syzbot


Title Repro Cause bisect Fix bisect Count Last Reported Closed Patch
BUG: unable to handle kernel paging request in do_syscall_64 C done 3 34d 553d 2d02h 6be10fb6c143 fbmem: add margin check to fb_check_caps()
general protection fault in do_syscall_64 (2) syz done 2 33d 367d 2d02h 6be10fb6c143 fbmem: add margin check to fb_check_caps()
KASAN: use-after-free Read in ip_check_mc_rcu syz done 7 35d 186d 2d02h 4768973dffed igmp: Add ip_mc_list lock in ip_check_mc_rcu
KASAN: slab-out-of-bounds Write in decode_data C done 1 36d 583d 6d04h 4e370cc081a7 net: 6pack: fix slab-out-of-bounds in decode_data
INFO: task hung in do_fb_ioctl (2) C done 7 37d 452d 7d02h 6be10fb6c143 fbmem: add margin check to fb_check_caps()
BUG: unable to handle kernel paging request in do_csum C done 1 37d 256d 7d02h c33471daf276 ip_gre: add validation for csum_start
BUG: unable to handle kernel NULL pointer dereference in __lookup_slow (2) C done 15 47d 170d 14d df2f583b6363 reiserfs: add check for root_inode in reiserfs_fill_super
KASAN: use-after-free Read in search_by_entry_key (2) C done 2 47d 198d 17d df2f583b6363 reiserfs: add check for root_inode in reiserfs_fill_super
KASAN: use-after-free Read in __queue_work syz done 5 49d 421d 18d 3719acc161d5 Bluetooth: defer cleanup of resources in hci_unregister_dev()
WARNING in close_fs_devices C done 105 59d 377d 29d 4c97ed4332be ocfs2: fix zero out valid data
possible deadlock in cleanup_net C done 5212 60d 322d 29d 3719acc161d5 Bluetooth: defer cleanup of resources in hci_unregister_dev()
possible deadlock in __sock_release C done 57446 59d 322d 29d 7d2c0c0516e6 PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
KASAN: use-after-free Write in hci_sock_bind C done 12 65d 625d 33d 3719acc161d5 Bluetooth: defer cleanup of resources in hci_unregister_dev()
kernel BUG at drivers/dma-buf/dma-buf.c:LINE! syz done 1 63d 546d 33d 020a44cc54d6 drm: Return -ENOTTY for non-drm ioctls
unexpected kernel reboot C done 684 72d 848d 42d da84e8e9290e KVM: x86: determine if an exception has an error code only when injecting it.
KASAN: use-after-free Read in reservation_object_test_signaled_rcu C done 4 72d 307d 42d 020a44cc54d6 drm: Return -ENOTTY for non-drm ioctls
BUG: unable to handle kernel paging request in diFree C done 18 72d 364d 42d aff8d95b6905 jfs: fix GPF in diFree
KASAN: use-after-free Read in hci_chan_del C done 24 75d 421d 44d 35113c4c9fa7 bluetooth: eliminate the potential race condition when removing the HCI controller
WARNING in drm_prime_destroy_file_private syz done 6 74d 265d 44d 020a44cc54d6 drm: Return -ENOTTY for non-drm ioctls
divide error in do_journal_end (2) C done 4 78d 189d 47d 47b4b8f0d378 reiserfs: add check for invalid 1st journal block
general protection fault in mount_fs C done 12 78d 309d 47d 5485fe228f97 ext4: return error code when ext4_fill_flex_info() fails
WARNING: suspicious RCU usage in vxlan_xmit C done 1 83d 83d 52d f80201ff7937 vxlan: add missing rcu_read_lock() in neigh_reduce()
WARNING in batadv_iv_send_outstanding_bat_ogm_packet C done 373 90d 705d 59d e8e9d2968a9d batman-adv: Avoid WARN_ON timing related checks
general protection fault in ieee802154_llsec_parse_dev_addr C done 32 93d 212d 62d 00b16396ad26 HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
KASAN: use-after-free Read in qfq_search_class C done 2 96d 583d 66d 98fd088c3254 pkt_sched: sch_qfq: fix qfq_change_class() error path
KASAN: use-after-free Read in ntfs_iget (2) C done 1 98d 98d 67d 00f00f5db888 ntfs: fix validity check for file name attribute
WARNING in sta_apply_parameters C done 1 98d 324d 68d 25487a5ff100 mac80211: remove warning in ieee80211_get_sband()
WARNING in sta_info_alloc C done 15 101d 357d 70d 25487a5ff100 mac80211: remove warning in ieee80211_get_sband()
KASAN: null-ptr-deref Write in vhci_shutdown_connection syz done 498 104d 285d 71d d42c3ebb3156 can: bcm/raw/isotp: use per module netdevice notifier
WARNING in process_one_work C done 9 106d 671d 76d e8e9d2968a9d batman-adv: Avoid WARN_ON timing related checks
general protection fault in try_to_wake_up syz done 229 106d 194d 76d d42c3ebb3156 can: bcm/raw/isotp: use per module netdevice notifier
WARNING: ODEBUG bug in slave_kobj_release C done 28 112d 288d 81d f583748c2a4a bonding: init notify_work earlier to avoid uninitialized use
KASAN: use-after-free Read in drm_getunique syz done 2 125d 292d 94d 7d233ba700ce drm: Fix use-after-free read in drm_getunique()
BUG: unable to handle kernel NULL pointer dereference in corrupted C done 6 126d 707d 95d 93e4ac2a9979 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
KASAN: global-out-of-bounds Read in soft_cursor C done 22 126d 593d 96d 8c5ec4a731e1 vt: Fix character height handling with VT_RESIZEX
