KASAN: slab-out-of-bounds Read in journal_entry_dev_usage_to_text
bcachefs
|
C |
done |
|
33 |
4d14h |
114d
|
24/28 |
never |
657d4282d8c4
bcachefs: Fix journal_entry_dev_usage_to_text() overrun
|
kernel BUG in bch2_btree_path_level_init (2)
bcachefs
|
C |
done |
|
22 |
1d05h |
28d
|
24/28 |
never |
f8f1dde68681
bcachefs: Fix missing validation for bch_backpointer.level
|
WARNING in vma_merge
mm
|
C |
done |
|
18115 |
359d |
938d
|
1/28 |
never |
mm/mlock: use maple state in apply_mlockall_flags()
|
WARNING in kvm_handle_mmio_return
kvmarm
|
C |
|
|
3 |
8d21h |
6d13h
|
2/28 |
never |
KVM: arm64: Don't retire aborted MMIO instruction
|
WARNING in kvm_timer_update_irq
kvmarm
|
C |
|
|
10 |
17d |
30d
|
2/28 |
never |
KVM: arm64: Get rid of userspace_irqchip_in_use
|
net-next test error: WARNING in __sock_create
net
|
|
|
|
41 |
23d |
35d
|
2/28 |
never |
vsock: do not leave dangling sk pointer in vsock_create()
|
WARNING in iomap_write_begin
xfs
iomap
|
C |
error |
|
6 |
85d |
99d
|
1/28 |
never |
vfs: Fix implicit conversion problem when testing overflow case
|
KCSAN: data-race in __fput / __tty_hangup (4)
serial
|
|
|
|
6 |
48d |
579d
|
1/28 |
never |
tty: tty_io: fix race between tty_fops and hung_up_tty_fops
|
KASAN: slab-use-after-free Read in bpf_trace_run2 (2)
bpf
trace
|
syz |
error |
|
123 |
17d |
33d
|
1/28 |
never |
tracing: Fix syscall tracepoint use-after-free
|
WARNING in thermal_thresholds_flush
pm
|
C |
done |
|
76 |
32d |
33d
|
20/28 |
never |
54219ee4eaeb
thermal: thresholds: Fix thermal lock annotation issue
|
WARNING: kmalloc bug in memslot_rmap_alloc
kvm
|
C |
unreliable |
|
3 |
1143d |
1172d
|
1/28 |
never |
KVM: replace large kvmalloc allocation with vmalloc
|
KMSAN: uninit-value in sctp_sf_ootb
sctp
|
C |
|
|
18 |
18d |
86d
|
26/28 |
never |
0ead60804b64
sctp: properly validate chunk size in sctp_sf_ootb()
|
KCSAN: data-race in __mod_timer / kvfree_call_rcu
rcu
|
|
|
|
5 |
2d15h |
38d
|
20/28 |
never |
a23da88c6c80
rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
|
INFO: task hung in remove_inode_hugepages
fs
mm
|
C |
done |
|
52 |
43d |
135d
|
1/28 |
never |
INFO: task hung in remove_inode_hugepages
|
INFO: task hung in __writeback_inodes_sb_nr (6)
bcachefs
|
C |
done |
|
1709 |
1h30m |
523d
|
1/28 |
never |
PM: hibernate: Fix block device handling in test_resume mode
|
WARNING in posixtimer_send_sigqueue
kernel
|
C |
error |
|
12 |
3h15m |
7d05h
|
20/28 |
never |
cdc905d16b07
posix-timers: Fix spurious warning on double enqueue versus do_exit()
|
KMSAN: uninit-value in hci_rx_work
bluetooth
|
C |
|
|
29 |
1d20h |
120d
|
2/28 |
never |
Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
|
WARNING: suspicious RCU usage in phonet_route_del
net
|
C |
done |
|
7 |
14d |
19d
|
2/28 |
never |
phonet: do not call synchronize_rcu() from phonet_route_del()
|
possible deadlock in usb_deregister_dev (3)
usb
|
C |
|
|
103 |
37d |
43d
|
2/28 |
never |
USB: chaoskey: Fix possible deadlock chaoskey_list_lock
|
WARNING in hci_conn_timeout
bluetooth
|
C |
done |
|
5941 |
5h12m |
1572d
|
2/28 |
never |
Bluetooth: hci_conn: Use disable_delayed_work_sync
|
possible deadlock in chaoskey_open
usb
|
C |
|
|
475 |
37d |
43d
|
2/28 |
never |
USB: chaoskey: Fix possible deadlock chaoskey_list_lock
|
possible deadlock in chaoskey_release
usb
|
C |
|
|
90 |
37d |
43d
|
2/28 |
never |
USB: chaoskey: Fix possible deadlock chaoskey_list_lock
|
KASAN: use-after-free Read in netdev_unregister_kobject
pm
|
C |
error |
|
6080 |
8m |
212d
|
2/28 |
never |
Bluetooth: fix use-after-free in device_for_each_child()
|
kernel BUG in ocfs2_set_new_buffer_uptodate
ocfs2
|
C |
inconclusive |
|
53 |
3d21h |
94d
|
22/28 |
never |
737f34137844
ocfs2: uncache inode which has failed entering the group
|
general protection fault in ocfs2_xa_block_wipe_namevalue
ocfs2
|
C |
|
|
4 |
28d |
24d
|
26/28 |
never |
0b63c0e01fba
ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
|
KMSAN: uninit-value in ocfs2_file_read_iter
ocfs2
|
C |
|
|
3 |
27d |
23d
|
1/28 |
never |
ocfs2: fix uninitialized value in ocfs2_file_read_iter()
|
KASAN: slab-use-after-free Read in chaoskey_disconnect
usb
|
|
|
|
2 |
67d |
54d
|
2/28 |
never |
USB: chaoskey: fail open after removal
|
UBSAN: shift-out-of-bounds in ocfs2_fill_super (2)
ocfs2
|
C |
|
|
81 |
4d16h |
25d
|
25/28 |
never |
23aab037106d
ocfs2: fix UBSAN warning in ocfs2_verify_volume()
|
kernel BUG in __bch2_trans_commit
bcachefs
|
C |
unreliable |
|
11858 |
6d05h |
31d
|
1/28 |
never |
bcachefs: -o norecovery now bails out of recovery earlier
|
kernel BUG in bch2_run_recovery_pass
bcachefs
|
C |
done |
|
17 |
7d01h |
27d
|
24/28 |
never |
2642084f26b5
bcachefs: Allow for unknown key types in backpointers fsck
|
general protection fault in touch_buffer
nilfs
|
C |
|
|
8 |
11d |
21d
|
25/28 |
never |
cd45e963e44b
nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
|
WARNING in netlink_sock_destruct (2)
net
|
|
|
|
1 |
21d |
21d
|
23/28 |
never |
1904fb9ebf91
netlink: terminate outstanding dump on socket close
|
KASAN: slab-out-of-bounds Read in bitmap_ip_add (2)
netfilter
|
C |
|
|
3 |
13d |
9d03h
|
3/28 |
never |
netfilter: ipset: add missing range check in bitmap_ip_uadt
|
WARNING in sk_skb_reason_drop
net
|
C |
done |
|
272 |
3h46m |
4d12h
|
2/28 |
never |
net: ip: fix unexpected return in fib_validate_source()
|
kernel BUG in bch2_bkey_cmp_packed
bcachefs
|
C |
|
|
8 |
13d |
26d
|
26/28 |
never |
d335bb3fd3a4
bcachefs: Ancient versions with bad bkey_formats are no longer supported
|
WARNING in __sock_create
net
|
C |
done |
|
4 |
14d |
14d
|
25/28 |
never |
d293958a8595
net/smc: do not leave a dangling sk pointer in __smc_create()
|
kernel BUG in __bch2_bkey_cmp_packed_format_checked
bcachefs
|
C |
|
|
4 |
27d |
26d
|
26/28 |
never |
d335bb3fd3a4
bcachefs: Ancient versions with bad bkey_formats are no longer supported
|
KASAN: slab-use-after-free Write in sco_sock_timeout
bluetooth
|
C |
done |
|
275 |
26d |
370d
|
27/28 |
never |
1bf4470a3939
Bluetooth: SCO: Fix UAF on sco_sock_timeout
|
kernel BUG in mfill_atomic_copy
mm
|
C |
error |
|
3 |
499d |
496d
|
1/28 |
never |
mm: userfaultfd: check for start + len overflow in validate_range: fix
|
kernel BUG in bch2_inconsistent_error
bcachefs
|
C |
|
|
4 |
13d |
25d
|
26/28 |
never |
f9f0a5390dce
bcachefs: Change OPT_STR max to be 1 less than the size of choices array
|
KASAN: slab-use-after-free Read in set_powered_sync
bluetooth
|
C |
done |
|
146 |
18h04m |
128d
|
1/28 |
never |
Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
|
general protection fault in swap_reclaim_full_clusters
mm
|
C |
|
|
1530 |
7d06h |
15d
|
25/28 |
never |
dcf32ea7eced
mm: swapfile: fix cluster reclaim work crash on rotational devices
|
KASAN: invalid-free in hci_req_sync_complete
bluetooth
|
syz |
|
|
179 |
139d |
212d
|
1/28 |
never |
Bluetooth: Fix double free in hci_req_sync_complete
|
kernel BUG in bch2_bio_compress (2)
bcachefs
|
C |
|
|
3 |
10d |
6d17h
|
1/28 |
never |
bcachefs: Don't BUG_ON() when superblock feature wasn't set for compressed data
|
BUG: Bad page state in kvm_coalesced_mmio_init
mm
|
|
|
|
1 |
16d |
15d
|
25/28 |
never |
66edc3a5894c
mm: page_alloc: move mlocked flag clearance into free_pages_prepare()
|
kernel BUG in vma_replace_policy
mm
|
C |
done |
|
6 |
433d |
442d
|
1/28 |
never |
mm: lock VMAs skipped by a failed queue_pages_range()
|
WARNING in folio_memcg
cgroups
mm
|
C |
done |
|
164 |
93d |
93d
|
1/28 |
never |
mm: kmem: fix split_page_memcg()
|
general protection fault in follow_pfnmap_start
kernel
|
C |
|
|
38 |
36d |
50d
|
1/28 |
never |
mm: fix null pointer dereference in pfnmap_lockdep_assert
|
WARNING in follow_pte
kernel
|
C |
|
|
230 |
61d |
140d
|
1/28 |
never |
mm: fix mmap_assert_locked() in follow_pte()
|
WARNING in handle_userfault
mm
|
C |
error |
|
71 |
497d |
505d
|
1/28 |
never |
mm: fix a lockdep issue in vma_assert_write_locked
|
KASAN: slab-use-after-free Read in handle_mm_fault
mm
|
C |
done |
|
107 |
125d |
127d
|
1/28 |
never |
mm: check for VM_DROPPABLE in vma prior to handling mm fault
|
KASAN: slab-out-of-bounds Read in shrink_folio_list
mm
|
C |
|
|
683 |
500d |
501d
|
1/28 |
never |
mm: call folio_mapping() inside folio_needs_release()
|
kernel BUG in bch2_ptr_swab
bcachefs
|
C |
inconclusive |
|
11 |
12d |
29d
|
24/28 |
never |
840c2fbcc5cd
bcachefs: Fix assertion pop in bch2_ptr_swab()
|
general protection fault in vma_interval_tree_remove
mm
|
C |
done |
|
14 |
175d |
933d
|
1/28 |
never |
mm/mmap: fix advanced maple tree API for mmap_region()
mm/mmap: qvoid dereferencing next on null in BUG_ON()
|
kernel BUG in __bch2_btree_node_hash_insert
bcachefs
|
C |
done |
|
396 |
3d06h |
11d
|
24/28 |
never |
0b6ec0c5ac6c
bcachefs: Fix assertion pop in topology repair
|
kernel BUG in bch2_dev_btree_bitmap_mark
bcachefs
|
C |
done |
|
31 |
6d13h |
30d
|
24/28 |
never |
27a036a0c3e7
bcachefs: Fix bch_member.btree_bitmap_shift validation
|
WARNING in hrtimer_forward (3)
kernel
|
|
|
|
3 |
14d |
107d
|
2/28 |
never |
wifi: mac80211_hwsim: use hrtimer_active()
|
BUG: sleeping function called from invalid context in alloc_buffer_head
mm
|
|
|
|
15 |
556d |
561d
|
1/28 |
never |
workingset: add missing rcu_read_unlock() in lru_gen_refault()
|
UBSAN: array-index-out-of-bounds in dtReadFirst
jfs
|
C |
error |
|
182 |
21h53m |
203d
|
1/28 |
never |
jfs: array-index-out-of-bounds fix in dtReadFirst
|
linux-next boot error: WARNING in prepare_kswapd_sleep
mm
|
|
|
|
15 |
1456d |
1457d
|
1/28 |
never |
mm/memcg: warn on missing memcg on mem_cgroup_page_lruvec()
|
kernel BUG in bch2_trans_node_iter_init
bcachefs
|
C |
done |
|
13 |
12d |
26d
|
24/28 |
never |
f8f1dde68681
bcachefs: Fix missing validation for bch_backpointer.level
|
linux-next test error: WARNING in vma_merge
mm
|
|
|
|
6 |
666d |
666d
|
1/28 |
never |
mm/madvise: fix VMA_ITERATOR start position
|
possible deadlock in collapse_file
mm
|
C |
done |
|
189 |
626d |
627d
|
1/28 |
never |
mm/khugepaged: fix vm_lock/i_mmap_rwsem inversion in retract_page_tables
|
kernel BUG in bch2_bkey_pack_pos_lossy
bcachefs
|
C |
|
|
7 |
13d |
25d
|
24/28 |
never |
dc537189b5cf
bcachefs: Fix validate_bset() repair path
|
kernel BUG in collapse_file (3)
mm
|
C |
done |
|
14 |
486d |
492d
|
1/28 |
never |
mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock(): fix
|
KASAN: slab-use-after-free Read in madvise_collapse
mm
|
C |
error |
|
5 |
486d |
486d
|
1/28 |
never |
mm/khugepaged: collapse_pte_mapped_thp() with mmap_read_lock(): fix
|
BUG: unable to handle kernel paging request in alloc_huge_page
mm
|
C |
unreliable |
|
491 |
1195d |
1194d
|
1/28 |
never |
mm/hugetlb: Initialize page to NULL in alloc_buddy_huge_page_with_mpol()
|
kernel BUG in __bkey_unpack_pos
bcachefs
|
C |
|
|
3 |
11d |
21d
|
24/28 |
never |
dc537189b5cf
bcachefs: Fix validate_bset() repair path
|
WARNING in vmap_pages_range_noflush (2)
net
bpf
|
C |
error |
|
250 |
821d |
823d
|
1/28 |
never |
mm/gup.c: Fix return value for __gup_longterm_locked()
|
general protection fault in vma_is_shmem
mm
io-uring
|
C |
error |
|
28 |
821d |
823d
|
1/28 |
never |
mm/gup.c: Fix return value for __gup_longterm_locked()
|
kernel BUG in bch2_fs_btree_cache_exit
bcachefs
|
C |
done |
|
2766 |
2d19h |
33d
|
23/28 |
never |
ca43f73cd172
bcachefs: bch2_btree_write_buffer_flush_going_ro()
|
WARNING in page_add_anon_rmap
mm
|
C |
done |
|
1041 |
429d |
430d
|
1/28 |
never |
mm-rmap-simplify-pageanonexclusive-sanity-checks-when-adding-anon-rmap-fix
|
kernel BUG in bch2_journal_res_get (2)
bcachefs
|
C |
|
|
1710 |
2d19h |
26d
|
23/28 |
never |
ca43f73cd172
bcachefs: bch2_btree_write_buffer_flush_going_ro()
|
kernel BUG in folio_flags
mm
|
|
|
|
62 |
231d |
678d
|
1/28 |
never |
mm-reimplement-compound_nr-fix
|
KASAN: slab-use-after-free Read in finish_fault
mm
|
C |
done |
|
8 |
158d |
160d
|
1/28 |
never |
mm-memory-extend-finish_fault-to-support-large-folio-fix
|
linux-next test error: kernel BUG in folio_add_new_anon_rmap
mm
|
|
|
|
2 |
44d |
43d
|
1/28 |
never |
mm-add-pageanonnotksm-fix
|
INFO: task hung in snd_card_free
sound
|
C |
error |
|
24 |
3d04h |
18d
|
1/28 |
never |
ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
|
linux-next boot error: WARNING in kmem_cache_free
fs
|
|
|
|
45 |
1609d |
1613d
|
1/28 |
never |
mm, slab/slub: improve error reporting and overhead of cache_from_obj()-fix
|
kernel BUG in bch2_fs_btree_write_buffer_exit
bcachefs
|
C |
done |
|
6138 |
2d19h |
54d
|
23/28 |
never |
ca43f73cd172
bcachefs: bch2_btree_write_buffer_flush_going_ro()
|
KASAN: out-of-bounds Read in copy_from_kernel_nofault
mm
|
C |
done |
|
1621 |
42d |
51d
|
1/28 |
never |
mm, kasan, kmsan: instrument copy_from/to_kernel_nofault
|
WARNING: suspicious RCU usage in mas_walk (3)
mm
|
C |
done |
|
12 |
393d |
407d
|
1/28 |
never |
mempolicy: migration attempt to match interleave nodes: fix
|
WARNING in __v4l2_ctrl_modify_dimensions
media
|
C |
|
|
236 |
1h15m |
79d
|
15/28 |
never |
media: v4l2-core: v4l2-dv-timings: check cvt/gtf result
|
WARNING in media_create_pad_link
usb
media
|
C |
done |
done |
103 |
3d09h |
1651d
|
15/28 |
never |
media: uvcvideo: Require entities to have a non-zero unique ID
|
BUG: corrupted list in ieee802154_if_remove
wpan
usb
|
C |
error |
|
3 |
12d |
14d
|
1/28 |
never |
mac802154: check local interfaces before deleting sdata list
|
possible deadlock in fat_count_free_clusters
exfat
|
|
|
|
2 |
12d |
10d
|
1/28 |
never |
loop: Fix ABBA locking race
|
BUG: using smp_processor_id() in preemptible code in bpf_mem_alloc
bpf
|
C |
done |
|
12 |
5d20h |
2d20h
|
1/28 |
never |
bpf: Add necessary migrate_disable to range_tree.
