syzbot


Title Repro Cause bisect Fix bisect Count Last Reported Closed Patch
KASAN: use-after-free Read in skb_dequeue (2) C done 2 252d 282d 222d f7bffefa322a tty: Fix data race between tiocsti() and flush_to_ldisc()
KASAN: use-after-free Read in ext4_xattr_set_entry (2) C done 7 255d 713d 224d c481607ba522 ext4: fix race writing to an inline_data file while its xattrs are changing
inconsistent lock state in sco_sock_timeout C done 19 255d 646d 225d 48669c81a656 Bluetooth: schedule SCO timeouts with delayed_work
BUG: sleeping function called from invalid context in lock_sock_nested (2) C done 3909 256d 349d 225d 3719acc161d5 Bluetooth: defer cleanup of resources in hci_unregister_dev()
KASAN: slab-out-of-bounds Write in ext4_write_inline_data C done 3 261d 467d 231d c481607ba522 ext4: fix race writing to an inline_data file while its xattrs are changing
BUG: soft lockup in tx C done 1 264d 294d 233d 7c113506163a fq_codel: reject silly quantum parameters
BUG: corrupted list in kobject_add_internal C done 2 268d 515d 238d 3f7b869c1b44 Bluetooth: avoid circular locks in sco_sock_connect
kernel BUG in kvm_hv_set_msr_common syz done 2 269d 299d 238d 41d2efaed5bd KVM: remember position in kvm->vcpus array
BUG: unable to handle kernel paging request in do_syscall_64 C done 3 274d 792d 241d 6be10fb6c143 fbmem: add margin check to fb_check_caps()
general protection fault in do_syscall_64 (2) syz done 2 273d 606d 241d 6be10fb6c143 fbmem: add margin check to fb_check_caps()
KASAN: use-after-free Read in ip_check_mc_rcu syz done 7 275d 426d 241d 4768973dffed igmp: Add ip_mc_list lock in ip_check_mc_rcu
KASAN: slab-out-of-bounds Write in decode_data C done 1 276d 822d 245d 4e370cc081a7 net: 6pack: fix slab-out-of-bounds in decode_data
INFO: task hung in do_fb_ioctl (2) C done 7 276d 691d 246d 6be10fb6c143 fbmem: add margin check to fb_check_caps()
BUG: unable to handle kernel paging request in do_csum C done 1 276d 495d 246d c33471daf276 ip_gre: add validation for csum_start
BUG: unable to handle kernel NULL pointer dereference in __lookup_slow (2) C done 15 286d 410d 254d df2f583b6363 reiserfs: add check for root_inode in reiserfs_fill_super
KASAN: use-after-free Read in search_by_entry_key (2) C done 2 287d 437d 257d df2f583b6363 reiserfs: add check for root_inode in reiserfs_fill_super
KASAN: use-after-free Read in __queue_work syz done 5 288d 660d 257d 3719acc161d5 Bluetooth: defer cleanup of resources in hci_unregister_dev()
WARNING in close_fs_devices C done 105 299d 616d 268d 4c97ed4332be ocfs2: fix zero out valid data
possible deadlock in cleanup_net C done 5212 299d 561d 268d 3719acc161d5 Bluetooth: defer cleanup of resources in hci_unregister_dev()
possible deadlock in __sock_release C done 57446 299d 561d 268d 7d2c0c0516e6 PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
KASAN: use-after-free Write in hci_sock_bind C done 12 305d 865d 272d 3719acc161d5 Bluetooth: defer cleanup of resources in hci_unregister_dev()
kernel BUG at drivers/dma-buf/dma-buf.c:LINE! syz done 1 303d 786d 272d 020a44cc54d6 drm: Return -ENOTTY for non-drm ioctls
unexpected kernel reboot C done 684 312d 1088d 281d da84e8e9290e KVM: x86: determine if an exception has an error code only when injecting it.
