syzbot


Title Repro Bisected Count Last Reported Closed Patch
KASAN: slab-out-of-bounds Read in hci_event_packet C fix 17 38d 511d 7d22h 68bb9edd Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt C fix 6 38d 55d 8d11h 68bb9edd Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
KASAN: use-after-free Read in get_block C fix 8 44d 169d 13d 0900097e fs/minix: reject too-large maximum file size
WARNING in inc_nlink C fix 21 44d 186d 13d 12490f06 fs/minix: don't allow getting deleted inodes
KASAN: slab-out-of-bounds Read in get_block C fix 2 44d 74d 13d 0900097e fs/minix: reject too-large maximum file size
BUG: unable to handle kernel NULL pointer dereference in get_block C fix 45 44d 191d 14d 3c775629 fs/minix: check return value of sb_getblk()
KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt C fix 5 48d 53d 15d d91299b8 Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
KASAN: use-after-free Read in delete_and_unsubscribe_port syz fix 2 56d 56d 23d ccafbed8 ALSA: seq: oss: Serialize ioctls
KASAN: double-free or invalid-free in 0x2 syz fix 1 56d 56d 23d ccafbed8 ALSA: seq: oss: Serialize ioctls
INFO: task hung in fb_release C fix 48 58d 289d 27d c388072f fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
unregister_netdevice: waiting for DEV to become free C fix 120 85d 523d 53d 0f7f0b05 ipvs: fix tinfo memory leak in start_sync_thread
general protection fault in batadv_iv_ogm_schedule_buff 1 160d 160d 78d e181bb93 batman-adv: Don't schedule OGM for disabled interface
KASAN: null-ptr-deref Write in choke_reset C fix 283 127d 157d 97d 4836eb6b sch_choke: avoid potential panic in choke_reset()
KASAN: use-after-free Read in do_blk_trace_setup C fix 342 128d 532d 97d b390c22c blktrace: fix unlocked access to init/start-stop/teardown
WARNING in xfrm_policy_insert syz fix 8 132d 390d 101d 1cd914b0 xfrm: fix a warning in xfrm_policy_insert_list
KASAN: slab-out-of-bounds Write in snd_rawmidi_kernel_write1 C fix 1 133d 163d 103d 8645ac36 ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
WARNING: ODEBUG bug in route4_change C fix 23 175d 203d 145d f0c92f59 net_sched: cls_route: remove the right filter from hashtable
KASAN: use-after-free Write in release_tty C fix 124 176d 295d 146d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
WARNING: ODEBUG bug in rfcomm_dev_ioctl C fix 2 185d 185d 154d 0da9c032 Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user C fix 1 186d 186d 156d 25106012 xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
WARNING: refcount bug in sock_wfree C cause+fix 3 187d 307d 157d 968f831d sctp: fix refcount bug in sctp_wfree
KASAN: use-after-free Write in tcindex_set_parms C fix 3 189d 190d 159d 9f8b6c44 net_sched: keep alloc_hash updated after hash allocation
KASAN: slab-out-of-bounds Write in tcindex_set_parms C fix 2 190d 190d 160d 9f8b6c44 net_sched: keep alloc_hash updated after hash allocation
WARNING: ODEBUG bug in rfcomm_dlc_free C fix 16 192d 425d 161d 0da9c032 Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: use-after-free Read in tty_open C fix 5 194d 296d 164d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in tty_buffer_cancel_work C fix 2 203d 292d 173d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in get_work_pool C fix 1 204d 294d 174d b9eb60a0 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
KASAN: use-after-free Read in n_tty_receive_buf_common C fix 25 206d 295d 175d a4719f6d vt: selection, push sel_lock up
WARNING: kernel stack frame pointer has bad value C fix 65 211d 515d 177d 377d7378 fjes: fix missed check in fjes_acpi_add
INFO: task hung in paste_selection C fix 8 212d 287d 181d 7c315855 ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
INFO: task hung in drain_all_pages C fix 1 212d 212d 182d a86265ed netfilter: xt_hashlimit: limit the max size of hashtable
INFO: task hung in tty_ldisc_hangup C fix 17 220d 291d 190d a4719f6d vt: selection, push sel_lock up
INFO: task hung in hashlimit_mt_check_common C fix 6 223d 274d 191d a86265ed netfilter: xt_hashlimit: limit the max size of hashtable
KASAN: stack-out-of-bounds Write in ax25_getname C fix 4 222d 518d 191d ff8e12b0 vhost: Check docket sk_family instead of call getname
KASAN: slab-out-of-bounds Read in tcf_exts_destroy C fix 1 226d 339d 196d 6cb448ee net_sched: fix an OOB access in cls_tcindex
general protection fault in path_openat C fix 40 232d 239d 202d 40642747 vfs: fix do_last() regression
BUG: sleeping function called from invalid context in tpk_write C fix 10 232d 294d 202d ab84fd0d ttyprintk: fix a potential deadlock in interrupt context issue