|
WARNING: locking bug in ext4_move_extents
ext4
|
C |
done |
|
11980 |
1h24m |
535d
|
20/28 |
never |
d7fe143cb115
locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()
|
KMSAN: uninit-value in erspan_build_header (2)
net
|
C |
|
|
55 |
18d |
243d
|
1/28 |
never |
bpf: Don't redirect too small packets
|
KMSAN: uninit-value in batadv_get_vid (2)
batman
|
C |
|
|
290 |
19h56m |
323d
|
1/28 |
never |
bpf: Don't redirect too small packets
|
KCSAN: data-race in __ep_remove / __fput (5)
fs
|
|
|
|
1 |
61d |
61d
|
20/28 |
never |
6474353a5e3d
epoll: annotate racy check
|
general protection fault in fuse_do_readpage
fuse
|
C |
|
|
6 |
1d12h |
17d
|
1/28 |
never |
erofs: fix file-backed mounts over FUSE
|
KASAN: use-after-free Read in p9_req_put
v9fs
|
|
|
|
183 |
30d |
827d
|
1/28 |
never |
9p: p9_client_create: use p9_client_destroy on failure
|
KMSAN: uninit-value in inode_go_dump (5)
gfs2
|
C |
|
|
4 |
52d |
50d
|
1/28 |
never |
KMSAN: uninit-value in inode_go_dump (5)
|
WARNING in iomap_iter (4)
iomap
erofs
|
C |
done |
|
1 |
9d18h |
5d18h
|
1/28 |
never |
erofs: handle NONHEAD !delta[1] lclusters gracefully
|
kernel BUG in free_bprm
fs
mm
|
C |
done |
|
445 |
15d |
15d
|
1/28 |
never |
exec: NULL out bprm->argv0 when it is an ERR_PTR
|
general protection fault in put_page (3)
net
|
C |
done |
|
10 |
10d |
19d
|
20/28 |
never |
341468e0ab4b
lib/iov_iter: fix bvec iterator setup
|
possible deadlock in lock_timer_base
bpf
trace
|
C |
|
|
133 |
25d |
1417d
|
1/28 |
never |
kfence: fix potential deadlock due to wake_up()
|
KMSAN: uninit-value in __exfat_get_dentry_set
exfat
|
C |
|
|
13 |
7d23h |
46d
|
1/28 |
never |
exfat: fix uninit-value in __exfat_get_dentry_set
|
BUG: unable to handle kernel NULL pointer dereference in set_page_dirty
reiserfs
f2fs
|
C |
|
|
317 |
103d |
818d
|
1/28 |
never |
f2fs: fix missing mapping caused by the mount/umount race
|
possible deadlock in f2fs_evict_inode
f2fs
|
syz |
|
|
2 |
47d |
43d
|
1/28 |
never |
f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason()
|
kernel BUG in f2fs_abort_atomic_write
f2fs
|
syz |
|
|
2 |
644d |
688d
|
1/28 |
never |
f2fs: fix to avoid race condition of f2fs_abort_atomic_write()
|
kernel BUG in f2fs_invalidate_blocks
f2fs
|
|
|
|
2 |
51d |
64d
|
1/28 |
never |
f2fs: fix to do sanity check on node blkaddr in truncate_node()
|
linux-next boot error: kernel BUG at include/linux/page-flags.h:LINE!
mm
|
|
|
|
3 |
1448d |
1448d
|
1/28 |
never |
fixup for "mm: refactor initialization of stuct page for holes"
|
WARNING in wnd_add_free_ext (3)
ntfs3
|
C |
done |
|
12 |
25d |
98d
|
1/28 |
never |
fs/ntfs3: Fix case when unmarked clusters intersect with zone
|
upstream test error: KASAN: invalid-access Write in setup_arch
arm
|
|
|
|
1 |
83d |
82d
|
27/28 |
never |
7aed6a2c51ff
kasan: Disable Software Tag-Based KASAN with GCC
894b00a3350c
kasan: Fix Software Tag-Based KASAN with GCC
|
WARNING in ni_fiemap
ntfs3
|
C |
|
|
90 |
19h50m |
96d
|
1/28 |
never |
fs/ntfs3: Fix warning in ni_fiemap
|
linux-next boot error: BUG: unable to handle kernel NULL pointer dereference in mempool_init_node
ceph
fs
|
|
|
|
12 |
1469d |
1470d
|
1/28 |
never |
kasan-simplify-kasan_poison_kfree-temp-fix
|
UBSAN: shift-out-of-bounds in dbSplit (2)
jfs
|
C |
error |
|
402 |
36d |
233d
|
1/28 |
never |
jfs: fix shift-out-of-bounds in dbSplit
|
KASAN: use-after-free Read in __vma_adjust
mm
|
C |
done |
|
10 |
836d |
892d
|
1/28 |
never |
fs/userfaultfd: fix vma iteration in mas_for_each() loop
|
UBSAN: array-index-out-of-bounds in jfs_readdir
jfs
|
C |
inconclusive |
|
77 |
8h31m |
233d
|
1/28 |
never |
jfs: fix array-index-out-of-bounds in jfs_readdir
|
INFO: task hung in io_sq_thread_stop
fs
io-uring
|
C |
done |
|
211 |
1374d |
1533d
|
1/28 |
never |
io_uring: don't sleep schedule in SQPOLL thread if we need to park
|
UBSAN: array-index-out-of-bounds in dbAdjTree (2)
jfs
|
C |
inconclusive |
|
77 |
1d07h |
186d
|
1/28 |
never |
jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
|
possible deadlock in ni_fiemap
ntfs3
|
C |
error |
done |
4007 |
38d |
765d
|
24/28 |
never |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in skb_release_data
net
|
|
|
|
8 |
17d |
21d
|
0/28 |
never |
iov-iter: do not return more bytes than requested in iov_iter_extract_bvec_pages()
|
KASAN: slab-out-of-bounds Write in skb_copy_and_csum_bits
net
|
C |
|
|
76 |
17d |
21d
|
0/28 |
never |
iov-iter: do not return more bytes than requested in iov_iter_extract_bvec_pages()
|
KCSAN: data-race in __se_sys_io_uring_register / io_sqe_files_register (3)
io-uring
|
|
|
|
1 |
9d14h |
7d19h
|
1/28 |
never |
io_uring: protect register tracing
|
kernel BUG in eth_header (3)
net
|
|
|
|
1 |
27d |
27d
|
28/28 |
5d06h |
4ed234fe793f
netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
|
KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
bcachefs
|
C |
done |
|
2 |
24d |
28d
|
28/28 |
6d20h |
8e910ca20e11
bcachefs: Fix UAF in bch2_reconstruct_alloc()
|
BUG: Bad page state in bpf_test_run_xdp_live
net
|
C |
done |
|
17 |
20d |
24d
|
28/28 |
6d20h |
c40dd8c47325
bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled
|
WARNING in folio_walk_start
mm
|
|
|
|
1 |
39d |
37d
|
28/28 |
6d20h |
7c18d4811000
mm/pagewalk: fix usage of pmd_leaf()/pud_leaf() without present check
|
kernel BUG in bch2_bucket_alloc_trans (2)
bcachefs
|
C |
done |
|
103 |
7d02h |
35d
|
28/28 |
6d20h |
3fd27e9c57bf
bcachefs: init freespace inited bits to 0 in bch2_fs_initialize
|
kernel BUG in ocfs2_truncate_inline
ocfs2
|
C |
inconclusive |
|
3 |
28d |
43d
|
28/28 |
6d20h |
bc0a2f3a73fc
ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
|
WARNING in fuse_write_file_get (2)
fuse
|
|
|
|
6 |
34d |
50d
|
28/28 |
6d20h |
184429a17f8f
Revert "fuse: move initialization of fuse_file to fuse_writepages() instead of in callback"
|
KASAN: null-ptr-deref Read in bch2_sb_set_upgrade_extra
bcachefs
|
C |
|
|
2 |
32d |
28d
|
28/28 |
6d20h |
a25a83de45b4
bcachefs: fix null-ptr-deref in have_stripes()
|
possible deadlock in nilfs_dirty_inode (4)
nilfs
|
C |
|
|
2 |
22d |
33d
|
28/28 |
6d20h |
b3a033e3ecd3
nilfs2: fix potential deadlock with newly created symlinks
|
WARNING in push_jmp_history
bpf
|
C |
done |
|
5 |
44d |
44d
|
28/28 |
6d20h |
aa30eb3260b2
bpf: Force checkpoint when jmp history is too long
|
general protection fault in btree_node_iter_and_journal_peek
bcachefs
|
C |
|
|
3 |
29d |
52d
|
28/28 |
6d20h |
3726a1970bd7
bcachefs: Fix NULL ptr dereference in btree_node_iter_and_journal_peek
|
UBSAN: shift-out-of-bounds in bch2_alloc_to_text
bcachefs
|
C |
|
|
29 |
18d |
30d
|
28/28 |
6d20h |
5c41f75d1b92
bcachefs: fix shift oob in alloc_lru_idx_fragmentation
|
KASAN: slab-use-after-free Write in kvfree_call_rcu
wireless
|
|
|
|
2 |
38d |
34d
|
28/28 |
6d20h |
d5fee261dfd9
wifi: cfg80211: clear wdev->cqm_config pointer on free
|
KASAN: null-ptr-deref Write in xfs_filestream_select_ag (2)
xfs
|
syz |
|
|
3 |
33d |
33d
|
28/28 |
6d20h |
dc60992ce76f
xfs: fix finding a last resort AG in xfs_filestream_pick_ag
|
possible deadlock in process_measurement (4)
integrity
lsm
|
C |
done |
|
7976 |
16d |
53d
|
28/28 |
6d20h |
58a039e679fe
mm: split critical region in remap_file_pages() and invoke LSMs in between
|
KCSAN: assert: race in dequeue_entities
audit
|
|
|
|
2118 |
17d |
54d
|
28/28 |
6d20h |
b55945c500c5
sched: Fix pick_next_task_fair() vs try_to_wake_up() race
|
UBSAN: shift-out-of-bounds in validate_sb_layout
bcachefs
|
C |
done |
|
7 |
20d |
28d
|
28/28 |
6d20h |
2045fc4295c4
bcachefs: Fix invalid shift in validate_sb_layout()
|
kernel BUG in __block_write_begin_int (3)
nilfs
|
C |
|
|
4 |
35d |
35d
|
28/28 |
6d20h |
41e192ad2779
nilfs2: fix kernel bug due to missing clearing of checked flag
|
possible deadlock in lock_mm_and_find_vma (2)
mm
|
C |
|
|
6626 |
10d |
82d
|
28/28 |
6d20h |
58a039e679fe
mm: split critical region in remap_file_pages() and invoke LSMs in between
|
possible deadlock in bch2_replicas_entry_validate
bcachefs
|
C |
done |
|
9468 |
29d |
48d
|
28/28 |
7d18h |
bf4baaa087e2
bcachefs: Fix lockdep splat in bch2_accounting_read
|
possible deadlock in ext4_xattr_inode_iget (3)
ext4
|
C |
error |
done |
183 |
49d |
231d
|
28/28 |
7d18h |
d1bc560e9a9c
ext4: nested locking for xattr inode
|
KASAN: slab-use-after-free Read in rhashtable_walk_enter
nfs
|
|
|
|
8 |
45d |
63d
|
28/28 |
7d18h |
dc0d0f885aa4
NFSD: Mark filecache "down" if init fails
|
KASAN: slab-use-after-free Read in kvm_put_kvm
kvm
|
|
|
|
1 |
29d |
29d
|
28/28 |
7d18h |
ae8f8b376102
KVM: arm64: Unregister redistributor for failed vCPU creation
|
inconsistent lock state in ppp_input
ppp
|
C |
|
|
15 |
36d |
54d
|
28/28 |
8d07h |
aec7291003df
ppp: do not assume bh is held in ppp_channel_bridge_input()
|
kernel BUG in bch2_btree_pos_to_text
bcachefs
|
C |
|
|
8 |
11d |
60d
|
28/28 |
8d07h |
0151d10a480d
bcachefs: add check for btree id against max in try read node
|
possible deadlock in fsnotify_destroy_mark
squashfs
|
C |
|
|
46 |
47d |
90d
|
28/28 |
8d07h |
cad3f4a22cfa
inotify: Fix possible deadlock in fsnotify_destroy_mark
|
INFO: task hung in vcs_open (8)
nilfs
serial
|
C |
inconclusive |
|
7 |
49d |
55d
|
28/28 |
8d07h |
08cfa12adf88
nilfs2: propagate directory read errors from nilfs_find_entry()
|
possible deadlock in sk_clone_lock (3)
mptcp
|
C |
|
|
21 |
28d |
76d
|
28/28 |
8d07h |
3d041393ea8c
mptcp: prevent MPC handshake on port-based signal endpoints
|
general protection fault in btrfs_update_reloc_root
btrfs
|
|
|
|
3 |
62d |
54d
|
28/28 |