KASAN: use-after-free Read in reservation_object_test_signaled_rcu C done 4 312d 547d 281d 020a44cc54d6 drm: Return -ENOTTY for non-drm ioctls
BUG: unable to handle kernel paging request in diFree C done 18 312d 603d 282d aff8d95b6905 jfs: fix GPF in diFree
KASAN: use-after-free Read in hci_chan_del C done 24 315d 661d 283d 35113c4c9fa7 bluetooth: eliminate the potential race condition when removing the HCI controller
WARNING in drm_prime_destroy_file_private syz done 6 314d 505d 283d 020a44cc54d6 drm: Return -ENOTTY for non-drm ioctls
divide error in do_journal_end (2) C done 4 318d 429d 286d 47b4b8f0d378 reiserfs: add check for invalid 1st journal block
general protection fault in mount_fs C done 12 317d 548d 286d 5485fe228f97 ext4: return error code when ext4_fill_flex_info() fails
WARNING: suspicious RCU usage in vxlan_xmit C done 1 322d 322d 292d f80201ff7937 vxlan: add missing rcu_read_lock() in neigh_reduce()
WARNING in batadv_iv_send_outstanding_bat_ogm_packet C done 373 329d 945d 299d e8e9d2968a9d batman-adv: Avoid WARN_ON timing related checks
general protection fault in ieee802154_llsec_parse_dev_addr C done 32 333d 451d 302d 00b16396ad26 HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
KASAN: use-after-free Read in qfq_search_class C done 2 336d 822d 305d 98fd088c3254 pkt_sched: sch_qfq: fix qfq_change_class() error path
KASAN: use-after-free Read in ntfs_iget (2) C done 1 337d 337d 307d 00f00f5db888 ntfs: fix validity check for file name attribute
WARNING in sta_apply_parameters C done 1 337d 564d 307d 25487a5ff100 mac80211: remove warning in ieee80211_get_sband()
WARNING in sta_info_alloc C done 15 340d 597d 310d 25487a5ff100 mac80211: remove warning in ieee80211_get_sband()
KASAN: null-ptr-deref Write in vhci_shutdown_connection syz done 498 344d 525d 310d d42c3ebb3156 can: bcm/raw/isotp: use per module netdevice notifier
WARNING in process_one_work C done 9 346d 911d 315d e8e9d2968a9d batman-adv: Avoid WARN_ON timing related checks
general protection fault in try_to_wake_up syz done 229 346d 434d 316d d42c3ebb3156 can: bcm/raw/isotp: use per module netdevice notifier
WARNING: ODEBUG bug in slave_kobj_release C done 28 351d 528d 321d f583748c2a4a bonding: init notify_work earlier to avoid uninitialized use
KASAN: use-after-free Read in drm_getunique syz done 2 364d 532d 333d 7d233ba700ce drm: Fix use-after-free read in drm_getunique()
BUG: unable to handle kernel NULL pointer dereference in corrupted C done 6 365d 947d 335d 93e4ac2a9979 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
KASAN: global-out-of-bounds Read in soft_cursor C done 22 366d 833d 335d 8c5ec4a731e1 vt: Fix character height handling with VT_RESIZEX
KASAN: global-out-of-bounds Read in bit_putcs C done 214 366d 903d 335d 8c5ec4a731e1 vt: Fix character height handling with VT_RESIZEX
WARNING: ODEBUG bug in cancel_delayed_work C done 1226 368d 664d 336d 02f681a5e827 Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
KASAN: use-after-free Read in hci_send_acl C done 3 369d 661d 336d 75e26178e26f Bluetooth: verify AMP hci_chan before amp_destroy
KASAN: use-after-free Read in nfc_llcp_sock_unlink C done 22 369d 406d 336d 48fba458fe54 net/nfc: fix use-after-free llcp_sock_bind/connect
WARNING in hsr_addr_subst_dest C done 3099 369d 1137d 336d 40fa36443db3 hsr: use netdev_err() instead of WARN_ONCE()
KASAN: slab-out-of-bounds Read in soft_cursor (2) C done 8 368d 490d 336d 8c5ec4a731e1 vt: Fix character height handling with VT_RESIZEX
possible deadlock in tty_port_close_start C done 47 374d 840d 344d 1f51881e2dcc ttyprintk: Add TTY hangup callback.
KASAN: null-ptr-deref Read in llcp_sock_getname C 37 378d 937d 349d 93e4ac2a9979 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
kernel BUG in z_erofs_map_blocks_iter syz done 10 390d 451d 359d 006270aa8f9c erofs: add unsupported inode i_format check
kernel BUG at fs/inode.c:LINE! (2) C done 5 394d 532d 361d 006270aa8f9c erofs: add unsupported inode i_format check
general protection fault in __queue_work syz done 1 394d 641d 361d 35113c4c9fa7 bluetooth: eliminate the potential race condition when removing the HCI controller
general protection fault in nl802154_del_llsec_devkey C done 110 407d 466d 375d 22e025c1733b net: ieee802154: fix nl802154 del llsec devkey
general protection fault in nl802154_add_llsec_key C done 106 406d 462d 375d bdd1d2784ad3 net: ieee802154: fix nl802154 add llsec key
general protection fault in nl802154_del_llsec_key C done 91 407d 459d 375d 79ba55c0e7a7 net: ieee802154: fix nl802154 del llsec key
general protection fault in ieee802154_llsec_parse_key_id C done 64 407d 458d 377d 5983b9de012e net: ieee802154: nl-mac: fix check on panid
WARNING in cfg80211_connect C done 336 407d 601d 377d ee1a5262eb01 cfg80211: remove WARN_ON() in cfg80211_sme_connect
general protection fault in nl802154_del_llsec_dev C done 70 408d 464d 378d 3fe0c0485a29 net: ieee802154: fix nl802154 del llsec dev
general protection fault in crypto_destroy_tfm syz done 12 409d 454d 379d b58bb4eaa0c2 drivers: net: fix memory leak in peak_usb_create_dev
BUG: sleeping function called from invalid context in htb_destroy C done 2 428d 950d 398d 66f6f4094ff2 net: sched: validate stab values
possible deadlock in red_change C done 10 430d 670d 399d 66f6f4094ff2 net: sched: validate stab values
BUG: unable to handle kernel NULL pointer dereference in __lookup_slow C done 23 443d 601d 410d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
WARNING in ext4_xattr_set_entry C done 12 444d 578d 413d a8fb57ec924f ext4: do not try to set xattr into ea_inode if value is empty