KASAN: global-out-of-bounds Read in bit_putcs C done 214 126d 663d 96d 8c5ec4a731e1 vt: Fix character height handling with VT_RESIZEX
WARNING: ODEBUG bug in cancel_delayed_work C done 1226 129d 424d 96d 02f681a5e827 Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
KASAN: use-after-free Read in hci_send_acl C done 3 130d 421d 96d 75e26178e26f Bluetooth: verify AMP hci_chan before amp_destroy
KASAN: use-after-free Read in nfc_llcp_sock_unlink C done 22 129d 167d 96d 48fba458fe54 net/nfc: fix use-after-free llcp_sock_bind/connect
WARNING in hsr_addr_subst_dest C done 3099 129d 897d 96d 40fa36443db3 hsr: use netdev_err() instead of WARN_ONCE()
KASAN: slab-out-of-bounds Read in soft_cursor (2) C done 8 129d 251d 96d 8c5ec4a731e1 vt: Fix character height handling with VT_RESIZEX
possible deadlock in tty_port_close_start C done 47 135d 600d 104d 1f51881e2dcc ttyprintk: Add TTY hangup callback.
KASAN: null-ptr-deref Read in llcp_sock_getname C 37 138d 698d 110d 93e4ac2a9979 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
kernel BUG in z_erofs_map_blocks_iter syz done 10 150d 211d 120d 006270aa8f9c erofs: add unsupported inode i_format check
kernel BUG at fs/inode.c:LINE! (2) C done 5 154d 293d 121d 006270aa8f9c erofs: add unsupported inode i_format check
general protection fault in __queue_work syz done 1 154d 402d 121d 35113c4c9fa7 bluetooth: eliminate the potential race condition when removing the HCI controller
general protection fault in nl802154_del_llsec_devkey C done 110 167d 227d 136d 22e025c1733b net: ieee802154: fix nl802154 del llsec devkey
general protection fault in nl802154_add_llsec_key C done 106 167d 222d 136d bdd1d2784ad3 net: ieee802154: fix nl802154 add llsec key
general protection fault in nl802154_del_llsec_key C done 91 167d 220d 136d 79ba55c0e7a7 net: ieee802154: fix nl802154 del llsec key
general protection fault in ieee802154_llsec_parse_key_id C done 64 167d 218d 137d 5983b9de012e net: ieee802154: nl-mac: fix check on panid
WARNING in cfg80211_connect C done 336 167d 362d 137d ee1a5262eb01 cfg80211: remove WARN_ON() in cfg80211_sme_connect
general protection fault in nl802154_del_llsec_dev C done 70 169d 225d 138d 3fe0c0485a29 net: ieee802154: fix nl802154 del llsec dev
general protection fault in crypto_destroy_tfm syz done 12 170d 214d 139d b58bb4eaa0c2 drivers: net: fix memory leak in peak_usb_create_dev
BUG: sleeping function called from invalid context in htb_destroy C done 2 189d 710d 159d 66f6f4094ff2 net: sched: validate stab values
possible deadlock in red_change C done 10 190d 431d 160d 66f6f4094ff2 net: sched: validate stab values
BUG: unable to handle kernel NULL pointer dereference in __lookup_slow C done 23 203d 361d 171d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
WARNING in ext4_xattr_set_entry C done 12 204d 338d 174d a8fb57ec924f ext4: do not try to set xattr into ea_inode if value is empty
BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data C done 114 208d 424d 174d 99c2c8b009c4 Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
KASAN: use-after-free Read in skb_dequeue syz done 1 216d 420d 182d c1a77dbcaa2d btrfs: raid56: simplify tracking of Q stripe presence
KASAN: use-after-free Read in ntfs_iget C done 1 215d 275d 182d 23e895868b51 ntfs: check for valid standard information attribute
KASAN: use-after-free Read in ntfs_read_locked_inode C done 2 218d 368d 188d 23e895868b51 ntfs: check for valid standard information attribute
kernel BUG in pfkey_send_acquire C done 56 224d 253d 194d fa137b50f326 block: split .sysfs_lock into two locks
general protection fault in ioctl_standard_call C done 23 228d 342d 197d 3f33e522a07f wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
KASAN: slab-out-of-bounds Read in squashfs_export_iget C done 5 240d 340d 209d a6f933a30363 squashfs: add more sanity checks in inode lookup
general protection fault in ieee80211_subif_start_xmit C done 4 244d 285d 210d b26b5e086157 mac80211: pause TX while changing interface type
UBSAN: undefined-behaviour in tcindex_set_parms C done 39 256d 371d 218d 22c1b22672f3 net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
kernel BUG at fs/reiserfs/prints.c:LINE! C done 5 266d 357d 218d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
KASAN: use-after-free Read in search_by_entry_key C done 1 266d 356d 220d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
KASAN: slab-out-of-bounds Read in squashfs_get_id C 58 225d 369d 220d e5099c0e851a squashfs: add more sanity checks in id lookup
KASAN: use-after-free Read in squashfs_get_id C 3 264d 318d 220d e5099c0e851a squashfs: add more sanity checks in id lookup