8d07h |
c3b47f49e831
btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
|
WARNING in __mptcp_move_skbs_from_subflow
mptcp
|
C |
error |
|
90 |
41d |
128d
|
28/28 |
8d07h |
4dabcdf58121
tcp: fix mptcp DSS corruption due to large pmtu xmit
|
INFO: task hung in usb_port_suspend
usb
|
C |
|
|
12 |
30d |
40d
|
28/28 |
8d07h |
5189df7b8088
USB: gadget: dummy-hcd: Fix "task hung" problem
|
KCSAN: data-race in __fsnotify_parent / __fsnotify_recalc_mask (5)
fs
|
|
|
|
15 |
52d |
139d
|
28/28 |
8d07h |
35ceae44742e
fsnotify: Avoid data race between fsnotify_recalc_mask() and fsnotify_object_watched()
|
general protection fault in dev_map_enqueue (2)
bpf
net
|
C |
error |
done |
336 |
112d |
178d
|
28/28 |
8d07h |
09d88791c7cd
bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
|
kernel BUG in submit_bh_wbc (3)
nilfs
fs
|
C |
done |
|
18 |
30d |
38d
|
28/28 |
8d07h |
6ed469df0bfb
nilfs2: fix kernel bug due to missing clearing of buffer delay flag
|
KCSAN: data-race in __delete_from_swap_cache / __try_to_reclaim_swap
mm
|
|
|
|
1 |
50d |
49d
|
28/28 |
8d07h |
818f916e3a07
mm: swap: prevent possible data-race in __try_to_reclaim_swap
|
general protection fault in prt_str
bcachefs
|
C |
done |
|
2 |
50d |
65d
|
28/28 |
8d07h |
a30f32222df2
bcachefs: Fix NULL pointer dereference in bch2_opt_to_text
|
WARNING in kthread_unpark (2)
wireguard
gfs2
|
syz |
done |
|
35 |
47d |
193d
|
28/28 |
8d07h |
214e01ad4ed7
kthread: unpark only parked kthread
|
general protection fault in bch2_alloc_read
bcachefs
|
C |
|
|
7 |
48d |
55d
|
28/28 |
8d07h |
a319aeaebb6c
bcachefs: Fix missing bounds checks in bch2_alloc_read()
|
INFO: task hung in nsim_dev_hwstats_exit
net
|
|
|
|
43 |
8d14h |
47d
|
28/28 |
8d07h |
a1494d532e28
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
|
general protection fault in run_is_mapped_full
ntfs3
|
C |
error |
|
72 |
43d |
131d
|
28/28 |
8d07h |
a33fb016e49e
fs/ntfs3: Fix general protection fault in run_is_mapped_full
|
WARNING: kmalloc bug in wnd_init
ntfs3
|
C |
done |
|
3 |
114d |
259d
|
28/28 |
8d07h |
c4a8ba334262
fs/ntfs3: Add rough attr alloc_size check
|
KASAN: slab-use-after-free Read in mptcp_pm_nl_rm_addr_or_subflow
mptcp
|
|
|
|
1 |
38d |
37d
|
28/28 |
8d07h |
7decd1f5904a
mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
|
WARNING: locking bug in try_to_wake_up
kernel
|
C |
error |
|
157 |
8d22h |
189d
|
28/28 |
8d07h |
41fd1e94066a
btrfs: wait for fixup workers before stopping cleaner kthread during umount
|
KASAN: slab-out-of-bounds Read in udf_get_filelongad (2)
udf
|
C |
|
|
4 |
64d |
78d
|
28/28 |
8d07h |
c226964ec786
udf: refactor inode_bmap() to handle error
|
INFO: trying to register non-static key in mark_as_free_ex
ntfs3
|
C |
done |
|
2 |
66d |
78d
|
28/28 |
8d07h |
d178944db36b
fs/ntfs3: Additional check in ni_clear()
|
UBSAN: shift-out-of-bounds in xfrm_selector_match (2)
net
|
C |
error |
|
10 |
52d |
65d
|
28/28 |
8d07h |
3f0ab59e6537
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
|
KMSAN: kernel-infoleak in con_font_op (2)
serial
|
|
|
|
8 |
32d |
41d
|
28/28 |
8d07h |
f956052e00de
vt: prevent kernel-infoleak in con_font_get()
|
WARNING in p9_client_create (2)
v9fs
|
C |
done |
|
26070 |
23d |
59d
|
28/28 |
8d07h |
79efebae4afc
9p: Avoid creating multiple slab caches with the same name
|
possible deadlock in ppp_do_recv
ppp
|
|
|
|
8 |
43d |
58d
|
28/28 |
8d07h |
aec7291003df
ppp: do not assume bh is held in ppp_channel_bridge_input()
|
WARNING in xt_cluster_mt (2)
netfilter
|
C |
inconclusive |
|
5 |
50d |
48d
|
28/28 |
8d07h |
0bfcb7b71e73
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
|
KMSAN: uninit-value in ppp_async_push (4)
ppp
|
C |
|
|
43 |
41d |
42d
|
28/28 |
8d07h |
40dddd4b8bd0
ppp: fix ppp_async_encode() illegal access
|
KMSAN: uninit-value in netfs_clear_buffer
netfs
|
C |
|
|
46 |
52d |
61d
|
28/28 |
8d07h |
f6023535b52f
netfs: Fix a KMSAN uninit-value error in netfs_clear_buffer
|
UBSAN: shift-out-of-bounds in bch2_stripe_to_text
bcachefs
|
C |
|
|
3 |
60d |
56d
|
28/28 |
8d07h |
9f25dbe0bf91
bcachefs: Add missing validation for bch_stripe.csum_granularity_bits
|
BUG: using __this_cpu_write() in preemptible code in nf_dup_ipv4
netfilter
|
|
|
|
1 |
66d |
66d
|
28/28 |
8d07h |
92ceba94de6f
netfilter: nf_tables: prevent nf_skb_duplicated corruption
|
INFO: task hung in devlink_pernet_pre_exit (2)
net
|
|
|
|
32 |
12d |
31d
|
28/28 |
8d07h |
a1494d532e28
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
|
UBSAN: shift-out-of-bounds in member_to_text
bcachefs
|
C |
|
|
12 |
35d |
79d
|
28/28 |
8d07h |
c1bd21bb6518
bcachefs: Fix invalid shift in member_to_text()
|
possible deadlock in rfcomm_sk_state_change
bluetooth
|
C |
done |
|
22650 |
37d |
1165d
|
28/28 |
8d07h |
08d1914293da
Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
|
KCSAN: data-race in virtqueue_disable_cb / vring_interrupt (4)
virt
|
|
|
|
1 |
70d |
69d
|
28/28 |
8d07h |
83c334ed5216
virtio_ring: tag event_triggered as racy for KCSAN
|
general protection fault in write_all_supers
btrfs
|
C |
|
|
21 |
28d |
71d
|
28/28 |
8d07h |
3c36a72c1d27
btrfs: reject ro->rw reconfiguration if there are hard ro requirements
|
KMSAN: uninit-value in from_kuid (2)
ocfs2
|
C |
|
|
75 |
30d |
61d
|
28/28 |
8d07h |
15f343474816
fs: Fix uninitialized value issue in from_kuid and from_kgid
|
KASAN: slab-use-after-free Read in bch2_direct_write
bcachefs
|
|
|
|
11 |
52d |
55d
|
28/28 |
8d07h |
573ddcdc5607
bcachefs: fix uaf in bch2_dio_write_done()
|
BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio (3)
erofs
|
C |
|
|
492 |
8d10h |
65d
|
28/28 |
8d07h |
416a8b2c02fe
erofs: ensure regular inodes for file-backed mounts
|
KMSAN: uninit-value in vfat_rename2
exfat
|
C |
|
|
2 |
51d |
48d
|
28/28 |
8d07h |
963a7f4d3b90
fat: fix uninitialized variable
|
possible deadlock in ppp_input_error
ppp
|
|
|
|
61 |
48d |
60d
|
28/28 |
8d07h |
aec7291003df
ppp: do not assume bh is held in ppp_channel_bridge_input()
|
possible deadlock in mi_read
ntfs3
|
C |
error |
|
11141 |
8d17h |
781d
|
28/28 |
8d07h |
03b097099eef
fs/ntfs3: Fix possible deadlock in mi_read
|
INFO: task hung in ip_tunnel_init_net (3)
netfilter
|
|
|
|
41 |
9d02h |
40d
|
28/28 |
8d07h |
a1494d532e28
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
|
kernel BUG in dma_alloc_attrs
iommu
|
C |
|
|
4 |
31d |
36d
|
28/28 |
8d07h |
78b2770c935f
dma-mapping: fix tracing dma_alloc/free with vmalloc'd memory
|
INFO: rcu detected stall in br_handle_frame (5)
bridge
|
syz |
|
|
24 |
11d |
39d
|
28/28 |
8d07h |
a1494d532e28
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
|
general protection fault in sctp_inet_listen
sctp
|
|
|
|
1 |
68d |
54d
|
28/28 |
8d07h |
8beee4d8dee7
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
|
BUG: sleeping function called from invalid context in ntfs_d_hash
ntfs3
|
C |
done |
|
740 |
43d |
80d
|
28/28 |
8d07h |
589996bf8c45
ntfs3: Change to non-blocking allocation in ntfs_d_hash
|
KMSAN: uninit-value in udf_get_fileshortad
udf
|
C |
|
|
3 |
52d |
64d
|
28/28 |
8d07h |
264db9d666ad
udf: fix uninit-value use in udf_get_fileshortad
|
INFO: trying to register non-static key in ntfs_file_release
ntfs3
|
|
|
|
2 |
37d |
78d
|
28/28 |
8d07h |
031d6f608290
fs/ntfs3: Additional check in ntfs_file_release
|
KASAN: slab-use-after-free Read in advance_sched
net
|
C |
error |
|
15 |
52d |
338d
|
28/28 |
8d07h |
f504465970ae
net: sched: fix use-after-free in taprio_change()
|
WARNING in copy_huge_pmd
mm
|
C |
done |
|
361 |
41d |
58d
|
28/28 |
8d07h |
47fa30118f02
mm/huge_memory: check pmd_special() only after pmd_present()
|
possible deadlock in ntfs_set_state (2)
ntfs3
|
C |
error |
|
943 |
40d |
281d
|
28/28 |
8d07h |
5b2db723455a
fs/ntfs3: Fix warning possible deadlock in ntfs_set_state
|
KMSAN: uninit-value in slhc_remember
net
|
|
|
|
4 |
43d |
42d
|
28/28 |
8d07h |
7d3fce8cbe3a
slip: make slhc_remember() more robust against malicious packets
|
KASAN: slab-use-after-free Read in l2cap_connect (2)
bluetooth
|
C |
done |
|
8 |
60d |
149d
|
28/28 |
8d07h |
333b4fd11e89
Bluetooth: L2CAP: Fix uaf in l2cap_connect
|
KASAN: stack-out-of-bounds Read in profile_pc
kernel
|
C |
error |
done |
9302 |
144d |
1269d
|
28/28 |
20d |
093d9603b600
x86: stop playing stack games in profile_pc()
|
INFO: task hung in ext4_stop_mmpd
ext4
|
C |
done |
done |
483 |
61d |
133d
|
28/28 |
23d |
d3476f3dad4a
ext4: don't set SB_RDONLY after filesystem errors
|
WARNING in io_sq_offload_create
io-uring
|
C |
|
|
284 |
57d |
61d
|
28/28 |
23d |
a09c17240bdf
io_uring/sqpoll: retain test for whether the CPU is valid
|
riscv/fixes test error: kernel panic: Kernel stack overflow
riscv
|
|
|
|
11 |
48d |
66d
|
28/28 |
24d |
cfb10de18538
riscv: Fix kernel stack size when KASAN is enabled
|
general protection fault in ethnl_phy_doit
net
|
C |
done |
|
6 |
70d |
71d
|
28/28 |
26d |
fce1e9f86af1
net: ethtool: phy: Check the req_info.pdn field for GET commands
|
WARNING in __bch2_fsck_err (2)
bcachefs
|
C |
|
|
3 |
48d |
44d
|
28/28 |
27d |
5612daafb764
bcachefs: Fix fsck warnings from bkey validation
|
WARNING in fuse_request_end (2)
fuse
|
|
|
|
677 |
57d |
53d
|
28/28 |
27d |
fcd2d9e1fdcd
fuse: clear FR_PENDING if abort is detected when sending request
|
general protection fault in rt6_disable_ip
net
|
|
|
|
1 |
69d |
69d
|
28/28 |
27d |
04ccecfa959d
UPSTREAM: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
|
WARNING in gid_table_release_one (2)
rdma
|
|
|
|
1 |
84d |
80d
|
28/28 |
28d |
1403c8b14765
