syzbot


Title Repro Bisected Count Last Reported Closed Patch
general protection fault in batadv_iv_ogm_schedule_buff 1 84d 84d 2d06h e181bb93 batman-adv: Don't schedule OGM for disabled interface
KASAN: null-ptr-deref Write in choke_reset C fix 283 51d 81d 21d 4836eb6b sch_choke: avoid potential panic in choke_reset()
KASAN: use-after-free Read in do_blk_trace_setup C fix 342 52d 456d 21d b390c22c blktrace: fix unlocked access to init/start-stop/teardown
WARNING in xfrm_policy_insert syz fix 8 56d 314d 25d 1cd914b0 xfrm: fix a warning in xfrm_policy_insert_list
KASAN: slab-out-of-bounds Write in snd_rawmidi_kernel_write1 C fix 1 57d 87d 27d 8645ac36 ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
WARNING: ODEBUG bug in route4_change C fix 23 99d 127d 69d f0c92f59 net_sched: cls_route: remove the right filter from hashtable
KASAN: use-after-free Write in release_tty C fix 124 100d 219d 70d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
WARNING: ODEBUG bug in rfcomm_dev_ioctl C fix 2 109d 109d 78d 0da9c032 Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user C fix 1 110d 110d 80d 25106012 xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
WARNING: refcount bug in sock_wfree C cause+fix 3 111d 231d 81d 968f831d sctp: fix refcount bug in sctp_wfree
KASAN: use-after-free Write in tcindex_set_parms C fix 3 113d 114d 83d 9f8b6c44 net_sched: keep alloc_hash updated after hash allocation
KASAN: slab-out-of-bounds Write in tcindex_set_parms C fix 2 114d 114d 84d 9f8b6c44 net_sched: keep alloc_hash updated after hash allocation
WARNING: ODEBUG bug in rfcomm_dlc_free C fix 16 116d 349d 85d 0da9c032 Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: use-after-free Read in tty_open C fix 5 118d 220d 88d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in tty_buffer_cancel_work C fix 2 127d 216d 97d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in get_work_pool C fix 1 128d 219d 98d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in n_tty_receive_buf_common C fix 25 130d 219d 99d a4719f6d vt: selection, push sel_lock up
WARNING: kernel stack frame pointer has bad value C fix 65 135d 439d 101d 377d7378 fjes: fix missed check in fjes_acpi_add
INFO: task hung in paste_selection C fix 8 136d 211d 105d 7c315855 ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
INFO: task hung in drain_all_pages C fix 1 136d 136d 106d a86265ed netfilter: xt_hashlimit: limit the max size of hashtable
INFO: task hung in tty_ldisc_hangup C fix 17 144d 215d 114d a4719f6d vt: selection, push sel_lock up
INFO: task hung in hashlimit_mt_check_common C fix 6 147d 198d 115d a86265ed netfilter: xt_hashlimit: limit the max size of hashtable
KASAN: stack-out-of-bounds Write in ax25_getname C fix 4 146d 442d 115d ff8e12b0 vhost: Check docket sk_family instead of call getname
KASAN: slab-out-of-bounds Read in tcf_exts_destroy C fix 1 150d 263d 120d 6cb448ee net_sched: fix an OOB access in cls_tcindex
general protection fault in path_openat C fix 40 156d 163d 126d 40642747 vfs: fix do_last() regression
BUG: sleeping function called from invalid context in tpk_write C fix 10 156d 218d 126d ab84fd0d ttyprintk: fix a potential deadlock in interrupt context issue
BUG: sleeping function called from invalid context in lock_sock_nested (2) syz fix 1 158d 219d 128d 713ff7e4 crypto: af_alg - Use bh_lock_sock in sk_destruct
KASAN: use-after-free Read in ext4_xattr_set_entry C fix 9 161d 253d 131d 08e4a312 ext4: validate the debug_want_extra_isize mount option at parse time
KASAN: slab-out-of-bounds Read in __nla_put_nohdr C fix 2 165d 165d 134d c5fd8a37 net-sysfs: Fix reference count leak
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C fix 1 168d 168d 138d c57b0f88 Documentation: Document arm64 kpti control