KASAN: use-after-free Read in tls_write_space C done 25 272d 897d 242d d71f3fb99620 net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
divide error in do_journal_end C done 2 274d 334d 244d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
general protection fault in dqput C done 2 275d 288d 244d 7bae84821b47 quota: Sanity-check quota file headers on load
WARNING in md_ioctl C done 199 275d 892d 244d b85abab5913d md: fix a warning caused by a race between concurrent md_ioctl()s
general protection fault in hci_phy_link_complete_evt C done 28 279d 422d 248d abae100355c0 Bluetooth: Fix null pointer dereference in hci_event_packet()
KASAN: use-after-free Read in leaf_paste_entries C done 1 282d 282d 251d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
general protection fault in hci_event_packet C done 3 283d 349d 253d abae100355c0 Bluetooth: Fix null pointer dereference in hci_event_packet()
KASAN: slab-out-of-bounds Read in hci_le_meta_evt C done 12 283d 424d 253d 61490c481c61 Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
KASAN: use-after-free Read in reiserfs_read_locked_inode C done 4 286d 368d 256d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
INFO: task hung in rdma_destroy_id C done 2 287d 317d 256d 014133611851 usb: uas: Add PNY USB Portable SSD to unusual_uas
INFO: task hung in do_read_cache_page C done 2 288d 348d 258d 8e63266b0d42 fcntl: Fix potential deadlock in send_sig{io, urg}()
BUG: unable to handle kernel paging request in dquot_add_space C done 1 290d 350d 258d 7bae84821b47 quota: Sanity-check quota file headers on load
BUG: unable to handle kernel paging request in dqput C done 8 289d 358d 258d 7bae84821b47 quota: Sanity-check quota file headers on load
general protection fault in gfs2_ri_update C done 28 294d 370d 262d 6790f8b9370b gfs2: check for empty rgrp tree in gfs2_ri_update
KASAN: use-after-free Write in sco_chan_del C done 10 297d 421d 266d abae100355c0 Bluetooth: Fix null pointer dereference in hci_event_packet()
KASAN: use-after-free Read in btrfs_scan_one_device C done 43 301d 376d 271d aec62fa475af btrfs: don't access possibly stale fs_info data for printing duplicate device
BUG: sleeping function called from invalid context in corrupted C done 2 308d 309d 277d 499b109be688 mac80211: free sta in sta_info_insert_finish() on errors
BUG: sleeping function called from invalid context in sta_info_move_state C done 760 308d 310d 277d 499b109be688 mac80211: free sta in sta_info_insert_finish() on errors
KASAN: slab-out-of-bounds Read in ntfs_attr_find C done 10 309d 366d 279d dff5d7741195 ntfs: add check for mft record size in superblock
general protection fault in rose_send_frame C done 5 313d 891d 279d 731b9890a7f1 rose: Fix Null pointer dereference in rose_send_frame()
KASAN: slab-out-of-bounds Read in soft_cursor C done 61 327d 665d 296d 3e1600cc10df ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
KASAN: use-after-free Read in debugfs_remove C done 15 331d 828d 301d 8a78b4c0d629 blktrace: fix debugfs use after free
UBSAN: undefined-behaviour in init_sb C done 2 334d 366d 303d 6a253f385a2d gfs2: add validation checks for size of superblock
WARNING in unlock_new_inode C done 66 333d 372d 303d 7a1e074bc18d reiserfs: only call unlock_new_inode() if I_NEW
KASAN: use-after-free Read in tipc_mcast_xmit C done 3 334d 358d 304d 26217e062f97 tipc: fix the skb_unshare() in tipc_buf_append()
KASAN: global-out-of-bounds Read in fb_pad_aligned_buffer C done 5 335d 660d 304d 6612b754ac0c vt: Disable KD_FONT_OP_COPY
KASAN: use-after-free Read in ntfs_attr_find C done 13 335d 366d 305d dff5d7741195 ntfs: add check for mft record size in superblock
divide error in tabledist C done 3 345d 702d 315d 95ba2236b8e6 netem: fix zero division in tabledist
general protection fault in qp_release_pages C done 4 346d 348d 315d 0b02a4325780 VMCI: check return value of get_user_pages_fast() for errors
UBSAN: undefined-behaviour in tabledist C done 2 354d 354d 322d 95ba2236b8e6 netem: fix zero division in tabledist
KASAN: global-out-of-bounds Read in fbcon_get_font C done 47 353d 665d 322d 43198a5b1c42 fbcon: Fix global-out-of-bounds read in fbcon_get_font()
KASAN: slab-out-of-bounds Read in fbcon_get_font C done 97 357d 665d 327d 1221d11e5c35 vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
general protection fault in get_unique_tuple C done 33 358d 619d 327d 289fe546ea16 netfilter: ctnetlink: add a range check for l3/l4 protonum
general protection fault in nf_nat_setup_info C done 22 362d 453d 332d 289fe546ea16 netfilter: ctnetlink: add a range check for l3/l4 protonum
KASAN: use-after-free Read in soft_cursor C done 16 367d 664d 336d 76fe92986c5c fbcon: Fix user font detection test at fbcon_resize().