BUG: sleeping function called from invalid context in lock_sock_nested (2) syz fix 1 234d 295d 204d 713ff7e4 crypto: af_alg - Use bh_lock_sock in sk_destruct
KASAN: use-after-free Read in ext4_xattr_set_entry C fix 9 237d 329d 207d 08e4a312 ext4: validate the debug_want_extra_isize mount option at parse time
KASAN: slab-out-of-bounds Read in __nla_put_nohdr C fix 2 241d 241d 210d c5fd8a37 net-sysfs: Fix reference count leak
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C fix 1 244d 244d 214d c57b0f88 Documentation: Document arm64 kpti control
KASAN: use-after-free Read in snd_timer_resolution C fix 1 247d 247d 216d 43bb0a16 ALSA: seq: Fix racy access for queue timer in proc read
INFO: task hung in genl_rcv_msg syz fix 2 251d 251d 221d 24070b40 tcp: clear tp->total_retrans in tcp_disconnect()
WARNING in reconnect_path C cause+fix 1 252d 312d 221d b6e209a1 exportfs: fix 'passing zero to ERR_PTR()' warning
KASAN: use-after-free Write in __alloc_skb C fix 1 256d 286d 223d e8412528 net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
KASAN: use-after-free Read in cdev_put C fix 6 256d 299d 225d 0ce254bc xen-blkback: prevent premature module unload
KASAN: slab-out-of-bounds Read in macvlan_broadcast C fix 6 257d 262d 227d 4a953272 macvlan: do not assume mac_header is set in macvlan_broadcast()
KASAN: use-after-free Read in macvlan_broadcast C fix 8 259d 262d 228d 4a953272 macvlan: do not assume mac_header is set in macvlan_broadcast()
WARNING: bad unlock balance in gtp_encap_enable_socket C fix 2 259d 262d 228d 887b0296 gtp: fix bad unlock balance in gtp_encap_enable_socket
KASAN: slab-out-of-bounds Read in bpf_skb_change_tail C fix 2 265d 411d 232d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto C fix 2 265d 412d 232d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_clone_redirect C fix 11 270d 433d 240d 7fed98f4 bpf: reject passing modified ctx to helper functions
KASAN: slab-out-of-bounds Read in bpf_skb_change_head C fix 2 274d 343d 243d 7fed98f4 bpf: reject passing modified ctx to helper functions
possible deadlock in refcount_dec_and_mutex_lock C fix 10 273d 346d 243d 4df72865 nbd: verify socket is supported during setup
WARNING: refcount bug in cdev_get C fix 21 274d 405d 244d 03a70959 net: usb: lan78xx: Connect PHY before registering MAC
INFO: rcu detected stall in br_handle_frame (2) C fix 1 279d 279d 249d 73a6f18d pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
WARNING in ovl_rename syz fix 2 283d 515d 250d 6890751c ovl: relax WARN_ON() on rename to self
inconsistent lock state in sp_get C fix 2 287d 287d 256d 8b58905f 6pack,mkiss: fix possible deadlock
KASAN: slab-out-of-bounds Read in linear_transfer C fix 4 288d 295d 258d 2a76606d ALSA: pcm: oss: Avoid potential buffer overflows
possible deadlock in __might_fault C fix 295 290d 530d 259d d4197149 usb: mon: Fix a deadlock in usbmon between mmap and read
possible deadlock in mon_bin_vma_fault C fix 282 291d 527d 261d d4197149 usb: mon: Fix a deadlock in usbmon between mmap and read
WARNING: refcount bug in kobject_get C fix 20 295d 529d 265d 227db8e4 tipc: fix unlimited bundling of small messages
WARNING in refcount_error_report syz fix 1 298d 297d 265d 7272e8e3 inet: protect against too small mtu values.
BUG: corrupted list in p9_fd_cancelled syz fix 2 297d 342d 265d 8a82aee7 arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
BUG: unable to handle kernel paging request in slhc_free C fix 4 300d 527d 269d da0bbf51 slip: make slhc_free() silently accept an error pointer
WARNING in dio_complete C fix 27 300d 530d 269d 365874a0 blk-mq: avoid sysfs buffer overflow with too many CPU cores
KASAN: use-after-free Read in slip_open C cause+fix 2 304d 304d 271d f5bcc687 slip: Fix use-after-free Read in slip_open
KASAN: use-after-free Read in kfree_skb C fix 98 301d 429d 271d 79d404a2 Bluetooth: Fix invalid-free in bcsp_close()
INFO: task hung in nbd_ioctl C fix 18 273d 347d 271d 4df72865 nbd: verify socket is supported during setup
WARNING: suspicious RCU usage in shmem_add_seals C cause+fix 1435 309d 331d 278d 988f701a memfd: Use radix_tree_deref_slot_protected to avoid the warning.
possible deadlock in flush_workqueue C fix 15 311d 404d 281d 4df72865 nbd: verify socket is supported during setup
WARNING in bpf_jit_free syz fix 60 353d 526d 282d 47569360 bpf: fix use after free in prog symbol exposure
INFO: task hung in lo_release syz fix 128 419d 532d 283d 22f36db4 Revert "block/loop: Use global lock for ioctl() operation."
