: Fix division by zero bug
KASAN: use-after-free Read in kvm_put_kvm C 143 28d 88d 6d02h KVM: fix unregistering coalesced mmio zone from wrong bus
general protection fault in inet6_lhash2_lookup C 718 29d 32d 6d02h net: dccp: initialize (addr,port) listening hashtable
KASAN: use-after-free Read in neigh_mark_dead C 858 34d 37d 6d02h neighbor: gc_list changes should be protected by table lock
WARNING in rds_message_alloc_sgs C 6 44d 78d 6d02h net/rds: fix warn in rds_message_alloc_sgs
WARNING in vkms_plane_duplicate_state C 108 22d 55d 6d02h drm/vkms: Fix plane duplicate_state
divide error in vivid_vid_cap_s_dv_timings C 108 22d 79d 6d02h media: vivid: set min width/height to a value > 0
KMSAN: uninit-value in packet_sendmsg 5 55d 29d 6d02h packet: validate address length
KASAN: use-after-free Read in vb2_mmap C 276 22d 78d 6d02h media: vb2: vb2_mmap: move lock up
general protection fault in __ipv6_sock_mc_join C 9 33d 37d 6d02h tipc: compare remote and local protocols in tipc_udp_enable()
BUG: pagefault on kernel address ADDR in non-whitelisted uaccess C 17 30d 76d 6d02h media: vivid: free bitmap_cap when updating std/timings/etc.
KASAN: global-out-of-bounds Read in tpg_print_str_4 C 52 44d 69d 6d02h media: v4l2-tpg: array index could become negative
KASAN: use-after-free Read in ___neigh_create C 164 34d 37d 6d02h neighbor: gc_list changes should be protected by table lock
net build error 2 115d 115d 16d rds: Fix build regression.
WARNING in fuse_destroy_inode C 7 60d 61d 20d fuse: Add bad inode check in fuse_destroy_inode()
WARNING in userfaultfd_ioctl C 11 34d 44d 20d userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered
KASAN: use-after-free Read in sctp_hash_transport 1 60d 59d 29d sctp: kfree_rcu asoc
KASAN: use-after-free Read in vhost_transport_send_pkt syz 36 43d 170d 29d vhost/vsock: fix use-after-free in network stack callers
KASAN: use-after-free Read in delayed_uprobe_remove C 2 73d 76d 29d Uprobes: Fix kernel oops with delayed_uprobe_remove()
KMSAN: kernel-infoleak in _copy_to_iter (4) C 56 44d 48d 29d rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
KASAN: invalid-free in hub_event 1 51d 51d 29d USB: Fix invalid-free bug in port_over_current_notify()
KASAN: use-after-free Read in sctp_epaddr_lookup_transport syz 5 60d 61d 29d sctp: kfree_rcu asoc
KASAN: use-after-free Read in vhost_work_queue syz 30 41d 141d 29d vhost/vsock: fix use-after-free in network stack callers
KASAN: use-after-free Read in vhost_transport_cancel_pkt syz 17 68d 112d 29d vhost/vsock: fix use-after-free in network stack callers
WARNING in alloc_pages_vma C 98 38d 41d 29d Revert "mm, thp: consolidate THP gfp handling into alloc_hugepage_direct_gfpmask"
KASAN: use-after-free Read in snd_ctl_elem_add 1 63d 62d 32d ALSA: control: Fix race between adding and removing a user element
WARNING in cttimeout_default_get C 44 41d 61d 40d netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too
WARNING in format_decode (2) C 16 60d 142d 40d bpf: fix check of allowed specifiers in bpf_trace_printk
KMSAN: uninit-value in linear_transfer (2) C 7 46d 69d 40d ALSA: oss: Use kvzalloc() for local buffer allocations
KASAN: use-after-free Read in nbp_vlan_rcu_free 1 66d 65d 40d net: bridge: fix vlan stats use-after-free on destruction
KMSAN: kernel-infoleak in kvm_write_guest_page C 36 43d 70d 40d KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
BUG: GPF in non-whitelisted uaccess (non-canonical address?) C 10 59d 66d 40d HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
KASAN: slab-out-of-bounds Write in queue_stack_map_push_elem C 30 50d 52d 40d bpf: fix integer overflow in queue_stack_map
WARNING in bpf_check (2) C 9 63d 62d 40d bpf: fix off-by-one error in adjust_subprog_starts
INFO: task hung in fuse_sb_destroy C 2 76d 76d 40d fuse: fix leaked notify reply
KMSAN: kernel-infoleak in kvm_arch_vcpu_ioctl C 31 46d 61d 40d KVM: nVMX: Fix kernel info-leak when enabling KVM_CAP_HYPERV_ENLIGHTENED_VMCS more than once
general protection fault in icmp_timeout_obj_to_nlattr C 13 73d 77d 65d netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr
general protection fault in addr_resolve C 32 101d 117d 65d RDMA/core: Check error status of rdma_find_ndev_for_src_ip_rcu
KMSAN: uninit-value in synaptics_detect C 137 65d 118d 65d Input: synaptics - avoid using uninitialized variable when probing
BUG: unable to handle kernel NULL pointer dereference in sha256_mb_mgr_get_comp_job_avx2 1 99d 98d 65d crypto: x86 - remove SHA multibuffer routines and mcryptd
KMSAN: uninit-value in dev_mc_add_excl C 13 70d 82d 65d rtnetlink: Disallow FDB configuration for non-Ethernet device
KASAN: stack-out-of-bounds Read in __aa_lookupn_ns C 52 81d 112d 65d apparmor: Fix uninitialized value in aa_split_fqname
KASAN: slab-out-of-bounds Read in sctp_getsockopt C 9 83d 82d 65d sctp: check policy more carefully when getting pr status
WARNING in __put_task_struct (2) C 17 91d 100d 65d RDMA/restrack: Protect from reentry to resource return path
KASAN: invalid-free in p9stat_free C 3 143d 143d 65d ["9p: clear dangling pointers in p9stat_free" "v9fs_dir_readdir: fix double-free on p9stat_read error"]
possible deadlock in ovl_copy_up_start 2 83d 90d 65d ovl: fix recursive oi->lock in ovl_link()
KASAN: use-after-free Read in sha_complete_job 1 104d 103d 65d crypto: x86 - remove SHA multibuffer routines and mcryptd
BUG: corrupted list in cpu_stop_queue_work C 24 184d 193d 65d shmem: Convert shmem_add_to_page_cache to XArray
KMSAN: uninit-value in dev_uc_add_excl C 20 76d 118d 65d rtnetlink: Disallow FDB configuration for non-Ethernet device
general protection fault in rb_erase C 79836 72d 113d 65d ext4: fix EXT4_IOC_SWAP_BOOT
KASAN: use-after-free Read in tcf_block_find C 27 106d 112d 65d net_sched: fix a crash in tc_new_tfilter()
KASAN: use-after-free Read in seq_escape 1 108d 107d 65d ext4: fix use-after-free race in ext4_remount()'s error path
KASAN: use-after-free Read in _copy_from_iter C 12 169d 181d 65d 9p: Add refcount to p9_req_t
KASAN: use-after-free Read in gfs2_log_flush syz 14 86d 126d 65d gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
general protection fault in getname_kernel C 10 92d 101d 65d gfs2_meta: ->mount() can get NULL dev_name
kernel BUG at arch/x86/mm/physaddr.c:LINE! C 10 66d 98d 65d ovl: fix error handling in ovl_verify_set_fh()
general protection fault in __skb_flow_dissect (2) C 11 113d 120d 65d flow_dissector: lookup netns by skb->sk if skb->dev is NULL
general protection fault in ctnetlink_alloc_filter C 80 114d 118d 65d netfilter: ctnetlink: must check mark attributes vs NULL
WARNING: kmalloc bug in krealloc C 2 185d 185d 65d mm: don't warn about large allocations for slab
KASAN: slab-out-of-bounds Read in refcount_inc_not_zero_checked 2 90d 91d 65d bpf: skmsg, fix psock create on existing kcm/tls port
WARNING: kmalloc bug in __v9fs_get_acl C 212 83d 190d 65d mm: don't warn about large allocations for slab
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue C 8 92d 112d 65d blk-mq: fallback to previous nr_hw_queues when updating fails
KASAN: use-after-free Write in jbd2_log_do_checkpoint 1 127d 121d 65d jbd2: fix use after free in jbd2_log_do_checkpoint()
WARNING: kmalloc bug in str_read C 11 87d 131d 65d selinux: Add __GFP_NOWARN to allocation at str_read()
KASAN: use-after-free Read in __dev_queue_xmit (3) 11 107d 111d 65d net_sched: fix a crash in tc_new_tfilter()
KMSAN: uninit-value in ip_tunnel_lookup (2) C 2 83d 83d 65d ip_gre: fix parsing gre header in ipgre_err
KASAN: use-after-free Read in sha512_ctx_mgr_resubmit C 4 104d 154d 65d crypto: x86 - remove SHA multibuffer routines and mcryptd
kernel BUG at mm/shmem.c:LINE! C 30 192d 194d 65d shmem: Convert shmem_add_to_page_cache to XArray
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked C 31 72d 103d 65d ipv6: do not leave garbage in rt->fib6_metrics
WARNING in tcp_cleanup_ulp syz 16 91d 92d 65d tcp, ulp: remove socket lock assertion on ULP cleanup
KASAN: use-after-free Read in sctp_outq_select_transport 1 86d 85d 65d sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
WARNING: kmalloc bug in input_mt_init_slots C 54 83d 117d 65d mm: don't warn about large allocations for slab
general protection fault in dev_gro_receive (2) syz 4 90d 97d 65d net: Properly unlink GRO packets on overflow.
upstream boot error (2) 1 78d 78d 65d block: brd: associate with queue until adding disk
WARNING: kmalloc bug in get_valid_checkpoint syz 2 251d 251d 65d mm: don't warn about large allocations for slab
WARNING in tcp_close syz 284 86d 186d 65d tcp: do not release socket ownership in tcp_close()
BUG: corrupted list in p9_read_work syz 23 73d 184d 65d 9p/trans_fd: abort p9_read_work if req status changed
general protection fault in netdev_master_upper_dev_get 1 83d 83d 65d net/neigh: fix NULL deref in pneigh_dump_table()
KASAN: use-after-free Read in kfree_skb 1 87d 87d 65d llc: do not use sk_eat_skb()
KASAN: use-after-free Read in fuse_dev_do_read syz 19 77d 125d 65d fuse: Fix use-after-free in fuse_dev_do_read()
WARNING: kmalloc bug in vfs_getxattr_alloc C 9 140d 182d 65d mm: don't warn about large allocations for slab
BUG: unable to handle kernel NULL pointer dereference in sha1_mb_mgr_get_comp_job_avx2 1 112d 112d 65d crypto: x86 - remove SHA multibuffer routines and mcryptd
WARNING: kmalloc bug in bfs_fill_super C 147 248d 292d 65d bfs: add sanity check at bfs_fill_super()
INFO: task hung in ext4_fallocate C 1 108d 107d 65d ext4: fix argument checking in EXT4_IOC_MOVE_EXT
WARNING: refcount bug in qdisc_put 5 108d 109d 65d net_sched: fix a crash in tc_new_tfilter()
KMSAN: uninit-value in vcs_read C 2343 222d 246d 68d vt: prevent leaking uninitialized data to userspace via /dev/vcs*
kernel BUG at include/linux/skbuff.h:LINE! 3 177d 186d 78d nsh: set mac len based on inner packet
KASAN: use-after-free Read in sctp_id2assoc 1 105d 104d 79d sctp: fix race on sctp_id2asoc
WARNING in usb_submit_urb (3) C 58 80d 96d 79d USB: fix the usbfs flag sanitization for control transfers
KMSAN: kernel-infoleak in _copy_to_iter (3) C 36 79d 90d 79d tipc: fix info leak from kernel tipc_event
KASAN: use-after-free Read in inet6_mc_check 1 96d 96d 79d ipv6: mcast: fix a use-after-free in inet6_mc_check
KASAN: slab-out-of-bounds Read in fscache_alloc_cookie C 1936 90d 192d 79d ["fscache: Fix incomplete initialisation of inline key space" "fscache: Fix out of bound read in long cookie keys"]
KASAN: use-after-free Read in __llc_lookup_established 1 98d 97d 79d llc: set SOCK_RCU_FREE in llc_sap_add_socket()
KASAN: slab-out-of-bounds Read in vhci_hub_control C 43 89d 134d 79d usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
BUG: sleeping function called from invalid context at net/core/dev.c:LINE syz 8 91d 100d 79d xsk: do not call synchronize_net() under RCU read lock
KASAN: slab-out-of-bounds Read in _decode_session6 C 35 79d 136d 79d net/xfrm: fix out-of-bounds packet access
INFO: rcu detected stall in mousedev_write 18 132d 146d 90d Input: mousedev - add a schedule point in mousedev_write()
kernel BUG at net/core/dev.c:LINE! (2) syz 2 98d 98d 90d net: make skb_partial_csum_set() more robust against overflows
KASAN: use-after-free Read in finish_task_switch C 3047 114d 159d 93d KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs
WARNING in __skb_flow_dissect syz 3 98d 99d 97d tun: napi flags belong to tfile
general protection fault in dev_gro_receive syz 8 99d 111d 97d tun: napi flags belong to tfile
possible deadlock in flush_workqueue C 73762 104d 146d 97d net-backports: bonding: avoid possible dead-lock
KASAN: use-after-free Read in rawv6_sendmsg C 84 99d 130d 97d net-backports: ipv6: take rcu lock in rawv6_send_hdrinc()
possible deadlock in rtnetlink_rcv_msg 1 121d 121d 97d net-backports: bonding: avoid possible dead-lock
KASAN: slab-out-of-bounds Read in string (2) 14 104d 110d 97d ovl: fix access beyond unterminated strings
WARNING in pcpu_alloc C 4 98d 107d 97d bpf: don't accept cgroup local storage with zero value size
KASAN: use-after-free Write in ucma_put_ctx syz 11 113d 131d 97d ucma: fix a use-after-free in ucma_resolve_ip()
general protection fault in usb_find_alt_setting (2) C 53 113d 135d 97d USB: handle NULL config in usb_find_alt_setting()
INFO: trying to register non-static key in tun_chr_write_iter 14 98d 110d 97d tun: initialize napi_mutex unconditionally
WARNING in rollback_registered_many 1 108d 108d 97d rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
KASAN: use-after-free Read in ip_cmsg_recv_offset C 9 107d 109d 97d net-backports: ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
possible deadlock in team_vlan_rx_add_vid syz 5 127d 161d 97d team: Forbid enslaving team device to itself
general protection fault in ubifs_mount C 216 118d 135d 97d ubifs: Check for name being NULL while mounting
KMSAN: uninit-value in ip6_tnl_start_xmit C 69 111d 121d 97d ip6_tunnel: be careful when accessing the inner header
KASAN: use-after-free Read in destroy_async_on_interface C 134 113d 135d 97d USB: fix error handling in usb_driver_claim_interface()
WARNING in usb_submit_urb (2) C 259 97d 135d 97d USB: usbdevfs: sanitize flags more
INFO: task hung in unregister_netdevice_notifier (2) 1 106d 106d 97d rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
KASAN: use-after-free Read in cma_bind_port syz 2 127d 131d 97d ucma: fix a use-after-free in ucma_resolve_ip()
KMSAN: uninit-value in pppoe_rcv C 2 256d 126d 97d pppoe: fix reception of frames with no mac header
INFO: task hung in rollback_registered_many 4 101d 108d 97d rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
WARNING: suspicious RCU usage in inet_csk_route_req C 43 104d 339d 97d tcp/dccp: fix lockdep issue when SYN is backlogged
KMSAN: kernel-infoleak in _copy_to_iter (2) C 7 106d 133d 100d xfrm_user: prevent leaking 2 bytes of kernel memory
general protection fault in rhashtable_walk_start_check C 112 125d 136d 112d tipc: call start and done ops directly in __tipc_nl_compat_dumpit()
WARNING in try_charge syz 649 112d 165d 112d mm: memcontrol: print proper OOM header when no eligible victim left
divide error in nbd_ioctl C 50 127d 134d 112d nbd: don't allow invalid blocksize settings
WARNING in apparmor_secid_to_secctx C 3344 125d 140d 112d apparmor: fix bad debug check in apparmor_secid_to_secctx()
KASAN: use-after-free Read in ceph_destroy_options 1 147d 146d 112d ceph: avoid a use-after-free in ceph_destroy_options()
general protection fault in ovl_free_fs C 4 129d 131d 112d ovl: fix oopses in ovl_fill_super() failure paths
KMSAN: uninit-value in snd_midi_event_encode_byte C 3 136d 136d 112d ALSA: rawmidi: Initialize allocated buffers
KASAN: use-after-free Read in __rhashtable_lookup (2) C 22 126d 146d 112d rds: fix two RCU related problems
general protection fault in rhashtable_walk_exit C 8 126d 128d 112d tipc: check return value of __tipc_dump_start()
KASAN: use-after-free Read in sock_i_ino syz 127 125d 135d 112d tipc: orphan sock in tipc_release()
BUG: unable to handle kernel paging request in kfree (2) C 297 140d 191d 114d net/9p/client.c: version pointer uninitialized
KMSAN: uninit-value in memcmp (2) C 131 126d 117d 115d net: fix uninit-value in __hw_addr_add_ex()
KASAN: use-after-free Write in ip6_dst_destroy 1 193d 193d 125d ipv6: use fib6_info_hold_safe() when necessary