KASAN: global-out-of-bounds Read in get_unique_tuple C done 1 367d 608d 337d 289fe546ea16 netfilter: ctnetlink: add a range check for l3/l4 protonum
KASAN: global-out-of-bounds Read in fbcon_resize C done 286 370d 390d 339d 76fe92986c5c fbcon: Fix user font detection test at fbcon_resize().
general protection fault in __sock_release syz done 8 384d 396d 354d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
WARNING in snd_pcm_plugin_build_mulaw C done 2 386d 396d 355d 569e1b621797 ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
KASAN: use-after-free Read in seq_release_private syz done 1 385d 385d 355d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
WARNING: ODEBUG bug in get_signal syz done 3 387d 397d 356d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
WARNING in snd_pcm_drop syz done 1 388d 388d 356d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
WARNING: ODEBUG bug in exit_to_usermode_loop syz done 2 387d 389d 356d dff6a2c2828b nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()'
general protection fault in tty_release C done 9 388d 395d 358d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Write in __sock_release syz done 1 389d 389d 359d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in locks_remove_file syz done 4 389d 397d 359d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in cuse_channel_release syz done 1 391d 391d 359d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in __fput syz done 1 391d 391d 360d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Write in ex_handler_refcount C done 11 391d 599d 361d 29e1dfcd5150 Bluetooth: add a mutex lock to avoid UAF in do_enale_set
kernel BUG at include/linux/fs.h:LINE! syz done 1 391d 391d 361d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in snd_pcm_oss_release syz done 1 391d 391d 361d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
kernel BUG at fs/inode.c:LINE! syz done 2 392d 421d 361d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: invalid-free in vcs_release syz done 1 392d 392d 362d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in fbcon_cursor syz done 4 393d 653d 363d 770adb5d2b8e fbcon: remove soft scrollback code
BUG: corrupted list in mousedev_release syz done 1 393d 393d 363d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in eventfd_release syz done 1 395d 395d 364d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
INFO: trying to register non-static key in uhid_char_release C done 3 395d 417d 364d abae259fdccc HID: core: Correctly handle ReportSize being zero
WARNING in corrupted (2) C done 1 396d 396d 365d 569e1b621797 ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
INFO: trying to register non-static key in uhid_dev_destroy C done 14 403d 571d 373d abae259fdccc HID: core: Correctly handle ReportSize being zero
KASAN: slab-out-of-bounds Read in vcs_scr_readw C inconclusive 80 655d 665d 375d 627f3b9e4dd8 vcs: prevent write access to vcsu devices
WARNING in inc_nlink C done 8 405d 554d 375d 169f7f37bd6b fs/minix: don't allow getting deleted inodes
BUG: unable to handle kernel NULL pointer dereference in get_block C done 60 409d 560d 378d 954fc7da99a9 fs/minix: reject too-large maximum file size
KASAN: slab-out-of-bounds Read in get_block C done 3 412d 528d 381d 954fc7da99a9 fs/minix: reject too-large maximum file size
KASAN: use-after-free Read in get_block C done 6 412d 544d 382d 954fc7da99a9 fs/minix: reject too-large maximum file size
KASAN: slab-out-of-bounds Read in hci_event_packet C done 15 413d 622d 382d 8c4a649c20fe Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
KASAN: slab-out-of-bounds Read in bacpy C done 3 418d 880d 384d 8c4a649c20fe Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt C done 6 416d 450d 384d 8c4a649c20fe Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor C done 1 417d 477d 384d 954fc7da99a9 fs/minix: reject too-large maximum file size
KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt C done 4 416d 445d 384d 48f70ecd6a22 Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
KASAN: use-after-free Read in l2cap_chan_close C done 8 417d 599d 384d 29e1dfcd5150 Bluetooth: add a mutex lock to avoid UAF in do_enale_set
BUG: unable to handle kernel NULL pointer dereference in do_syscall_64 (2) C done 4 421d 434d 390d dd58bd1b95b7 fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
divide error in fbcon_switch C done 259 426d 665d 391d 74752b81eae8 vt: Reject zero-sized screen buffer size.