BUG: unable to handle kernel NULL pointer dereference in amp_read_loc_assoc_final_data C done 114 447d 663d 413d 99c2c8b009c4 Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
KASAN: use-after-free Read in skb_dequeue syz done 1 455d 659d 422d c1a77dbcaa2d btrfs: raid56: simplify tracking of Q stripe presence
KASAN: use-after-free Read in ntfs_iget C done 1 455d 515d 422d 23e895868b51 ntfs: check for valid standard information attribute
KASAN: use-after-free Read in ntfs_read_locked_inode C done 2 457d 607d 427d 23e895868b51 ntfs: check for valid standard information attribute
kernel BUG in pfkey_send_acquire C done 56 464d 493d 433d fa137b50f326 block: split .sysfs_lock into two locks
general protection fault in ioctl_standard_call C done 23 468d 581d 437d 3f33e522a07f wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
KASAN: slab-out-of-bounds Read in squashfs_export_iget C done 5 479d 579d 449d a6f933a30363 squashfs: add more sanity checks in inode lookup
general protection fault in ieee80211_subif_start_xmit C done 4 483d 525d 450d b26b5e086157 mac80211: pause TX while changing interface type
UBSAN: undefined-behaviour in tcindex_set_parms C done 39 495d 610d 457d 22c1b22672f3 net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
kernel BUG at fs/reiserfs/prints.c:LINE! C done 5 506d 597d 458d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
KASAN: use-after-free Read in search_by_entry_key C done 1 506d 596d 459d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
KASAN: slab-out-of-bounds Read in squashfs_get_id C 58 464d 608d 460d e5099c0e851a squashfs: add more sanity checks in id lookup
KASAN: use-after-free Read in squashfs_get_id C 3 504d 557d 460d e5099c0e851a squashfs: add more sanity checks in id lookup
KASAN: use-after-free Read in tls_write_space C done 25 512d 1137d 481d d71f3fb99620 net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
divide error in do_journal_end C done 2 514d 574d 483d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
general protection fault in dqput C done 2 514d 528d 484d 7bae84821b47 quota: Sanity-check quota file headers on load
WARNING in md_ioctl C done 199 514d 1132d 484d b85abab5913d md: fix a warning caused by a race between concurrent md_ioctl()s
general protection fault in hci_phy_link_complete_evt C done 28 519d 661d 488d abae100355c0 Bluetooth: Fix null pointer dereference in hci_event_packet()
KASAN: use-after-free Read in leaf_paste_entries C done 1 522d 522d 491d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
general protection fault in hci_event_packet C done 3 522d 589d 492d abae100355c0 Bluetooth: Fix null pointer dereference in hci_event_packet()
KASAN: slab-out-of-bounds Read in hci_le_meta_evt C done 12 522d 663d 492d 61490c481c61 Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
KASAN: use-after-free Read in reiserfs_read_locked_inode C done 4 526d 608d 495d b8590c82b3cc reiserfs: add check for an invalid ih_entry_count
INFO: task hung in rdma_destroy_id C done 2 526d 556d 496d 014133611851 usb: uas: Add PNY USB Portable SSD to unusual_uas
INFO: task hung in do_read_cache_page C done 2 528d 588d 497d 8e63266b0d42 fcntl: Fix potential deadlock in send_sig{io, urg}()
BUG: unable to handle kernel paging request in dquot_add_space C done 1 529d 589d 498d 7bae84821b47 quota: Sanity-check quota file headers on load
BUG: unable to handle kernel paging request in dqput C done 8 528d 597d 498d 7bae84821b47 quota: Sanity-check quota file headers on load
general protection fault in gfs2_ri_update C done 28 533d 609d 501d 6790f8b9370b gfs2: check for empty rgrp tree in gfs2_ri_update
KASAN: use-after-free Write in sco_chan_del C done 10 537d 661d 506d abae100355c0 Bluetooth: Fix null pointer dereference in hci_event_packet()
KASAN: use-after-free Read in btrfs_scan_one_device C done 43 541d 616d 511d aec62fa475af btrfs: don't access possibly stale fs_info data for printing duplicate device
BUG: sleeping function called from invalid context in corrupted C done 2 547d 548d 516d 499b109be688 mac80211: free sta in sta_info_insert_finish() on errors
BUG: sleeping function called from invalid context in sta_info_move_state C done 760 547d 549d 516d 499b109be688 mac80211: free sta in sta_info_insert_finish() on errors
KASAN: slab-out-of-bounds Read in ntfs_attr_find C done 10 549d 606d 518d dff5d7741195 ntfs: add check for mft record size in superblock
general protection fault in rose_send_frame C done 5 553d 1130d 518d 731b9890a7f1 rose: Fix Null pointer dereference in rose_send_frame()
KASAN: slab-out-of-bounds Read in soft_cursor C done 61 566d 904d 536d 3e1600cc10df ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
KASAN: use-after-free Read in debugfs_remove C done 15 571d 1067d 540d 8a78b4c0d629 blktrace: fix debugfs use after free
UBSAN: undefined-behaviour in init_sb C done 2 573d 606d 543d 6a253f385a2d gfs2: add validation checks for size of superblock
WARNING in unlock_new_inode C done 66 573d 611d 543d 7a1e074bc18d reiserfs: only call unlock_new_inode() if I_NEW
KASAN: use-after-free Read in tipc_mcast_xmit C done 3 574d 597d 543d 26217e062f97 tipc: fix the skb_unshare() in tipc_buf_append()
KASAN: global-out-of-bounds Read in fb_pad_aligned_buffer C done 5 574d 900d 543d 6612b754ac0c vt: Disable KD_FONT_OP_COPY
KASAN: use-after-free Read in ntfs_attr_find C done 13 575d 606d 544d dff5d7741195 ntfs: add check for mft record size in superblock
divide error in tabledist C done 3 585d 942d 554d 95ba2236b8e6 netem: fix zero division in tabledist
