syzbot


Title Repro Bisected Count Last Reported Closed Patch
BUG: unable to handle kernel paging request in insert_char C fix 46 31d 252d 1d09h 74752b81 vt: Reject zero-sized screen buffer size.
INFO: task hung in __flush_work syz fix 6 33d 482d 2d22h af224c2e net/9p: validate fds in p9_fd_open
KASAN: null-ptr-deref Read in do_con_trol C fix 1 33d 183d 2d22h 74752b81 vt: Reject zero-sized screen buffer size.
KASAN: null-ptr-deref Read in insert_char C fix 3 34d 229d 3d22h 74752b81 vt: Reject zero-sized screen buffer size.
KASAN: user-memory-access Read in insert_char C fix 2 36d 249d 5d10h 74752b81 vt: Reject zero-sized screen buffer size.
BUG: unable to handle kernel paging request in csi_J C fix 3 44d 212d 13d 74752b81 vt: Reject zero-sized screen buffer size.
BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) C fix 1 56d 146d 25d 5dbb6255 ext4: avoid race conditions when remounting with options that change dax
WARNING in enqueue_task_dl syz fix 1 63d 392d 33d edf55b5e sched/deadline: Initialize ->dl_boosted
general protection fault in batadv_iv_ogm_schedule_buff 6 151d 207d 38d bf0ef794 batman-adv: Don't schedule OGM for disabled interface
general protection fault in fq_codel_enqueue C fix 5 85d 113d 55d 8920e8ae net: check untrusted gso_size at kernel entry
kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) C fix 82 86d 226d 55d a3da2984 vt: fix unicode console freeing with a common interface
INFO: trying to register non-static key in hci_uart_flush syz fix 4 90d 334d 60d 8efa59fc netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
KASAN: use-after-free Write in snd_rawmidi_kernel_write1 C fix 1 92d 122d 61d a507658f ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
KASAN: null-ptr-deref Write in choke_reset C fix 236 93d 118d 63d 1733fe42 USB: serial: garmin_gps: add sanity checking for data length
KASAN: use-after-free Read in rdma_listen syz fix 143 124d 437d 94d abc4ea7f RDMA/ucma: Put a lock around every call to the rdma_cm layer
KASAN: use-after-free Read in cma_cancel_operation C fix 6 136d 287d 106d abc4ea7f RDMA/ucma: Put a lock around every call to the rdma_cm layer
WARNING in geneve_exit_batch_net C fix 2 139d 183d 108d 2c1a05e9 geneve: move debug check after netdev unregister
WARNING: ODEBUG bug in rfcomm_dev_ioctl C fix 1 140d 140d 109d 78a4ad28 Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: use-after-free Write in release_tty C fix 148 139d 256d 109d 54584f79 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
WARNING: ODEBUG bug in route4_change C fix 28 144d 163d 113d ea3d6652 net_sched: cls_route: remove the right filter from hashtable
WARNING: refcount bug in sock_wfree C cause+fix 1 147d 267d 116d 6ce6aea3 sctp: fix refcount bug in sctp_wfree
KASAN: use-after-free Read in tty_open C fix 2 150d 256d 120d 54584f79 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
BUG: unable to handle kernel paging request in init_srcu_struct_fields syz fix 3 151d 349d 120d e36be795 usbip: tools: Fix read_usb_vudc_device() error path handling
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user C fix 3 153d 157d 121d 0a7b397c xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
WARNING: ODEBUG bug in rfcomm_dlc_free C fix 21 153d 384d 123d 78a4ad28 Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: slab-out-of-bounds Write in tcindex_set_parms C fix 2 157d 157d 125d 557d015f net_sched: keep alloc_hash updated after hash allocation
KASAN: use-after-free Write in tcindex_set_parms C fix 3 156d 160d 125d 557d015f net_sched: keep alloc_hash updated after hash allocation