KASAN: stack-out-of-bounds Read in fib_table_lookup 1 185d 185d 127d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in wiphy_register (2) C 8 152d 154d 128d mac80211_hwsim: require at least one channel
KASAN: use-after-free Read in tipc_group_fill_sock_diag syz 35 133d 151d 128d tipc: switch to rhashtable iterator
KASAN: global-out-of-bounds Read in ip6_xmit 2 308d 309d 128d l2tp: fix races with ipv4-mapped ipv6 addresses
WARNING in __fsnotify_recalc_mask syz 9 149d 151d 128d fsnotify: fix false positive warning on inode delete
KASAN: use-after-free Read in sctp_transport_get_next C 6 143d 145d 128d sctp: hold transport before accessing its asoc in sctp_transport_get_next
KASAN: stack-out-of-bounds Read in __schedule syz 4 139d 141d 128d bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
BUG: soft lockup in shrink_dcache_parent (2) 7 219d 226d 128d restore cond_resched() in shrink_dcache_parent()
INFO: task hung in fsnotify_mark_destroy_workfn syz 13 160d 274d 131d android: binder: Rate-limit debug and userspace triggered err msgs
KASAN: use-after-free Read in ip6_tnl_start_xmit 1 260d 260d 132d packet: in packet_snd start writing at link layer allocation
INFO: rcu detected stall in snd_pcm_oss_prepare 4 281d 283d 133d ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
WARNING in up_write C 725 241d 289d 133d locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
BUG: soft lockup in d_walk C 163 219d 265d 133d restore cond_resched() in shrink_dcache_parent()
general protection fault in vsscanf C 7 160d 190d 135d 9p: fix multiple NULL-pointer-dereferences
net-next boot error 66 169d 174d 141d virtio-net: correctly update XDP_TX counters
WARNING in input_alloc_absinfo C 318 143d 216d 141d Input: do not use WARN() in input_alloc_absinfo()
KASAN: use-after-free Read in ip6_hold_safe C 1 167d 167d 141d l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
KASAN: use-after-free Read in iotlb_access_ok 1 166d 162d 141d vhost: reset metadata cache when initializing new IOTLB
general protection fault in process_init_reply C 24 148d 183d 141d fuse: Fix oops at process_init_reply()
WARNING: suspicious RCU usage in bpf_prog_array_copy_core C 22873 141d 155d 141d bpf: fix a rcu usage warning in bpf_prog_array_copy_core()
WARNING: lock held when returning to user space in fuse_lock_inode C 1439 147d 188d 141d fuse: fix initial parallel dirops
WARNING: refcount bug in llc_sap_find C 18 160d 162d 141d llc: use refcount_inc_not_zero() for llc_sap_find()
possible deadlock in rhashtable_lookup_insert_fast C 28 152d 155d 141d ila: make lockdep happy again
KASAN: slab-out-of-bounds Write in crypto_dh_encode_key C 1401 163d 191d 141d crypto: dh - fix calculating encoded key size
KASAN: slab-out-of-bounds Read in _autofs_dev_ioctl C 5 153d 154d 141d autofs: fix autofs_sbi() does not check super block type
KASAN: use-after-free Write in ip6_hold_safe C 25 164d 175d 141d l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
general protection fault in validate_checkpoint 186 167d 168d 141d f2fs: fix invalid memory access
BUG: soft lockup in snd_virmidi_output_trigger 3 181d 282d 141d ALSA: virmidi: Fix too long output trigger loop
general protection fault in send_sigurg_to_task C 6 153d 156d 141d signal: Don't send signals to tasks that don't exist
KASAN: slab-out-of-bounds Write in eth_header_parse C 7 160d 173d 141d packet: refine ring v3 block size test to hold one frame
WARNING in __snd_rawmidi_transmit_ack (2) C 6 147d 155d 141d ALSA: seq: virmidi: Fix discarding the unsubscribed output
general protection fault in send_sigio_to_task C 176 152d 156d 141d signal: Don't send signals to tasks that don't exist
KASAN: use-after-free Read in do_shrink_slab 9 147d 151d 141d mm: check shrinker is memcg-aware in register_shrinker_prepared()
KMSAN: uninit-value in do_msgrcv C 8 141d 218d 141d ["ipc/util.c: use ipc_rcu_putref() for failues in ipc_addid()" "ipc: compute kern_ipc_perm.id under the ipc lock" "ipc: reorganize initialization of kern_ipc_perm.seq"]
WARNING: ODEBUG bug in vsock_stream_connect C 42 161d 170d 141d vsock: split dwork to avoid reinitializations
KASAN: slab-out-of-bounds Read in pdu_read C 267 157d 192d 141d ["9p: validate PDU length" "net/9p/client.c: version pointer uninitialized"]
WARNING in close_fs_devices C 137 182d 225d 141d btrfs: fix mount and ioctl device scan ioctl race
general protection fault in string (2) 1 167d 167d 141d net: check extack._msg before print
general protection fault in p9_fd_create_unix C 4 187d 190d 141d 9p: fix multiple NULL-pointer-dereferences
general protection fault in mount_fs C 1 287d 287d 141d hfsplus: don't return 0 when fill_super() failed
general protection fault in open_fs_devices C 8 192d 224d 141d btrfs: fix mount and ioctl device scan ioctl race
general protection fault in smc_ioctl (3) C 15 160d 161d 141d net/smc: move sock lock in smc_ioctl()
KASAN: slab-out-of-bounds Write in vmac_final C 2 218d 214d 141d crypto: vmac - separate tfm and request context
BUG: corrupted list in p9_fd_cancel C 34 177d 191d 141d net/9p/trans_fd.c: fix race by holding the lock
general protection fault in smc_tx_prepared_sends C 7 166d 167d 141d net/smc: move sock lock in smc_ioctl()
KASAN: use-after-free Read in p9_poll_workfn C 148 152d 191d 141d net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
WARNING: bad usercopy in __kvm_write_guest_page C 4 242d 235d 145d KVM: vmx: use local variable for current_vmptr when emulating VMPTRST
WARNING in refcount_inc (3) C 7 290d 291d 145d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Write in irq_bypass_register_consumer C 1632 182d 443d 145d KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
KASAN: slab-out-of-bounds Write in process_preds C 6020 204d 280d 145d tracing: Check for no filter when processing event filters
kernel BUG at net/ipv6/route.c:LINE! C 197 163d 185d 161d ipv6: use fib6_info_hold_safe() when necessary
possible deadlock in bond_get_stats C 11 167d 171d 161d bonding: avoid lockdep confusion in bond_get_stats()
kernel BUG at mm/memory.c:LINE! 1 192d 191d 161d mm: fix vma_is_anonymous() false-positives
WARNING in __ip6_make_skb C 1 185d 185d 161d ipv6: use fib6_info_hold_safe() when necessary
general protection fault in tcp_gso_segment 1 186d 186d 161d net: skb_segment() should not return NULL
KASAN: use-after-free Read in refcount_sub_and_test_checked 3 167d 168d 161d Revert "net/ipv6: fix metrics leak"
WARNING in ip6_sk_dst_lookup_flow C 2 166d 184d 161d ipv6: use fib6_info_hold_safe() when necessary
KMSAN: uninit-value in __nf_conntrack_find_get C 67 176d 183d 161d netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
KASAN: invalid-free in fat_fill_super 1 189d 189d 161d fat: fix memory allocation failure handling of match_strdup()
WARNING in ip6_setup_cork C 4 166d 185d 161d ipv6: use fib6_info_hold_safe() when necessary
KMSAN: kernel-infoleak in put_cmsg C 3 193d 183d 161d ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
BUG: unable to handle kernel paging request in neigh_update 1 180d 180d 161d ipv6: use fib6_info_hold_safe() when necessary
KMSAN: uninit-value in gc_worker 10 177d 189d 161d netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
kernel BUG at fs/userfaultfd.c:LINE! (2) C 8 167d 185d 161d userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
KASAN: use-after-free Write in dst_release (2) C 3 166d 168d 161d Revert "net/ipv6: fix metrics leak"
KMSAN: kernel-infoleak in _copy_to_iter C 285 176d 212d 161d xfrm_user: prevent leaking 2 bytes of kernel memory
general protection fault in __delayacct_blkio_end C 50 176d 272d 161d delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
unregister_netdevice: waiting for DEV to become free C 170521 161d 272d 161d xfrm: fix missing dst_release() after policy blocking lbcast and multicast
general protection fault in rds_ib_get_mr C 9 202d 301d 161d RDS: RDMA: Fix the NULL-ptr deref in rds_ib_get_mr
KASAN: out-of-bounds Read in bpf_test_finish 9 185d 191d 162d bpf: fix panic due to oob in bpf_prog_test_run_skb
KASAN: slab-out-of-bounds Read in ipv6_gso_pull_exthdrs C 4 200d 216d 162d nsh: set mac len based on inner packet
KASAN: stack-out-of-bounds Read in __d_lookup_rcu 1 181d 181d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING: refcount bug in smap_release_sock C 55 178d 217d 162d ["bpf: sockmap, consume_skb in close path" "bpf: sockmap, error path can not release psock in multi-map case"]
KASAN: stack-out-of-bounds Read in __handle_mm_fault (2) C 3 180d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in vma_interval_tree_insert (2) 1 177d 176d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in kernfs_find_ns 1 182d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in __snd_rawmidi_transmit_ack syz 2 185d 185d 162d ALSA: rawmidi: Change resized buffers atomically
KASAN: stack-out-of-bounds Read in rb_next (2) 1 182d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in scheduler_tick C 1 192d 192d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in neigh_flush_dev 1 187d 185d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in copy_page_range 1 182d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in __cgroup_account_cputime_field 1 182d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in debug_check_no_obj_freed (5) 4 177d 184d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in unmap_page_range (3) 1 177d 177d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in cpuacct_account_field (2) 1 180d 179d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in lock_sock_nested 1 185d 184d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in netlink_has_listeners 1 184d 184d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
BUG: unable to handle kernel NULL pointer dereference in corrupted (2) C 1 183d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: slab-out-of-bounds Read in corrupted C 1 183d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in cpuacct_charge 1 177d 176d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in bpf_tcp_close C 1 182d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in update_blocked_averages 1 187d 187d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KMSAN: uninit-value in af_alg_free_areq_sgls C 640 176d 283d 162d crypto: af_alg - Initialize sg_num_bytes in error code path
WARNING in bpf_check 3 182d 188d 162d bpf: don't leave partial mangled prog in jit_subprogs error path
KASAN: stack-out-of-bounds Read in __enqueue_entity 1 186d 186d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in account_system_index_time C 2 185d 192d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in sctp_assoc_update_frag_point 5 183d 204d 162d sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
kernel BUG at mm/slab.c:LINE! (2) C 701 177d 191d 162d bpf: fix panic due to oob in bpf_prog_test_run_skb
KASAN: stack-out-of-bounds Read in __task_pid_nr_ns 1 190d 190d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in locks_remove_posix C 1 179d 179d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in get_mem_cgroup_from_mm 1 190d 190d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in change_protection 1 184d 184d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in do_debug (2) 1 183d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in __delayacct_add_tsk 1 189d 189d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in __sock_release 1 181d 181d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in add_wait_queue C 1 192d 192d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in ext4_symlink 1 185d 185d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
INFO: rcu detected stall in vprintk_emit syz 2 199d 205d 162d net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
WARNING: refcount bug in smc_tcp_listen_work 1 224d 224d 162d net/smc: reduce sock_put() for fallback sockets
WARNING in set_precision C 140 181d 222d 162d KEYS: DNS: fix parsing multiple options
BUG: unable to handle kernel paging request in cpuacct_charge syz 2 183d 183d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in __acct_update_integrals 2 180d 188d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: use-after-free Read in ipv6_gso_pull_exthdrs C 5 180d 212d 162d nsh: set mac len based on inner packet
general protection fault in rb_next 1 183d 183d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Write in __tlb_remove_page_size 1 179d 177d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in timerqueue_add C 4 180d 196d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in rb_insert_color (2) 1 186d 186d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in __tlb_remove_page_size 1 179d 179d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in enqueue_task_fair 1 183d 182d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
BUG: unable to handle kernel paging request in account_system_index_time 1 180d 179d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
KASAN: stack-out-of-bounds Read in find_inode_nowait 1 191d 191d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in iov_iter_revert C 74 182d 248d 162d tls: Stricter error checking in zerocopy sendmsg path
general protection fault in smc_ioctl (2) C 43 162d 185d 162d net/smc: take sock lock in smc_ioctl()
KASAN: stack-out-of-bounds Read in tlb_flush_mmu_free 2 188d 191d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
general protection fault in do_tcp_getsockopt C 9 181d 193d 162d tcp: cleanup copied_seq and urg_data in tcp_disconnect
KASAN: use-after-free Read in bpf_test_finish C 1211 177d 191d 162d bpf: fix panic due to oob in bpf_prog_test_run_skb
KASAN: use-after-free Write in skb_release_data C 1903 236d 289d 162d packet: reset network header if packet shorter than ll reserved space
KASAN: stack-out-of-bounds Read in rcu_process_callbacks C 1 186d 186d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
BUG: unable to handle kernel paging request in ttwu_do_activate 1 196d 195d 162d bpf: sockhash, disallow bpf_tcp_close and update in parallel
WARNING in smc_unhash_sk C 155731 165d 327d 162d net/smc: reduce sock_put() for fallback sockets
kernel BUG at net/packet/af_packet.c:LINE! (3) syz 5 312d 359d 171d packet: fix bitfield update race
KASAN: slab-out-of-bounds Read in getname_kernel C 8 186d 286d 176d autofs: fix slab out of bounds read in getname_kernel()
kernel BUG at mm/gup.c:LINE! syz 4 199d 196d 176d ["fs, elf: make sure to page align bss in load_elf_library" "mm: do not bug_on on incorrect length in __mm_populate()"]
KASAN: global-out-of-bounds Write in string C 7 231d 288d 176d reiserfs: fix buffer overflow with long warning messages
KASAN: use-after-free Read in l2tp_session_create 119 298d 365d 180d l2tp: fix races in tunnel creation
KMSAN: uninit-value in ip_tunnel_xmit C 2594 183d 270d 183d packet: in packet_snd start writing at link layer allocation
KMSAN: uninit-value in br_nf_forward_arp 1 229d 226d 183d packet: in packet_snd start writing at link layer allocation
KMSAN: kernel-infoleak in vcs_read C 531 212d 222d 187d vt: prevent leaking uninitialized data to userspace via /dev/vcs*
WARNING: suspicious RCU usage in fib6_info_alloc syz 2 273d 273d 191d net/ipv6: Fix gfp_flags arg to addrconf_prefix_route
WARNING in kernfs_add_one C 174 192d 256d 191d driver core: Don't ignore class_dir_create_and_add() failure.