IB/core: Fix ib_cache_setup_one error flow cleanup
|
KASAN: use-after-free Read in ila_nf_input (2)
net
|
|
|
|
14 |
33d |
81d
|
28/28 |
29d |
031ae72825ce
ila: call nf_unregister_net_hooks() sooner
|
BUG: unable to handle kernel NULL pointer dereference in attr_make_nonresident
ntfs3
|
C |
error |
done |
110 |
121d |
203d
|
28/28 |
29d |
0f9579d9e033
fs/ntfs3: Add missing .dirty_folio in address_space_operations
|
UBSAN: array-index-out-of-bounds in dbNextAG (2)
jfs
|
C |
inconclusive |
|
53 |
62d |
132d
|
28/28 |
29d |
e63866a47556
jfs: fix out-of-bounds in dbNextAG() and diAlloc()
|
WARNING in kcov_remote_start (5)
wireless
|
|
|
|
4243 |
30d |
129d
|
28/28 |
29d |
7d4df2dad312
kcov: properly check for softirq context
9313d139aa25
usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
|
kernel BUG in __page_table_check_zero
usb
|
C |
error |
done |
213 |
62d |
549d
|
28/28 |
29d |
79a61cc3fc04
mm: avoid leaving partial pfn mappings around in error case
|
WARNING: still has locks held in f2fs_ioc_start_atomic_write
f2fs
|
|
|
|
1 |
100d |
96d
|
28/28 |
29d |
b2c160f4f3cf
f2fs: atomic: fix to forbid dio in atomic_file
|
WARNING: lock held when returning to user space in f2fs_ioc_start_atomic_write
f2fs
|
C |
done |
|
34 |
97d |
98d
|
28/28 |
29d |
b2c160f4f3cf
f2fs: atomic: fix to forbid dio in atomic_file
|
general protection fault in ovl_llseek
overlayfs
|
C |
|
|
5 |
55d |
55d
|
28/28 |
29d |
0c33037c825e
ovl: fix file leak in ovl_real_fdget_meta()
|
riscv/fixes test error: can't ssh into the instance
|
|
|
|
48 |
78d |
96d
|
28/28 |
29d |
1ff95eb2bebd
riscv: Fix RISCV_ALTERNATIVE_EARLY
|
WARNING in pppol2tp_release
net
|
|
|
|
3 |
104d |
107d
|
28/28 |
29d |
c1b2e36b8776
l2tp: flush workqueue before draining it
|
KMSAN: uninit-value in nf_reject_ip6_tcphdr_put
netfilter
|
C |
|
|
136 |
55d |
68d
|
28/28 |
29d |
9c778fe48d20
UPSTREAM: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
|
WARNING in remove_proc_entry (6)
can
|
C |
done |
|
377 |
48d |
77d
|
28/28 |
29d |
94b0818fa635
can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
|
kernel BUG in btrfs_get_ordered_extents_for_logging
btrfs
|
syz |
|
|
3 |
86d |
83d
|
28/28 |
29d |
cd9253c23aed
btrfs: fix race between direct IO write and fsync when using same fd
|
kernel BUG in clear_inode
btrfs
|
C |
|
|
12 |
32d |
173d
|
28/28 |
29d |
88b1afbf0f6b
vfs: fix race between evice_inodes() and find_inode()&iput()
|
general protection fault in nilfs_btree_insert (2)
nilfs
|
C |
inconclusive |
|
1 |
70d |
80d
|
28/28 |
29d |
9403001ad65a
nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
|
general protection fault in bch2_fs_recovery
bcachefs
|
C |
|
|
10 |
53d |
71d
|
28/28 |
29d |
025c55a4c7f1
bcachefs: return err ptr instead of null in read sb clean
|
memory leak in clear_state_bit
btrfs
|
C |
|
|
3 |
352d |
363d
|
28/28 |
29d |
c346c629765a
btrfs: qgroup: don't use extent changeset when not needed
|
WARNING in rcu_sync_dtor
f2fs
|
C |
done |
|
749 |
54d |
117d
|
28/28 |
29d |
930c6ab93492
f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error()
|
KASAN: null-ptr-deref Write in jbd2_journal_update_sb_log_tail
ext4
|
C |
|
|
4 |
56d |
93d
|
28/28 |
29d |
5784d9fcfd43
ocfs2: fix null-ptr-deref when journal load failed.
|
KASAN: slab-use-after-free Read in __uprobe_unregister
perf
trace
|
C |
|
|
9 |
64d |
102d
|
28/28 |
29d |
5fe6e308abae
bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
|
KASAN: use-after-free Read in ext4_search_dir (2)
ext4
|
C |
|
|
5 |
70d |
93d
|
28/28 |
29d |
c6b72f5d82b1
ext4: avoid OOB when system.data xattr changes underneath the filesystem
|
WARNING: refcount bug in ethnl_phy_done
net
|
C |
done |
|
4 |
71d |
70d
|
28/28 |
29d |
1ad84a151af7
net: ethtool: phy: Don't set the context dev pointer for unfiltered DUMP
|
WARNING: bad unlock balance in ocfs2_read_blocks
ocfs2
|
C |
|
|
240 |
62d |
94d
|
28/28 |
29d |
c03a82b4a0c9
ocfs2: remove unreasonable unlock in ocfs2_read_blocks
|
kernel BUG in f2fs_evict_inode (3)
f2fs
|
C |
error |
|
33 |
47d |
94d
|
28/28 |
29d |
884ee6dc85b9
f2fs: get rid of online repaire on corrupted directory
|
kernel BUG in trace_dma_unmap_sg
iommu
|
C |
|
|
5 |
54d |
56d
|
28/28 |
29d |
bfc4a245a794
dma-mapping: fix DMA API tracing for chained scatterlists
|
INFO: rcu detected stall in schedule_timeout (6)
usb
|
C |
done |
|
40 |
31d |
188d
|
28/28 |
29d |
9313d139aa25
usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
|
general protection fault in is_page_fault_stale
kvm
|
|
|
|
3 |
97d |
121d
|
28/28 |
29d |
28cec7f08b8b
KVM: x86/mmu: Check that root is valid/loaded when pre-faulting SPTEs
|
general protection fault in __smc_diag_dump (2)
net
s390
|
|
|
|
14 |
30d |
84d
|
28/28 |
29d |
98d4435efcbf
net/smc: prevent NULL pointer dereference in txopt_get
|
divide error in ext4_mb_regular_allocator
ext4
|
C |
done |
|
2 |
89d |
99d
|
28/28 |
29d |
ee85e0938aa8
ext4: check stripe size compatibility on remount as well
|
linux-next test error: WARNING in rcu_core
net
virt
|
|
|
|
16 |
103d |
110d
|
28/28 |
29d |
b8c8ba73c68b
slub: Introduce CONFIG_SLUB_RCU_DEBUG
|
WARNING in __rate_control_send_low (2)
wireless
|
C |
done |
|
3233 |
29d |
181d
|
28/28 |
29d |
e7a7ef9a0742
wifi: mac80211: don't use rate mask for offchannel TX either
|
WARNING in l2tp_udp_encap_destroy
net
|
|
|
|
3 |
103d |
102d
|
28/28 |
29d |
c1b2e36b8776
l2tp: flush workqueue before draining it
|
kernel BUG in __sock_sendmsg
net
|
C |
|
|
111 |
79d |
95d
|
28/28 |
29d |
fe1910f9337b
tcp_bpf: fix return value of tcp_bpf_sendmsg()
|
kernel BUG in vfs_get_tree
bcachefs
|
C |
done |
|
318 |
47d |
91d
|
28/28 |
29d |
b29c30ab48e0
bcachefs: Fix incorrect IS_ERR_OR_NULL usage
|
general protection fault in ata_msense_control
ide
|
C |
|
|
13 |
54d |
61d
|
28/28 |
29d |
03a9cfc1314b
ata: libata-scsi: Fix ata_msense_control_spgt2()
|
KASAN: slab-use-after-free Read in __timer_delete_sync
mptcp
|
syz |
error |
|
1 |
81d |
78d
|
28/28 |
29d |
b4cd80b03389
mptcp: pm: Fix uaf in __timer_delete_sync
|
UBSAN: array-index-out-of-bounds in dbSplit
jfs
|
C |
inconclusive |
|
31 |
70d |
118d
|
28/28 |
29d |
d64ff0d23067
jfs: check if leafidx greater than num leaves per dmap tree
|
UBSAN: shift-out-of-bounds in dbFindBits
jfs
|
C |
error |
|
53 |
32d |
135d
|
28/28 |
29d |
b0b2fc815e51
jfs: UBSAN: shift-out-of-bounds in dbFindBits
|
KMSAN: uninit-value in lzo1x_1_do_compress (3)
mm
|
|
|
|
1 |
87d |
83d
|
28/28 |
29d |
2b59ffad47db
jfs: Fix uninit-value access of new_ea in ea_buffer
|
KASAN: use-after-free Read in rtw_load_firmware_cb
usb
wireless
|
C |
|
|
848 |
55d |
118d
|
28/28 |
29d |
0e735a4c6137
wifi: rtw88: always wait for both firmware loading attempts
|
INFO: rcu detected stall in aoecmd_cfg (2)
usb
block
|
C |
done |
|
7 |
83d |
196d
|
28/28 |
29d |
9313d139aa25
usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
|
KCSAN: data-race in next_expiry_recalc / update_process_times (2)
kernel
|
|
|
|
2 |
84d |
99d
|
28/28 |
29d |
79f8b28e85f8
timers: Annotate possible non critical data race of next_expiry
|
KMSAN: uninit-value in bch2_bkey_cmp_packed_inlined
bcachefs
|
C |
|
|
7 |
52d |
72d
|
28/28 |
29d |
0696a18a8cc3
bcachefs: memset bounce buffer portion to 0 after key_sort_fix_overlapping
|
WARNING in mptcp_pm_nl_set_flags
mptcp
|
syz |
done |
|
3 |
86d |
86d
|
28/28 |
29d |
9366922adc6a
mptcp: pm: fix ID 0 endp usage after multiple re-creations
|
INFO: rcu detected stall in do_vmi_munmap (2)
mm
|
|
|
|
40 |
77d |
93d
|
28/28 |
29d |
f806de88d8f7
maple_tree: remove rcu_read_lock() from mt_validate()
|
INFO: task hung in z_erofs_runqueue
erofs
|
C |
|
|
379 |
47d |
117d
|
28/28 |
29d |
9e2f9d34dd12
erofs: handle overlapped pclusters out of crafted images properly
|
WARNING in handle_std_frame
net
|
|
|
|
3 |
75d |
78d
|
28/28 |
29d |
430d67bdcb04
net: hsr: Use the seqnr lock for frames received via interlink port.
|
KASAN: slab-use-after-free Read in hugetlb_fault (2)
mm
|
|
|
|
2 |
69d |
73d
|
28/28 |
29d |
98b74bb4d7e9
mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway
2a058ab3286d
mm: change vmf_anon_prepare() to __vmf_anon_prepare()
|
possible deadlock in ocfs2_get_system_file_inode
ocfs2
|
C |
done |
|
14785 |
47d |
97d
|
28/28 |
29d |
7bf1823e010e
ocfs2: fix deadlock in ocfs2_get_system_file_inode
|
WARNING: ODEBUG bug in ocfs2_local_read_info
ocfs2
|
C |
inconclusive |
|
7 |
47d |
79d
|
28/28 |
29d |
35fccce29feb
ocfs2: cancel dqi_sync_work before freeing oinfo
|
UBSAN: array-index-out-of-bounds in cake_enqueue
net
|
|
|
|
1 |
94d |
93d
|
28/28 |
29d |
546ea84d07e3
sched: sch_cake: fix bulk flow accounting logic for host fairness
|
KASAN: slab-use-after-free Read in dbFreeBits
jfs
|
C |
done |
|
6 |
66d |
96d
|
28/28 |
29d |
d6c1b3599b2f
jfs: Fix uaf in dbFreeBits
|
KMSAN: uninit-value in skb_trim (2)
wireless
|
|
|
|
5 |
72d |
102d
|
28/28 |
29d |
94745807f3eb
wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
|
KCSAN: data-race in mem_cgroup_iter / mem_cgroup_iter
cgroups
mm
|
|
|
|
59 |
61d |
82d
|
28/28 |
29d |
ec0db74b4b1f
mm: restart if multiple traversals raced
|
WARNING in __dev_queue_xmit (4)
net
|
C |
|
|
387 |
31d |
77d
|
28/28 |
29d |
9d301de12da6
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
|
BUG: corrupted list in gfs2_fill_super
gfs2
|
C |
done |
|
8527 |
56d |
172d
|
28/28 |
29d |
6cb9df81a2c4
gfs2: fix double destroy_workqueue error
|
WARNING in hsr_fill_frame_info
net
|
C |
error |
|
80 |
54d |
83d
|
28/28 |
29d |
430d67bdcb04
net: hsr: Use the seqnr lock for frames received via interlink port.