possible deadlock in ovl_write_iter (2) syz fix 2 159d 159d 128d eae6b4a4 USB: Disable LPM on WD19's Realtek Hub
KASAN: use-after-free Read in n_tty_receive_buf_common C fix 40 160d 255d 130d b4492f1e vt: selection, push sel_lock up
inconsistent lock state in rxrpc_put_client_connection_id C fix 89 169d 186d 138d 43cac315 rxrpc: Fix call RCU cleanup using non-bh-safe locks
KASAN: use-after-free Read in ext4_xattr_set_entry syz fix 10 168d 417d 138d cb1702c4 ext4: validate the debug_want_extra_isize mount option at parse time
inconsistent lock state in rxrpc_put_client_conn C fix 6584 169d 186d 138d 43cac315 rxrpc: Fix call RCU cleanup using non-bh-safe locks
kernel BUG at net/rxrpc/local_object.c:LINE! C fix 13912 171d 381d 140d 79266814 rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
general protection fault in selinux_socket_sendmsg C fix 36 171d 352d 141d 43cac315 rxrpc: Fix call RCU cleanup using non-bh-safe locks
INFO: task hung in paste_selection C fix 10 172d 247d 142d b4492f1e vt: selection, push sel_lock up
INFO: task hung in htable_put C fix 8 174d 220d 144d acbc5071 netfilter: xt_hashlimit: limit the max size of hashtable
kernel BUG at fs/reiserfs/lock.c:LINE! (2) C fix 2 177d 177d 147d ef3d73fe reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
INFO: task hung in drain_all_pages C fix 1 178d 208d 147d 8541452a s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
KASAN: stack-out-of-bounds Write in ax25_getname C fix 4 181d 477d 150d ad598a48 vhost: Check docket sk_family instead of call getname
INFO: task hung in hashlimit_mt_check_common C fix 3 184d 199d 152d acbc5071 netfilter: xt_hashlimit: limit the max size of hashtable
INFO: task hung in tty_ldisc_hangup C fix 10 183d 251d 152d b4492f1e vt: selection, push sel_lock up
general protection fault in padata_reorder C fix 90 183d 186d 152d cad926f7 padata: fix null pointer deref of pd->pinst
KASAN: slab-out-of-bounds Read in tcf_exts_destroy C fix 1 187d 303d 156d 478c4b2f net_sched: fix an OOB access in cls_tcindex
BUG: sleeping function called from invalid context in tpk_write C fix 30 192d 254d 161d fb566870 ttyprintk: fix a potential deadlock in interrupt context issue
general protection fault in path_openat C fix 13 192d 198d 162d 8d7a5100 vfs: fix do_last() regression
KASAN: slab-out-of-bounds Read in __nla_put_nohdr C fix 1 199d 199d 169d 66ac8ee9 net_sched: fix datalen for ematch
general protection fault in nft_chain_parse_hook C fix 5 199d 212d 169d 1f7a1bcd netfilter: nf_tables: add __nft_chain_type_get()
WARNING in cbq_destroy_class C fix 1 204d 204d 174d 9f7a3283 net_sched: fix ops->bind_class() implementations
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C fix 1 205d 205d 175d d3b5ecce gtp: make sure only SOCK_DGRAM UDP sockets are accepted
KASAN: use-after-free Read in snd_timer_resolution C fix 2 209d 209d 178d 20f2e4c2 ALSA: seq: Fix racy access for queue timer in proc read
KASAN: use-after-free Read in tcp_check_sack_reordering C fix 1 209d 209d 178d fb566870 ttyprintk: fix a potential deadlock in interrupt context issue
general protection fault in xt_rateest_put C fix 10 210d 212d 179d e3282417 netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
BUG: corrupted list in nf_tables_commit C fix 2 212d 212d 181d 8260ce5a netfilter: nf_tables: fix flowtable list del corruption
WARNING in nft_request_module C fix 1 212d 212d 181d 1632efb3 netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