INFO: rcu detected stall in unwind_next_frame 2 241d 244d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
BUG: unable to handle kernel paging request in dput C 26 222d 225d 191d fix proc_fill_cache() in case of d_alloc_parallel() failure
general protection fault in fuse_ctl_remove_conn C 16 225d 264d 191d fuse: fix control dir setup and teardown
WARNING in bpf_int_jit_compile syz 11 199d 235d 191d bpf: reject any prog that failed read-only lock
possible deadlock in sock_hash_free C 45 233d 233d 191d bpf: sockhash fix omitted bucket lock in sock_close
possible deadlock in __might_fault (2) C 20 261d 264d 191d tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
KMSAN: uninit-value in _copy_to_iter (2) C 226 223d 268d 191d vhost: fix info leak due to uninitialized memory
BUG: unable to handle kernel NULL pointer dereference in do_select 45 201d 201d 191d net: handle NULL ->poll gracefully
kernel BUG at fs/f2fs/inode.c:LINE! C 1 271d 270d 191d f2fs: avoid bug_on on corrupted inode
WARNING: ODEBUG bug in sock_hash_free 1 205d 204d 191d bpf: sockhash fix omitted bucket lock in sock_close
KASAN: slab-out-of-bounds Write in sha512_final C 21 203d 221d 191d dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Write in rmd320_final C 44 203d 223d 191d dh key: fix rounding up KDF output length
INFO: rcu detected stall in kmem_cache_alloc_node_trace 1 279d 261d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Read in bpf_csum_update C 2 229d 227d 191d bpf: reject passing modified ctx to helper functions
KMSAN: uninit-value in ip_vs_lblcr_check_expire 2050 191d 268d 191d ipvs: initialize tbl->entries after allocation
general protection fault in wb_workfn (2) 38 211d 235d 191d bdi: Fix another oops in wb_workfn()
INFO: rcu detected stall in is_bpf_text_address C 1 242d 242d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in __vfs_write syz 14 220d 223d 191d bpfilter: fix race in pipe access
general protection fault in pipe_write syz 1 223d 222d 191d bpfilter: fix race in pipe access
possible deadlock in tcp_mmap C 1908 261d 264d 191d tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
KASAN: use-after-free Read in bpf_skb_change_proto 1 221d 220d 191d bpf: reject passing modified ctx to helper functions
KASAN: use-after-free Write in prb_fill_curr_block C 2 229d 229d 191d net/packet: refine check for priv area size
kernel BUG at fs/f2fs/node.c:LINE! C 1 270d 270d 191d ["f2fs: give message and set need_fsck given broken node id" "f2fs: give message and set need_fsck given broken node id"]
WARNING in skb_warn_bad_offload (2) C 6 263d 263d 191d udp: disable gso with no_check_tx
BUG: unable to handle kernel NULL pointer dereference in ep_item_poll C 15 201d 201d 191d net: handle NULL ->poll gracefully
WARNING in bpf_prog_select_runtime syz 45 215d 216d 191d bpf: reject any prog that failed read-only lock
KASAN: slab-out-of-bounds Read in bpf_skb_vlan_push syz 2 217d 217d 191d bpf: reject passing modified ctx to helper functions
WARNING: kernel stack regs has bad 'bp' value (3) C 7971 193d 348d 191d crypto: x86/salsa20 - remove x86 salsa20 implementations
general protection fault in __vfs_write syz 25 219d 223d 191d bpfilter: fix race in pipe access
INFO: task hung in n_tty_flush_buffer 6 200d 274d 191d n_tty: Access echo_* variables carefully.
KASAN: use-after-free Read in skb_ensure_writable C 4 220d 227d 191d bpf: reject passing modified ctx to helper functions
KASAN: use-after-free Read in build_segment_manager C 5 270d 271d 191d f2fs: sanity check for total valid node blocks
KASAN: use-after-free Read in bpf_tcp_close C 1748 196d 235d 191d bpf: sockhash fix omitted bucket lock in sock_close
KMSAN: uninit-value in nfqnl_recv_config (2) C 10 204d 219d 191d netfilter: nf_queue: augment nfqa_cfg_policy
KASAN: use-after-free Read in pipe_read C 3 221d 223d 191d bpfilter: fix race in pipe access
KASAN: slab-out-of-bounds Read in crypto_morus640_decrypt_chunk C 8 210d 217d 191d crypto: morus640 - Fix out-of-bounds access
WARNING in perf_trace_buf_alloc (2) C 22 331d 436d 191d bpf: remove tracepoints from bpf core
KASAN: use-after-free Read in finish_wait 8 220d 223d 191d bpfilter: fix race in pipe access
BUG: unable to handle kernel paging request in bpf_prog_select_runtime 1 207d 206d 191d bpf: undo prog rejection on read-only lock failure
WARNING: kmalloc bug in xdp_umem_create C 7 215d 221d 191d xsk: silence warning on memory allocation failure
KASAN: use-after-free Write in tls_push_record C 24 191d 236d 191d tls: fix use-after-free in tls_push_record
KASAN: use-after-free Read in fib6_table_lookup 1 213d 212d 191d net/ipv6: respect rcu grace period before freeing fib6_info
INFO: rcu detected stall in skb_free_head 4 229d 262d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in __kernel_write syz 7 220d 223d 191d bpfilter: fix race in pipe access
WARNING in ion_dma_buf_begin_cpu_access C 62 199d 220d 191d staging: android: ion: Return an ERR_PTR in ion_map_kernel
WARNING: lock held when returning to user space! (2) C 9 251d 252d 191d net/ipv6: fix lock imbalance in ip6_route_del()
INFO: rcu detected stall in corrupted syz 1 240d 240d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: rcu detected stall in ip_route_output_key_hash 2 242d 245d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KMSAN: uninit-value in ebt_stp_mt_check (2) C 222 191d 223d 191d netfilter: x_tables: initialise match/target check parameter struct
kernel BUG at fs/f2fs/segment.c:LINE! syz 1 270d 270d 191d ["f2fs: sanity check for total valid node blocks" "f2fs: sanity check for total valid node blocks"]
BUG: unable to handle kernel NULL pointer dereference in corrupted C 5 222d 222d 191d smc: convert to ->poll_mask
KMSAN: uninit-value in eth_mac_addr 2 193d 226d 191d rtnetlink: validate attributes in do_setlink()
KASAN: slab-out-of-bounds Write in tgr192_final C 30 203d 222d 191d dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Write in wp384_final C 27 203d 222d 191d dh key: fix rounding up KDF output length
INFO: rcu detected stall in dev_queue_xmit_nit 1 236d 236d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Write in crypto_sha3_final C 68 203d 222d 191d dh key: fix rounding up KDF output length
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto C 2 220d 220d 191d bpf: reject passing modified ctx to helper functions
BUG: unable to handle kernel paging request in build_segment_manager C 1 271d 271d 191d ["f2fs: sanity check on sit entry" "f2fs: sanity check on sit entry"]
KASAN: null-ptr-deref Write in simple_write_to_buffer C 5 231d 256d 191d PM / hibernate: Fix oops at snapshot_write()
INFO: rcu detected stall in sctp_packet_transmit 1 246d 245d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
general protection fault in touch_atime syz 6 219d 223d 191d bpfilter: fix race in pipe access
WARNING: possible circular locking dependency detected (4) C 27 264d 272d 191d tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
BUG: delta (-6195) <= 0 at net/dccp/ccids/ccid3.c:LINE/ccid3_hc_rx_send_feedback() 1 208d 208d 191d net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
INFO: rcu detected stall in sctp_chunk_put 1 230d 229d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: slab-out-of-bounds Read in ip6_xmit (3) C 69 196d 239d 191d bpf: sockmap, fix crash when ipv6 sock is added
KASAN: slab-out-of-bounds Read in skb_ensure_writable C 9 217d 227d 191d bpf: reject passing modified ctx to helper functions
INFO: rcu detected stall in sctp_generate_heartbeat_event 2 244d 253d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
KASAN: use-after-free Read in bpf_csum_update C 1 229d 227d 191d bpf: reject passing modified ctx to helper functions
BUG: soft lockup in do_raw_spin_unlock (2) 1 219d 219d 191d restore cond_resched() in shrink_dcache_parent()
BUG: unable to handle kernel paging request in bpf_int_jit_compile syz 2 203d 206d 191d bpf: undo prog rejection on read-only lock failure
general protection fault in __mnt_want_write 1 221d 221d 191d bpfilter: fix race in pipe access
KASAN: use-after-free Write in bpf_tcp_close C 67 198d 234d 191d bpf: sockhash fix omitted bucket lock in sock_close
general protection fault in bpf_tcp_close C 421 192d 235d 191d ["bpf: sockhash fix omitted bucket lock in sock_close" "bpf: sockmap, fix smap_list_map_remove when psock is in many maps"]
general protection fault in smc_ioctl C 5214 213d 243d 191d net/smc: return 0 for ioctl calls in states INIT and CLOSED
INFO: rcu detected stall in kfree_skbmem 4 231d 261d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: task hung in tty_set_termios 1 292d 291d 191d n_tty: Access echo_* variables carefully.
bpf-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 3 223d 226d 191d umh: fix race condition
WARNING in do_dentry_open C 26 215d 222d 191d bpf: implement dummy fops for bpf objects
KASAN: slab-out-of-bounds Write in prb_fill_curr_block C 2 230d 230d 191d net/packet: refine check for priv area size
KASAN: slab-out-of-bounds Read in build_segment_manager C 1 271d 271d 191d f2fs: sanity check for total valid node blocks
KASAN: use-after-free Read in xfs_inobt_init_key_from_rec C 1 288d 288d 191d xfs: fix inobt magic number check
WARNING: refcount bug in __udp_gso_segment 2 250d 251d 191d udp: avoid refcount_t saturation in __udp_gso_segment()
INFO: task hung in namespace_unlock 15 195d 204d 191d n_tty: Access echo_* variables carefully.
KMSAN: uninit-value in rtnetlink_put_metrics syz 3 225d 226d 191d net: metrics: add proper netlink validation
KASAN: slab-out-of-bounds Read in bpf_skb_change_head C 2 217d 217d 191d bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Write in sha1_finup C 119 203d 223d 191d dh key: fix rounding up KDF output length
WARNING: kmalloc bug in map_get_next_key C 5 244d 245d 191d bpf: fix sock hashmap kmalloc warning
unexpected kernel reboot (2) C 2073 191d 281d 191d kvm: vmx: Nested VM-entry prereqs for event inj.
BUG: workqueue lockup (3) C 1215 195d 248d 191d restore cond_resched() in shrink_dcache_parent()
INFO: rcu detected stall in ipv6_addr_label 1 325d 325d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
WARNING: kernel stack frame pointer has bad value C 1108 194d 272d 191d crypto: don't optimize keccakf()
KASAN: use-after-free Read in fuse_kill_sb_blk 4 242d 261d 191d fuse: don't keep dead fuse_conn at fuse_fill_super().
general protection fault in vfs_read syz 2 221d 223d 191d bpfilter: fix race in pipe access
KASAN: use-after-free Read in ip6_route_mpath_notify C 25 224d 229d 191d net/ipv6: prevent use after free in ip6_route_mpath_notify
BUG: unable to handle kernel NULL pointer dereference in do_sys_poll C 297 201d 201d 191d net: handle NULL ->poll gracefully
WARNING in ebt_do_table C 13 200d 225d 191d netfilter: ebtables: reject non-bridge targets
WARNING in sysfs_remove_group C 11125 192d 446d 191d loop: remember whether sysfs_create_group() was done
KASAN: null-ptr-deref Write in xdp_umem_unaccount_pages C 25 219d 223d 191d bpf, xdp: fix crash in xdp_umem_unaccount_pages
WARNING: kernel stack regs at (ptrval) in syzkaller has bad 'bp' value (ptrval) C 3 268d 268d 191d crypto: don't optimize keccakf()
KASAN: slab-out-of-bounds Write in tls_push_record 2 206d 220d 191d tls: fix use-after-free in tls_push_record
WARNING: suspicious RCU usage in rt6_remove_exception_rt syz 1761 266d 267d 191d net/ipv6: fix LOCKDEP issue in rt6_remove_exception_rt()
INFO: task hung in blk_queue_enter C 1595 191d 263d 191d block: don't use blocking queue entered for recursive bio submits
KASAN: use-after-free Read in skb_dequeue C 4 209d 209d 191d net/packet: fix use-after-free
KASAN: slab-out-of-bounds Write in sha1_final C 201 203d 223d 191d dh key: fix rounding up KDF output length
KASAN: use-after-free Read in corrupted C 2 246d 248d 191d fuse: don't keep dead fuse_conn at fuse_fill_super().