|
KMSAN: uninit-value in ocfs2_get_block
ocfs2
|
C |
|
|
5 |
60d |
57d
|
28/28 |
29d |
2af148ef8549
ocfs2: fix uninit-value in ocfs2_get_block()
|
memory leak in corrupted (2)
mm
exfat
|
syz |
|
|
432 |
67d |
233d
|
28/28 |
29d |
c290fe508eee
exfat: resolve memory leak from exfat_create_upcase_table()
|
general protection fault in hook_inode_free_security
lsm
|
|
|
|
12 |
129d |
196d
|
28/28 |
29d |
63dff3e48871
lsm: add the inode_free_security_rcu() LSM implementation hook
|
KMSAN: kernel-infoleak in raw_ioctl (2)
usb
|
C |
|
|
18201 |
54d |
120d
|
28/28 |
29d |
9313d139aa25
usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
|
WARNING in vmx_handle_exit
kvm
|
C |
error |
|
5 |
59d |
232d
|
28/28 |
29d |
3f6821aa147b
KVM: x86: Forcibly leave nested if RSM to L2 hits shutdown
|
WARNING in fscrypt_fname_siphash
ext4
fscrypt
|
C |
unreliable |
|
32 |
81d |
175d
|
28/28 |
29d |
985b67cd8639
ext4: filesystems without casefold feature cannot be mounted with siphash
|
kernel BUG in new_curseg
f2fs
|
C |
|
|
8 |
60d |
72d
|
28/28 |
29d |
65a6ce4726c2
f2fs: fix to don't panic system for no free segment fault injection
|
BUG: unable to handle kernel NULL pointer dereference in fbcon_putcs (3)
fbdev
btrfs
|
C |
|
|
4 |
59d |
71d
|
28/28 |
29d |
5b97eebcce1b
fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
|
general protection fault in hsr_proxy_announce
net
|
|
|
|
2 |
77d |
75d
|
28/28 |
29d |
a7789fd4caaf
net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()
|
general protection fault in smack_log_callback
audit
|
C |
done |
|
12 |
57d |
62d
|
28/28 |
29d |
8a23c9e1ba46
selinux,smack: properly reference the LSM blob in security_watch_key()
|
WARNING in sock_map_close (2)
bpf
net
|
C |
done |
|
3 |
90d |
90d
|
28/28 |
29d |
1461f5a3d810
l2tp: avoid overriding sk->sk_user_data
|
WARNING in bond_xdp_get_xmit_slave (2)
net
|
|
|
|
124 |
63d |
163d
|
28/28 |
29d |
0cbfd45fbcf0
bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
|
KCSAN: data-race in inode_doinit_with_dentry / selinux_file_open
selinux
|
|
|
|
1 |
89d |
89d
|
28/28 |
29d |
2571bb9d553b
selinux: annotate false positive data race to avoid KCSAN warnings
|
KASAN: null-ptr-deref Write in f2fs_stop_gc_thread
f2fs
|
C |
done |
|
5 |
72d |
119d
|
28/28 |
29d |
c7f114d864ac
f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
|
KMSAN: kernel-usb-infoleak in usbtmc_write
usb
|
C |
|
|
167 |
54d |
118d
|
28/28 |
29d |
625fa77151f0
USB: usbtmc: prevent kernel-usb-infoleak
|
INFO: task hung in uevent_show
usb
|
C |
done |
|
9704 |
100d |
161d
|
28/28 |
29d |
9313d139aa25
usb: gadget: dummy_hcd: execute hrtimer callback in softirq context
|
WARNING: suspicious RCU usage in bch2_snapshot_tree_oldest_subvol
bcachefs
|
C |
|
|
21 |
53d |
64d
|
28/28 |
29d |
39c3aad43f6f
bcachefs: Hold read lock in bch2_snapshot_tree_oldest_subvol()
|
general protection fault in __copy_super
bcachefs
|
C |
done |
|
5 |
58d |
60d
|
28/28 |
29d |
40d40c6bea19
bcachefs: assign return error when iterating through layout
|
KASAN: slab-use-after-free Read in unix_stream_read_actor (2)
net
|
C |
inconclusive |
|
4 |
82d |
77d
|
28/28 |
29d |
5aa57d9f2d53
af_unix: Don't return OOB skb in manage_oob().
|
KASAN: slab-use-after-free Read in lockref_get_not_dead (2)
fs
|
syz |
error |
|
1 |
79d |
75d
|
28/28 |
29d |
4e32c25b58b9
libfs: fix get_stashed_dentry()
|
INFO: rcu detected stall in sys_io_uring_enter (2)
io-uring
|
|
|
|
37 |
41d |
62d
|
28/28 |
29d |
eac2ca2d682f
io_uring: check if we need to reschedule during overflow flush
|
UBSAN: shift-out-of-bounds in ocfs2_fill_super
ocfs2
|
C |
|
|
199 |
30d |
97d
|
28/28 |
29d |
7f86b2942791
ocfs2: fix shift-out-of-bounds UBSAN bug in ocfs2_verify_volume()
|
WARNING: lock held when returning to user space in ethnl_act_cable_test
net
|
C |
done |
|
43 |
85d |
86d
|
28/28 |
29d |
3d6a0c4f4552
net: fix unreleased lock in cable test
|
BUG: unable to handle kernel paging request in bpf_prog_ADDR (3)
bpf
net
|
C |
done |
|
6 |
131d |
130d
|
28/28 |
29d |
92de36080c93
bpf: Fail verification for sign-extension of packet data/data_end/data_meta
|
WARNING in iopt_map_pages
iommu
|
C |
error |
|
3 |
84d |
164d
|
28/28 |
29d |
8f6887349b2f
iommufd: Protect against overflow of ALIGN() during iova allocation
|
KASAN: slab-use-after-free Read in btrfs_cleanup_defrag_inodes
btrfs
|
C |
|
|
266 |
59d |
65d
|
28/28 |
29d |
7f1b63f981b8
btrfs: fix use-after-free on rbtree that tracks inodes for auto defrag
|
WARNING in ethnl_req_get_phydev
net
|
C |
done |
|
73 |
85d |
86d
|
28/28 |
29d |
cff69f72d333
ethtool: pse-pd: move pse validation into set
|
linux-next test error: general protection fault in fuse_get_req
fuse
|
|
|
|
17 |
58d |
69d
|
28/28 |
29d |
3988a60d3aaa
fs/fuse: fix null-ptr-deref when checking SB_I_NOIDMAP flag
|
possible deadlock in hfsplus_file_extend
hfs
|
C |
error |
done |
31659 |
37d |
725d
|
28/28 |
30d |
be4edd1642ee
hfsplus: fix to avoid false alarm of circular locking
|
WARNING: ODEBUG bug in ext4_fill_super (4)
ext4
|
C |
|
|
6 |
60d |
154d
|
28/28 |
30d |
0ce160c5bdb6
ext4: fix timer use-after-free on failed mount
|
WARNING in ext4_fileattr_get
ext4
|
|
|
|
120 |
141d |
155d
|
28/28 |
30d |
be27cd64461c
ext4: use memtostr_pad() for s_volume_name
|
WARNING in input_mt_init_slots
input
|
C |
inconclusive |
|
14301 |
100d |
1410d
|
28/28 |
30d |
99d3bf5f7377
Input: MT - limit max slots
206f533a0a7c
Input: uinput - reject requests with unreasonable number of slots
|
INFO: rcu detected stall in neigh_timer_handler (8)
net
|
C |
done |
done |
72 |
101d |
161d
|
28/28 |
30d |
22f008128625
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
|
INFO: rcu detected stall in __mod_timer (5)
usb
|
C |
error |
done |
10 |
107d |
171d
|
28/28 |
30d |
22f008128625
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
|
KASAN: slab-use-after-free Read in ip6_send_skb
netfilter
|
|
|
|
1 |
95d |
95d
|
28/28 |
42d |
faa389b2fbaa
ipv6: prevent UAF in ip6_send_skb()
|
KMSAN: uninit-value in gtp_dev_xmit
net
|
|
|
|
3 |
113d |
113d
|
28/28 |
42d |
3a3be7ff9224
gtp: pull network headers in gtp_dev_xmit()
|
possible deadlock in touch_wq_lockdep_map
usb
|
C |
|
|
1208 |
53d |
249d
|
28/28 |
48d |
ccbde4b128ef
char: xillybus: Don't destroy workqueue from work item running on it
|
kernel BUG in bch2_lru_change (2)
bcachefs
|
C |
|
|
2 |
97d |
96d
|
28/28 |
48d |
9482f3b05332
bcachefs: avoid overflowing LRU_TIME_BITS for cached data lru
|
WARNING in bch2_fs_journal_stop
bcachefs
|
C |
done |
|
1463 |
95d |
127d
|
28/28 |
48d |
7f2de6947f92
bcachefs: Fix warning in bch2_fs_journal_stop()
|
BUG: workqueue leaked atomic, lock or RCU: kworker/u33:NUM[NUM]
bluetooth
|
C |
|
|
13 |
104d |
117d
|
28/28 |
48d |
c531e63871c0
Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
|
general protection fault in reuseport_add_sock (3)
net
|
C |
done |
|
3 |
115d |
114d
|
28/28 |
48d |
9ab0faa7f9ff
sctp: Fix null-ptr-deref in reuseport_add_sock().
|
KMSAN: uninit-value in line6_midibuf_read
usb
sound
|
C |
|
|
357 |
57d |
120d
|
28/28 |
48d |
15b7a03205b3
ALSA: line6: Fix racy access to midibuf
|
kernel BUG in bch2_journal_replay
bcachefs
|
C |
done |
|
3 |
91d |
163d
|
28/28 |
48d |
cab18be6957b
bcachefs: Fix replay_now_at() assert
|
WARNING in bch2_write_super
bcachefs
|
|
|
|
3 |
95d |
92d
|
28/28 |
48d |
6575b8c9877c
bcachefs: Fix locking in bch2_ioc_setlabel()
|
BUG: stack guard page was hit in vsock_bpf_recvmsg
net
virt
|
C |
done |
|
6 |
103d |
103d
|
28/28 |
48d |
69139d2919dd
vsock: fix recursive ->recvmsg calls
|
general protection fault in z_erofs_gbuf_growsize
erofs
|
|
|
|
1 |
97d |
92d
|
28/28 |
48d |
0005e01e1e87
erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails
|
KMSAN: uninit-value in bch2_alloc_v4_validate
bcachefs
|
C |
|
|
5 |
92d |
90d
|
28/28 |
48d |
8ed823b19214
bcachefs: Fix compat issue with old alloc_v4 keys
|
KMSAN: uninit-value in pick_link
squashfs
|
C |
|
|
9 |
108d |
112d
|
28/28 |
48d |
810ee43d9cd2
Squashfs: sanity check symbolic link size
|
KMSAN: uninit-value in nf_flow_offload_inet_hook
netfilter
|
|
|
|
4 |
94d |
103d
|
28/28 |
48d |
6ea14ccb60c8
netfilter: flowtable: validate vlan header
|
KASAN: slab-use-after-free Read in br_multicast_port_group_expired
bridge
|
|
|
|
1 |
147d |
146d
|
28/28 |
48d |
92c4ee25208d
net: bridge: mcast: wait for previous gc cycles when removing port
|
WARNING in kvm_recalculate_apic_map
kvm
|
C |
done |
|
23 |
99d |
135d
|
28/28 |
48d |
4b7c3f6d04bd
KVM: x86: Make x2APIC ID 100% readonly
|
KASAN: slab-use-after-free Read in percpu_ref_put
block
|
|
|
|
18 |
50d |
120d
|
28/28 |
48d |
0b50b7313ef2
bcachefs: Fix refcounting in discard path
|
KCSAN: data-race in __flush_work / __flush_work (2)
kernel
|
|
|
|
6 |
94d |
107d
|
28/28 |
48d |
8bc35475ef1a
workqueue: Fix spruious data race in __flush_work()
|
BUG: unable to handle kernel paging request in net_generic
net
|
|
|
|
1 |
123d |
118d
|
28/28 |
48d |
86a41ea9fd79
l2tp: fix lockdep splat
|
WARNING: refcount bug in inet_twsk_kill
net
|
|
|
|
5 |
102d |
102d
|
28/28 |
48d |
565d121b6998
tcp: prevent concurrent execution of tcp_sk_exit_batch
|
WARNING in try_queue_bulk_in/usb_submit_urb
kernel
|
|
|
|
1 |
104d |
100d
|
28/28 |
48d |
2374bf7558de
char: xillybus: Check USB endpoints when probing device
|
WARNING in __bch2_fsck_err
bcachefs
|
C |
|
|
200 |
50d |
96d
|
28/28 |
48d |
075cabf324c3
bcachefs: Fix forgetting to pass trans to fsck_err()
|
possible deadlock in __kernfs_remove
kernfs
|
C |
|
|
438 |
106d |
149d
|
28/28 |
48d |
15fffc6a5624
driver core: Fix uevent_show() vs driver detach race
|
KASAN: slab-use-after-free Read in kcm_release
net
|
C |
|
|
2 |
157d |
197d
|
28/28 |
48d |
807067bf014d
kcm: Serialise kcm_sendmsg() for the same socket.