general protection fault in qp_release_pages C done 4 586d 588d 554d 0b02a4325780 VMCI: check return value of get_user_pages_fast() for errors
UBSAN: undefined-behaviour in tabledist C done 2 593d 593d 561d 95ba2236b8e6 netem: fix zero division in tabledist
KASAN: global-out-of-bounds Read in fbcon_get_font C done 47 593d 904d 561d 43198a5b1c42 fbcon: Fix global-out-of-bounds read in fbcon_get_font()
KASAN: slab-out-of-bounds Read in fbcon_get_font C done 97 597d 905d 566d 1221d11e5c35 vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
general protection fault in get_unique_tuple C done 33 597d 859d 566d 289fe546ea16 netfilter: ctnetlink: add a range check for l3/l4 protonum
general protection fault in nf_nat_setup_info C done 22 602d 693d 571d 289fe546ea16 netfilter: ctnetlink: add a range check for l3/l4 protonum
KASAN: use-after-free Read in soft_cursor C done 16 606d 903d 576d 76fe92986c5c fbcon: Fix user font detection test at fbcon_resize().
KASAN: global-out-of-bounds Read in get_unique_tuple C done 1 607d 847d 576d 289fe546ea16 netfilter: ctnetlink: add a range check for l3/l4 protonum
KASAN: global-out-of-bounds Read in fbcon_resize C done 286 609d 629d 579d 76fe92986c5c fbcon: Fix user font detection test at fbcon_resize().
general protection fault in __sock_release syz done 8 624d 636d 593d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
WARNING in snd_pcm_plugin_build_mulaw C done 2 625d 635d 594d 569e1b621797 ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
KASAN: use-after-free Read in seq_release_private syz done 1 625d 625d 594d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
WARNING: ODEBUG bug in get_signal syz done 3 627d 636d 595d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
WARNING in snd_pcm_drop syz done 1 627d 627d 595d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
WARNING: ODEBUG bug in exit_to_usermode_loop syz done 2 626d 628d 595d dff6a2c2828b nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()'
general protection fault in tty_release C done 9 628d 634d 597d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Write in __sock_release syz done 1 629d 629d 598d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in locks_remove_file syz done 4 628d 637d 598d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in cuse_channel_release syz done 1 630d 630d 599d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in __fput syz done 1 630d 630d 599d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Write in ex_handler_refcount C done 11 630d 839d 600d 29e1dfcd5150 Bluetooth: add a mutex lock to avoid UAF in do_enale_set
kernel BUG at include/linux/fs.h:LINE! syz done 1 631d 631d 600d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in snd_pcm_oss_release syz done 1 630d 630d 600d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
kernel BUG at fs/inode.c:LINE! syz done 2 631d 660d 601d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: invalid-free in vcs_release syz done 1 631d 631d 601d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in fbcon_cursor syz done 4 633d 892d 602d 770adb5d2b8e fbcon: remove soft scrollback code
BUG: corrupted list in mousedev_release syz done 1 633d 633d 602d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
KASAN: use-after-free Read in eventfd_release syz done 1 634d 634d 604d 37d933e8b41b fix regression in "epoll: Keep a reference on files added to the check list"
INFO: trying to register non-static key in uhid_char_release C done 3 634d 656d 604d abae259fdccc HID: core: Correctly handle ReportSize being zero
WARNING in corrupted (2) C done 1 635d 635d 604d 569e1b621797 ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
INFO: trying to register non-static key in uhid_dev_destroy C done 14 643d 810d 612d abae259fdccc HID: core: Correctly handle ReportSize being zero
KASAN: slab-out-of-bounds Read in vcs_scr_readw C inconclusive 80 895d 904d 614d 627f3b9e4dd8 vcs: prevent write access to vcsu devices
WARNING in inc_nlink C done 8 644d 793d 614d 169f7f37bd6b fs/minix: don't allow getting deleted inodes
BUG: unable to handle kernel NULL pointer dereference in get_block C done 60 649d 799d 617d 954fc7da99a9 fs/minix: reject too-large maximum file size
KASAN: slab-out-of-bounds Read in get_block C done 3 652d 767d 621d 954fc7da99a9 fs/minix: reject too-large maximum file size
KASAN: use-after-free Read in get_block C done 6 652d 784d 621d 954fc7da99a9 fs/minix: reject too-large maximum file size
KASAN: slab-out-of-bounds Read in hci_event_packet C done 15 652d 862d 621d 8c4a649c20fe Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
KASAN: slab-out-of-bounds Read in bacpy C done 3 658d 1119d 623d 8c4a649c20fe Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt C done 6 656d 690d 623d 8c4a649c20fe Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
KASAN: null-ptr-deref Read in drm_dp_aux_dev_get_by_minor C done 1 656d 716d 623d 954fc7da99a9 fs/minix: reject too-large maximum file size
KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt C done 4 656d 685d 623d 48f70ecd6a22 Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
KASAN: use-after-free Read in l2cap_chan_close C done 8 656d 839d 623d 29e1dfcd5150 Bluetooth: add a mutex lock to avoid UAF in do_enale_set
BUG: unable to handle kernel NULL pointer dereference in do_syscall_64 (2) C done 4 660d 673d 629d dd58bd1b95b7 fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
divide error in fbcon_switch C done 259 665d 905d 631d 74752b81eae8 vt: Reject zero-sized screen buffer size.