WARNING in ion_buffer_destroy C 7901 221d 372d 191d staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
KASAN: slab-out-of-bounds Write in tgr160_final C 55 203d 223d 191d dh key: fix rounding up KDF output length
KASAN: use-after-free Read in crypto_morus640_decrypt_chunk C 3 217d 217d 191d crypto: morus640 - Fix out-of-bounds access
WARNING: ODEBUG bug in del_timer (2) C 6 244d 245d 191d net/smc: init conn.tx_work & conn.send_lock sooner
INFO: task hung in jbd2_journal_stop 1 287d 286d 191d n_tty: Access echo_* variables carefully.
INFO: rcu detected stall in n_tty_receive_char_special C 3 263d 285d 191d n_tty: Fix stall at n_tty_receive_char_special().
net-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 8 223d 234d 191d umh: fix race condition
KMSAN: uninit-value in ip_vs_lblc_check_expire C 1431 191d 268d 191d ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()
KASAN: null-ptr-deref Read in refcount_sub_and_test C 4 271d 273d 191d net/ipv6: Fix ip6_convert_metrics() bug
INFO: rcu detected stall in __ipv6_dev_get_saddr 1 232d 232d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
WARNING: suspicious RCU usage in rt6_check_expired 4 268d 268d 191d net/ipv6: add rcu locking to ip6_negative_advice
INFO: rcu detected stall in blkdev_ioctl C 249 222d 396d 191d loop: add recursion validation to LOOP_CHANGE_FD
INFO: rcu detected stall in __save_stack_trace 3 192d 325d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: task hung in commit_echoes 1 200d 196d 191d n_tty: Access echo_* variables carefully.
WARNING: kmalloc bug in memdup_user (3) C 137 244d 245d 191d bpf: fix sock hashmap kmalloc warning
KASAN: slab-out-of-bounds Write in sha512_finup C 25 204d 220d 191d dh key: fix rounding up KDF output length
INFO: rcu detected stall in d_walk C 25680 217d 279d 191d restore cond_resched() in shrink_dcache_parent()
KASAN: use-after-free Read in pipe_wait 2 220d 221d 191d bpfilter: fix race in pipe access
INFO: rcu detected stall in save_stack_trace C 1 242d 240d 191d sctp: not allow transport timeout value less than HZ/5 for hb_timer
INFO: rcu detected stall in __process_echoes C 326 199d 294d 191d n_tty: Access echo_* variables carefully.
INFO: task hung in blk_freeze_queue C 188 193d 343d 191d loop: add recursion validation to LOOP_CHANGE_FD
upstream boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work 5 220d 222d 191d umh: fix race condition
possible deadlock in bpf_tcp_close C 152 233d 233d 191d bpf: sockhash fix omitted bucket lock in sock_close
WARNING in arch_uprobe_analyze_insn C 2 247d 247d 191d uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
KASAN: use-after-free Read in rds_cong_queue_updates C 18168 197d 328d 191d ["rds: avoid unenecessary cong_update in loop transport" "rds: clean up loopback rds_connections on netns deletion"]
KASAN: use-after-free Read in iput C 2 274d 274d 193d tracing: Fix bad use of igrab in trace_uprobe.c
INFO: task hung in ucma_destroy_id C 46 273d 309d 195d RDMA/ucma: ucma_context reference leak in error path
BUG: corrupted list in tipc_nametbl_unsubscribe C 40 253d 313d 195d tipc: fix unbalanced reference counter
general protection fault in kernel_sock_shutdown C 3329 269d 327d 195d net/smc: fix shutdown in state SMC_LISTEN
INFO: trying to register non-static key in tun_do_read C 28 247d 253d 212d tuntap: fix use after free during release
KASAN: use-after-free Read in iptunnel_handle_offloads C 133 237d 283d 212d packet: fix reserve calculation
WARNING: suspicious RCU usage in rds_loop_conn_alloc C 34303 330d 338d 218d rds: do not call ->conn_alloc with GFP_KERNEL
WARNING in kcm_exit_net (3) syz 5 230d 230d 223d kcm: Fix use-after-free caused by clonned sockets
BUG: unable to handle kernel paging request in nla_strlcpy 1 232d 232d 223d netfilter: provide correct argument to nla_strlcpy()
KASAN: use-after-free Read in nla_strlcpy C 59 227d 240d 223d netfilter: provide correct argument to nla_strlcpy()
KASAN: slab-out-of-bounds Read in nla_strlcpy C 34 227d 240d 223d netfilter: provide correct argument to nla_strlcpy()
KASAN: use-after-free Read in __dev_queue_xmit (2) C 2 241d 241d 223d packet: in packet_snd start writing at link layer allocation
general protection fault in mr_mfc_find_parent 2 236d 241d 223d ipmr: properly check rhltable_init() return value
KASAN: use-after-free Read in __sk_free 1 244d 244d 223d sock_diag: fix use-after-free read in __sk_free
KASAN: use-after-free Read in timer_is_static_object 1 244d 244d 223d dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
kernel BUG at lib/string.c:LINE! (4) C 2 245d 245d 223d ipvs: fix buffer overflow with sync daemon and service
KASAN: use-after-free Read in sock_recv_errqueue 1 246d 246d 223d packet: in packet_snd start writing at link layer allocation
general protection fault in shmem_unused_huge_count 8 245d 247d 223d fs: don't scan the inode cache before SB_BORN is set
general protection fault in kernfs_kill_sb (2) C 22 237d 249d 223d kernfs: deal with kernfs_fill_super() failures
BUG: soft lockup in _decode_session6 C 1 250d 250d 223d xfrm6: avoid potential infinite loop in _decode_session6()
BUG: spinlock bad magic in tun_do_read syz 1 254d 253d 223d tun: fix use after free for ptr_ring
kernel BUG at include/linux/mm.h:LINE! syz 68 223d 260d 223d x86/kexec: Avoid double free_page() upon do_kexec_load() failure
WARNING in __mutex_unlock_slowpath C 2 259d 262d 223d idr: fix invalid ptr dereference on item delete
general protection fault in __radix_tree_delete C 38 236d 262d 223d idr: fix invalid ptr dereference on item delete
KASAN: stack-out-of-bounds Write in compat_copy_entries syz 10 228d 266d 223d netfilter: ebtables: handle string from userspace with care
KMSAN: uninit-value in ebt_stp_mt_check C 211 223d 268d 223d netfilter: bridge: stp fix reference to uninitialized data
WARNING: ODEBUG bug in hfsplus_fill_super C 1 291d 291d 223d hfsplus: stop workqueue when fill_super() failed
KASAN: use-after-free Read in radix_tree_next_chunk C 2749 239d 291d 223d fs: don't scan the inode cache before SB_BORN is set
KASAN: use-after-free Read in skb_copy_datagram_iter C 7 259d 297d 223d packet: in packet_snd start writing at link layer allocation
BUG: unable to handle kernel paging request in smc_ib_remember_port_attr C 112 240d 297d 223d net/smc: check for missing nlattrs in SMC_PNETID messages
KASAN: use-after-free Read in copyout C 11 241d 297d 223d packet: in packet_snd start writing at link layer allocation
KASAN: use-after-free Read in remove_wait_queue (2) C 4 312d 322d 223d ppp: remove the PPPIOCDETACH ioctl
kernel BUG at net/ipv4/tcp_output.c:LINE! (2) syz 23 255d 360d 223d tcp: purge write queue in tcp_connect_init()
WARNING in dev_vprintk_emit C 77 237d 364d 223d cfg80211: further limit wiphy names to 64 bytes
KASAN: slab-out-of-bounds Read in __ext4_check_dir_entry C 18 290d 291d 232d ext4: force revalidation of directory pointer after seekdir(2)
general protection fault in gfn_to_rmap syz 7 332d 442d 244d KVM: x86: fix vcpu initialization with userspace lapic
KMSAN: uninit-value in move_addr_to_user (2) C 44 245d 252d 244d tipc: fix one byte leak in tipc_sk_set_orig_addr()
KASAN: use-after-free Read in sctp_do_sm 2 253d 253d 244d sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
BUG: bad usercopy in __check_object_size 1 255d 255d 244d llc: better deal with too small mtu
KASAN: use-after-free Read in tls_sk_proto_close (2) C 297 249d 256d 244d tls: fix use after free in tls_sk_proto_close
KMSAN: uninit-value in strcmp C 3 256d 258d 244d tipc: eliminate KMSAN uninit-value in strcmp complaint
WARNING in __snd_pcm_lib_xfer syz 6 258d 260d 244d ALSA: pcm: Check PCM state at xfern compat ioctl
BUG: MAX_LOCK_DEPTH too low! 1 260d 260d 244d nsh: fix infinite loop
KASAN: use-after-free Read in perf_trace_rpc_stats_latency 1 261d 261d 244d sunrpc: Fix latency trace point crashes
KASAN: use-after-free Read in debugfs_remove (2) 1 270d 268d 244d bdi: Fix use after free bug in debugfs_remove()
general protection fault in wb_workfn 63 245d 272d 244d bdi: Fix oops in wb_workfn()
INFO: task hung in __do_page_fault 1 276d 276d 244d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in do_vfs_ioctl 2 260d 277d 244d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in get_timespec64 1 279d 279d 244d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in handle_userfault 3 259d 281d 244d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in sock_sendmsg 1 282d 282d 244d bdi: wake up concurrent wb_shutdown() callers.
INFO: task hung in do_set_master 1 285d 285d 244d bdi: wake up concurrent wb_shutdown() callers.
WARNING in add_uevent_var C 5 290d 289d 244d cfg80211: limit wiphy names to 128 bytes
INFO: task hung in wb_shutdown (2) 5064 256d 290d 244d bdi: wake up concurrent wb_shutdown() callers.
WARNING in xfrm6_tunnel_net_exit syz 14002 247d 377d 244d xfrm: Fix warning in xfrm6_tunnel_net_exit.
KASAN: slab-out-of-bounds Read in pfkey_add C 835 250d 396d 244d af_key: Always verify length of provided sadb_key
KMSAN: uninit-value in __sctp_v6_cmp_addr C 1109 245d 246d 245d sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
BUG: unable to handle kernel NULL pointer dereference in smc_getsockopt C 9 245d 251d 245d net/smc: keep clcsock reference in smc_tcp_listen_work()
kernel BUG at kernel/softirq.c:LINE! 1 258d 258d 245d dccp: fix tasklet usage
KMSAN: uninit-value in put_cmsg C 2 259d 259d 245d rds: do not leak kernel memory to user land
WARNING: ODEBUG bug in del_timer C 200 245d 262d 245d net/smc: restrict non-blocking connect finish
KMSAN: uninit-value in rt6_multipath_hash C 3 246d 263d 245d ipv6: fix uninit-value in ip6_multipath_l3_keys()
general protection fault in smc_set_keepalive C 6 261d 267d 245d net/smc: keep clcsock reference in smc_tcp_listen_work()
KASAN: slab-out-of-bounds Read in __sctp_v6_cmp_addr C 3202 257d 269d 245d sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
WARNING: kobject bug in br_add_if 41 253d 280d 245d ["bridge: check iface upper dev when setting master via ioctl" "kobject: don't use WARN for registration failures"]
WARNING in tracepoint_probe_unregister (2) 120 254d 309d 245d tracepoint: Do not warn on ENOMEM
WARNING in tracepoint_probe_register_prio (2) C 849 245d 310d 245d tracepoint: Do not warn on ENOMEM
general protection fault in smc_getsockopt C 577 257d 317d 245d net/smc: keep clcsock reference in smc_tcp_listen_work()
general protection fault in smc_setsockopt C 504 257d 321d 245d net/smc: keep clcsock reference in smc_tcp_listen_work()
general protection fault in smc_getname C 44 257d 321d 245d net/smc: keep clcsock reference in smc_tcp_listen_work()
WARNING in tcp_sacktag_write_queue C 8 262d 333d 245d tcp: fix TCP_REPAIR_QUEUE bound checking
WARNING in tcp_mark_head_lost C 18 254d 336d 245d net-backports: tcp: ignore Fast Open on repair mode
WARNING: kmalloc bug in memdup_user (2) 1 296d 296d 247d RDMA/ucma: Correct option size check using optlen
WARNING: suspicious RCU usage in tipc_bearer_find C 21 341d 341d 247d tipc: Fix missing RTNL lock protection during setting link properties
KASAN: slab-out-of-bounds Read in clusterip_tg_check C 22 347d 353d 247d netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
general protection fault in account_system_index_time C 2 295d 294d 248d net: Fix untag for vlan packets without ethernet header
general protection fault in rdma_addr_size C 2 305d 299d 248d RDMA/ucma: Ensure that CM_ID exists prior to access it
INFO: trying to register non-static key in del_timer_sync C 89 327d 353d 248d netfilter: x_tables: fix missing timer initialization in xt_LED
BUG: unable to handle kernel paging request in memset_erms (2) C 11 346d 362d 248d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
BUG: unable to handle kernel paging request in cgroup_mt_destroy_v1 C 3 350d 350d 248d netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
KASAN: null-ptr-deref Write in linear_transfer C 116 293d 376d 248d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
KASAN: use-after-free Write in xt_rateest_put C 7 351d 352d 248d netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
BUG: workqueue lockup (2) C 406 251d 409d 248d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
WARNING: bad unlock balance in xfs_iunlock C 1 289d 289d 252d xfs: don't iunlock the quota ip when quota block
KASAN: out-of-bounds Read in ip6_xmit 2 311d 353d 252d l2tp: fix races with ipv4-mapped ipv6 addresses
KASAN: use-after-free Read in work_is_static_object 3 358d 373d 252d kcm: lock lower socket in kcm_attach
KASAN: use-after-free Read in ip6_xmit C 5174 299d 377d 252d tls: Use correct sk->sk_prot for IPV6
KASAN: use-after-free Read in __dev_queue_xmit C 10 259d 377d 252d flow_dissector: properly cap thoff field
KMSAN: uninit-value in strlcpy C 2 255d 255d 253d vti6: better validate user provided tunnel names
inconsistent lock state in fs_reclaim_acquire C 36235 253d 264d 253d random: fix possible sleeping allocation from irq context
KMSAN: uninit-value in pppoe_connect 47 253d 268d 253d pppoe: check sockaddr length in pppoe_connect()
KMSAN: uninit-value in pppol2tp_connect C 13 253d 268d 253d l2tp: check sockaddr length in pppol2tp_connect()
WARNING in __might_sleep 6 265d 269d 253d random: fix possible sleeping allocation from irq context
WARNING: suspicious RCU usage in crng_reseed 39 254d 269d 253d random: fix possible sleeping allocation from irq context
WARNING: inconsistent lock state C 22 265d 269d 253d random: fix possible sleeping allocation from irq context
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected C 2126 254d 269d 253d random: fix possible sleeping allocation from irq context
KASAN: null-ptr-deref Read in refcount_inc_not_zero C 2352 267d 269d 253d llc: fix NULL pointer deref for SOCK_ZAPPED
KMSAN: uninit-value in fib6_new_table C 3 269d 270d 253d ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
general protection fault in snd_rawmidi_ioctl_compat 1 280d 272d 253d ALSA: rawmidi: Fix missing input substream checks in compat ioctls
KASAN: use-after-free Read in llc_conn_tmr_common_cb 1 274d 272d 253d llc: delete timers synchronously in llc_sk_free()
KASAN: use-after-free Read in llc_conn_ac_send_sabme_cmd_p_set_x 1 276d 275d 253d llc: hold llc_sap before release_sock()
KASAN: use-after-free Read in tipc_nametbl_stop C 12 272d 275d 253d tipc: fix use-after-free in tipc_nametbl_stop
general protection fault in __tipc_nl_net_set syz 4 275d 276d 253d tipc: fix possible crash in __tipc_nl_net_set()
KMSAN: uninit-value in packet_set_ring C 6 260d 276d 253d net: af_packet: fix race in PACKET_{R|T}X_RING
KASAN: slab-out-of-bounds Write in perf_callchain_user syz 2 279d 279d 253d perf: Fix sample_max_stack maximum check
KMSAN: uninit-value in netif_skb_features C 119 253d 279d 253d vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
BUG: corrupted list in team_nl_cmd_options_set C 2 276d 280d 253d team: avoid adding twice the same option to the event list
BUG: unable to handle kernel paging request in snd_pcm_format_set_silence syz 11 253d 280d 253d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
KMSAN: uninit-value in neigh_dump_info C 6 266d 280d 253d net: validate attribute sizes in neigh_dump_table()
KASAN: use-after-free Read in tipc_sub_unsubscribe (2) C 5 273d 280d 253d tipc: fix unbalanced reference counter
KASAN: stack-out-of-bounds Read in __free_filter C 41 271d 280d 253d tracing: Enforce passing in filter=NULL to create_filter()
KMSAN: uninit-value in tcp_parse_options C 38 254d 280d 253d tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
KASAN: stack-out-of-bounds Write in ip6_tnl_locate 4 280d 281d 253d ip6_tunnel: better validate user provided tunnel names
KASAN: null-ptr-deref Read in xattr_getsecurity 68 269d 281d 253d commoncap: Handle memory allocation failure.