general protection fault in do_con_write C done 3008 426d 665d 391d 74752b81eae8 vt: Reject zero-sized screen buffer size.
kernel BUG at fs/buffer.c:LINE! syz done 23 422d 875d 391d 954fc7da99a9 fs/minix: reject too-large maximum file size
general protection fault in free_netdev C done 99 424d 454d 391d abcf95e000b4 ip6_gre: fix null-ptr-deref in ip6gre_init_net()
BUG: unable to handle kernel paging request in do_con_trol C done 36 426d 659d 395d 74752b81eae8 vt: Reject zero-sized screen buffer size.
WARNING in snd_info_get_line C done 23 426d 439d 395d 0c9d4b18bb8a ALSA: info: Drop WARN_ON() from buffer NULL sanity check
BUG: unable to handle kernel paging request in insert_char C done 46 440d 660d 410d 74752b81eae8 vt: Reject zero-sized screen buffer size.
INFO: task hung in __flush_work syz done 6 441d 891d 411d af224c2eeda2 net/9p: validate fds in p9_fd_open
KASAN: null-ptr-deref Read in do_con_trol C done 1 442d 592d 411d 74752b81eae8 vt: Reject zero-sized screen buffer size.
KASAN: null-ptr-deref Read in insert_char C done 3 442d 637d 412d 74752b81eae8 vt: Reject zero-sized screen buffer size.
KASAN: user-memory-access Read in insert_char C done 2 444d 657d 414d 74752b81eae8 vt: Reject zero-sized screen buffer size.
BUG: unable to handle kernel paging request in csi_J C done 3 453d 621d 422d 74752b81eae8 vt: Reject zero-sized screen buffer size.
BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) C done 1 464d 554d 434d 5dbb625573ab ext4: avoid race conditions when remounting with options that change dax
WARNING in enqueue_task_dl syz done 1 472d 801d 441d edf55b5e3bde sched/deadline: Initialize ->dl_boosted
general protection fault in batadv_iv_ogm_schedule_buff 6 560d 615d 446d bf0ef794e197 batman-adv: Don't schedule OGM for disabled interface
general protection fault in fq_codel_enqueue C done 5 494d 522d 464d 8920e8ae16a8 net: check untrusted gso_size at kernel entry
kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) C done 82 494d 635d 464d a3da2984a40b vt: fix unicode console freeing with a common interface
INFO: trying to register non-static key in hci_uart_flush syz done 4 499d 743d 469d 8efa59fc90a5 netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
KASAN: use-after-free Write in snd_rawmidi_kernel_write1 C done 1 501d 531d 470d a507658fdb2a ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
KASAN: null-ptr-deref Write in choke_reset C done 236 502d 527d 472d 1733fe42d94c USB: serial: garmin_gps: add sanity checking for data length
KASAN: use-after-free Read in rdma_listen syz done 143 533d 845d 503d abc4ea7f1345 RDMA/ucma: Put a lock around every call to the rdma_cm layer
KASAN: use-after-free Read in cma_cancel_operation C done 6 545d 695d 515d abc4ea7f1345 RDMA/ucma: Put a lock around every call to the rdma_cm layer
WARNING in geneve_exit_batch_net C done 2 547d 592d 517d 2c1a05e91fc6 geneve: move debug check after netdev unregister
WARNING: ODEBUG bug in rfcomm_dev_ioctl C done 1 549d 549d 518d 78a4ad28608a Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: use-after-free Write in release_tty C done 148 548d 665d 518d 54584f79579b vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
WARNING: ODEBUG bug in route4_change C done 28 552d 572d 522d ea3d6652c240 net_sched: cls_route: remove the right filter from hashtable
WARNING: refcount bug in sock_wfree C done done 1 555d 676d 525d 6ce6aea362d4 sctp: fix refcount bug in sctp_wfree
KASAN: use-after-free Read in tty_open C done 2 559d 665d 529d 54584f79579b vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
BUG: unable to handle kernel paging request in init_srcu_struct_fields syz done 3 560d 758d 529d e36be7959326 usbip: tools: Fix read_usb_vudc_device() error path handling
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user C done 3 561d 566d 530d 0a7b397c0133 xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
WARNING: ODEBUG bug in rfcomm_dlc_free C done 21 562d 793d 532d 78a4ad28608a Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: slab-out-of-bounds Write in tcindex_set_parms C done 2 566d 566d 534d 557d015ffb27 net_sched: keep alloc_hash updated after hash allocation
KASAN: use-after-free Write in tcindex_set_parms C done 3 565d 569d 534d 557d015ffb27 net_sched: keep alloc_hash updated after hash allocation
possible deadlock in ovl_write_iter (2) syz done 2 568d 568d 537d eae6b4a4d7f8 USB: Disable LPM on WD19's Realtek Hub
KASAN: use-after-free Read in n_tty_receive_buf_common C done 40 569d 664d 538d b4492f1e7456 vt: selection, push sel_lock up
inconsistent lock state in rxrpc_put_client_connection_id C done 89 577d 594d 547d 43cac315bec1 rxrpc: Fix call RCU cleanup using non-bh-safe locks