|
KCSAN: data-race in io_sq_thread / io_sq_thread_park (9)
io-uring
|
|
|
|
1 |
104d |
99d
|
28/28 |
48d |
e4956dc7a84d
io_uring/sqpoll: annotate debug task == current with data_race()
|
KASAN: slab-out-of-bounds Write in bch2_dev_journal_init
bcachefs
|
C |
|
|
2 |
94d |
94d
|
28/28 |
48d |
bdbdd4759f08
bcachefs: Fix missing validation in bch2_sb_journal_v2_validate()
|
kernel BUG in binder_inc_ref_for_node
kernel
|
C |
error |
|
16721 |
101d |
130d
|
28/28 |
48d |
11512c197d38
binder: fix descriptor lookup for context manager
|
WARNING in tcp_sk_exit_batch
net
|
|
|
|
3 |
98d |
136d
|
28/28 |
48d |
565d121b6998
tcp: prevent concurrent execution of tcp_sk_exit_batch
|
WARNING in skb_warn_bad_offload (5)
net
|
C |
done |
|
18 |
94d |
128d
|
28/28 |
48d |
30b03f2a0592
udp: Fall back to software USO if IPv6 extension headers are present
|
KASAN: slab-out-of-bounds Read in cougar_report_fixup
input
usb
|
C |
|
|
31 |
79d |
113d
|
28/28 |
48d |
a6e9c391d45b
HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
|
WARNING: bad unlock balance in btrfs_direct_write
btrfs
|
C |
done |
|
235 |
105d |
110d
|
28/28 |
48d |
e0391e92f9ab
btrfs: fix double inode unlock for direct IO sync writes
|
WARNING in discard_new_inode
bcachefs
|
C |
|
|
3 |
96d |
96d
|
28/28 |
48d |
99c87fe0f584
bcachefs: fix incorrect i_state usage
|
KASAN: slab-use-after-free Read in htab_map_alloc (2)
bpf
|
|
|
|
224 |
194d |
200d
|
27/28 |
69d |
86735b57c905
net/sched: unregister lockdep keys in qdisc_create/qdisc_alloc error path
|
kernel BUG in bch2_sort_keys
bcachefs
|
C |
error |
|
3 |
175d |
199d
|
27/28 |
76d |
5dfd3746b6c4
bcachefs: Fix needs_whiteout BUG_ON() in bkey_sort()
|
WARNING in __virt_to_phys (5)
bcachefs
|
|
|
|
4 |
99d |
95d
|
27/28 |
83d |
9bd01500e4d8
bcachefs: Fix freeing of error pointers
|
possible deadlock in bch2_btree_roots_to_journal_entries
bcachefs
|
C |
done |
|
29 |
136d |
170d
|
27/28 |
83d |
1841027c7de4
bcachefs: bch2_gc_btree() should not use btree_root_lock
|
possible deadlock in bch2_gc_mark_key
bcachefs
|
C |
done |
|
86 |
100d |
177d
|
27/28 |
83d |
1841027c7de4
bcachefs: bch2_gc_btree() should not use btree_root_lock
|
possible deadlock in __mmap_lock_do_trace_start_locking
mm
|
C |
done |
done |
30 |
115d |
209d
|
27/28 |
84d |
7d6be67cfdd4
mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
|
BUG: unable to handle kernel paging request in list_lru_add
mm
|
C |
done |
done |
11367 |
131d |
443d
|
27/28 |
84d |
aacd897d4d75
Revert "bcachefs: Mark bch_inode_info as SLAB_ACCOUNT"
|
WARNING in __replicas_deltas_realloc
bcachefs
|
C |
|
|
9 |
103d |
126d
|
27/28 |
85d |
1d16c605cc55
bcachefs: Disk space accounting rewrite
|
kernel BUG in bch2_bucket_alloc_freelist
bcachefs
|
|
|
|
1 |
154d |
150d
|
27/28 |
85d |
44ec5990357b
bcachefs: Don't use the new_fs() bucket alloc path on an initialized fs
|
kernel BUG in bch2_fs_journal_stop
bcachefs
|
C |
done |
|
4370 |
99d |
191d
|
27/28 |
85d |
600b8be5e747
bcachefs: Change bch2_fs_journal_stop() BUG_ON() to warning
|
kernel BUG in __replicas_entry_idx
bcachefs
|
C |
done |
unreliable |
3 |
181d |
184d
|
27/28 |
86d |
8bb8d683a401
bcachefs: Delete journal-buf-sharded old style accounting
|
WARNING in bch2_fs_usage_read_one
bcachefs
|
C |
done |
|
18 |
197d |
197d
|
27/28 |
86d |
8bb8d683a401
bcachefs: Delete journal-buf-sharded old style accounting
|
kernel BUG in bch2_fs_release (2)
bcachefs
|
|
|
|
1 |
150d |
146d
|
27/28 |
86d |
759b2e800f16
bcachefs: Switch online_reserved shutdown assert to WARN()
|
WARNING: refcount bug in get_taint
net
|
|
|
|
2 |
86d |
112d
|
27/28 |
86d |
2fe5273f149c
net/smc: prevent UAF in inet_create()
|
WARNING: refcount bug in sk_common_release
net
|
C |
|
|
9 |
111d |
126d
|
27/28 |
86d |
2fe5273f149c
net/smc: prevent UAF in inet_create()
|
WARNING: refcount bug in inet_create
net
|
C |
done |
|
10 |
113d |
140d
|
27/28 |
86d |
2fe5273f149c
net/smc: prevent UAF in inet_create()
|
kernel panic: not locked: inodes NUM:NUM:NUM cached
bcachefs
|
C |
|
|
2 |
169d |
180d
|
27/28 |
86d |
385f0c05d670
bcachefs: kill key cache arg to bch2_assert_pos_locked()
|
BUG: MAX_LOCK_DEPTH too low! (4)
bcachefs
|
C |
error |
|
1364 |
100d |
196d
|
27/28 |
87d |
375476c41405
bcachefs: Add lockdep support for btree node locks
|
WARNING in bch2_fs_ioctl
bcachefs
|
C |
done |
|
36 |
100d |
162d
|
27/28 |
90d |
d293ece10810
bcachefs: Fix shutdown ordering
|
KASAN: global-out-of-bounds Read in srcu_gp_start_if_needed
bcachefs
|
|
|
|
1 |
182d |
177d
|
27/28 |
90d |
d293ece10810
bcachefs: Fix shutdown ordering
|
kernel panic: bch_dev->ref underflow, last put: bch2_get_next_dev
bcachefs
|
C |
done |
|
21 |
180d |
190d
|
27/28 |
90d |
9667214b30ef
bcachefs: Fix ref in trans_mark_dev_sbs() error path
|
KASAN: wild-memory-access Read in __timer_delete_sync
bcachefs
|
|
|
|
5 |
111d |
177d
|
27/28 |
90d |
d293ece10810
bcachefs: Fix shutdown ordering
|
kernel BUG in btrfs_folio_end_all_writers
btrfs
|
C |
done |
|
102 |
109d |
121d
|
27/28 |
90d |
478574370bef
btrfs: make cow_file_range_inline() honor locked_page on error
|
KMSAN: uninit-value in profile_hits (3)
kernel
|
C |
|
|
1529 |
116d |
330d
|
27/28 |
90d |
7c51f7bbf057
profiling: remove prof_cpu_mask
|
KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
bpf
net
|
C |
done |
|
127 |
110d |
131d
|
27/28 |
90d |
9da49aa80d68
tun: Add missing bpf_net_ctx_clear() in do_xdp_generic()
|
KMSAN: uninit-value in io_req_task_work_add_remote
io-uring
|
C |
|
|
10 |
118d |
119d
|
27/28 |
90d |
0db4618e8fab
io_uring/msg_ring: fix uninitialized use of target_req->flags
|
general protection fault in __dev_flush
net
bpf
|
C |
|
|
35 |
111d |
125d
|
27/28 |
90d |
9da49aa80d68
tun: Add missing bpf_net_ctx_clear() in do_xdp_generic()
|
KMSAN: uninit-value in cfg80211_inform_bss_frame_data
wireless
|
|
|
|
6 |
112d |
119d
|
27/28 |
90d |
6873cc441607
wifi: cfg80211: correct S1G beacon length calculation
|
KMSAN: uninit-value in tcf_ct_flow_table_get
net
|
C |
|
|
603 |
111d |
118d
|
27/28 |
90d |
2191a54f6322
sched: act_ct: take care of padding in struct zones_ht_key
|
general protection fault in bq_flush_to_queue
bpf
net
|
|
|
|
22 |
111d |
120d
|
27/28 |
90d |
9da49aa80d68
tun: Add missing bpf_net_ctx_clear() in do_xdp_generic()
|
KASAN: slab-use-after-free Read in bq_xmit_all
bpf
net
|
C |
done |
|
29 |
111d |
125d
|
27/28 |
90d |
9da49aa80d68
tun: Add missing bpf_net_ctx_clear() in do_xdp_generic()
|
kernel BUG in nilfs_btnode_create_block (2)
nilfs
|
|
|
|
1 |
162d |
158d
|
27/28 |
90d |
4811f7af6090
nilfs2: handle inconsistent state in nilfs_btnode_create_block()
|
general protection fault in __xsk_map_flush
bpf
net
|
C |
done |
|
26 |
111d |
128d
|
27/28 |
90d |
9da49aa80d68
tun: Add missing bpf_net_ctx_clear() in do_xdp_generic()
|
general protection fault in __cpu_map_flush
bpf
net
|
C |
inconclusive |
|
25 |
111d |
125d
|
27/28 |
90d |
9da49aa80d68
tun: Add missing bpf_net_ctx_clear() in do_xdp_generic()
|
kernel BUG in ext4_write_inline_data
ext4
|
C |
error |
|
36 |
129d |
615d
|
27/28 |
91d |
5c099c4fdc43
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
|
kernel BUG in f2fs_vm_page_mkwrite
f2fs
|
C |
error |
done |
12 |
140d |
167d
|
27/28 |
91d |
a8eb3de28e7a
f2fs: fix return value of f2fs_convert_inline_inode()
|
possible deadlock in __mmap_lock_do_trace_released
mm
|
C |
done |
done |
5 |
124d |
141d
|
27/28 |
93d |
7d6be67cfdd4
mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
|
WARNING in __hci_cmd_sync_sk
bluetooth
|
syz |
|
|
36 |
119d |
134d
|
27/28 |
95d |
f1a8f402f13f
Bluetooth: L2CAP: Fix deadlock
|
WARNING in __btrfs_free_extent (2)
btrfs
|
C |
done |
|
118 |
99d |
150d
|
27/28 |
96d |
a776bf5f3c23
btrfs: slightly loosen the requirement for qgroup removal
|
divide error in tcp_rcv_space_adjust (3)
net
|
C |
done |
|
3 |
203d |
204d
|
27/28 |
98d |
94062790aedb
UPSTREAM: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
|
KASAN: slab-use-after-free Read in lru_add_fn
nilfs
mm
|
C |
inconclusive |
|
68 |
147d |
196d
|
27/28 |
98d |
49ae997f8f0d
nilfs2: add missing check for inode numbers on directory entries
nilfs2: add missing check for inode numbers on directory entries
|
BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! (5)
btrfs
|
C |
|
|
931 |
99d |
129d
|
27/28 |
98d |
375476c41405
bcachefs: Add lockdep support for btree node locks
|
upstream test error: KMSAN: uninit-value in receive_buf
net
virt
|
|
|
|
351 |
124d |
179d
|
27/28 |
98d |
840b2d39a2dc
virtio_ring: fix KMSAN error for premapped mode
|
WARNING in __skb_flow_dissect (6)
net
|
|
|
|
1 |
198d |
198d
|
27/28 |
98d |
b975d3ee5962
net: add and use skb_get_hash_net
|
BUG: corrupted list in __folio_undo_large_rmappable
mm
|
C |
error |
|
36 |
133d |
133d
|
27/28 |
99d |
f708f6970cc9
mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio
|
KMSAN: uninit-value in zswap_store
mm
|
|
|
|
2 |
107d |
165d
|
27/28 |
99d |
65121eff3e4c
ext4: avoid writing unitialized memory to disk in EA inodes
|
KMSAN: uninit-value in hfs_revalidate_dentry
hfs
|
C |
|
|
11669 |
159d |
726d
|
27/28 |
99d |
26a2ed107929
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
|
general protection fault in xdp_do_generic_redirect
net
bpf
|
|
|
|
8 |
134d |
139d
|
27/28 |
99d |
fecef4cd42c6
tun: Assign missing bpf_net_context.
|
possible deadlock in udf_setsize
udf
|
|
|
|
23 |
165d |
187d
|
27/28 |
99d |
8832fc1e5026
udf: Fix lock ordering in udf_evict_inode()
|
WARNING: suspicious RCU usage in bch2_bucket_ref_update
bcachefs
|
C |
done |
|
5 |
135d |
134d
|
27/28 |
99d |
6f692b1672bd
bcachefs: Fix RCU splat
|
inconsistent lock state in valid_state (3)
mm
|
C |
error |
|
376 |
110d |
159d
|
27/28 |
99d |
7d6be67cfdd4
mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
|
kernel BUG in f2fs_evict_inode (2)
f2fs
|
C |
error |
|
575 |
99d |
378d
|
27/28 |
99d |
192b8fb8d1c8
f2fs: fix to don't dirty inode for readonly filesystem
|
general protection fault in dev_map_redirect
bpf
net
|
C |
|
|
362 |
134d |
142d
|
27/28 |
99d |
fecef4cd42c6
tun: Assign missing bpf_net_context.
|
stack segment fault in dev_hash_map_redirect
bpf
net
|
C |
done |
|
29 |
134d |
142d
|
27/28 |
99d |
fecef4cd42c6
tun: Assign missing bpf_net_context.
|
general protection fault in dtInsertEntry
jfs
|
C |
inconclusive |
|
501 |
100d |
226d
|
27/28 |
99d |
ce6dede912f0
jfs: fix null ptr deref in dtInsertEntry
|
BUG: sleeping function called from invalid context in cgroup_rstat_flush
cgroups
|
|
|
|
6 |
134d |
146d
|
27/28 |
99d |
5a4d8944d6b1
cachestat: do not flush stats in recency check
|
WARNING in __fortify_report
ext4
|
C |
|
|
251 |
148d |
182d
|
27/28 |
99d |
be27cd64461c
ext4: use memtostr_pad() for s_volume_name
|
UBSAN: array-index-out-of-bounds in diFree
jfs
|
C |
inconclusive |
|
226 |
100d |
211d
|
27/28 |
99d |
f73f969b2eb3
jfs: Fix array-index-out-of-bounds in diFree
|
WARNING in _ieee80211_change_chanctx
wireless
|
|
|
|
7 |
128d |
205d
|
27/28 |
99d |
23daf1b4c91d
wifi: nl80211: disallow setting special AP channel widths
|
WARNING in __ip6_make_skb (2)
net
|
C |
done |
|
104 |
163d |
177d
|
27/28 |
99d |
73451e9aaa24
net: validate SO_TXTIME clockid coming from userspace
|
general protection fault in xdp_do_redirect
bpf
net
|
|
|
|
15 |
135d |
142d
|
27/28 |
99d |
fecef4cd42c6
tun: Assign missing bpf_net_context.