KMSAN: uninit-value in inet_getpeer C 54 253d 282d 253d inetpeer: fix uninit-value in inet_getpeer
KMSAN: uninit-value in sctp_sendmsg syz 27 254d 283d 253d sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
KMSAN: uninit-value in sctp_do_bind C 31 253d 283d 253d sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
KMSAN: uninit-value in tipc_node_get_mtu C 139 253d 284d 253d tipc: fix missing initializer in tipc_sendmsg()
KMSAN: uninit-value in __skb_try_recv_from_queue C 108 253d 284d 253d net: initialize skb->peeked when cloning
KMSAN: uninit-value in inet6_rtm_delroute C 9 272d 284d 253d net: fix rtnh_ok()
KMSAN: uninit-value in memcmp C 30 255d 284d 253d net: fix uninit-value in __hw_addr_add_ex()
KMSAN: uninit-value in inet_csk_bind_conflict C 446 253d 284d 253d soreuseport: initialise timewait reuseport field
KMSAN: uninit-value in move_addr_to_user C 74 253d 284d 253d sctp: do not leak kernel memory to user space
KMSAN: uninit-value in ip_route_output_key_hash_rcu 179 253d 284d 253d ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
KMSAN: uninit-value in fib_create_info C 19 278d 284d 253d net: fix rtnh_ok()
KMSAN: uninit-value in alg_bind C 1950 253d 284d 253d crypto: af_alg - fix possible uninit-value in alg_bind()
KMSAN: uninit-value in netlink_sendmsg C 2493 253d 284d 253d netlink: fix uninit-value in netlink_sendmsg
KMSAN: uninit-value in iptable_mangle_hook C 1134 253d 284d 253d dccp: initialize ireq->ir_mark
KMSAN: uninit-value in ip6table_mangle_hook C 601 253d 284d 253d dccp: initialize ireq->ir_mark
kernel BUG at drivers/vhost/vhost.c:LINE! (2) C 139 254d 285d 253d vhost: fix vhost_vq_access_ok() log check
WARNING in kmem_cache_free 1 285d 285d 253d crypto: drbg - set freed buffers to NULL
WARNING: lock held when returning to user space! C 40 270d 285d 253d loop: fix LOOP_GET_STATUS lock imbalance
INFO: rcu detected stall in io_playback_transfer 9 280d 285d 253d ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
INFO: rcu detected stall in __snd_pcm_lib_xfer (2) C 1064 280d 285d 253d ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
WARNING in snd_pcm_hw_params C 56 280d 286d 253d ALSA: pcm: Remove WARN_ON() at snd_pcm_hw_params() error
KASAN: stack-out-of-bounds Write in ipip6_tunnel_locate C 33 279d 286d 253d ipv6: sit: better validate user provided tunnel names
KASAN: stack-out-of-bounds Write in __ip_tunnel_create C 29 280d 286d 253d ip_tunnel: better validate user provided tunnel names
KASAN: stack-out-of-bounds Write in ip6gre_tunnel_locate C 923 278d 286d 253d ip6_gre: better validate user provided tunnel names
KASAN: use-after-free Read in binder_release_work C 6 267d 288d 253d ANDROID: binder: prevent transactions into own process.
general protection fault in ucma_set_ib_path (2) C 6 281d 288d 253d RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
KASAN: use-after-free Write in dst_release C 832 279d 289d 253d pptp: remove a buggy dst release in pptp_connect()
WARNING in ext4_superblock_csum_set C 1 289d 289d 253d ext4: always initialize the crc32c checksum driver
INFO: rcu detected stall in bitmap_parselist 8 261d 290d 253d lib: fix stall in __bitmap_parselist()
kernel BUG at fs/ext4/extents.c:LINE! C 1 290d 290d 253d ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
general protection fault in kernfs_kill_sb C 29 253d 290d 253d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in alloc_pid C 7 281d 290d 253d mm,vmscan: Allow preallocating memory for register_shrinker().
kernel BUG at drivers/tty/tty_ldisc.c:LINE! 6 275d 290d 253d ["tty: Avoid possible error pointer dereference at tty_ldisc_restore()." "tty: Use __GFP_NOFAIL for tty_ldisc_get()"]
BUG: corrupted list in __dentry_kill C 35 271d 291d 253d rpc_pipefs: fix double-dput()
general protection fault in __list_del_entry_valid (3) C 40 291d 291d 253d tipc: Fix missing list initializations in struct tipc_subscription
WARNING: refcount bug in nfs_alloc_client 2 290d 291d 253d mm,vmscan: Allow preallocating memory for register_shrinker().
WARNING: kobject bug in gfs2_sys_fs_add C 49 264d 291d 253d kobject: don't use WARN for registration failures
WARNING: refcount bug in put_pid_ns syz 6 291d 291d 253d mm,vmscan: Allow preallocating memory for register_shrinker().
WARNING in format_decode C 1 291d 291d 253d fs/reiserfs/journal.c: add missing resierfs_warning() arg
general protection fault in __mem_cgroup_free C 22 279d 291d 253d memcg: fix per_node_info cleanup
WARNING in kill_block_super C 51 275d 293d 253d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in snd_pcm_timer_resolution C 3 293d 293d 253d ALSA: pcm: Fix UAF at PCM release via PCM timer access
possible deadlock in perf_event_detach_bpf_prog 1 294d 293d 253d bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog
WARNING: kobject bug in device_add C 563 253d 293d 253d kobject: don't use WARN for registration failures
INFO: task hung in stop_sync_thread (2) C 9 277d 293d 253d ipvs: fix rtnl_lock lockups caused by start_sync_thread
possible deadlock in rtnl_lock (5) C 1009 266d 295d 253d ipvs: fix rtnl_lock lockups caused by start_sync_thread
general protection fault in tipc_sk_fill_sock_diag C 180 279d 297d 253d ["tipc: Fix namespace violation in tipc_sk_fill_sock_diag" "tipc: use the right skb in tipc_sk_fill_sock_diag()"]
WARNING in __debug_object_init C 192 286d 297d 253d alarmtimer: Init nanosleep alarm timer on stack
KASAN: use-after-free Read in pppol2tp_connect (3) C 22 279d 297d 253d l2tp: fix races in tunnel creation
WARNING in __local_bh_enable_ip (2) 23 297d 308d 253d rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock
BUG: corrupted list in sctp_association_free 1 313d 309d 253d sctp: fix error return code in sctp_sendmsg_new_asoc()
KASAN: use-after-free Read in sctp_association_free (2) C 2 313d 313d 253d sctp: Fix double free in sctp_sendmsg_to_asoc
WARNING: kobject bug in netdev_queue_update_kobjects C 27 255d 317d 253d kobject: don't use WARN for registration failures
WARNING: refcount bug in free_nsproxy 4 293d 317d 253d mm,vmscan: Allow preallocating memory for register_shrinker().
KASAN: use-after-free Read in mac80211_hwsim_del_radio 11 292d 321d 253d mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
WARNING: refcount bug in should_fail C 3 292d 323d 253d mm,vmscan: Allow preallocating memory for register_shrinker().
general protection fault in rds_sendmsg C 2 328d 328d 253d rds: rds_msg_zcopy should return error of null rm->data.op_mmp_znotifier
general protection fault in tipc_conn_close C 3 331d 332d 253d tipc: fix bug on error path in tipc_topsrv_kern_subscr()
BUG: sleeping function called from invalid context at net/core/sock.c:LINE (3) C 234 330d 334d 253d tipc: don't call sock_release() in atomic context
WARNING in strp_done C 2336 287d 336d 253d kcm: Call strp_stop before strp_done in kcm_attach
general protection fault in loopback_pos_update C 4 361d 359d 253d ALSA: pcm: Avoid potential races between OSS ioctls and read/write
INFO: task hung in __blkdev_get C 662 277d 403d 253d block/loop: fix deadlock after loop_set_status
kernel panic: n_tty: init_tty C 141 253d 437d 253d tty: Don't call panic() at tty_ldisc_init()
WARNING in tty_set_ldisc syz 177 262d 437d 253d tty: Avoid possible error pointer dereference at tty_ldisc_restore().
KASAN: use-after-free Read in shm_get_unmapped_area 19 349d 440d 253d ipc/shm: fix use-after-free of shm file via remap_file_pages()
possible deadlock in smc_close_non_accepted C 4 320d 320d 256d net/smc: simplify wait when closing listen socket
BUG: unable to handle kernel paging request in compat_copy_entries syz 5 319d 317d 267d netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
KASAN: slab-out-of-bounds Write in tcp_v6_syn_recv_sock C 1063 361d 379d 267d net/tls: Only attach to sockets in ESTABLISHED state
possible deadlock in ftrace_profile_set_filter (2) C 1007 349d 409d 267d perf/core: Fix another perf,trace,cpuhp lock inversion
KASAN: use-after-free Read in perf_trace_lock_acquire (2) C 188 349d 420d 267d vhost_net: stop device during reset owner
possible deadlock in perf_trace_destroy (2) C 2006 349d 435d 267d perf/core: Fix lock inversion between perf,trace,cpuhp
possible deadlock in __neigh_create 1 290d 290d 281d ipv6: fix possible deadlock in rt6_age_examine_exception()
WARNING in binder_send_failed_reply C 206 327d 411d 282d ANDROID: binder: remove WARN() for redundant txn error
WARNING in skb_warn_bad_offload C 6527 317d 441d 282d net: avoid skb_warn_bad_offload on IS_ERR
KASAN: use-after-free Read in disk_unblock_events C 65 337d 443d 282d genhd: Fix use after free in __blkdev_get()
general protection fault in try_to_wake_up syz 1 297d 293d 285d vlan: Fix vlan insertion for packets without ethernet header
kernel BUG at lib/string.c:LINE! (3) C 5 293d 294d 285d RDMA/ucma: Introduce safer rdma_addr_size() variants
BUG: unable to handle kernel (2) syz 1 295d 295d 285d vlan: Fix vlan insertion for packets without ethernet header
general protection fault in timerqueue_add C 2 295d 295d 285d vlan: Fix vlan insertion for packets without ethernet header
BUG: unable to handle kernel paging request in __memmove 1 295d 295d 285d vlan: Fix vlan insertion for packets without ethernet header
BUG: unable to handle kernel paging request in netdev_queue_update_kobjects syz 1 296d 296d 285d vlan: Fix vlan insertion for packets without ethernet header
general protection fault in qlist_move_cache 1 296d 296d 285d vlan: Fix vlan insertion for packets without ethernet header
possible deadlock in handle_rx C 4 297d 297d 285d vhost_net: add missing lock nesting notation
general protection fault in rdma_notify C 3 302d 299d 285d RDMA/ucma: Check that device exists prior to accessing it
general protection fault in rdma_init_qp_attr (2) C 753 292d 299d 285d RDMA/ucma: Check that device is connected prior to access it
kernel BUG at ./include/linux/skbuff.h:LINE! (2) C 5 322d 300d 285d ipv6: the entire IPv6 header chain must fit the first fragment
possible deadlock in __ipv6_dev_mc_dec 1 300d 300d 285d ipv6: fix possible deadlock in rt6_age_examine_exception()
BUG: corrupted list in remove_wait_queue C 5 298d 301d 285d vhost: correctly remove wait queue during poll failure
kernel BUG at drivers/vhost/vhost.c:LINE! C 152 285d 303d 285d vhost: validate log when IOTLB is enabled
WARNING in xt_cluster_mt C 4 323d 323d 285d netfilter: drop template ct when conntrack is skipped.
general protection fault in native_write_cr4 C 132300 288d 392d 285d KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
KASAN: use-after-free Read in worker_thread (2) syz 6 425d 434d 285d kcm: Only allow TCP sockets to be attached to a KCM mux
general protection fault in ucma_connect C 2 306d 306d 299d RDMA/ucma: Ensure that CM_ID exists prior to access it
WARNING in kmalloc_slab (4) 1 311d 309d 299d xfrm_user: uncoditionally validate esn replay attribute struct
kernel BUG at lib/string.c:LINE! (2) syz 2 310d 310d 299d RDMA/ucma: Don't allow join attempts for unsupported AF family
KASAN: null-ptr-deref Write in rdma_resolve_addr C 66 302d 313d 299d RDMA/ucma: Check AF family prior resolving address
WARNING in __proc_create C 12 319d 313d 299d netfilter: x_tables: add and use xt_check_proc_name
KASAN: use-after-free Read in snd_pcm_oss_get_formats C 3 313d 313d 299d ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
KASAN: use-after-free Read in pppol2tp_connect (2) C 10 299d 315d 299d l2tp: do not accept arbitrary sockets
BUG: unable to handle kernel paging request in ebt_among_mt_check (2) C 946 299d 315d 299d netfilter: bridge: ebt_among: add more missing match size checks
general protection fault in rdma_init_qp_attr C 2096 299d 315d 299d RDMA/ucma: Check that user doesn't overflow QP state
general protection fault in rdma_join_multicast C 258 302d 315d 299d RDMA/ucma: Fix access to non-initialized CM_ID object
KASAN: use-after-free Read in ucma_close C 176 302d 315d 299d RDMA/ucma: Fix use-after-free access in ucma_close
KASAN: slab-out-of-bounds Read in ip6_xmit (2) C 259 302d 315d 299d l2tp: fix races with ipv4-mapped ipv6 addresses
WARNING: kmalloc bug in memdup_user C 441 299d 315d 299d RDMA/ucma: Limit possible option size
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C 4 316d 316d 299d l2tp: do not accept arbitrary sockets
general protection fault in lowpan_device_event C 79 300d 317d 299d ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
possible deadlock in __might_fault C 8978 308d 323d 299d staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
INFO: rcu detected stall in xfrm_confirm_neigh 7 314d 338d 299d xfrm: Fix infinite loop in xfrm_get_dst_nexthop with transport mode.