KASAN: use-after-free Read in ext4_xattr_set_entry syz done 10 577d 825d 547d cb1702c403ad ext4: validate the debug_want_extra_isize mount option at parse time
inconsistent lock state in rxrpc_put_client_conn C done 6584 577d 594d 547d 43cac315bec1 rxrpc: Fix call RCU cleanup using non-bh-safe locks
kernel BUG at net/rxrpc/local_object.c:LINE! C done 13912 579d 790d 549d 792668145b56 rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
general protection fault in selinux_socket_sendmsg C done 36 580d 760d 550d 43cac315bec1 rxrpc: Fix call RCU cleanup using non-bh-safe locks
INFO: task hung in paste_selection C done 10 581d 656d 551d b4492f1e7456 vt: selection, push sel_lock up
INFO: task hung in htable_put C done 8 583d 629d 552d acbc5071f073 netfilter: xt_hashlimit: limit the max size of hashtable
kernel BUG at fs/reiserfs/lock.c:LINE! (2) C done 2 586d 586d 555d ef3d73fe8836 reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
INFO: task hung in drain_all_pages C done 1 586d 616d 556d 8541452acba5 s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
KASAN: stack-out-of-bounds Write in ax25_getname C done 4 590d 886d 559d ad598a48fe61 vhost: Check docket sk_family instead of call getname
INFO: task hung in hashlimit_mt_check_common C done 3 593d 608d 561d acbc5071f073 netfilter: xt_hashlimit: limit the max size of hashtable
INFO: task hung in tty_ldisc_hangup C done 10 592d 660d 561d b4492f1e7456 vt: selection, push sel_lock up
general protection fault in padata_reorder C done 90 591d 594d 561d cad926f70b5a padata: fix null pointer deref of pd->pinst
KASAN: slab-out-of-bounds Read in tcf_exts_destroy C done 1 595d 712d 565d 478c4b2ffd44 net_sched: fix an OOB access in cls_tcindex
BUG: sleeping function called from invalid context in tpk_write C done 30 601d 662d 570d fb56687038cf ttyprintk: fix a potential deadlock in interrupt context issue
general protection fault in path_openat C done 13 601d 607d 571d 8d7a5100e29d vfs: fix do_last() regression
KASAN: slab-out-of-bounds Read in __nla_put_nohdr C done 1 608d 608d 577d 66ac8ee96faa net_sched: fix datalen for ematch
general protection fault in nft_chain_parse_hook C done 5 608d 620d 577d 1f7a1bcd27c3 netfilter: nf_tables: add __nft_chain_type_get()
WARNING in cbq_destroy_class C done 1 613d 613d 582d 9f7a32834b62 net_sched: fix ops->bind_class() implementations
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C done 1 614d 614d 584d d3b5ecceea7d gtp: make sure only SOCK_DGRAM UDP sockets are accepted
KASAN: use-after-free Read in snd_timer_resolution C done 2 618d 618d 587d 20f2e4c228c7 ALSA: seq: Fix racy access for queue timer in proc read
KASAN: use-after-free Read in tcp_check_sack_reordering C done 1 617d 617d 587d fb56687038cf ttyprintk: fix a potential deadlock in interrupt context issue
general protection fault in xt_rateest_put C done 10 618d 621d 588d e3282417b91c netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
BUG: corrupted list in nf_tables_commit C done 2 621d 621d 590d 8260ce5aeee4 netfilter: nf_tables: fix flowtable list del corruption
WARNING in nft_request_module C done 1 621d 621d 590d 1632efb3553b netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
general protection fault in nft_tunnel_get_init C done 1 621d 621d 590d 6de941ce70cd netfilter: nft_tunnel: fix null-attribute check
general protection fault in nf_ct_netns_do_get C done 11 625d 640d 592d 46abb2a5cd2f netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
KASAN: use-after-free Write in __alloc_skb C done 2 625d 693d 594d be1a2be7a7b0 net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
general protection fault in xt_rateest_tg_checkentry C done 12 625d 641d 595d e3282417b91c netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
KASAN: slab-out-of-bounds Read in macvlan_broadcast C done 10 626d 631d 595d 5f3274c53ae7 macvlan: do not assume mac_header is set in macvlan_broadcast()
KASAN: use-after-free Read in macvlan_broadcast C done 7 628d 631d 597d 5f3274c53ae7 macvlan: do not assume mac_header is set in macvlan_broadcast()
WARNING: bad unlock balance in gtp_encap_enable_socket C done 2 629d 631d 599d 776a81a024e7 gtp: fix bad unlock balance in gtp_encap_enable_socket
BUG: sleeping function called from invalid context in lock_sock_nested syz done 1 633d 663d 601d 6b544caa07e5 crypto: af_alg - Use bh_lock_sock in sk_destruct
general protection fault in rxrpc_connect_call C done 285 636d 800d 605d 792668145b56 rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
possible deadlock in refcount_dec_and_mutex_lock C done done 5 639d 695d 608d e83a26a49356 nbd: fix shutdown and recv work deadlock v2