general protection fault in nft_tunnel_get_init C fix 1 212d 212d 181d 6de941ce netfilter: nft_tunnel: fix null-attribute check
general protection fault in nf_ct_netns_do_get C fix 11 217d 231d 183d 46abb2a5 netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
KASAN: use-after-free Write in __alloc_skb C fix 2 216d 284d 186d be1a2be7 net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
general protection fault in xt_rateest_tg_checkentry C fix 12 216d 233d 186d e3282417 netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
KASAN: slab-out-of-bounds Read in macvlan_broadcast C fix 10 217d 222d 187d 5f3274c5 macvlan: do not assume mac_header is set in macvlan_broadcast()
KASAN: use-after-free Read in macvlan_broadcast C fix 7 219d 222d 188d 5f3274c5 macvlan: do not assume mac_header is set in macvlan_broadcast()
WARNING: bad unlock balance in gtp_encap_enable_socket C fix 2 220d 223d 190d 776a81a0 gtp: fix bad unlock balance in gtp_encap_enable_socket
BUG: sleeping function called from invalid context in lock_sock_nested syz fix 1 224d 254d 192d 6b544caa crypto: af_alg - Use bh_lock_sock in sk_destruct
general protection fault in rxrpc_connect_call C fix 285 227d 391d 197d 79266814 rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
possible deadlock in refcount_dec_and_mutex_lock C cause+fix 5 230d 286d 200d e83a26a4 nbd: fix shutdown and recv work deadlock v2
INFO: rcu detected stall in addrconf_dad_work (2) C fix 1 239d 239d 209d 94ac4a4d pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
WARNING: refcount bug in cdev_get C fix 12 239d 364d 209d f57fd58d bridge/mdb: remove wrong use of NLM_F_MULTI
possible deadlock in __might_fault C fix 385 240d 491d 210d 3757e381 usb: mon: Fix a deadlock in usbmon between mmap and read
INFO: task hung in fsnotify_mark_destroy_workfn syz fix 3 243d 430d 212d 42a929ed rtc: disable uie before setting time and enable after
possible deadlock in mon_bin_vma_fault C fix 375 243d 492d 213d 3757e381 usb: mon: Fix a deadlock in usbmon between mmap and read
WARNING in xfrm6_tunnel_net_exit syz fix 34 244d 493d 214d bbbe4746 xfrm: destroy xfrm_state synchronously on net exit path
inconsistent lock state in sp_get C fix 1 247d 247d 216d 9b8e63d0 6pack,mkiss: fix possible deadlock
KASAN: slab-out-of-bounds Read in linear_transfer C fix 2 255d 255d 224d c6bebccd ALSA: pcm: oss: Avoid potential buffer overflows
WARNING: refcount bug in kobject_get C fix 21 255d 485d 225d e1666bcb driver core: Fix use-after-free and double free on glue directory
KASAN: use-after-free Read in slip_open C cause+fix 7 256d 267d 225d 0c6e6cea slip: Fix use-after-free Read in slip_open
INFO: task hung in vivid_stop_generating_vid_cap C fix 291 259d 492d 228d 467052f6 media: vivid: Fix wrong locking that causes race conditions on streaming stop
INFO: task hung in sdr_cap_stop_streaming C fix 152 258d 492d 228d 467052f6 media: vivid: Fix wrong locking that causes race conditions on streaming stop
KASAN: use-after-free Read in __vb2_perform_fileio C fix 13 259d 489d 229d 467052f6 media: vivid: Fix wrong locking that causes race conditions on streaming stop
KASAN: use-after-free Read in kfree_skb C fix 95 263d 383d 231d 03bf4876 Bluetooth: Fix invalid-free in bcsp_close()
WARNING in __vb2_queue_cancel C fix 11 266d 478d 236d 467052f6 media: vivid: Fix wrong locking that causes race conditions on streaming stop
WARNING: suspicious RCU usage in memfd_fcntl C cause+fix 1879 269d 291d 238d e4cc9c81 memfd: Use radix_tree_deref_slot_protected to avoid the warning.