WARNING: kmalloc bug in xfrm_add_sa C 109 299d 338d 299d xfrm_user: uncoditionally validate esn replay attribute struct
possible deadlock in get_user_pages_unlocked C 5 326d 349d 299d mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT
KASAN: stack-out-of-bounds Read in xfrm_state_find (4) C 102 299d 350d 299d xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
general protection fault in dccp_write_xmit C 5 316d 352d 299d dccp: check sk for closed state in dccp_sendmsg()
kernel panic: Out of memory and no killable processes... (2) C 1 353d 353d 299d netfilter: x_tables: make allocation less aggressive
WARNING in __xlate_proc_name C 11 317d 354d 299d netfilter: x_tables: add and use xt_check_proc_name
KASAN: use-after-free Read in pfifo_fast_enqueue C 20 301d 365d 299d net: sched: fix uses after free
possible deadlock in shmem_file_llseek C 4432 308d 371d 299d staging: android: ashmem: Fix lockdep issue during llseek
WARNING in ata_bmdma_qc_issue C 1 522d 442d 299d libata: don't try to pass through NCQ commands to non-NCQ devices
BUG: unable to handle kernel paging request in ata_bmdma_qc_prep C 13 434d 442d 299d libata: fix length validation of ATAPI-relayed SCSI commands
WARNING in ata_qc_issue C 35 428d 446d 299d libata: remove WARN() for DMA or PIO command without data
KASAN: use-after-free Read in get_work_pool syz 8 425d 447d 299d kcm: lock lower socket in kcm_attach
WARNING in kvm_arch_vcpu_ioctl_run (2) C 61018 352d 441d 309d KVM: VMX: Fix rflags cache during vCPU reset
WARNING in tracepoint_probe_unregister C 115 311d 437d 310d blktrace: fix unlocked registration of tracepoints
kernel BUG at arch/x86/kvm/x86.c:LINE! syz 20 414d 446d 310d KVM: x86: Exit to user-mode on #UD intercept when emulator requires
WARNING in tracepoint_probe_register_prio C 830 311d 446d 310d blktrace: fix unlocked registration of tracepoints
KASAN: use-after-free Read in strp_data_ready C 204 357d 449d 310d kcm: Only allow TCP sockets to be attached to a KCM mux
WARNING in refcount_sub_and_test C 75150 348d 449d 310d sctp: reset owner sk for data chunks on out queues when migrating a sock
general protection fault in hrtimer_active (2) C 10612 319d 323d 316d KVM: x86: fix vcpu initialization with userspace lapic
general protection fault in smc_create C 2 324d 324d 316d net/smc: fix NULL pointer dereference on sock_create_kern() error path
KASAN: slab-out-of-bounds Read in ip6_route_me_harder C 66 317d 325d 316d netfilter: use skb_to_full_sk in ip6_route_me_harder
KASAN: use-after-free Read in ip6_route_me_harder C 44 317d 325d 316d netfilter: use skb_to_full_sk in ip6_route_me_harder
KASAN: use-after-free Write in nf_nat_ipv6_manip_pkt C 2 332d 332d 316d netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
BUG: unable to handle kernel paging request in ebt_among_mt_check C 823 316d 332d 316d netfilter: bridge: ebt_among: add missing match size checks
WARNING in compat_copy_entries C 434 316d 332d 316d netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
WARNING in debug_print_object C 2 349d 349d 316d l2tp: fix tunnel lookup use-after-free race
KASAN: use-after-free Read in inet_shutdown C 22 318d 365d 316d l2tp: fix tunnel lookup use-after-free race
general protection fault in pppol2tp_connect C 1025 316d 365d 316d l2tp: fix tunnel lookup use-after-free race
KASAN: use-after-free Read in pppol2tp_connect C 25 316d 365d 316d l2tp: fix tunnel lookup use-after-free race
KASAN: slab-out-of-bounds Read in ip6_xmit C 156 317d 368d 316d tls: Use correct sk->sk_prot for IPV6
kernel BUG at arch/x86/kvm/mmu.c:LINE! C 695 324d 441d 316d KVM: mmu: Fix overlap between public and private memslots
WARNING in __x86_set_memory_region C 716 324d 442d 316d KVM/x86: remove WARN_ON() for when vm_munmap() fails
WARNING in handle_ept_misconfig C 238 324d 447d 316d KVM: X86: Fix SMRAM accessing even if VM is shutdown
general protection fault in arpt_do_table C 3 329d 329d 324d netfilter: add back stackpointer size checks
WARNING: ODEBUG bug in __queue_work C 2 334d 330d 324d netfilter: IDLETIMER: be syzkaller friendly
WARNING in __queue_work C 1 334d 334d 324d netfilter: IDLETIMER: be syzkaller friendly
WARNING: kmalloc bug in cpu_map_update_elem C 2677 324d 335d 324d bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
WARNING in kvmalloc_node C 513 331d 337d 324d bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
WARNING: kmalloc bug in bpf_prog_array_copy_info C 4424 324d 337d 324d bpf: fix bpf_prog_array_copy_to_user warning from perf event prog query
WARNING: ODEBUG bug in led_tg_destroy C 4 329d 338d 324d netfilter: x_tables: fix missing timer initialization in xt_LED
general protection fault in SyS_bpf (2) C 1065 324d 338d 324d bpf: fix sock_map_alloc() error path
divide error in nf_nat_l4proto_unique_tuple C 2 338d 338d 324d netfilter: nat: cope with negative port range
lost connection to test machine (4) C 1189 324d 338d 324d bpf: fix mlock precharge on arraymaps
KASAN: use-after-free Read in remove_wait_queue C 7 328d 338d 324d ANDROID: binder: synchronize_rcu() when using POLLFREE.
kernel BUG at kernel/time/timer.c:LINE! C 18 326d 338d 324d netfilter: x_tables: fix missing timer initialization in xt_LED
WARNING: bad unlock balance in hashlimit_mt_common C 2059 326d 339d 324d netfilter: xt_hashlimit: fix lock imbalance
possible deadlock in xt_find_table_lock (2) 4 342d 340d 324d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ip_getsockopt (2) 206 326d 341d 324d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ipv6_setsockopt (2) 3642 326d 341d 324d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in do_ip_setsockopt (3) 3731 326d 343d 324d netfilter: drop outermost socket lock in getsockopt()
possible deadlock in rtnl_lock (4) C 73333 326d 343d 324d netfilter: drop outermost socket lock in getsockopt()
WARNING: kmalloc bug in relay_open_buf C 10 328d 344d 324d kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
WARNING: proc registration bug in clusterip_tg_check C 779 326d 344d 324d netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation
general protection fault in ip6t_do_table C 8077 327d 354d 324d netfilter: add back stackpointer size checks
WARNING in check_flush_dependency C 2205 326d 358d 324d mac80211_hwsim: don't use WQ_MEM_RECLAIM
WARNING in kmalloc_slab (3) C 1901 325d 409d 324d kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
BUG: unable to handle kernel NULL pointer dereference in sha512_mb_mgr_get_comp_job_avx2 syz 32 355d 409d 324d crypto: sha512-mb - initialize pending lengths correctly
general protection fault in binder_poll C 159 328d 411d 324d binder: check for binder_thread allocation failure in binder_poll()
KASAN: use-after-free Read in rds_find_bound 1 386d 382d 335d rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management
KASAN: slab-out-of-bounds Read in string C 129 347d 357d 336d netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
KASAN: use-after-free Read in rds_tcp_tune 12 359d 369d 336d rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management
INFO: rcu detected stall in memcpy 12 373d 377d 336d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in tty_ioctl C 12 380d 392d 336d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
INFO: rcu detected stall in n_tty_ioctl 24 379d 392d 336d n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
KASAN: use-after-free Read in __do_page_fault syz 679 432d 443d 336d x86/mm: fix use-after-free of vma during userfaultfd fault
possible deadlock in lru_add_drain_all 1300 397d 446d 336d mm: drop hotplug lock from lru_add_drain_all()
KASAN: use-after-free Read in __schedule C 145 391d 392d 336d KVM: x86: don't forget vcpu_put() in kvm_arch_vcpu_ioctl_set_sregs()
KASAN: stack-out-of-bounds Read in csum_and_copy_from_iter_full 1 415d 411d 336d net: ipv4: fix for a race condition in raw_sendmsg
KASAN: use-after-free Read in sock_release 1 418d 413d 336d fix kcm_clone()
KASAN: use-after-free Read in rds_tcp_dev_event 1 441d 435d 336d rds: tcp: correctly sequence cleanup on netns deletion.
possible deadlock in flush_work (2) 3 435d 437d 336d SUNRPC: Destroy transport from the system workqueue
KASAN: stack-out-of-bounds Read in memcmp 1 379d 376d 337d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
KASAN: stack-out-of-bounds Read in xfrm_selector_match 368 370d 377d 337d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
KASAN: use-after-free Read in __fput 23 406d 440d 337d fix kcm_clone()
WARNING in drm_modeset_lock_all 35 440d 446d 337d drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
WARNING: kmalloc bug in tun_device_event C 15 341d 344d 338d ["ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE" "ptr_ring: try vmalloc() when kmalloc() fails"]
WARNING: suspicious RCU usage in bpf_prog_array_copy_info C 17842 338d 344d 338d bpf: fix bpf_prog_array_copy_to_user() issues
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (4) C 7264 344d 348d 338d bpf: fix bpf_prog_array_copy_to_user() issues
general protection fault in ___bpf_prog_run C 8 344d 351d 338d bpf: fix null pointer deref in bpf_prog_test_run_xdp
KASAN: use-after-free Write in xt_rateest_tg_checkentry C 2 351d 352d 338d netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
general protection fault in cgroup_mt_destroy_v1 C 91 341d 353d 338d netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
WARNING in usercopy_warn C 171 344d 362d 338d net: Whitelist the skbuff_head_cache "cb" field
KASAN: double-free or invalid-free in relay_open C 106 344d 442d 338d kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
WARNING in do_debug C 905 343d 442d 338d KVM: x86: fix escape of guest dr6 to the host
possible deadlock in rtnl_lock (3) C 3633 343d 344d 343d netfilter: on sockopt() acquire sock lock only in the required scope
possible deadlock in do_ip_setsockopt (2) 59 343d 346d 343d netfilter: on sockopt() acquire sock lock only in the required scope
WARNING: bad unlock balance in ipmr_mfc_seq_stop C 286 350d 396d 344d ip6mr: fix stale iterator
possible deadlock in rtnl_lock (2) C 10369 346d 349d 346d netfilter: on sockopt() acquire sock lock only in the required scope
suspicious RCU usage at ./include/linux/inetdevice.h:LINE (2) C 4 349d 349d 346d net: igmp: add a missing rcu locking section
possible deadlock in do_ip_getsockopt 22 348d 353d 346d netfilter: on sockopt() acquire sock lock only in the required scope
possible deadlock in xt_find_target 34 347d 354d 346d netfilter: on sockopt() acquire sock lock only in the required scope
WARNING in reuseport_add_sock C 7 359d 369d 346d soreuseport: fix mem leak in reuseport_add_sock()
WARNING in ion_ioctl C 8888 348d 377d 346d staging: android: ion: Switch from WARN to pr_warn
WARNING in __alloc_pages_slowpath C 9435 348d 377d 346d staging: android: ion: Add __GFP_NOWARN for system contig heap
lost connection to test machine (3) C 4251 346d 385d 346d netfilter: x_tables: fix int overflow in xt_alloc_table_info()
WARNING in register_lock_class C 2 393d 389d 346d ANDROID: binder: remove waitqueue when thread exits.
WARNING in sysfs_warn_dup 11 351d 394d 346d sysfs: turn WARN() into pr_warn()
KASAN: use-after-free Read in __lock_acquire (2) C 589 349d 424d 346d ANDROID: binder: remove waitqueue when thread exits.