BUG: unable to handle kernel NULL pointer dereference in inet_autobind C cause+fix 3133 323d 331d 283d 7c3c0d51 sctp: not bind the socket in sctp_connect
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue C fix 20 284d 522d 283d 0b584bf5 nbd: fix max number of supported devs
BUG: unable to handle kernel paging request in dummy_set_vf_vlan C fix 5 317d 411d 283d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_set_vf_spoofchk C fix 6 320d 432d 283d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_get_vf_config C fix 4 336d 433d 286d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING: suspicious RCU usage in netem_enqueue C fix 3 340d 363d 286d 6f492e80 net_sched: add max len check for TCA_KIND
BUG: unable to handle kernel paging request in dummy_set_vf_rss_query_en C fix 5 340d 431d 286d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel paging request in dummy_set_vf_mac C fix 5 349d 422d 287d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass C fix 14 343d 383d 287d 54b9f579 net_sched: check cops->tcf_block in tc_bind_tclass()
KASAN: null-ptr-deref Write in kvm_write_guest_virt_system C fix 53 349d 367d 287d 2890b718 watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
WARNING in tcp_send_loss_probe C fix 22 370d 380d 290d ba2ddb43 tcp: Don't dequeue SYN/FIN-segments from write-queue
general protection fault in tcp_push C fix 55 369d 380d 290d f1dcc5ed tcp: Reset send_head when removing skb from write-queue
BUG: unable to handle kernel paging request in dummy_set_vf_rate C fix 3 370d 385d 290d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING in tcp_retransmit_timer C fix 215 369d 380d 290d ba2ddb43 tcp: Don't dequeue SYN/FIN-segments from write-queue
general protection fault in qdisc_destroy C fix 4 370d 374d 290d e0f600b6 net_sched: let qdisc_put() accept NULL pointer
INFO: rcu detected stall in mld_dad_timer_expire C fix 1 376d 376d 290d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in br_handle_frame C fix 15 372d 383d 292d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
WARNING in kernfs_get C fix 17 402d 522d 292d 5432923a driver core: Fix use-after-free and double free on glue directory
INFO: rcu detected stall in mld_ifc_timer_expire C fix 9 374d 383d 293d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
WARNING in xfrm_state_fini C fix 193 376d 531d 293d cd393b38 xfrm: clean up xfrm protocol checks
INFO: rcu detected stall in addrconf_dad_work C fix 18 377d 383d 293d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in corrupted C fix 3 377d 399d 294d cc243e24 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
BUG: unable to handle kernel paging request in dummy_set_vf_trust C fix 2 385d 419d 294d 9ed49fc9 net: rtnetlink: prevent underflows in do_setvfinfo()
WARNING in map_lookup_elem C fix 2 392d 392d 294d 95867919 KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
WARNING: refcount bug in hci_register_dev C fix 3 390d 404d 294d 5432923a driver core: Fix use-after-free and double free on glue directory
kernel BUG at ./include/linux/skbuff.h:LINE! C fix 16 385d 411d 294d e5df4bae tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
general protection fault in packet_lookup_frame C fix 1 407d 407d 295d 5ac73816 net/packet: fix race in tpacket_snd()
WARNING: refcount bug in kobject_put C fix 3 412d 518d 295d 5432923a driver core: Fix use-after-free and double free on glue directory
general protection fault in tcf_ife_init C fix 12 423d 433d 296d 7fcc60e5 ife: error out when nla attributes are empty
general protection fault in kernfs_add_one C fix 5 420d 489d 296d 5432923a driver core: Fix use-after-free and double free on glue directory
WARNING in sysfs_remove_group C fix 1 436d 436d 297d 5432923a driver core: Fix use-after-free and double free on glue directory
BUG: unable to handle kernel paging request in coalesced_mmio_write C fix 4 453d 460d 298d bf81752d KVM: coalesced_mmio: add bounds checking
WARNING in kernfs_put C fix 2 452d 518d 298d 5432923a driver core: Fix use-after-free and double free on glue directory
KASAN: use-after-free Read in erspan_build_header C fix 18 498d 532d 299d 1d629bf9 net: erspan: fix use-after-free
KASAN: slab-out-of-bounds Read in erspan_build_header C fix 8 496d 532d 299d d93fb604 tipc: fix modprobe tipc failed after switch order of device registration
WARNING in notify_change C fix 14 461d 527d 299d 2c546242 Abort file_remove_privs() for non-reg. files
KASAN: use-after-free Read in tcp_init_tso_segs C 1424 369d 380d 356d f1dcc5ed tcp: Reset send_head when removing skb from write-queue