INFO: rcu detected stall in addrconf_dad_work (2) C done 1 648d 648d 617d 94ac4a4d938f pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
WARNING: refcount bug in cdev_get C done 12 648d 773d 617d f57fd58dda42 bridge/mdb: remove wrong use of NLM_F_MULTI
possible deadlock in __might_fault C done 385 649d 900d 618d 3757e3818838 usb: mon: Fix a deadlock in usbmon between mmap and read
INFO: task hung in fsnotify_mark_destroy_workfn syz done 3 651d 839d 621d 42a929edf567 rtc: disable uie before setting time and enable after
possible deadlock in mon_bin_vma_fault C done 375 652d 901d 621d 3757e3818838 usb: mon: Fix a deadlock in usbmon between mmap and read
WARNING in xfrm6_tunnel_net_exit syz done 34 653d 901d 622d bbbe47463da9 xfrm: destroy xfrm_state synchronously on net exit path
inconsistent lock state in sp_get C done 1 656d 656d 625d 9b8e63d0a6e8 6pack,mkiss: fix possible deadlock
KASAN: slab-out-of-bounds Read in linear_transfer C done 2 664d 664d 633d c6bebccd3c62 ALSA: pcm: oss: Avoid potential buffer overflows
WARNING: refcount bug in kobject_get C done 21 664d 893d 634d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
KASAN: use-after-free Read in slip_open C done done 7 665d 676d 634d 0c6e6ceae72c slip: Fix use-after-free Read in slip_open
INFO: task hung in vivid_stop_generating_vid_cap C done 291 667d 901d 637d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
INFO: task hung in sdr_cap_stop_streaming C done 152 667d 901d 637d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
KASAN: use-after-free Read in __vb2_perform_fileio C done 13 668d 898d 637d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
KASAN: use-after-free Read in kfree_skb C done 95 672d 792d 640d 03bf4876a593 Bluetooth: Fix invalid-free in bcsp_close()
WARNING in __vb2_queue_cancel C done 11 675d 887d 645d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
WARNING: suspicious RCU usage in memfd_fcntl C done done 1879 677d 700d 647d e4cc9c81e230 memfd: Use radix_tree_deref_slot_protected to avoid the warning.
possible deadlock in ovl_write_iter syz done 84 684d 894d 649d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
KASAN: use-after-free Read in rxrpc_send_keepalive syz done 6 699d 773d 649d 570ab0dd35f9 rxrpc: Fix call ref leak
BUG: corrupted list in p9_fd_cancelled syz done 2 685d 748d 649d 78a917bea6ed perf/core: Consistently fail fork on allocation failures
KASAN: use-after-free Read in __lock_sock syz done 2 701d 701d 650d 51f0c10890aa libata/ahci: Fix PCS quirk application
WARNING in corrupted syz done 25 722d 874d 650d ed568ca73601 bpf: fix use after free in prog symbol exposure
possible deadlock in io_submit_one syz done 406 724d 901d 651d 052b31810085 fs/userfaultfd.c: disable irqs for fault_pending and event locks
WARNING in bpf_jit_free syz done 293 724d 901d 651d ed568ca73601 bpf: fix use after free in prog symbol exposure
KASAN: use-after-free Read in pneigh_get_next syz done 1 835d 835d 652d 103835df6821 neigh: fix use-after-free read in pneigh_get_next
WARNING in ovl_rename syz done 1 884d 884d 652d f1c5aa5eda08 ovl: detect overlapping layers
kernel BUG at arch/x86/mm/physaddr.c:LINE! syz done 1 822d 822d 652d 4736bb277744 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
WARNING in ovl_instantiate syz done 5 892d 896d 652d f1c5aa5eda08 ovl: detect overlapping layers
WARNING: suspicious RCU usage in llc_sap_close C done 10 691d 846d 652d 9a484516a410 llc: avoid blocking in llc_sap_close()
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue C done 12 701d 885d 654d 9f0f39c92e4f nbd: fix max number of supported devs
KASAN: null-ptr-deref Write in kvm_write_guest_virt_system C done 50 718d 736d 656d 3683dd7074dc crypto: cavium/zip - Add missing single_release()
possible deadlock in free_ioctx_users C done 77 724d 846d 656d 5bead06b3443 fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
KASAN: use-after-free Read in wait_consider_task C done 58 728d 738d 657d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
WARNING: ODEBUG bug in free_task C done 165 728d 738d 657d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
general protection fault in tcf_action_destroy C done 15 726d 748d 657d 50dddec689cb mISDN: enforce CAP_NET_RAW for raw sockets
WARNING: suspicious RCU usage in netem_enqueue C done 2 730d 735d 657d 195a3ea494d2 net_sched: add max len check for TCA_KIND
KASAN: use-after-free Read in __change_pid C done 4 730d 737d 657d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
possible deadlock in do_io_accounting C done 4 729d 840d 657d f1c5aa5eda08 ovl: detect overlapping layers