possible deadlock in ovl_write_iter syz fix 84 276d 485d 240d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
KASAN: use-after-free Read in rxrpc_send_keepalive syz fix 6 290d 364d 241d 570ab0dd rxrpc: Fix call ref leak
BUG: corrupted list in p9_fd_cancelled syz fix 2 276d 339d 241d 78a917be perf/core: Consistently fail fork on allocation failures
KASAN: use-after-free Read in __lock_sock syz fix 2 292d 293d 241d 51f0c108 libata/ahci: Fix PCS quirk application
WARNING in corrupted syz fix 25 313d 465d 242d ed568ca7 bpf: fix use after free in prog symbol exposure
possible deadlock in io_submit_one syz fix 406 315d 493d 242d 052b3181 fs/userfaultfd.c: disable irqs for fault_pending and event locks
WARNING in bpf_jit_free syz fix 293 315d 493d 242d ed568ca7 bpf: fix use after free in prog symbol exposure
KASAN: use-after-free Read in pneigh_get_next syz fix 1 427d 427d 243d 103835df neigh: fix use-after-free read in pneigh_get_next
WARNING in ovl_rename syz fix 1 475d 475d 243d f1c5aa5e ovl: detect overlapping layers
kernel BUG at arch/x86/mm/physaddr.c:LINE! syz fix 1 413d 413d 243d 4736bb27 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
WARNING in ovl_instantiate syz fix 5 483d 487d 243d f1c5aa5e ovl: detect overlapping layers
WARNING: suspicious RCU usage in llc_sap_close C fix 10 282d 438d 243d 9a484516 llc: avoid blocking in llc_sap_close()
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue C fix 12 292d 476d 245d 9f0f39c9 nbd: fix max number of supported devs
KASAN: null-ptr-deref Write in kvm_write_guest_virt_system C fix 50 309d 327d 247d 3683dd70 crypto: cavium/zip - Add missing single_release()
possible deadlock in free_ioctx_users C fix 77 315d 438d 247d 5bead06b fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
KASAN: use-after-free Read in wait_consider_task C fix 58 319d 329d 248d 4eb92a11 RDMA/restrack: Protect from reentry to resource return path
WARNING: ODEBUG bug in free_task C fix 165 319d 329d 248d 4eb92a11 RDMA/restrack: Protect from reentry to resource return path
general protection fault in tcf_action_destroy C fix 15 317d 339d 248d 50dddec6 mISDN: enforce CAP_NET_RAW for raw sockets
WARNING: suspicious RCU usage in netem_enqueue C fix 2 321d 326d 249d 195a3ea4 net_sched: add max len check for TCA_KIND
KASAN: use-after-free Read in __change_pid C fix 4 321d 329d 249d 4eb92a11 RDMA/restrack: Protect from reentry to resource return path
possible deadlock in do_io_accounting C fix 4 320d 432d 249d f1c5aa5e ovl: detect overlapping layers
KASAN: use-after-free Read in pids_release C fix 7 321d 328d 249d 4eb92a11 RDMA/restrack: Protect from reentry to resource return path
general protection fault in release_task C fix 3 322d 329d 249d 4eb92a11 RDMA/restrack: Protect from reentry to resource return path
general protection fault in wait_consider_task C fix 5 322d 327d 249d 4eb92a11 RDMA/restrack: Protect from reentry to resource return path
INFO: rcu detected stall in netlink_sendmsg C fix 3 333d 338d 249d a9e91767 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
KASAN: use-after-free Read in release_task C fix 2 324d 326d 250d 4eb92a11 RDMA/restrack: Protect from reentry to resource return path
WARNING in handle_desc C fix 1 330d 330d 250d 21874027 KVM: X86: Fix userspace set invalid CR4
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass C fix 18 325d 343d 250d 07f7ec87 net_sched: check cops->tcf_block in tc_bind_tclass()
general protection fault in qdisc_destroy C fix 9 329d 339d 250d 7a1bad56 net_sched: let qdisc_put() accept NULL pointer