general protection fault in do_con_write C done 3008 665d 904d 631d 74752b81eae8 vt: Reject zero-sized screen buffer size.
kernel BUG at fs/buffer.c:LINE! syz done 23 662d 1115d 631d 954fc7da99a9 fs/minix: reject too-large maximum file size
general protection fault in free_netdev C done 99 663d 693d 631d abcf95e000b4 ip6_gre: fix null-ptr-deref in ip6gre_init_net()
BUG: unable to handle kernel paging request in do_con_trol C done 36 666d 898d 635d 74752b81eae8 vt: Reject zero-sized screen buffer size.
WARNING in snd_info_get_line C done 23 665d 678d 635d 0c9d4b18bb8a ALSA: info: Drop WARN_ON() from buffer NULL sanity check
BUG: unable to handle kernel paging request in insert_char C done 46 679d 900d 649d 74752b81eae8 vt: Reject zero-sized screen buffer size.
INFO: task hung in __flush_work syz done 6 681d 1130d 651d af224c2eeda2 net/9p: validate fds in p9_fd_open
KASAN: null-ptr-deref Read in do_con_trol C done 1 681d 831d 651d 74752b81eae8 vt: Reject zero-sized screen buffer size.
KASAN: null-ptr-deref Read in insert_char C done 3 682d 877d 652d 74752b81eae8 vt: Reject zero-sized screen buffer size.
KASAN: user-memory-access Read in insert_char C done 2 684d 897d 653d 74752b81eae8 vt: Reject zero-sized screen buffer size.
BUG: unable to handle kernel paging request in csi_J C done 3 692d 861d 661d 74752b81eae8 vt: Reject zero-sized screen buffer size.
BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2) C done 1 704d 794d 674d 5dbb625573ab ext4: avoid race conditions when remounting with options that change dax
WARNING in enqueue_task_dl syz done 1 711d 1040d 681d edf55b5e3bde sched/deadline: Initialize ->dl_boosted
general protection fault in batadv_iv_ogm_schedule_buff 6 799d 855d 686d bf0ef794e197 batman-adv: Don't schedule OGM for disabled interface
general protection fault in fq_codel_enqueue C done 5 733d 761d 703d 8920e8ae16a8 net: check untrusted gso_size at kernel entry
kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) C done 82 734d 874d 704d a3da2984a40b vt: fix unicode console freeing with a common interface
INFO: trying to register non-static key in hci_uart_flush syz done 4 739d 983d 708d 8efa59fc90a5 netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
KASAN: use-after-free Write in snd_rawmidi_kernel_write1 C done 1 740d 770d 709d a507658fdb2a ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
KASAN: null-ptr-deref Write in choke_reset C done 236 741d 766d 711d 1733fe42d94c USB: serial: garmin_gps: add sanity checking for data length
KASAN: use-after-free Read in rdma_listen syz done 143 773d 1085d 742d abc4ea7f1345 RDMA/ucma: Put a lock around every call to the rdma_cm layer
KASAN: use-after-free Read in cma_cancel_operation C done 6 784d 935d 754d abc4ea7f1345 RDMA/ucma: Put a lock around every call to the rdma_cm layer
WARNING in geneve_exit_batch_net C done 2 787d 831d 756d 2c1a05e91fc6 geneve: move debug check after netdev unregister
WARNING: ODEBUG bug in rfcomm_dev_ioctl C done 1 788d 788d 757d 78a4ad28608a Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: use-after-free Write in release_tty C done 148 787d 904d 757d 54584f79579b vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
WARNING: ODEBUG bug in route4_change C done 28 792d 811d 762d ea3d6652c240 net_sched: cls_route: remove the right filter from hashtable
WARNING: refcount bug in sock_wfree C done done 1 795d 915d 765d 6ce6aea362d4 sctp: fix refcount bug in sctp_wfree
KASAN: use-after-free Read in tty_open C done 2 799d 905d 768d 54584f79579b vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
BUG: unable to handle kernel paging request in init_srcu_struct_fields syz done 3 799d 997d 768d e36be7959326 usbip: tools: Fix read_usb_vudc_device() error path handling
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user C done 3 801d 805d 769d 0a7b397c0133 xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
WARNING: ODEBUG bug in rfcomm_dlc_free C done 21 801d 1033d 771d 78a4ad28608a Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
KASAN: slab-out-of-bounds Write in tcindex_set_parms C done 2 805d 805d 773d 557d015ffb27 net_sched: keep alloc_hash updated after hash allocation
KASAN: use-after-free Write in tcindex_set_parms C done 3 804d 808d 773d 557d015ffb27 net_sched: keep alloc_hash updated after hash allocation
possible deadlock in ovl_write_iter (2) syz done 2 807d 807d 777d eae6b4a4d7f8 USB: Disable LPM on WD19's Realtek Hub
KASAN: use-after-free Read in n_tty_receive_buf_common C done 40 809d 903d 778d b4492f1e7456 vt: selection, push sel_lock up
inconsistent lock state in rxrpc_put_client_connection_id C done 89 817d 834d 786d 43cac315bec1 rxrpc: Fix call RCU cleanup using non-bh-safe locks