KASAN: use-after-free Read in pids_release C done 7 730d 737d 657d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
general protection fault in release_task C done 3 731d 738d 658d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
general protection fault in wait_consider_task C done 5 730d 736d 658d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
INFO: rcu detected stall in netlink_sendmsg C done 3 742d 747d 658d a9e91767b921 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
KASAN: use-after-free Read in release_task C done 2 733d 735d 659d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
WARNING in handle_desc C done 1 739d 739d 659d 21874027e1de KVM: X86: Fix userspace set invalid CR4
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass C done 18 733d 752d 659d 07f7ec87b5f6 net_sched: check cops->tcf_block in tc_bind_tclass()
general protection fault in qdisc_destroy C done 9 738d 748d 659d 7a1bad565ceb net_sched: let qdisc_put() accept NULL pointer
INFO: rcu detected stall in addrconf_dad_work C done 19 740d 752d 660d a9e91767b921 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in mld_ifc_timer_expire C done 33 740d 752d 660d a9e91767b921 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in br_handle_frame C done 41 740d 753d 660d a9e91767b921 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: task hung in __x64_sys_io_destroy C done 1 741d 741d 660d ec2a3681b30c media: tvp5150: fix switch exit in set control handler
WARNING: refcount bug in hci_register_dev C done 3 746d 758d 662d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
WARNING in kernfs_get C done 14 746d 886d 662d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
general protection fault in kernfs_add_one C done 8 755d 894d 663d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
general protection fault in packet_lookup_frame C done 1 776d 776d 664d 154e6bc497c9 net/packet: fix race in tpacket_snd()
WARNING in tty_set_termios C done 151 786d 896d 664d 56966212e23f Bluetooth: hci_uart: check for missing tty operations
general protection fault in tcf_ife_init C done 15 784d 801d 664d c4c8899376c2 ife: error out when nla attributes are empty
KASAN: null-ptr-deref Write in kthread_stop C done 12 784d 889d 664d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
general protection fault in rds_recv_rcvbuf_delta C done 7 792d 838d 665d 3de749d6d7ce net/rds: An rds_sock is added too early to the hash table
INFO: task hung in blkdev_issue_flush C done 2 819d 819d 665d 76cf93f04c3d hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
general protection fault in iptunnel_xmit C done 2 793d 793d 665d 4736bb277744 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
WARNING in kernfs_put C done 1 824d 824d 666d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
WARNING in notify_change C done 12 829d 886d 667d e8e448b08450 Abort file_remove_privs() for non-reg. files
BUG: unable to handle kernel paging request in coalesced_mmio_write C done 2 828d 828d 667d 232a6462f43f KVM: coalesced_mmio: add bounds checking
possible deadlock in userfaultfd_release C done 4 829d 834d 667d 052b31810085 fs/userfaultfd.c: disable irqs for fault_pending and event locks
possible deadlock in acct_pin_kill C done 125 860d 894d 667d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
WARNING in xfrm_state_fini C done 78 877d 901d 668d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
WARNING in __flush_work C done 135 874d 880d 668d af48f7d79fae drm/udl: Replace drm_dev_unref with drm_dev_put
KASAN: use-after-free Read in get_mem_cgroup_from_mm C done 6 882d 896d 668d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in ip6erspan_set_version C done 7 892d 901d 669d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
possible deadlock in pipe_lock C done 2 884d 887d 669d f1c5aa5eda08 ovl: detect overlapping layers
general protection fault in sctp_timeout_obj_to_nlattr C done 7 896d 900d 669d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in generic_timeout_obj_to_nlattr C done 11 897d 901d 669d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in gre_timeout_obj_to_nlattr C done 13 896d 901d 669d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in tcp_timeout_obj_to_nlattr C done 7 897d 899d 670d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in icmp_timeout_obj_to_nlattr C done 3 899d 901d 670d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in udp_timeout_obj_to_nlattr C done 8 897d 901d 670d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in dccp_timeout_obj_to_nlattr C done 7 897d 901d 670d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"