|
KMSAN: uninit-value in ext4_inlinedir_to_tree
ext4
|
C |
|
|
267 |
159d |
205d
|
27/28 |
99d |
8dc9c3da79c8
ext4: fix uninitialized variable in ext4_inlinedir_to_tree
|
KASAN: slab-use-after-free Read in l2tp_tunnel_del_work
net
|
C |
done |
|
99 |
134d |
148d
|
27/28 |
99d |
f8ad00f3fb2a
l2tp: fix possible UAF when cleaning up tunnels
|
kernel BUG in bch2_bucket_alloc_trans
bcachefs
|
|
|
|
18 |
124d |
154d
|
27/28 |
99d |
44ec5990357b
bcachefs: Don't use the new_fs() bucket alloc path on an initialized fs
|
BUG: unable to handle kernel paging request in do_split
ext4
|
C |
inconclusive |
|
17 |
131d |
144d
|
27/28 |
99d |
50ea741def58
ext4: check dot and dotdot of dx_root before making dir indexed
f9ca51596bbf
ext4: make sure the first directory block is not a hole
|
WARNING in __cfg80211_connect_result (2)
wireless
|
C |
error |
|
232 |
112d |
177d
|
27/28 |
99d |
b5d14b0c6716
wifi: virt_wifi: avoid reporting connection success with wrong SSID
|
KASAN: slab-use-after-free Read in sanity_check_extent_cache
f2fs
|
C |
done |
|
5 |
162d |
205d
|
27/28 |
99d |
d7409b05a64f
f2fs: fix to cover read extent cache access with lock
|
possible deadlock in try_to_wake_up (5)
mm
|
C |
|
|
88 |
102d |
174d
|
27/28 |
99d |
7d6be67cfdd4
mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer
|
BUG: sleeping function called from invalid context in bch2_printbuf_make_room
bcachefs
|
C |
done |
|
27 |
123d |
121d
|
27/28 |
99d |
737759fc098f
bcachefs: Fix printbuf usage while atomic
|
UBSAN: shift-out-of-bounds in dbDiscardAG
jfs
|
C |
unreliable |
|
5 |
137d |
152d
|
27/28 |
99d |
7063b80268e2
jfs: Fix shift-out-of-bounds in dbDiscardAG
|
kernel BUG in __block_write_begin_int (2)
nilfs
|
C |
inconclusive |
|
2 |
136d |
200d
|
27/28 |
99d |
a9e1ddc09ca5
nilfs2: fix kernel bug on rename operation of broken directory
|
possible deadlock in hfsplus_file_truncate
hfs
|
C |
error |
|
51400 |
99d |
725d
|
27/28 |
99d |
be4edd1642ee
hfsplus: fix to avoid false alarm of circular locking
|
UBSAN: shift-out-of-bounds in bch2_bkey_format_invalid (2)
bcachefs
|
C |
|
|
117 |
99d |
164d
|
27/28 |
99d |
a0bd30e4ea9d
bcachefs: Fix shift greater than integer size
|
KMSAN: uninit-value in ppp_async_push (3)
ppp
|
C |
|
|
4 |
183d |
139d
|
27/28 |
99d |
f2aeb7306a89
ppp: reject claimed-as-LCP but actually malformed packets
|
KCSAN: data-race in __swap_writepage / scan_swap_map_slots (2)
mm
|
|
|
|
2 |
135d |
135d
|
27/28 |
99d |
7b7aca6d7c0f
mm: ignore data-race in __swap_writepage
|
memory leak in _r8712_init_xmit_priv (2)
staging
usb
|
C |
|
|
2 |
351d |
367d
|
27/28 |
99d |
9ed3e0a0e1b1
staging: rtl8712: remove unnecessary alignment of pxmitpriv->pxmitbuf
|
KMSAN: uninit-value in hfsplus_listxattr (2)
hfs
|
C |
|
|
6 |
202d |
225d
|
27/28 |
99d |
0570730c1630
hfsplus: fix uninit-value in copy_name
|
stack segment fault in bpf_xdp_redirect
bpf
net
|
C |
|
|
181 |
134d |
142d
|
27/28 |
99d |
fecef4cd42c6
tun: Assign missing bpf_net_context.
|
general protection fault in __block_commit_write
ext4
|
C |
inconclusive |
|
7 |
142d |
289d
|
27/28 |
99d |
83f4414b8f84
ext4: sanity check for NULL pointer after ext4_force_shutdown
|
general protection fault in tomoyo_socket_bind_permission
io-uring
|
C |
|
|
4 |
130d |
130d
|
27/28 |
99d |
ad00e629145b
io_uring/net: check socket is valid in io_bind()/io_listen()
|
KMSAN: uninit-value in copy_name
hfs
|
C |
|
|
300 |
159d |
186d
|
27/28 |
99d |
0570730c1630
hfsplus: fix uninit-value in copy_name
|
kernel BUG in btrfs_free_tree_block
btrfs
|
C |
error |
|
150 |
100d |
786d
|
27/28 |
99d |
bb3868033a4c
btrfs: do not BUG_ON() when freeing tree block after error
|
KASAN: slab-use-after-free Read in add_ra_bio_pages (3)
btrfs
|
|
|
|
1 |
151d |
139d
|
27/28 |
99d |
8e7860543a94
btrfs: fix extent map use-after-free when adding pages to compressed bio
|
WARNING in __kvm_gpc_refresh (2)
kvm
|
C |
error |
|
2 |
162d |
176d
|
27/28 |
99d |
ebbdf37ce9ab
KVM: Validate hva in kvm_gpc_activate_hva() to fix __kvm_gpc_refresh() WARN
|
possible deadlock in exfat_evict_inode
exfat
|
|
|
|
2 |
149d |
186d
|
27/28 |
99d |
89fc548767a2
exfat: fix potential deadlock on __exfat_get_dentry_set
|
stack segment fault in cpu_map_redirect
net
bpf
|
C |
done |
|
11 |
135d |
134d
|
27/28 |
99d |
fecef4cd42c6
tun: Assign missing bpf_net_context.
|
KASAN: slab-use-after-free Write in l2tp_session_delete
net
|
C |
done |
|
1286 |
129d |
148d
|
27/28 |
99d |
f8ad00f3fb2a
l2tp: fix possible UAF when cleaning up tunnels
|
KMSAN: uninit-value in vsock_assign_transport (2)
net
virt
|
C |
|
|
14 |
160d |
215d
|
27/28 |
99d |
1e1fdcbdde3b
vhost/vsock: always initialize seqpacket_allow
|
WARNING in __ip_make_skb
net
|
C |
done |
|
54 |
163d |
177d
|
27/28 |
99d |
73451e9aaa24
net: validate SO_TXTIME clockid coming from userspace
|
WARNING in btusb_submit_intr_urb/usb_submit_urb
usb
bluetooth
|
C |
error |
|
2 |
137d |
148d
|
27/28 |
99d |
a368ecde8a50
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
|
possible deadlock in attr_data_get_block
ntfs3
|
C |
error |
|
3111 |
99d |
765d
|
27/28 |
99d |
d57431c6f511
fs/ntfs3: Do copy_to_user out of run_lock
|
possible deadlock in btrfs_commit_inode_delayed_inode
btrfs
|
|
|
|
8 |
153d |
167d
|
27/28 |
99d |
68a3ebd18bc8
btrfs: use delayed iput during extent map shrinking
|
general protection fault in __io_remove_buffers
io-uring
|
C |
done |
|
3 |
127d |
126d
|
27/28 |
99d |
bcc87d978b83
io_uring: fix error pbuf checking
|
UBSAN: shift-out-of-bounds in parse_audio_unit
sound
|
C |
error |
|
3 |
131d |
129d
|
27/28 |
99d |
2f38cf730cae
ALSA: usb: Fix UBSAN warning in parse_audio_unit()
|
KMSAN: uninit-value in udf_update_tag
udf
|
C |
|
|
877 |
162d |
328d
|
27/28 |
99d |
27ab33854873
udf: Fix bogus checksum computation in udf_rename()
|
general protection fault in dequeue_hugetlb_folio_nodemask (2)
mm
|
C |
done |
|
14 |
156d |
162d
|
27/28 |
99d |
09a533622842
mm/hugetlb: guard dequeue_hugetlb_folio_nodemask against NUMA_NO_NODE uses
|
WARNING: lock held when returning to user space in ns_ioctl
fs
|
C |
done |
|
147 |
114d |
126d
|
27/28 |
99d |
280e36f0d5b9
nsfs: use cleanup guard
|
general protection fault in coalesce_fill_reply
net
|
C |
done |
|
27 |
142d |
147d
|
27/28 |
99d |
74d6529b78f7
net: ethtool: Fix the panic caused by dev being null when dumping coalesce
|
kernel BUG in submit_bh_wbc (2)
udf
|
C |
done |
|
123 |
104d |
209d
|
27/28 |
99d |
a90d4471146d
udf: Avoid using corrupted block bitmap buffer
|
WARNING in io_cqring_event_overflow (2)
io-uring
|
|
|
|
16 |
142d |
142d
|
27/28 |
99d |
3b7c16be30e3
io_uring/msg_ring: fix overflow posting
|
WARNING in bpf_lwt_seg6_adjust_srh
bpf
net
|
C |
done |
|
30 |
134d |
148d
|
27/28 |
99d |
c13fda93aca1
bpf: Remove tst_run from lwt_seg6local_prog_ops.
|
kernel BUG in f2fs_write_inline_data
f2fs
|
C |
inconclusive |
|
41 |
151d |
204d
|
27/28 |
99d |
a8eb3de28e7a
f2fs: fix return value of f2fs_convert_inline_inode()
fc01008c92f4
f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
|
BUG: sleeping function called from invalid context in vma_alloc_folio_noprof
mm
|
C |
done |
|
1 |
129d |
128d
|
27/28 |
99d |
280e36f0d5b9
nsfs: use cleanup guard
|
UBSAN: shift-out-of-bounds in try_to_shrink_lruvec
mm
|
C |
done |
|
4 |
175d |
176d
|
27/28 |
99d |
462966dc7d70
mm: vmscan: reset sc->priority on retry
|
BUG: unable to handle kernel NULL pointer dereference in path_from_stashed
fs
|
C |
|
|
23 |
120d |
123d
|
27/28 |
99d |
f60d38cb02d0
pidfs: when time ns disabled add check for ioctl
|
INFO: rcu detected stall in security_file_ioctl (8)
tomoyo
|
C |
error |
done |
8 |
142d |
181d
|
26/28 |
106d |
e63413418088
net/sched: taprio: make q->picos_per_byte available to fill_sched_entry()
|
KASAN: slab-use-after-free Read in nf_tables_trans_destroy_work
netfilter
|
C |
error |
|
147 |
135d |
142d
|
26/28 |
106d |
9f6958ba2e90
netfilter: nf_tables: unconditionally flush pending work before notifier
|
KASAN: slab-out-of-bounds Read in btrfs_qgroup_inherit
btrfs
|
C |
done |
|
2 |
169d |
165d
|
26/28 |
106d |
724d8042cef8
btrfs: always do the basic checks for btrfs_qgroup_inherit structure
|
general protection fault in l2cap_sock_recv_cb
bluetooth
|
C |
inconclusive |
|
8 |
140d |
167d
|
26/28 |
106d |
89e856e124f9
bluetooth/l2cap: sync sock recv cb and release
|
WARNING in filemap_unaccount_folio
nilfs
|
C |
inconclusive |
|
13 |
148d |
183d
|
26/28 |
106d |
49ae997f8f0d
nilfs2: add missing check for inode numbers on directory entries
|
BUG: soft lockup in mld_ifc_work (2)
wireless
|
C |
|
|
2 |
193d |
205d
|
26/28 |
106d |
d1cba2ea8121
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
|
possible deadlock in __flush_workqueue
bluetooth
|
|
|
|
1456 |
109d |
308d
|
26/28 |
106d |
0d151a103775
Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
|
WARNING in hci_conn_del
bluetooth
|
C |
done |
|
10497 |
135d |
267d
|
26/28 |
106d |
015d79c96d62
Bluetooth: Ignore too large handle values in BIG
1cc18c2ab2e8
bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
|
WARNING in ieee80211_rx_list (2)
wireless
|
|
|
|
4 |
145d |
147d
|
26/28 |
106d |
321028bc45f0
wifi: mac80211: disable softirqs for queued frame handling
|
WARNING in __mptcp_clean_una
mptcp
|
C |
done |
done |
248 |
153d |
278d
|
26/28 |
110d |
fb7a0d334894
mptcp: ensure snd_nxt is properly initialized on connect
|
WARNING in implement
input
usb
|
C |
error |
done |
960 |
162d |
1892d
|
26/28 |
112d |
4aa2dcfbad53
HID: core: remove unnecessary WARN_ON() in implement()
|
INFO: rcu detected stall in __run_timer_base
usb
|
C |
done |
done |
10 |
153d |
221d
|
26/28 |
112d |
22f008128625
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
|
INFO: trying to register non-static key in btrfs_stop_all_workers
btrfs
|
|
|
|
1 |
170d |
166d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
kernel BUG in btrfs_free_fs_info
btrfs
|
|
|
|
2 |
172d |
175d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
KMSAN: uninit-value in btrfs_compress_heuristic
btrfs
|
|
|
|
4 |
175d |
175d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
general protection fault in btrfs_stop_all_workers (2)
btrfs
|
|
|
|
307 |
147d |
190d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
KMSAN: uninit-value in ZSTD_compressBlock_doubleFast
btrfs
|
|
|
|
2 |
171d |
167d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
BUG: spinlock bad magic in btrfs_stop_all_workers
btrfs
|
|
|
|
5 |
155d |
155d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
general protection fault in btrfs_simple_end_io
btrfs
|
|
|
|
18 |
154d |
179d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
KMSAN: uninit-value in deflate_fast
btrfs
|
|
|
|
3 |
162d |
167d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
general protection fault in put_pwq_unlocked
btrfs
|
|
|
|
7 |
169d |
183d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
general protection fault in apply_wqattrs_cleanup
btrfs
|
|
|
|
10 |
148d |
170d
|
26/28 |
113d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
KMSAN: uninit-value in io_req_cqe_overflow (3)
io-uring
|
C |
|
|
16 |
159d |
160d
|
26/28 |
118d |
18414a4a2eab
io_uring/net: assign kmsg inq/flags before buffer selection
|
WARNING in unmap_page_range (3)
mm
|
C |
|
|
169 |
