syzbot


Title Repro Cause bisect Fix bisect Count Last Reported Closed Patch
WARNING in unlock_new_inode C done 55 36d 74d 6d13h a8ca9f68 reiserfs: only call unlock_new_inode() if I_NEW
KASAN: slab-out-of-bounds Write in init_sb C done 3 38d 72d 7d21h 78734edd gfs2: add validation checks for size of superblock
KASAN: global-out-of-bounds Read in fbcon_resize C done 529 42d 90d 11d d31eccab fbcon: Fix user font detection test at fbcon_resize().
INFO: task hung in ucma_close C done 421 42d 455d 12d ef13017d RDMA/ucma: ucma_context reference leak in error path
KASAN: global-out-of-bounds Read in vga16fb_imageblit C done 723 42d 366d 12d 0472aa0c video: fbdev: fix OOB read in vga_8planes_imageblit()
KASAN: slab-out-of-bounds Read in ntfs_attr_find C done 10 42d 70d 12d d2918cca ntfs: add check for mft record size in superblock
KASAN: global-out-of-bounds Read in fbcon_get_font C done 42 49d 365d 19d 30386c13 fbcon: Fix global-out-of-bounds read in fbcon_get_font()
KASAN: use-after-free Read in ntfs_attr_find C done 4 51d 70d 20d d2918cca ntfs: add check for mft record size in superblock
KASAN: global-out-of-bounds Read in get_unique_tuple C done 5 64d 236d 33d 60634d81 netfilter: ctnetlink: add a range check for l3/l4 protonum
general protection fault in open_xa_dir C done 1 71d 71d 41d e2b6b343 reiserfs: Fix oops during mount
KASAN: use-after-free Read in rxrpc_see_skb syz done 1 92d 92d 42d 38eefb19 MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
INFO: task hung in nbd_ioctl (2) C done 16 89d 334d 42d 7241d653 tipc: fix shutdown() of connection oriented socket
WARNING in restore_regulatory_settings C done 2264 84d 330d 54d 02015d24 cfg80211: regulatory: reject invalid hints
general protection fault in __sock_release syz done 12 84d 97d 54d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
general protection fault in locks_remove_file syz done 6 85d 96d 54d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
general protection fault in tty_release C done 10 85d 95d 55d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in seq_release_private syz done 1 87d 87d 55d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
WARNING: ODEBUG bug in corrupted syz done 1 87d 87d 55d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
WARNING: ODEBUG bug in exit_to_usermode_loop syz done 2 89d 91d 58d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in __sock_release syz done 3 89d 97d 58d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
WARNING in snd_pcm_drop syz done 1 88d 88d 58d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
BUG: corrupted list in fuse_dev_free syz done 1 91d 91d 60d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
general protection fault in kmem_cache_free syz done 3 91d 92d 60d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in snd_pcm_oss_release syz done 1 91d 91d 60d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Write in ex_handler_refcount C done 16 91d 300d 60d af7122cf Bluetooth: add a mutex lock to avoid UAF in do_enale_set
KASAN: double-free or invalid-free in (null) syz done 1 92d 92d 62d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
BUG: corrupted list in mousedev_release syz done 1 94d 94d 63d c5c6e00f fix regression in "epoll: Keep a reference on files added to the check list"
INFO: trying to register non-static key in uhid_char_release C done 2 95d 114d 65d 9e5894b7 HID: core: Correctly handle ReportSize being zero
KASAN: slab-out-of-bounds Read in hci_event_packet C done 17 107d 580d 76d 68bb9edd Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt C done 6 107d 124d 77d 68bb9edd Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
KASAN: use-after-free Read in get_block C done 8 113d 238d 82d 0900097e fs/minix: reject too-large maximum file size
WARNING in inc_nlink C done 21 113d 255d 82d 12490f06 fs/minix: don't allow getting deleted inodes
KASAN: slab-out-of-bounds Read in get_block C done 2 113d 143d 82d 0900097e fs/minix: reject too-large maximum file size
BUG: unable to handle kernel NULL pointer dereference in get_block C done 45 113d 260d 83d 3c775629 fs/minix: check return value of sb_getblk()
KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt C done 5 117d 122d 84d d91299b8 Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
KASAN: use-after-free Read in delete_and_unsubscribe_port syz done 2 125d 125d 92d ccafbed8 ALSA: seq: oss: Serialize ioctls
KASAN: double-free or invalid-free in 0x2 syz done 1 125d 125d 92d ccafbed8 ALSA: seq: oss: Serialize ioctls
INFO: task hung in fb_release C done 48 127d 358d 96d c388072f fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
unregister_netdevice: waiting for DEV to become free C done 120 154d 592d 122d 0f7f0b05 ipvs: fix tinfo memory leak in start_sync_thread
general protection fault in batadv_iv_ogm_schedule_buff 1 229d 229d 147d e181bb93 batman-adv: Don't schedule OGM for disabled interface
KASAN: null-ptr-deref Write in choke_reset C done 283 196d 226d 166d 4836eb6b sch_choke: avoid potential panic in choke_reset()
KASAN: use-after-free Read in do_blk_trace_setup C done 342 197d 601d 166d b390c22c blktrace: fix unlocked access to init/start-stop/teardown
WARNING in xfrm_policy_insert syz done 8 201d 459d 170d 1cd914b0 xfrm: fix a warning in xfrm_policy_insert_list
KASAN: slab-out-of-bounds Write in snd_rawmidi_kernel_write1 C done 1 202d 232d 172d 8645ac36 ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
WARNING: ODEBUG bug in route4_change C done 23 244d 272d 214d f0c92f59 net_sched: cls_route: remove the right filter from hashtable
KASAN: use-after-free Write in release_tty C done 124 245d 364d 215d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
WARNING: ODEBUG bug in rfcomm_dev_ioctl C done 2 254d 254d 223d 0da9c032 Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user C done 1 255d 255d 225d 25106012 xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
WARNING: refcount bug in sock_wfree C done done 3 256d 376d 226d 968f831d sctp: fix refcount bug in sctp_wfree
KASAN: use-after-free Write in tcindex_set_parms C done 3 258d 259d 228d 9f8b6c44 net_sched: keep alloc_hash updated after hash allocation
KASAN: slab-out-of-bounds Write in tcindex_set_parms C done 2 259d 259d 229d 9f8b6c44 net_sched: keep alloc_hash updated after hash allocation
WARNING: ODEBUG bug in rfcomm_dlc_free C done 16 261d 494d 230d 0da9c032 Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: use-after-free Read in tty_open C done 5 263d 365d 233d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in tty_buffer_cancel_work C done 2 272d 361d 242d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in get_work_pool C done 1 273d 364d 243d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in n_tty_receive_buf_common C done 25 275d 364d 244d a4719f6d vt: selection, push sel_lock up
WARNING: kernel stack frame pointer has bad value C done 65 280d 584d 246d 377d7378 fjes: fix missed check in fjes_acpi_add
INFO: task hung in paste_selection C done 8 281d 356d 250d 7c315855 ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
INFO: task hung in drain_all_pages C done 1 281d 281d 251d a86265ed netfilter: xt_hashlimit: limit the max size of hashtable
INFO: task hung in tty_ldisc_hangup C done 17 289d 360d 259d a4719f6d vt: selection, push sel_lock up
INFO: task hung in hashlimit_mt_check_common C done 6 292d 343d 260d a86265ed netfilter: xt_hashlimit: limit the max size of hashtable
KASAN: stack-out-of-bounds Write in ax25_getname C done 4 291d 587d 260d ff8e12b0 vhost: Check docket sk_family instead of call getname
KASAN: slab-out-of-bounds Read in tcf_exts_destroy C done 1 295d 408d 265d 6cb448ee net_sched: fix an OOB access in cls_tcindex
general protection fault in path_openat C done 40 301d 308d 271d 40642747 vfs: fix do_last() regression
BUG: sleeping function called from invalid context in tpk_write C done 10 301d 363d 271d ab84fd0d ttyprintk: fix a potential deadlock in interrupt context issue
BUG: sleeping function called from invalid context in lock_sock_nested (2) syz done 1 303d 364d 273d 713ff7e4 crypto: af_alg - Use bh_lock_sock in sk_destruct
KASAN: use-after-free Read in ext4_xattr_set_entry C done 9 306d 398d 276d 08e4a312 ext4: validate the debug_want_extra_isize mount option at parse time