INFO: rcu detected stall in addrconf_dad_work C fix 19 331d 343d 252d a9e91767 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in mld_ifc_timer_expire C fix 33 331d 343d 252d a9e91767 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in br_handle_frame C fix 41 331d 344d 252d a9e91767 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: task hung in __x64_sys_io_destroy C fix 1 332d 332d 252d ec2a3681 media: tvp5150: fix switch exit in set control handler
WARNING: refcount bug in hci_register_dev C fix 3 338d 349d 253d e1666bcb driver core: Fix use-after-free and double free on glue directory
WARNING in kernfs_get C fix 14 338d 477d 253d e1666bcb driver core: Fix use-after-free and double free on glue directory
general protection fault in kernfs_add_one C fix 8 347d 486d 254d e1666bcb driver core: Fix use-after-free and double free on glue directory
general protection fault in packet_lookup_frame C fix 1 367d 367d 255d 154e6bc4 net/packet: fix race in tpacket_snd()
WARNING in tty_set_termios C fix 151 377d 487d 256d 56966212 Bluetooth: hci_uart: check for missing tty operations
general protection fault in tcf_ife_init C fix 15 375d 392d 256d c4c88993 ife: error out when nla attributes are empty
KASAN: null-ptr-deref Write in kthread_stop C fix 12 376d 480d 256d 467052f6 media: vivid: Fix wrong locking that causes race conditions on streaming stop
general protection fault in rds_recv_rcvbuf_delta C fix 7 383d 430d 257d 3de749d6 net/rds: An rds_sock is added too early to the hash table
INFO: task hung in blkdev_issue_flush C fix 2 410d 410d 257d 76cf93f0 hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
general protection fault in iptunnel_xmit C fix 2 384d 384d 257d 4736bb27 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
WARNING in kernfs_put C fix 1 415d 415d 258d e1666bcb driver core: Fix use-after-free and double free on glue directory
WARNING in notify_change C fix 12 420d 477d 258d e8e448b0 Abort file_remove_privs() for non-reg. files
BUG: unable to handle kernel paging request in coalesced_mmio_write C fix 2 419d 419d 258d 232a6462 KVM: coalesced_mmio: add bounds checking
possible deadlock in userfaultfd_release C fix 4 421d 426d 258d 052b3181 fs/userfaultfd.c: disable irqs for fault_pending and event locks
possible deadlock in acct_pin_kill C fix 125 451d 486d 259d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
WARNING in xfrm_state_fini C fix 78 468d 492d 259d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
WARNING in __flush_work C fix 135 465d 471d 259d af48f7d7 drm/udl: Replace drm_dev_unref with drm_dev_put
KASAN: use-after-free Read in get_mem_cgroup_from_mm C fix 6 474d 487d 259d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in ip6erspan_set_version C fix 7 483d 492d 260d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
possible deadlock in pipe_lock C fix 2 475d 478d 260d f1c5aa5e ovl: detect overlapping layers
general protection fault in sctp_timeout_obj_to_nlattr C fix 7 487d 491d 260d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in generic_timeout_obj_to_nlattr C fix 11 488d 493d 260d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in gre_timeout_obj_to_nlattr C fix 13 487d 493d 260d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in tcp_timeout_obj_to_nlattr C fix 7 488d 490d 261d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in icmp_timeout_obj_to_nlattr C fix 3 490d 493d 261d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in udp_timeout_obj_to_nlattr C fix 8 488d 493d 261d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in dccp_timeout_obj_to_nlattr C fix 7 488d 493d 261d ab69a230 Revert "tipc: fix modprobe tipc failed after switch order of device registration"