KASAN: use-after-free Read in snd_timer_resolution C fix 1 171d 171d 140d 43bb0a16 ALSA: seq: Fix racy access for queue timer in proc read
INFO: task hung in genl_rcv_msg syz fix 2 175d 175d 145d 24070b40 tcp: clear tp->total_retrans in tcp_disconnect()
WARNING in reconnect_path C cause+fix 1 176d 236d 145d b6e209a1 exportfs: fix 'passing zero to ERR_PTR()' warning
KASAN: use-after-free Write in __alloc_skb C fix 1 180d 210d 147d e8412528 net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
KASAN: use-after-free Read in cdev_put C fix 6 180d 223d 149d 0ce254bc xen-blkback: prevent premature module unload
KASAN: slab-out-of-bounds Read in macvlan_broadcast C fix 6 181d 186d 151d 4a953272 macvlan: do not assume mac_header is set in macvlan_broadcast()
KASAN: use-after-free Read in macvlan_broadcast C fix 8 183d 186d 152d 4a953272 macvlan: do not assume mac_header is set in macvlan_broadcast()
WARNING: bad unlock balance in gtp_encap_enable_socket C fix 2 183d 186d 152d 887b0296 gtp: fix bad unlock balance in gtp_encap_enable_socket
KASAN: slab-out-of-bounds Read in bpf_skb_change_tail C fix 2 189d 335d 156d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto C fix 2 189d 336d 156d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_clone_redirect C fix 11 194d 357d 164d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_skb_change_head C fix 2 198d 267d 167d 7fed98f4 bpf: reject passing modified ctx to helper functions
possible deadlock in refcount_dec_and_mutex_lock C fix 10 197d 270d 167d 4df72865 nbd: verify socket is supported during setup
WARNING: refcount bug in cdev_get C fix 21 198d 329d 168d 03a70959 net: usb: lan78xx: Connect PHY before registering MAC
INFO: rcu detected stall in br_handle_frame (2) C fix 1 203d 203d 173d 73a6f18d pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
WARNING in ovl_rename syz fix 2 207d 439d 174d 6890751c ovl: relax WARN_ON() on rename to self
inconsistent lock state in sp_get C fix 2 211d 211d 180d 8b58905f 6pack,mkiss: fix possible deadlock
KASAN: slab-out-of-bounds Read in linear_transfer C fix 4 212d 219d 182d 2a76606d ALSA: pcm: oss: Avoid potential buffer overflows
possible deadlock in __might_fault C fix 295 214d 454d 183d d4197149 usb: mon: Fix a deadlock in usbmon between mmap and read
possible deadlock in mon_bin_vma_fault C fix 282 215d 451d 185d d4197149 usb: mon: Fix a deadlock in usbmon between mmap and read
WARNING: refcount bug in kobject_get C fix 20 219d 453d 189d 227db8e4 tipc: fix unlimited bundling of small messages
WARNING in refcount_error_report syz fix 1 222d 221d 189d 7272e8e3 inet: protect against too small mtu values.
BUG: corrupted list in p9_fd_cancelled syz fix 2 221d 266d 189d 8a82aee7 arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
BUG: unable to handle kernel paging request in slhc_free C fix 4 224d 451d 193d da0bbf51 slip: make slhc_free() silently accept an error pointer
WARNING in dio_complete C fix 27 224d 454d 193d 365874a0 blk-mq: avoid sysfs buffer overflow with too many CPU cores
KASAN: use-after-free Read in slip_open C cause+fix 2 228d 228d 195d f5bcc687 slip: Fix use-after-free Read in slip_open
KASAN: use-after-free Read in kfree_skb C fix 98 226d 353d 195d 79d404a2 Bluetooth: Fix invalid-free in bcsp_close()
INFO: task hung in nbd_ioctl C fix 18 197d 271d 195d 4df72865 nbd: verify socket is supported during setup
WARNING: suspicious RCU usage in shmem_add_seals C cause+fix 1435 233d 255d 202d 988f701a memfd: Use radix_tree_deref_slot_protected to avoid the warning.
possible deadlock in flush_workqueue C fix 15 235d 328d 205d 4df72865 nbd: verify socket is supported during setup
WARNING in bpf_jit_free syz fix 60 277d 450d 206d 47569360 bpf: fix use after free in prog symbol exposure
INFO: task hung in lo_release syz fix 128 343d 456d 207d 22f36db4 Revert "block/loop: Use global lock for ioctl() operation."