KASAN: slab-out-of-bounds Read in __nla_put_nohdr C done 2 310d 310d 279d c5fd8a37 net-sysfs: Fix reference count leak
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C done 1 313d 313d 283d c57b0f88 Documentation: Document arm64 kpti control
KASAN: use-after-free Read in snd_timer_resolution C done 1 316d 316d 285d 43bb0a16 ALSA: seq: Fix racy access for queue timer in proc read
INFO: task hung in genl_rcv_msg syz done 2 320d 320d 290d 24070b40 tcp: clear tp->total_retrans in tcp_disconnect()
WARNING in reconnect_path C done done 1 321d 381d 290d b6e209a1 exportfs: fix 'passing zero to ERR_PTR()' warning
KASAN: use-after-free Write in __alloc_skb C done 1 325d 355d 292d e8412528 net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
KASAN: use-after-free Read in cdev_put C done 6 325d 368d 294d 0ce254bc xen-blkback: prevent premature module unload
KASAN: slab-out-of-bounds Read in macvlan_broadcast C done 6 326d 331d 296d 4a953272 macvlan: do not assume mac_header is set in macvlan_broadcast()
KASAN: use-after-free Read in macvlan_broadcast C done 8 328d 331d 297d 4a953272 macvlan: do not assume mac_header is set in macvlan_broadcast()
WARNING: bad unlock balance in gtp_encap_enable_socket C done 2 328d 331d 297d 887b0296 gtp: fix bad unlock balance in gtp_encap_enable_socket
KASAN: slab-out-of-bounds Read in bpf_skb_change_tail C done 2 334d 480d 301d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto C done 2 334d 481d 301d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_clone_redirect C done 11 339d 502d 309d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_skb_change_head C done 2 343d 412d 312d 7fed98f4 bpf: reject passing modified ctx to helper functions
possible deadlock in refcount_dec_and_mutex_lock C done 10 342d 415d 312d 4df72865 nbd: verify socket is supported during setup
WARNING: refcount bug in cdev_get C done 21 343d 474d 313d 03a70959 net: usb: lan78xx: Connect PHY before registering MAC
INFO: rcu detected stall in br_handle_frame (2) C done 1 348d 348d 318d 73a6f18d pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
WARNING in ovl_rename syz done 2 352d 584d 319d 6890751c ovl: relax WARN_ON() on rename to self
inconsistent lock state in sp_get C done 2 356d 356d 325d 8b58905f 6pack,mkiss: fix possible deadlock
KASAN: slab-out-of-bounds Read in linear_transfer C done 4 357d 364d 327d 2a76606d ALSA: pcm: oss: Avoid potential buffer overflows
possible deadlock in __might_fault C done 295 359d 599d 328d d4197149 usb: mon: Fix a deadlock in usbmon between mmap and read
possible deadlock in mon_bin_vma_fault C done 282 360d 596d 330d d4197149 usb: mon: Fix a deadlock in usbmon between mmap and read
WARNING: refcount bug in kobject_get C done 20 364d 598d 334d 227db8e4 tipc: fix unlimited bundling of small messages
WARNING in refcount_error_report syz done 1 367d 366d 334d 7272e8e3 inet: protect against too small mtu values.
BUG: corrupted list in p9_fd_cancelled syz done 2 366d 411d 334d 8a82aee7 arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
BUG: unable to handle kernel paging request in slhc_free C done 4 369d 596d 338d da0bbf51 slip: make slhc_free() silently accept an error pointer
WARNING in dio_complete C done 27 369d 599d 338d 365874a0 blk-mq: avoid sysfs buffer overflow with too many CPU cores
KASAN: use-after-free Read in slip_open C done done 2 373d 373d 340d f5bcc687 slip: Fix use-after-free Read in slip_open
KASAN: use-after-free Read in kfree_skb C done 98 371d 498d 340d 79d404a2 Bluetooth: Fix invalid-free in bcsp_close()
INFO: task hung in nbd_ioctl C done 18 342d 416d 340d 4df72865 nbd: verify socket is supported during setup
WARNING: suspicious RCU usage in shmem_add_seals C done done 1435 378d 400d 347d 988f701a memfd: Use radix_tree_deref_slot_protected to avoid the warning.
possible deadlock in flush_workqueue C done 15 380d 473d 350d 4df72865 nbd: verify socket is supported during setup
WARNING in bpf_jit_free syz done 60 422d 595d 351d 47569360 bpf: fix use after free in prog symbol exposure
INFO: task hung in lo_release syz done 128 488d 601d 352d 22f36db4 Revert "block/loop: Use global lock for ioctl() operation."