WARNING in __check_heap_object C 5173 363d 435d 346d sctp: Define usercopy region in SCTP proto slab cache
KASAN: use-after-free Read in __list_add_valid (3) 16 350d 356d 346d vhost_net: stop device during reset owner
KASAN: use-after-free Read in fib6_lookup_1 11 366d 369d 346d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_remove_prefsrc 4 367d 369d 346d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_age 3 366d 369d 346d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in mon_bin_vma_fault 7 373d 384d 346d USB: fix usbmon BUG trigger
INFO: task hung in bpf_exit_net 1 407d 393d 346d sctp: fix the handling of ICMP Frag Needed for too small MTUs
INFO: trying to register non-static key in pfifo_fast_reset C 4 393d 395d 346d net_sched: properly check for empty skb array on error path
general protection fault in trie_get_next_key C 3 355d 356d 348d bpf: fix kernel page fault in lpm map trie_get_next_key
KASAN: use-after-free Read in tipc_group_size C 8 366d 373d 348d tipc: fix race between poll() and setsockopt()
suspicious RCU usage at net/ipv6/ip6_fib.c:LINE C 56 356d 379d 348d ipv6: remove null_entry before adding default route
BUG: Bad page state (3) C 3 373d 380d 348d USB: fix usbmon BUG trigger
WARNING in usb_submit_urb C 2 443d 435d 348d USB: usbfs: Filter flags passed in from user space
WARNING in task_participate_group_stop C 29 428d 443d 348d kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
general protection fault in __netlink_ns_capable C 74 372d 379d 349d rtnetlink: give a user socket to get_target_net()
KASAN: double-free or invalid-free in skb_free_head C 13 388d 394d 349d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel NULL pointer dereference in page_mapping C 4 393d 395d 349d RDS: null pointer dereference in rds_atomic_free_op
general protection fault in page_mapping C 46 372d 400d 349d RDS: null pointer dereference in rds_atomic_free_op
inconsistent lock state in est_fetch_counters C 5829 350d 354d 349d net_sched: gen_estimator: fix lockdep splat
WARNING in vhost_dev_cleanup C 4 351d 357d 349d vhost_net: stop device during reset owner
general protection fault in tun_queue_purge C 4 355d 357d 349d Revert "net: ptr_ring: otherwise safe empty checks can overrun array bounds"
KASAN: use-after-free Read in __wake_up_common C 888 349d 359d 349d vhost_net: stop device during reset owner
general protection fault in nfs_idmap_legacy_upcall C 4 363d 362d 349d NFS: reject request for id_legacy key without auxdata
KASAN: use-after-free Read in map_lookup_elem C 6 365d 369d 349d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in check_memory_region C 10 366d 369d 349d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in __bpf_prog_put 1 370d 370d 349d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in fib6_add (2) C 3143 372d 379d 349d ipv6: fix general protection fault in fib6_add()
kernel BUG at fs/userfaultfd.c:LINE! C 3 393d 390d 349d userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
KASAN: slab-out-of-bounds Write in sha3_update (2) C 49 351d 390d 349d crypto: hash - prevent using keyed hashes without setting key
KASAN: stack-out-of-bounds Read in rds_sendmsg C 120 379d 403d 349d RDS: Check cmsg_len before dereferencing CMSG_DATA
KASAN: slab-out-of-bounds Read in sctp_send_reset_streams C 73 392d 403d 349d sctp: make sure stream nums can match optlen in sctp_setsockopt_reset_streams
kernel BUG at drivers/android/binder_alloc.c:LINE! C 856 407d 411d 349d ANDROID: binder: fix transaction leak.
BUG: sleeping function called from invalid context at net/core/sock.c:LINE (2) 185 414d 411d 349d crypto: af_alg - remove locking in async callback
general protection fault in sidtab_search_core syz 1306 405d 411d 349d selinux: skip bounded transition processing if the policy isn't loaded
general protection fault in show_timer C 10 393d 412d 349d posix-timer: Properly check sigevent->sigev_notify
WARNING: kernel stack regs has bad 'bp' value (2) C 16238 350d 414d 349d crypto: x86/twofish-3way - Fix %rbp usage
KASAN: slab-out-of-bounds Read in strcmp C 150 405d 414d 349d selinux: ensure the context is NUL terminated in security_context_to_sid_core()
KASAN: slab-out-of-bounds Read in xfrm_hash_rebuild C 18 367d 435d 349d xfrm: skip policies marked as dead while rehashing
BUG: looking up invalid subclass: 8 C 5 436d 436d 349d ALSA: seq: Avoid invalid lockdep class warning
BUG: unable to handle kernel paging request in devpts_mntget C 21 362d 439d 349d devpts: fix error handling in devpts_mntget()
suspicious RCU usage at ./include/linux/inetdevice.h:LINE 28 432d 440d 349d fib: fib_dump_info can no longer use __in_dev_get_rtnl
KASAN: use-after-free Read in __xfrm_state_lookup C 7 442d 441d 349d xfrm: defer daddr pointer assignment after spi parsing
KASAN: use-after-free Read in sctp_association_free C 20 426d 441d 349d sctp: do not free asoc when it is already dead in sctp_sendmsg
BUG: sleeping function called from invalid context at mm/slab.h:LINE (2) 2 358d 358d 349d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: slab-out-of-bounds Read in erspan_build_header C 30 350d 358d 349d net: erspan: fix use-after-free
suspicious RCU usage at mm/slab.h:LINE 1 358d 358d 349d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: slab-out-of-bounds Read in erspan_xmit C 51 356d 359d 349d net: erspan: fix use-after-free
KASAN: use-after-free Read in erspan_xmit C 68 356d 359d 349d net: erspan: fix use-after-free
KASAN: use-after-free Read in erspan_build_header C 60 350d 359d 349d net: erspan: fix use-after-free
WARNING in xdp_rxq_info_unreg C 198 359d 359d 349d tun: avoid calling xdp_rxq_info_unreg() twice
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (3) C 5087 350d 359d 349d bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
KASAN: use-after-free Read in tipc_group_is_open C 1 366d 365d 349d tipc: fix race between poll() and setsockopt()
general protection fault in get_info C 760 366d 369d 349d netfilter: x_tables: don't return garbage pointer on modprobe failure
KASAN: use-after-free Read in rb_first_postorder C 17267 363d 372d 349d tipc: fix a potental access after delete in tipc_sk_join()
general protection fault in free_verifier_state (2) C 2 373d 373d 349d bpf: fix verifier GPF in kmalloc failure path
suspicious RCU usage at net/netfilter/ipset/ip_set_core.c:LINE C 38048 371d 376d 349d netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
general protection fault in copy_verifier_state C 2 383d 379d 349d bpf: fix verifier GPF in kmalloc failure path
possible deadlock in rtnl_lock C 15711 349d 406d 349d tuntap: fix possible deadlock when fail to register netdev
BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free 2 394d 392d 351d sctp: fix error path in sctp_stream_init
WARNING in fpu__copy 8 392d 392d 351d kvm: x86: fix WARN due to uninitialized guest FPU state
general protection fault in __rds_rdma_map C 12 403d 415d 351d rds: Fix NULL pointer dereference in __rds_rdma_map
WARNING in xfrm_state_fini C 2231 366d 421d 351d xfrm: check id proto in validate_tmpl()
general protection fault in __list_del_entry_valid (2) C 21 365d 421d 351d sget(): handle failures of register_shrinker()
KASAN: stack-out-of-bounds Read in xfrm_state_find (3) C 10353 355d 422d 351d xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
general protection fault in sctp_stream_free 17 396d 437d 351d sctp: fix error path in sctp_stream_init
possible deadlock in vhost_chr_write_iter C 25952 356d 359d 353d vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
KASAN: slab-out-of-bounds Read in __dev_queue_xmit C 6 374d 363d 353d net: qdisc_pkt_len_init() should be more robust
KASAN: use-after-free Read in psock_write_space C 6 361d 372d 353d kcm: Only allow TCP sockets to be attached to a KCM mux
kernel BUG at net/l2tp/l2tp_ppp.c:LINE! C 22 356d 378d 353d kcm: Check if sk_user_data already set in kcm_attach
general protection fault in skb_segment C 7 373d 383d 353d gso: validate gso_type in GSO handlers
kernel BUG at net/core/skbuff.c:LINE! (2) C 562 354d 443d 353d pppoe: take ->needed_headroom of lower device into account on xmit
BUG: unable to handle kernel NULL pointer dereference in proc_flush_task syz 1 396d 392d 354d pid: Handle failure to allocate the first pid in a pid namespace
KASAN: stack-out-of-bounds Read in write_mmio C 3 401d 411d 354d KVM: Fix stack-out-of-bounds read in write_mmio
general protection fault in proc_flush_task syz 2 396d 412d 354d pid: Handle failure to allocate the first pid in a pid namespace
general protection fault in lockdep_invariant_state (2) C 114 406d 434d 354d locking/lockdep: Fix possible NULL deref
general protection fault in __lock_acquire (2) C 15 355d 440d 354d tipc: fix a null pointer deref on error path
BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:LINE C 19609 416d 442d 355d KVM: x86: fix em_fxstor() sleeping while in atomic
KASAN: use-after-free Read in fib6_add_1 C 4 366d 368d 356d net-backports: ipv6: don't let tb6_root node share routes with other node
WARNING in free_loaded_vmcs C 170 414d 421d 356d KVM: VMX: Fix vmx->nested freeing when no SMI handler
KASAN: slab-out-of-bounds Read in map_lookup_elem C 6 366d 369d 358d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
possible deadlock in snd_seq_deliver_event C 6 436d 446d 358d ALSA: seq: Fix nested rwsem annotation for lockdep splat
general protection fault in ip6_xmit 16 360d 361d 359d ipv6: don't let tb6_root node share routes with other node
KASAN: use-after-free Read in fib6_ifup (2) C 18 366d 362d 359d ipv6: don't let tb6_root node share routes with other node
general protection fault in strlen C 53 361d 363d 359d netlink: reset extack earlier in netlink_rcv_skb
KASAN: stack-out-of-bounds Read in __nla_put C 57 361d 365d 359d netlink: reset extack earlier in netlink_rcv_skb
WARNING in canfd_rcv C 4 366d 365d 359d can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
WARNING in can_rcv C 5 366d 365d 359d can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
KASAN: slab-out-of-bounds Write in array_map_update_elem C 6 367d 366d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Write in array_map_update_elem C 11 365d 366d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in __bpf_map_put 1 368d 368d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
WARNING in rfkill_alloc C 6 366d 368d 359d cfg80211: check dev_set_name() return value
WARNING in wiphy_register C 15 366d 368d 359d mac80211_hwsim: validate number of different channels
divide error in ___bpf_prog_run C 28 361d 369d 359d bpf: fix 32-bit divide by zero
BUG: unable to handle kernel paging request in bpf_fd_array_map_lookup_elem 5 365d 369d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
BUG: unable to handle kernel paging request in dst_release 113 364d 370d 359d ipv6: ip6_make_skb() needs to clear cork.base.dst
KASAN: slab-out-of-bounds Read in bpf_fd_array_map_lookup_elem 7 366d 370d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in bpf_fd_array_map_lookup_elem 21 365d 371d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
WARNING in snd_interval_mulkdiv C 21 365d 371d 359d ALSA: pcm: Remove yet superfluous WARN_ON()
general protection fault in sctp_v6_get_dst C 6 371d 371d 359d sctp: do not allow the v4 socket to bind a v4mapped v6 address
WARNING in ___bpf_prog_run C 28 364d 371d 359d bpf: arsh is not supported in 32 bit alu thus reject it
WARNING in netlink_ack (2) C 6 371d 371d 359d netlink: extack needs to be reset each time through loop
BUG: unable to handle kernel paging request in fd_array_map_delete_elem 11 365d 371d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in __bpf_prog_put C 212 364d 371d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in cgroup_fd_array_put_ptr C 219 364d 371d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: slab-out-of-bounds Read in perf_event_fd_array_release C 96 364d 371d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
general protection fault in __bpf_map_put C 331 364d 371d 359d bpf, array: fix overflow in max_entries and undefined behavior in index_mask
KASAN: use-after-free Read in tls_sk_proto_close C 9 364d 372d 359d net/tls: Only attach to sockets in ESTABLISHED state
WARNING: held lock freed! C 497 363d 374d 359d sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:LINE 20 367d 376d 359d xfrm: don't call xfrm_policy_cache_flush while holding spinlock
kernel BUG at ./include/linux/skbuff.h:LINE! C 4502 364d 377d 359d esp: Fix GRO when the headers not fully in the linear part of the skb.