BUG: unable to handle kernel NULL pointer dereference in inet_autobind C cause+fix 3133 247d 255d 207d 7c3c0d51 sctp: not bind the socket in sctp_connect
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue C fix 20 208d 446d 207d 0b584bf5 nbd: fix max number of supported devs
BUG: unable to handle kernel paging request in dummy_set_vf_vlan C fix 5 241d 335d 207d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_set_vf_spoofchk C fix 6 244d 356d 207d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_get_vf_config C fix 4 260d 357d 210d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING: suspicious RCU usage in netem_enqueue C fix 3 264d 287d 210d 6f492e80 net_sched: add max len check for TCA_KIND
BUG: unable to handle kernel paging request in dummy_set_vf_rss_query_en C fix 5 264d 356d 210d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_set_vf_mac C fix 5 273d 346d 211d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass C fix 14 267d 307d 211d 54b9f579 net_sched: check cops->tcf_block in tc_bind_tclass()
KASAN: null-ptr-deref Write in kvm_write_guest_virt_system C fix 53 273d 291d 211d 2890b718 watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
WARNING in tcp_send_loss_probe C fix 22 294d 304d 214d ba2ddb43 tcp: Don't dequeue SYN/FIN-segments from write-queue
general protection fault in tcp_push C fix 55 293d 304d 214d f1dcc5ed tcp: Reset send_head when removing skb from write-queue
BUG: unable to handle kernel paging request in dummy_set_vf_rate C fix 3 294d 309d 214d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING in tcp_retransmit_timer C fix 215 293d 304d 214d ba2ddb43 tcp: Don't dequeue SYN/FIN-segments from write-queue
general protection fault in qdisc_destroy C fix 4 294d 298d 214d e0f600b6 net_sched: let qdisc_put() accept NULL pointer
INFO: rcu detected stall in mld_dad_timer_expire C fix 1 300d 300d 214d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in br_handle_frame C fix 15 296d 307d 216d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
WARNING in kernfs_get C fix 17 326d 446d 216d 5432923a driver core: Fix use-after-free and double free on glue directory
INFO: rcu detected stall in mld_ifc_timer_expire C fix 9 298d 307d 217d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
WARNING in xfrm_state_fini C fix 193 300d 455d 217d cd393b38 xfrm: clean up xfrm protocol checks
INFO: rcu detected stall in addrconf_dad_work C fix 18 301d 307d 217d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in corrupted C fix 3 301d 323d 218d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
BUG: unable to handle kernel paging request in dummy_set_vf_trust C fix 2 309d 343d 218d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING in map_lookup_elem C fix 2 316d 316d 218d 95867919 KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
WARNING: refcount bug in hci_register_dev C fix 3 314d 328d 218d 5432923a driver core: Fix use-after-free and double free on glue directory
kernel BUG at ./include/linux/skbuff.h:LINE! C fix 16 309d 335d 218d e5df4bae tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
general protection fault in packet_lookup_frame C fix 1 331d 331d 219d 5ac73816 net/packet: fix race in tpacket_snd()
WARNING: refcount bug in kobject_put C fix 3 336d 442d 219d 5432923a driver core: Fix use-after-free and double free on glue directory
general protection fault in tcf_ife_init C fix 12 347d 357d 220d 7fcc60e5 ife: error out when nla attributes are empty
general protection fault in kernfs_add_one C fix 5 344d 413d 220d 5432923a driver core: Fix use-after-free and double free on glue directory
WARNING in sysfs_remove_group C fix 1 360d 360d 221d 5432923a driver core: Fix use-after-free and double free on glue directory
BUG: unable to handle kernel paging request in coalesced_mmio_write C fix 4 377d 384d 222d bf81752d KVM: coalesced_mmio: add bounds checking
WARNING in kernfs_put C fix 2 376d 442d 222d 5432923a driver core: Fix use-after-free and double free on glue directory
KASAN: use-after-free Read in erspan_build_header C fix 18 422d 456d 223d 1d629bf9 net: erspan: fix use-after-free
KASAN: slab-out-of-bounds Read in erspan_build_header C fix 8 420d 456d 223d d93fb604 tipc: fix modprobe tipc failed after switch order of device registration
WARNING in notify_change C fix 14 385d 451d 223d 2c546242 Abort file_remove_privs() for non-reg. files
KASAN: use-after-free Read in tcp_init_tso_segs C 1424 293d 304d 280d f1dcc5ed tcp: Reset send_head when removing skb from write-queue