BUG: unable to handle kernel NULL pointer dereference in inet_autobind C inconclusive done 3133 392d 400d 352d 7c3c0d51 sctp: not bind the socket in sctp_connect
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue C done 20 353d 591d 352d 0b584bf5 nbd: fix max number of supported devs
BUG: unable to handle kernel paging request in dummy_set_vf_vlan C done 5 386d 480d 352d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_set_vf_spoofchk C done 6 389d 501d 352d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_get_vf_config C done 4 405d 502d 355d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING: suspicious RCU usage in netem_enqueue C done 3 409d 432d 355d 6f492e80 net_sched: add max len check for TCA_KIND
BUG: unable to handle kernel paging request in dummy_set_vf_rss_query_en C done 5 409d 500d 355d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_set_vf_mac C done 5 418d 491d 356d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass C done 14 412d 452d 356d 54b9f579 net_sched: check cops->tcf_block in tc_bind_tclass()
KASAN: null-ptr-deref Write in kvm_write_guest_virt_system C done 53 418d 436d 356d 2890b718 watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
WARNING in tcp_send_loss_probe C done 22 439d 449d 359d ba2ddb43 tcp: Don't dequeue SYN/FIN-segments from write-queue
general protection fault in tcp_push C done 55 438d 449d 359d f1dcc5ed tcp: Reset send_head when removing skb from write-queue
BUG: unable to handle kernel paging request in dummy_set_vf_rate C done 3 439d 454d 359d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING in tcp_retransmit_timer C done 215 438d 449d 359d ba2ddb43 tcp: Don't dequeue SYN/FIN-segments from write-queue
general protection fault in qdisc_destroy C done 4 439d 443d 359d e0f600b6 net_sched: let qdisc_put() accept NULL pointer
INFO: rcu detected stall in mld_dad_timer_expire C done 1 445d 445d 359d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in br_handle_frame C done 15 441d 452d 361d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
WARNING in kernfs_get C done 17 471d 591d 361d 5432923a driver core: Fix use-after-free and double free on glue directory
INFO: rcu detected stall in mld_ifc_timer_expire C done 9 443d 452d 362d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
WARNING in xfrm_state_fini C done 193 445d 600d 362d cd393b38 xfrm: clean up xfrm protocol checks
INFO: rcu detected stall in addrconf_dad_work C done 18 446d 452d 362d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in corrupted C done 3 446d 468d 363d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
BUG: unable to handle kernel paging request in dummy_set_vf_trust C done 2 454d 488d 363d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING in map_lookup_elem C done 2 461d 461d 363d 95867919 KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
WARNING: refcount bug in hci_register_dev C done 3 459d 473d 363d 5432923a driver core: Fix use-after-free and double free on glue directory
kernel BUG at ./include/linux/skbuff.h:LINE! C done 16 454d 480d 363d e5df4bae tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
general protection fault in packet_lookup_frame C done 1 476d 476d 364d 5ac73816 net/packet: fix race in tpacket_snd()
WARNING: refcount bug in kobject_put C done 3 481d 587d 364d 5432923a driver core: Fix use-after-free and double free on glue directory
general protection fault in tcf_ife_init C done 12 492d 502d 365d 7fcc60e5 ife: error out when nla attributes are empty
general protection fault in kernfs_add_one C done 5 489d 558d 365d 5432923a driver core: Fix use-after-free and double free on glue directory
WARNING in sysfs_remove_group C done 1 505d 505d 366d 5432923a driver core: Fix use-after-free and double free on glue directory
BUG: unable to handle kernel paging request in coalesced_mmio_write C done 4 522d 529d 367d bf81752d KVM: coalesced_mmio: add bounds checking
WARNING in kernfs_put C done 2 521d 587d 367d 5432923a driver core: Fix use-after-free and double free on glue directory
KASAN: use-after-free Read in erspan_build_header C done 18 567d 601d 368d 1d629bf9 net: erspan: fix use-after-free
KASAN: slab-out-of-bounds Read in erspan_build_header C done 8 565d 601d 368d d93fb604 tipc: fix modprobe tipc failed after switch order of device registration
WARNING in notify_change C done 14 530d 596d 368d 2c546242 Abort file_remove_privs() for non-reg. files
KASAN: use-after-free Read in tcp_init_tso_segs C 1424 438d 449d 425d f1dcc5ed tcp: Reset send_head when removing skb from write-queue