KASAN: use-after-free Read in ext4_xattr_set_entry syz done 10 817d 1065d 786d cb1702c403ad ext4: validate the debug_want_extra_isize mount option at parse time
inconsistent lock state in rxrpc_put_client_conn C done 6584 817d 834d 786d 43cac315bec1 rxrpc: Fix call RCU cleanup using non-bh-safe locks
kernel BUG at net/rxrpc/local_object.c:LINE! C done 13912 819d 1029d 788d 792668145b56 rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
general protection fault in selinux_socket_sendmsg C done 36 819d 1000d 789d 43cac315bec1 rxrpc: Fix call RCU cleanup using non-bh-safe locks
INFO: task hung in paste_selection C done 10 820d 896d 790d b4492f1e7456 vt: selection, push sel_lock up
INFO: task hung in htable_put C done 8 822d 868d 792d acbc5071f073 netfilter: xt_hashlimit: limit the max size of hashtable
kernel BUG at fs/reiserfs/lock.c:LINE! (2) C done 2 825d 825d 795d ef3d73fe8836 reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
INFO: task hung in drain_all_pages C done 1 826d 856d 795d 8541452acba5 s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
KASAN: stack-out-of-bounds Write in ax25_getname C done 4 830d 1125d 799d ad598a48fe61 vhost: Check docket sk_family instead of call getname
INFO: task hung in hashlimit_mt_check_common C done 3 832d 847d 800d acbc5071f073 netfilter: xt_hashlimit: limit the max size of hashtable
INFO: task hung in tty_ldisc_hangup C done 10 832d 899d 800d b4492f1e7456 vt: selection, push sel_lock up
general protection fault in padata_reorder C done 90 831d 834d 800d cad926f70b5a padata: fix null pointer deref of pd->pinst
KASAN: slab-out-of-bounds Read in tcf_exts_destroy C done 1 835d 952d 805d 478c4b2ffd44 net_sched: fix an OOB access in cls_tcindex
BUG: sleeping function called from invalid context in tpk_write C done 30 840d 902d 810d fb56687038cf ttyprintk: fix a potential deadlock in interrupt context issue
general protection fault in path_openat C done 13 841d 846d 810d 8d7a5100e29d vfs: fix do_last() regression
KASAN: slab-out-of-bounds Read in __nla_put_nohdr C done 1 848d 848d 817d 66ac8ee96faa net_sched: fix datalen for ematch
general protection fault in nft_chain_parse_hook C done 5 848d 860d 817d 1f7a1bcd27c3 netfilter: nf_tables: add __nft_chain_type_get()
WARNING in cbq_destroy_class C done 1 853d 853d 822d 9f7a32834b62 net_sched: fix ops->bind_class() implementations
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock C done 1 853d 853d 823d d3b5ecceea7d gtp: make sure only SOCK_DGRAM UDP sockets are accepted
KASAN: use-after-free Read in snd_timer_resolution C done 2 857d 857d 827d 20f2e4c228c7 ALSA: seq: Fix racy access for queue timer in proc read
KASAN: use-after-free Read in tcp_check_sack_reordering C done 1 857d 857d 827d fb56687038cf ttyprintk: fix a potential deadlock in interrupt context issue
general protection fault in xt_rateest_put C done 10 858d 860d 828d e3282417b91c netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
BUG: corrupted list in nf_tables_commit C done 2 860d 861d 829d 8260ce5aeee4 netfilter: nf_tables: fix flowtable list del corruption
WARNING in nft_request_module C done 1 860d 860d 829d 1632efb3553b netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
general protection fault in nft_tunnel_get_init C done 1 861d 861d 829d 6de941ce70cd netfilter: nft_tunnel: fix null-attribute check
general protection fault in nf_ct_netns_do_get C done 11 865d 880d 832d 46abb2a5cd2f netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
KASAN: use-after-free Write in __alloc_skb C done 2 864d 932d 834d be1a2be7a7b0 net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
general protection fault in xt_rateest_tg_checkentry C done 12 865d 881d 834d e3282417b91c netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
KASAN: slab-out-of-bounds Read in macvlan_broadcast C done 10 865d 870d 835d 5f3274c53ae7 macvlan: do not assume mac_header is set in macvlan_broadcast()
KASAN: use-after-free Read in macvlan_broadcast C done 7 867d 870d 836d 5f3274c53ae7 macvlan: do not assume mac_header is set in macvlan_broadcast()
WARNING: bad unlock balance in gtp_encap_enable_socket C done 2 868d 871d 838d 776a81a024e7 gtp: fix bad unlock balance in gtp_encap_enable_socket
BUG: sleeping function called from invalid context in lock_sock_nested syz done 1 873d 903d 840d 6b544caa07e5 crypto: af_alg - Use bh_lock_sock in sk_destruct
general protection fault in rxrpc_connect_call C done 285 875d 1039d 845d 792668145b56 rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
possible deadlock in refcount_dec_and_mutex_lock C done done 5 878d 934d 848d e83a26a49356 nbd: fix shutdown and recv work deadlock v2
INFO: rcu detected stall in addrconf_dad_work (2) C done 1 888d 888d 857d 94ac4a4d938f pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