possible deadlock in ppp_dev_uninit C 6 365d 377d 359d ppp: unlock all_ppp_mutex before registering device
WARNING in adjust_ptr_min_max_vals C 252 361d 378d 359d bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (2) C 174 360d 440d 359d xfrm: fix rcu usage in xfrm_get_type_offload
KASAN: use-after-free Read in fib6_ifdown C 26 366d 370d 363d ipv6: remove null_entry before adding default route
KASAN: use-after-free Read in rt6_mtu_change_route 5 367d 370d 363d ipv6: remove null_entry before adding default route
INFO: task hung in snd_pcm_oss_write syz 2 371d 371d 363d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in snd_pcm_plug_write_transfer 1 371d 371d 363d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
INFO: rcu detected stall in mulaw_transfer 37 373d 377d 363d ALSA: aloop: Fix racy hw constraints adjustment
general protection fault in nf_tables_dump_obj_done C 976 372d 377d 363d netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done()
suspicious RCU usage at sound/core/pcm_lib.c:LINE 1 378d 377d 363d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
BUG: unable to handle kernel paging request in memset_erms C 35 363d 377d 363d ALSA: aloop: Fix inconsistent format due to incomplete rule
WARNING in rds_cmsg_rdma_args C 6 379d 378d 363d RDS: Heap OOB write in rds_message_alloc_sgs()
WARNING in snd_pcm_hw_param_first C 2905 371d 381d 363d ALSA: pcm: Remove incorrect snd_BUG_ON() usages
kernel BUG at ./include/linux/mm.h:LINE! (3) C 621 368d 385d 363d USB: fix usbmon BUG trigger
BUG: soft lockup (2) C 29 373d 402d 363d ALSA: pcm: Abort properly at pending signal in OSS read/write loops
general protection fault in crypto_remove_spawns C 85 377d 415d 363d crypto: algapi - fix NULL dereference in crypto_remove_spawns()
WARNING in strp_data_ready C 59034 379d 449d 364d strparser: Call sock_owned_by_user_nocheck
KASAN: double-free or invalid-free in kvm_arch_vcpu_uninit 1 372d 368d 367d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in alg_setsockopt 5 378d 376d 371d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in do_syslog 1 380d 376d 371d crypto: pcrypt - fix freeing pcrypt instances
KASAN: slab-out-of-bounds Read in cap_inode_getsecurity C 11 376d 377d 371d capabilities: fix buffer overread on very short xattr
KASAN: slab-out-of-bounds Read in cap_convert_nscap C 4148 376d 379d 371d capabilities: fix buffer overread on very short xattr
BUG: bad usercopy in strncpy_from_user 1 385d 381d 371d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel paging request in ipcget 2 392d 389d 371d crypto: pcrypt - fix freeing pcrypt instances
BUG: bad usercopy in rw_copy_check_uvector 7 374d 390d 371d crypto: pcrypt - fix freeing pcrypt instances
general protection fault in skcipher_walk_done C 8 373d 393d 371d crypto: chacha20poly1305 - validate the digest size
KASAN: use-after-free Read in __list_del_entry_valid (2) C 11 393d 394d 371d crypto: pcrypt - fix freeing pcrypt instances
BUG: unable to handle kernel NULL pointer dereference in blkcipher_walk_done C 2 398d 398d 371d crypto: chacha20poly1305 - validate the digest size
BUG: unable to handle kernel NULL pointer dereference in scatterwalk_copychunks C 3 397d 398d 371d crypto: chacha20poly1305 - validate the digest size
KASAN: wild-memory-access Write in scatterwalk_copychunks C 15 376d 402d 371d crypto: chacha20poly1305 - validate the digest size
general protection fault in scatterwalk_copychunks (2) C 141 377d 403d 371d crypto: chacha20poly1305 - validate the digest size
KASAN: use-after-free Read in handle_userfault C 151 383d 446d 371d userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
INFO: task hung in cleanup_net 1 405d 393d 379d net: Fix double free and memory corruption in get_net_ns_by_id()
KASAN: global-out-of-bounds Read in crypto_chacha20_crypt C 74 392d 395d 379d crypto: skcipher - set walk.iv for zero-length inputs
general protection fault in blkcipher_walk_first C 7 390d 401d 379d crypto: af_alg - wait for data at beginning of recvmsg
possible deadlock (2) 2 399d 401d 379d crypto: skcipher - set walk.iv for zero-length inputs
BUG: unable to handle kernel paging request in kvm_arch_vcpu_ioctl_run 1 406d 402d 379d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in copy_siginfo_to_user 1 406d 402d 379d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in match_subs_info 1 408d 403d 379d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in __put_user_8 1 409d 403d 379d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
BUG: unable to handle kernel paging request in __schedule 2 408d 403d 379d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
KASAN: use-after-free Write in aead_recvmsg C 21 391d 408d 379d crypto: af_alg - fix race accessing cipher request
BUG: unable to handle kernel paging request in __switch_to 1 413d 409d 379d x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
general protection fault in crypto_chacha20_crypt C 2374 383d 414d 379d crypto: skcipher - set walk.iv for zero-length inputs
general protection fault in blkcipher_walk_done C 47 379d 415d 379d crypto: af_alg - wait for data at beginning of recvmsg
WARNING in netlink_ack C 6 389d 390d 385d netlink: fix netlink_ack() extack race
general protection fault in free_verifier_state C 2 391d 391d 385d bpf: fix verifier NULL pointer dereference
KASAN: use-after-free in aead_recvmsg 2 403d 403d 385d crypto: algif_aead - fix reference counting of null skcipher
kernel BUG at net/packet/af_packet.c:LINE! (2) 2 409d 411d 385d make sock_alloc_file() do sock_release() on failures
WARNING in refcount_dec (2) 1 419d 419d 385d net/packet: fix a race in packet_bind() and packet_notifier()
WARNING in lock_release C 72 393d 426d 390d alloc_super(): do ->s_umount initialization earlier
general protection fault in ___cache_free 1 402d 397d 391d crypto: salsa20 - fix blkcipher_walk API usage
general protection fault in kfree 13 403d 411d 391d crypto: salsa20 - fix blkcipher_walk API usage
general protection fault in strcmp 1 412d 412d 391d KEYS: reject NULL restriction string when type is specified
WARNING in initialize_timer 2 412d 412d 391d ALSA: seq: Remove spurious WARN_ON() at timer check
WARNING: suspicious RCU usage (3) 16 413d 414d 391d crypto: salsa20 - fix blkcipher_walk API usage
KASAN: stack-out-of-bounds Write in sha3_update C 5 418d 414d 391d crypto: hmac - require that the underlying hash algorithm is unkeyed
general protection fault in af_alg_free_areq_sgls C 2916 396d 415d 391d crypto: af_alg - fix NULL pointer dereference in
KASAN: use-after-free Read in aead_recvmsg C 4338 395d 415d 391d crypto: algif_aead - fix reference counting of null skcipher
general protection fault in scatterwalk_copychunks C 414 405d 414d 405d crypto: algif_aead - skip SGL entries with NULL page
kernel BUG at net/core/dev.c:LINE! C 5 416d 420d 405d net-backports: net/packet: fix a race in packet_bind() and packet_notifier()
possible deadlock in blk_trace_remove 5 416d 423d 405d blktrace: fix trace mutex deadlock
general protection fault in fanout_demux_rollover 3 418d 437d 405d packet: fix crash in fanout_demux_rollover()
kernel panic: softlockup: hung tasks 2 485d 454d 405d SUNRPC: Allow connect to return EHOSTUNREACH
general protection fault in dax_alloc_inode 1 435d 428d 408d dax: fix general protection fault in dax_alloc_inode
kernel BUG at net/key/af_key.c:LINE! C 63 457d 449d 408d xfrm: Copy policy family in clone_policy
WARNING in snd_timer_user_info_compat C 174 418d 421d 415d ALSA: timer: Remove kernel warning at compat ioctl error paths
KASAN: use-after-free Read in tcp_ack 68 427d 429d 415d net-backports: tcp: highest_sack fix
KASAN: use-after-free Read in mpi_free C 27 425d 432d 415d crypto: dh - Fix double free of ctx->p
WARNING in free_kthread_struct C 136405 432d 435d 415d kthread: zero the kthread data structure
INFO: trying to register non-static key. (2) C 8624 433d 435d 415d tcp: fix a lockdep issue in tcp_fastopen_reset_cipher()
possible deadlock in generic_file_write_iter C 61506 415d 437d 415d block, locking/lockdep: Assign a lock_class per gendisk used for wait_for_completion()
KASAN: use-after-free Read in fsnotify 1 475d 439d 415d dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
KASAN: use-after-free Read in tipc_send_group_bcast 4 449d 440d 415d tipc: fix a dangling pointer
general protection fault in bpf_check 3 435d 440d 415d bpf: fix verifier NULL pointer dereference
general protection fault in iov_iter_fault_in_readable 5 432d 440d 415d tun: do not arm flow_gc_timer in tun_flow_init()
kernel BUG at fs/notify/dnotify/dnotify.c:LINE! 19 431d 443d 415d dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
KASAN: use-after-free Write in detach_if_pending C 4169 451d 446d 415d tun: do not arm flow_gc_timer in tun_flow_init()
KASAN: slab-out-of-bounds Read in tipc_nametbl_lookup_dst_nodes C 22388 426d 449d 415d tipc: eliminate KASAN warning
BUG: unable to handle kernel paging request in vsock_diag_dump C 6 446d 449d 415d vsock: always call vsock_init_tables()
KASAN: use-after-free Read in tipc_group_self C 2942 432d 449d 415d tipc: fix a dangling pointer
general protection fault in do_raw_spin_lock 8 447d 451d 415d net-backports: ipv6: add ip6_null_entry check in rt6_select()
general protection fault in tun_flow_cleanup 1 486d 455d 415d tun: do not arm flow_gc_timer in tun_flow_init()
KASAN: use-after-free Read in free_netdev C 42 432d 455d 415d net-tun: fix panics at dismantle time
general protection fault in hrtimer_active C 669 432d 455d 415d net-tun: fix panics at dismantle time
WARNING in fib6_add C 8225 432d 455d 415d ipv6: prevent user from adding cached routes
WARNING in tun_get_user C 17398 432d 456d 415d net-backports: tun: relax check on eth_get_headlen() return value
BUG: sleeping function called from invalid context at net/core/sock.c:LINE C 407 415d 454d 415d strparser: Use delayed work instead of timer for msg timeout
KASAN: use-after-free Read in snd_timer_user_info_compat syz 2 456d 446d 421d ALSA: timer: Add missing mutex lock for compat ioctls
WARNING in tcp_update_reordering 748 425d 422d 421d tcp: fix tcp_fastretrans_alert warning
general protection fault in asn1_ber_decoder C 5009 432d 436d 425d KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
BUG: soft lockup C 466 428d 441d 425d ALSA: timer: Limit max instances per timer
BUG: unable to handle kernel paging request in snd_seq_oss_readq_puts C 389 435d 441d 425d ALSA: seq: Fix OSS sysex delivery in OSS emulation
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) C 93 433d 441d 425d xfrm: Fix stack-out-of-bounds read in xfrm_state_find.
WARNING in refcount_add_not_zero 70 425d 441d 425d tcp: gso: avoid refcount_t warning from tcp_gso_segment()
KASAN: slab-out-of-bounds Read in asn1_ber_decoder C 17 432d 437d 432d KEYS: fix out-of-bounds read during ASN.1 parsing
KASAN: use-after-free Read in __lock_acquire syz 894 432d 441d 432d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
KASAN: use-after-free Read in do_raw_spin_unlock syz 3 441d 442d 432d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
BUG: workqueue lockup C 172 432d 442d 432d tun/tap: sanitize TUNSETSNDBUF input
WARNING in get_pi_state C 42 441d 443d 432d futex: Fix more put_pi_state() vs. exit_pi_state_list() races
INFO: rcu detected stall (2) C 56 432d 443d 432d net-backports: tun/tap: sanitize TUNSETSNDBUF input
general protection fault in __list_del_entry_valid C 72 435d 449d 432d ipsec: Fix aborted xfrm policy dump crash
WARNING in kmalloc_slab (2) C 2478 432d 449d 432d ipv6: flowlabel: do not leave opt->tot_len with garbage
KASAN: use-after-free Read in packet_getsockopt (2) syz 12 445d 454d 432d packet: avoid panic in packet_getsockopt()
WARNING in refcount_dec 9 432d 455d 432d ipv6: addrconf: increment ifp refcount before ipv6_del_addr()
general protection fault in ip6_setup_cork 56 446d 455d 432d net-backports: ipv6: flowlabel: do not leave opt->tot_len with garbage
WARNING in reuseport_alloc C 408 432d 455d 432d soreuseport: fix initialization race
KASAN: use-after-free Read in ip_queue_xmit 1 456d 456d 432d net-backports: tcp/dccp: fix ireq->opt races
KASAN: use-after-free Write in __run_timers 6144 451d 511d 432d net-backports: tun: call dev_get_valid_name() before register_netdevice()
kernel BUG at net/ipv4/tcp_output.c:LINE! 37 491d 504d 435d tcp: add an ability to dump and restore window parameters
WARNING in sk_stream_kill_queues syz 96 518d 522d 435d net-backports: dccp: purge write queue in dccp_destroy_sock()
general protection fault in refcount_sub_and_test 1 535d 520d 436d ipv6: fix NULL dereference in ip6_route_dev_notify()
KASAN: use-after-free Read in dev_queue_xmit_nit C 13 479d 490d 436d packet: hold bind lock when rebinding to fanout hook
WARNING in fib6_del 24 497d 510d 436d ipv6: fib: Unlink replaced routes from their nodes
KASAN: use-after-free Read in ccid2_hc_tx_rto_expire 5 514d 519d 436d dccp: defer ccid_hc_tx_delete() at dismantle time
BUG: unable to handle kernel NULL pointer dereference in free_fib_info_rcu 3 520d 520d 436d ipv4: fix NULL dereference in free_fib_info_rcu()
KASAN: double-free or invalid-free in selinux_tun_dev_free_security C 12033 512d 523d 436d tun: handle register_netdevice() failures properly
kernel BUG at net/core/skbuff.c:LINE! 5 449d 520d 446d ipv4: better IP_MAX_MTU enforcement
general protection fault in kvm_cpuid C 20 478d 497d 449d KVM: MMU: check guest CR3 reserved bits based on its physical address width.
KASAN: use-after-free Read in __list_add_valid syz 26 453d 500d 449d packet: hold bind lock when rebinding to fanout hook
general protection fault in skb_clone syz 3 518d 518d 449d tun: make tun_build_skb() thread safe
BUG: unable to handle kernel paging request in skb_release_data syz 15 518d 518d 449d tun: make tun_build_skb() thread safe
kernel BUG at lib/string.c:LINE! C 73 464d 479d 449d netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
WARNING in __local_bh_enable_ip 22 480d 487d 449d bpf: do not disable/enable BH in bpf_map_free_id()
WARNING in __switch_to C 535 476d 523d 449d x86/fpu: Don't let userspace set bogus xcomp_bv
WARNING: kernel stack regs has bad 'bp' value C 66131 478d 523d 449d crypto: x86/sha256-avx2 - Fix RBP usage
general protection fault in __ip_options_echo (2) C 2 498d 498d 449d udp: drop head states only when all skb references are gone
general protection fault in perf_trace_block_get_rq C 180 490d 499d 449d block: tolerate tracing of NULL bio
kernel BUG at mm/slab.c:LINE! C 860 497d 500d 449d bpf: fix numa_node validation
possible deadlock in kcm_sendpage syz 14 501d 504d 449d kcm: do not attach PF_KCM sockets to avoid deadlock
general protection fault in SyS_bpf C 10 509d 509d 449d bpf: fix a return in sockmap_get_from_fd()
WARNING in refcount_inc 7 503d 511d 449d net_sched: fix a refcount_t issue with noop_qdisc
general protection fault in __lock_acquire 5 460d 511d 449d ipv6: reset fn->rr_ptr when replacing route
KASAN: slab-out-of-bounds Read in skb_release_data 1 518d 518d 449d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in get_mm_exe_file C 2 513d 518d 449d fork: fix incorrect fput of ->exe_file causing use-after-free
KASAN: wild-memory-access Read in skb_copy_ubufs C 23 517d 518d 449d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in skb_release_data syz 7 519d 518d 449d tun: make tun_build_skb() thread safe
general protection fault in skb_release_data syz 198 517d 519d 449d tun: make tun_build_skb() thread safe
KASAN: use-after-free Read in skb_push 4 514d 520d 449d tipc: fix use-after-free
general protection fault in fib6_add 18 513d 520d 449d ipv6: repair fib6 tree in failure case
BUG: Bad page state C 2 519d 520d 449d mm/madvise.c: fix freeing of locked page with MADV_FREE
KASAN: use-after-free Read in ip6_pol_route 249 512d 521d 449d ipv6: reset fn->rr_ptr when replacing route
KASAN: use-after-free Read in free_ldt_struct C 109 506d 521d 449d x86/mm: Fix use-after-free of ldt_struct
BUG: unable to handle kernel NULL pointer dereference at ADDR C 63 506d 521d 449d strparser: initialize all callbacks
WARNING in kmalloc_slab C 22353 449d 522d 449d ptr_ring: use kmalloc_array()
WARNING in idr_replace C 1209 490d 522d 449d idr: remove WARN_ON_ONCE() when trying to replace negative ID
general protection fault in __skb_flow_dissect C 37 519d 522d 449d dsa: fix flow disector null pointer
general protection fault in fib_dump_info C 428 512d 523d 449d net: check and errout if res->fi is NULL when RTM_F_FIB_MATCH is set
suspicious RCU usage at ./include/linux/kvm_host.h:LINE C 103402 478d 523d 449d KVM: fix rcu warning on VM_CREATE errors
INFO: task hung C 13878 478d 543d 478d tcp: fix hang in tcp_sendpage_locked()
WARNING in kvm_arch_vcpu_ioctl_run C 20284 478d 543d 478d KVM: X86: Fix residual mmio emulation request to userspace
inconsistent lock state in sk_clone_lock C 16 519d 523d 498d tcp: fix possible deadlock in TCP stack vs BPF filter
BUG: sleeping function called from invalid context at mm/slab.h:LINE C 8 520d 523d 498d af_key: do not use GFP_KERNEL in atomic contexts
kernel BUG at mm/usercopy.c:LINE! C 23 519d 523d 498d udp: harden copy_linear_skb()