WARNING: refcount bug in cdev_get C done 12 887d 1013d 857d f57fd58dda42 bridge/mdb: remove wrong use of NLM_F_MULTI
possible deadlock in __might_fault C done 385 889d 1139d 858d 3757e3818838 usb: mon: Fix a deadlock in usbmon between mmap and read
INFO: task hung in fsnotify_mark_destroy_workfn syz done 3 891d 1078d 860d 42a929edf567 rtc: disable uie before setting time and enable after
possible deadlock in mon_bin_vma_fault C done 375 891d 1140d 861d 3757e3818838 usb: mon: Fix a deadlock in usbmon between mmap and read
WARNING in xfrm6_tunnel_net_exit syz done 34 892d 1141d 862d bbbe47463da9 xfrm: destroy xfrm_state synchronously on net exit path
inconsistent lock state in sp_get C done 1 895d 895d 864d 9b8e63d0a6e8 6pack,mkiss: fix possible deadlock
KASAN: slab-out-of-bounds Read in linear_transfer C done 2 903d 904d 873d c6bebccd3c62 ALSA: pcm: oss: Avoid potential buffer overflows
WARNING: refcount bug in kobject_get C done 21 904d 1133d 873d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
KASAN: use-after-free Read in slip_open C done done 7 904d 916d 873d 0c6e6ceae72c slip: Fix use-after-free Read in slip_open
INFO: task hung in vivid_stop_generating_vid_cap C done 291 907d 1141d 876d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
INFO: task hung in sdr_cap_stop_streaming C done 152 907d 1141d 876d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
KASAN: use-after-free Read in __vb2_perform_fileio C done 13 907d 1137d 877d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
KASAN: use-after-free Read in kfree_skb C done 95 911d 1031d 879d 03bf4876a593 Bluetooth: Fix invalid-free in bcsp_close()
WARNING in __vb2_queue_cancel C done 11 915d 1126d 884d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
WARNING: suspicious RCU usage in memfd_fcntl C done done 1879 917d 939d 887d e4cc9c81e230 memfd: Use radix_tree_deref_slot_protected to avoid the warning.
possible deadlock in ovl_write_iter syz done 84 924d 1133d 888d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
KASAN: use-after-free Read in rxrpc_send_keepalive syz done 6 939d 1012d 889d 570ab0dd35f9 rxrpc: Fix call ref leak
BUG: corrupted list in p9_fd_cancelled syz done 2 924d 987d 889d 78a917bea6ed perf/core: Consistently fail fork on allocation failures
KASAN: use-after-free Read in __lock_sock syz done 2 941d 941d 889d 51f0c10890aa libata/ahci: Fix PCS quirk application
WARNING in corrupted syz done 25 961d 1113d 890d ed568ca73601 bpf: fix use after free in prog symbol exposure
possible deadlock in io_submit_one syz done 406 963d 1141d 890d 052b31810085 fs/userfaultfd.c: disable irqs for fault_pending and event locks
WARNING in bpf_jit_free syz done 293 964d 1141d 891d ed568ca73601 bpf: fix use after free in prog symbol exposure
KASAN: use-after-free Read in pneigh_get_next syz done 1 1075d 1075d 891d 103835df6821 neigh: fix use-after-free read in pneigh_get_next
WARNING in ovl_rename syz done 1 1123d 1123d 891d f1c5aa5eda08 ovl: detect overlapping layers
kernel BUG at arch/x86/mm/physaddr.c:LINE! syz done 1 1061d 1061d 891d 4736bb277744 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
WARNING in ovl_instantiate syz done 5 1131d 1136d 891d f1c5aa5eda08 ovl: detect overlapping layers
WARNING: suspicious RCU usage in llc_sap_close C done 10 930d 1086d 891d 9a484516a410 llc: avoid blocking in llc_sap_close()
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue C done 12 940d 1125d 893d 9f0f39c92e4f nbd: fix max number of supported devs
KASAN: null-ptr-deref Write in kvm_write_guest_virt_system C done 50 957d 975d 895d 3683dd7074dc crypto: cavium/zip - Add missing single_release()
possible deadlock in free_ioctx_users C done 77 963d 1086d 895d 5bead06b3443 fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
KASAN: use-after-free Read in wait_consider_task C done 58 968d 977d 896d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
WARNING: ODEBUG bug in free_task C done 165 967d 977d 896d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
general protection fault in tcf_action_destroy C done 15 965d 987d 896d 50dddec689cb mISDN: enforce CAP_NET_RAW for raw sockets
WARNING: suspicious RCU usage in netem_enqueue C done 2 970d 974d 897d 195a3ea494d2 net_sched: add max len check for TCA_KIND
KASAN: use-after-free Read in __change_pid C done 4 969d 977d 897d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
possible deadlock in do_io_accounting C done 4 968d 1080d 897d f1c5aa5eda08 ovl: detect overlapping layers
KASAN: use-after-free Read in pids_release C done 7 970d 977d 897d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
general protection fault in release_task C done 3 970d 977d 897d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
general protection fault in wait_consider_task C done 5 970d 975d 897d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
INFO: rcu detected stall in netlink_sendmsg C done 3 982d 987d 897d a9e91767b921 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
KASAN: use-after-free Read in release_task C done 2 972d 974d 898d 4eb92a114834 RDMA/restrack: Protect from reentry to resource return path
WARNING in handle_desc C done 1 978d 978d 898d 21874027e1de KVM: X86: Fix userspace set invalid CR4
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass C done 18 973d 992d 898d 07f7ec87b5f6 net_sched: check cops->tcf_block in tc_bind_tclass()
general protection fault in qdisc_destroy C done 9 978d 988d 898d 7a1bad565ceb net_sched: let qdisc_put() accept NULL pointer
INFO: rcu detected stall in addrconf_dad_work C done 19 979d 991d 900d a9e91767b921 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in mld_ifc_timer_expire C done 33 979d 992d 900d a9e91767b921 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: rcu detected stall in br_handle_frame C done 41 980d 992d 900d a9e91767b921 sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
INFO: task hung in __x64_sys_io_destroy C done 1 980d 980d 900d ec2a3681b30c media: tvp5150: fix switch exit in set control handler
WARNING: refcount bug in hci_register_dev C done 3 986d 998d 902d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
WARNING in kernfs_get C done 14 986d 1126d 902d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
general protection fault in kernfs_add_one C done 8 995d 1134d 902d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
general protection fault in packet_lookup_frame C done 1 1016d 1016d 903d 154e6bc497c9 net/packet: fix race in tpacket_snd()
WARNING in tty_set_termios C done 151 1025d 1135d 904d 56966212e23f Bluetooth: hci_uart: check for missing tty operations
general protection fault in tcf_ife_init C done 15 1024d 1041d 904d c4c8899376c2 ife: error out when nla attributes are empty
KASAN: null-ptr-deref Write in kthread_stop C done 12 1024d 1129d 904d 467052f6ea5a media: vivid: Fix wrong locking that causes race conditions on streaming stop
general protection fault in rds_recv_rcvbuf_delta C done 7 1031d 1078d 905d 3de749d6d7ce net/rds: An rds_sock is added too early to the hash table
INFO: task hung in blkdev_issue_flush C done 2 1058d 1059d 905d 76cf93f04c3d hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
general protection fault in iptunnel_xmit C done 2 1032d 1032d 905d 4736bb277744 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
WARNING in kernfs_put C done 1 1063d 1063d 906d e1666bcbae0c driver core: Fix use-after-free and double free on glue directory
WARNING in notify_change C done 12 1069d 1126d 906d e8e448b08450 Abort file_remove_privs() for non-reg. files
BUG: unable to handle kernel paging request in coalesced_mmio_write C done 2 1068d 1068d 906d 232a6462f43f KVM: coalesced_mmio: add bounds checking
possible deadlock in userfaultfd_release C done 4 1069d 1074d 906d 052b31810085 fs/userfaultfd.c: disable irqs for fault_pending and event locks
possible deadlock in acct_pin_kill C done 125 1099d 1134d 907d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
WARNING in xfrm_state_fini C done 78 1116d 1140d 908d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
WARNING in __flush_work C done 135 1113d 1119d 908d af48f7d79fae drm/udl: Replace drm_dev_unref with drm_dev_put
KASAN: use-after-free Read in get_mem_cgroup_from_mm C done 6 1122d 1136d 908d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in ip6erspan_set_version C done 7 1131d 1141d 908d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
possible deadlock in pipe_lock C done 2 1123d 1127d 908d f1c5aa5eda08 ovl: detect overlapping layers
general protection fault in sctp_timeout_obj_to_nlattr C done 7 1136d 1140d 909d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in generic_timeout_obj_to_nlattr C done 11 1136d 1141d 909d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in gre_timeout_obj_to_nlattr C done 13 1136d 1141d 909d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in tcp_timeout_obj_to_nlattr C done 7 1137d 1139d 909d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in icmp_timeout_obj_to_nlattr C done 3 1139d 1141d 909d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in udp_timeout_obj_to_nlattr C done 8 1136d 1141d 909d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"
general protection fault in dccp_timeout_obj_to_nlattr C done 7 1136d 1141d 909d ab69a2304210 Revert "tipc: fix modprobe tipc failed after switch order of device registration"