237d |
246d
|
26/28 |
124d |
f8572367eaff
mm/memory: fix missing pte marker for !page on pte zaps
|
kernel BUG in bch2_ioctl_fsck_online
bcachefs
|
C |
done |
|
3 |
155d |
151d
|
26/28 |
130d |
9bd01500e4d8
bcachefs: Fix freeing of error pointers
|
WARNING in __virt_to_phys (4)
bcachefs
|
C |
|
|
2 |
143d |
139d
|
26/28 |
130d |
9bd01500e4d8
bcachefs: Fix freeing of error pointers
|
UBSAN: shift-out-of-bounds in bch2_btree_node_read_done
bcachefs
|
C |
|
|
3 |
158d |
181d
|
26/28 |
132d |
9e7cfb35e266
bcachefs: Check for invalid btree IDs
|
INFO: rcu detected stall in sys_wait4 (4)
mm
|
C |
done |
done |
2 |
190d |
223d
|
26/28 |
132d |
fb66df20a720
net/sched: taprio: extend minimum interval restriction to entire cycle too
|
general protection fault in find_match (5)
net
|
|
|
|
2 |
164d |
164d
|
26/28 |
133d |
b86762dbe19a
ipv6: prevent possible NULL dereference in rt6_probe()
|
possible deadlock in br_forward_delay_timer_expired (2)
net
|
|
|
|
1 |
154d |
154d
|
26/28 |
133d |
62e58ddb1465
net: add softirq safety to netdev_rename_lock
|
UBSAN: array-index-out-of-bounds in bch2_bkey_swab_key
bcachefs
|
|
|
|
2 |
167d |
165d
|
26/28 |
133d |
d47df4f616d5
bcachefs: Fix array-index-out-of-bounds
|
general protection fault in xfrm6_get_saddr (2)
net
|
|
|
|
1 |
164d |
164d
|
26/28 |
133d |
d46401052c2d
xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
|
INFO: task hung in journal_quiesce
bcachefs
|
syz |
|
|
76 |
145d |
173d
|
26/28 |
133d |
89d21b69b4f8
bcachefs: Add missing bch2_journal_do_writes() call
|
WARNING in kcov_remote_start (4)
usb
|
|
|
|
107983 |
133d |
164d
|
26/28 |
133d |
f85d39dd7ed8
kcov, usb: disable interrupts in kcov_remote_start_usb_softirq
|
net-next test error: WARNING: suspicious RCU usage in _destroy_all_sets
netfilter
|
|
|
|
128 |
153d |
159d
|
26/28 |
134d |
8ecd06277a76
netfilter: ipset: Fix suspicious rcu_dereference_protected()
|
INFO: task hung in nilfs_segctor_thread (2)
nilfs
|
C |
inconclusive |
|
98 |
165d |
275d
|
26/28 |
134d |
7373a51e7998
nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
|
INFO: task hung in devinet_ioctl (5)
net
|
|
|
|
59 |
134d |
160d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
INFO: task hung in addrconf_dad_work (4)
net
|
|
|
|
2632 |
134d |
185d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
general protection fault in fib6_nh_init (2)
net
|
|
|
|
2 |
155d |
160d
|
26/28 |
134d |
2eab4543a220
ipv6: prevent possible NULL deref in fib6_nh_init()
|
WARNING: suspicious RCU usage in br_mst_set_state (2)
bridge
|
|
|
|
10 |
154d |
165d
|
26/28 |
134d |
546ceb1dfdac
net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
36c92936e868
net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state
|
WARNING in btrfs_put_transaction (2)
btrfs
|
|
|
|
3 |
174d |
170d
|
26/28 |
134d |
fb33eb2ef0d8
btrfs: fix leak of qgroup extent records after transaction abort
|
INFO: task hung in ieee80211_unregister_hw
wireless
|
|
|
|
151 |
138d |
174d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
UBSAN: array-index-out-of-bounds in lock_timer_base
bcachefs
kvm
|
|
|
|
4 |
156d |
170d
|
26/28 |
134d |
b79922009214
bcachefs: Add missing synchronize_srcu_expedited() call when shutting down
|
WARNING in bch2_fs_read_write_early
bcachefs
|
C |
|
|
35 |
151d |
159d
|
26/28 |
134d |
1ba44217f825
bcachefs: delete_dead_snapshots() doesn't need to go RW
|
INFO: task hung in linkwatch_event (3)
net
|
|
|
|
1634 |
134d |
729d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
upstream test error: WARNING: suspicious RCU usage in _destroy_all_sets
netfilter
|
|
|
|
293 |
153d |
159d
|
26/28 |
134d |
8ecd06277a76
netfilter: ipset: Fix suspicious rcu_dereference_protected()
|
INFO: task hung in wg_netns_pre_exit (4)
wireguard
|
|
|
|
127 |
135d |
174d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
WARNING in hid_output_report
input
usb
|
C |
error |
|
3 |
179d |
199d
|
26/28 |
134d |
4aa2dcfbad53
HID: core: remove unnecessary WARN_ON() in implement()
fba383985354
net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings
|
INFO: task hung in register_nexthop_notifier (3)
net
|
|
|
|
44 |
138d |
247d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
INFO: task hung in rfkill_global_led_trigger_worker (2)
net
nfc
|
C |
error |
|
1362 |
134d |
736d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
UBSAN: shift-out-of-bounds in read_one_super (2)
bcachefs
|
|
|
|
4 |
160d |
156d
|
26/28 |
134d |
d406545613b5
bcachefs: Fix shift overflow in read_one_super()
|
KASAN: slab-out-of-bounds Read in ea_get (2)
jfs
|
C |
|
|
33 |
136d |
201d
|
26/28 |
134d |
7c55b78818cf
jfs: xattr: fix buffer overflow for invalid xattr
|
INFO: task hung in wdm_release
usb
|
C |
error |
|
1 |
157d |
153d
|
26/28 |
134d |
22f008128625
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
|
WARNING in rdev_scan
wireless
|
C |
done |
|
3 |
158d |
162d
|
26/28 |
134d |
0941772342d5
wifi: cfg80211: wext: set ssids=NULL for passive scans
|
INFO: task hung in cfg80211_dfs_channels_update_work (7)
wireless
|
|
|
|
37 |
149d |
153d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
memory leak in nr_create (3)
hams
|
C |
|
|
9 |
336d |
526d
|
26/28 |
134d |
0b9130247f3b
netrom: Fix a memory leak in nr_heartbeat_expiry()
|
INFO: rcu detected stall in raw_ioctl
usb
|
C |
|
|
49 |
141d |
386d
|
26/28 |
134d |
22f008128625
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
|
BUG: soft lockup in tcp_write_timer (4)
kasan
mm
|
|
|
|
4 |
138d |
162d
|
26/28 |
134d |
22f008128625
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
|
KASAN: slab-use-after-free Read in bch2_sb_errors_from_cpu
bcachefs
|
C |
|
|
2 |
152d |
148d
|
26/28 |
134d |
211c581de28e
bcachefs: slab-use-after-free Read in bch2_sb_errors_from_cpu
|
KMSAN: uninit-value in asus_report_fixup
input
usb
|
C |
done |
|
35 |
156d |
180d
|
26/28 |
134d |
89e1ee118d6f
hid: asus: asus_report_fixup: fix potential read out of bounds
|
general protection fault in detach_extent_buffer_folio
btrfs
|
|
|
|
9 |
152d |
168d
|
26/28 |
134d |
f3a5367c679d
btrfs: protect folio::private when attaching extent buffer folios
|
INFO: task hung in cangw_pernet_exit_batch (3)
can
|
|
|
|
33 |
135d |
150d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
UBSAN: shift-out-of-bounds in bch2_blacklist_entries_gc
bcachefs
|
C |
|
|
45 |
148d |
148d
|
26/28 |
134d |
472237b69d07
bcachefs: Fix shift-out-of-bounds in bch2_blacklist_entries_gc
|
INFO: task hung in rtnetlink_rcv_msg
net
|
C |
inconclusive |
inconclusive |
1970 |
135d |
2098d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
kernel BUG in bch2_journal_res_get
bcachefs
|
C |
|
|
2 |
164d |
160d
|
26/28 |
134d |
dbf4d79b7fc7
bcachefs: Fix early init error path in journal code
|
INFO: task hung in addrconf_verify_work (8)
net
|
C |
error |
|
1294 |
134d |
338d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
kernel BUG in bch2_lru_change
bcachefs
|
C |
done |
|
4 |
151d |
167d
|
26/28 |
134d |
cff07e2739d8
bcachefs: Guard against overflowing LRU_TIME_BITS
|
INFO: task hung in mpls_net_exit (2)
net
|
|
|
|
50 |
140d |
160d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
INFO: task hung in switchdev_deferred_process_work (2)
net
|
C |
inconclusive |
|
1226 |
134d |
1577d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
possible deadlock in ovl_copy_up_flags
overlayfs
|
C |
done |
|
7 |
160d |
181d
|
26/28 |
134d |
db03d39053a9
ovl: fix copy-up in tmpfile
|
possible deadlock in console_flush_all (2)
trace
bpf
|
C |
error |
|
52996 |
135d |
410d
|
26/28 |
134d |
ae01e52da244
serial: drop debugging WARN_ON_ONCE() from uart_write()
|
kernel BUG in __vma_reservation_common
mm
|
C |
error |
|
8 |
165d |
198d
|
26/28 |
134d |
8daf9c702ee7
mm/hugetlb: do not call vma_add_reservation upon ENOMEM
|
WARNING: locking bug in srcu_gp_start_if_needed
kvm
bcachefs
|
|
|
|
2 |
161d |
163d
|
26/28 |
134d |
f770a6e9a3d7
bcachefs: Fix initialization order for srcu barrier
|
INFO: task hung in crda_timeout_work (7)
wireless
|
|
|
|
1084 |
136d |
180d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
KMSAN: kernel-infoleak in raw_recvmsg
can
|
C |
|
|
121 |
160d |
208d
|
26/28 |
134d |
b7cdf1dd5d2a
net: can: j1939: Initialize unused data in j1939_send_one()
|
BUG: soft lockup in inet6_rtm_newroute
net
|
|
|
|
1 |
150d |
150d
|
26/28 |
134d |
22f008128625
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
|
possible deadlock in btrfs_log_inode
btrfs
|
|
|
|
1 |
165d |
161d
|
26/28 |
134d |
d1825752e307
btrfs: use NOFS context when getting inodes during logging and log replay
|
INFO: task hung in reg_check_chans_work (6)
wireless
|
C |
error |
|
129 |
137d |
211d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
INFO: task hung in wg_destruct
wireguard
|
|
|
|
207 |
137d |
176d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
WARNING: kmalloc bug in __snapshot_t_mut
bcachefs
|
C |
done |
|
10 |
144d |
175d
|
26/28 |
134d |
64cd7de998f3
bcachefs: Fix kmalloc bug in __snapshot_t_mut
|
WARNING in skb_ensure_writable
bpf
net
|
C |
done |
|
2893 |
135d |
212d
|
26/28 |
134d |
2bbe3e5a2f4e
bpf: Avoid splat in pskb_pull_reason
|
BUG: soft lockup in hci_cmd_timeout
bluetooth
usb
|
C |
|
|
1 |
166d |
162d
|
26/28 |
134d |
22f008128625
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
|
KASAN: slab-use-after-free Read in bch2_fs_recovery
bcachefs
|
|
|
|
21 |
152d |
153d
|
26/28 |
134d |
2fe79ce7d1e8
bcachefs: Fix a UAF after write_super()
|
WARNING in cxacru_cm/usb_submit_urb
usb
|
C |
error |
inconclusive |
14 |
153d |
1721d
|
26/28 |
134d |
2eabb655a968
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
|
WARNING: locking bug in __timer_delete_sync
kvm
bcachefs
|
|
|
|
6 |
148d |
172d
|
26/28 |
134d |
b79922009214
bcachefs: Add missing synchronize_srcu_expedited() call when shutting down
|
INFO: task hung in bpf_prog_dev_bound_destroy
bpf
|
|
|
|
94 |
153d |
165d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
kernel BUG in gc_bucket
bcachefs
|
C |
done |
|
221 |
168d |
172d
|
26/28 |
134d |
9432e90df1b8
bcachefs: Check for invalid bucket from bucket_gen(), gc_bucket()
|
INFO: task hung in regdb_fw_cb
wireless
|
|
|
|
596 |
139d |
179d
|
26/28 |
134d |
d864319871b0
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
|
KASAN: slab-out-of-bounds Read in cfg80211_wext_freq
wireless
|
C |
inconclusive |
|
133 |
149d |
175d
|
26/28 |
134d |
6ef09cdc5ba0
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
|
possible deadlock in xfs_can_free_eofblocks
xfs
|
|
|
|
4 |
169d |
194d
|
26/28 |
140d |
6fe60465e1d5
stackdepot: respect __GFP_NOLOCKDEP allocation flag
|
possible deadlock in __sock_map_delete
bpf
net
|
C |
|
|
14 |
176d |
220d
|
26/28 |
142d |
98e948fb60d4
bpf: Allow delete from sockmap/sockhash only if update is allowed
|
WARNING in geneve_xmit
net
|
C |
done |
|
42 |
208d |
215d
|
26/28 |
153d |
d8a6213d70ac
geneve: fix header validation in geneve[6]_xmit_skb
|
general protection fault in bch2_fs_btree_key_cache_exit
bcachefs
|
|
|
|
6 |
160d |
160d
|
26/28 |
153d |
b30b70ad8bff
bcachefs: Fix early error path in bch2_fs_btree_key_cache_exit()
|
possible deadlock in __hrtimer_run_queues (2)
kernel
|
C |
error |
done |
16 |
209d |
241d
|
26/28 |
153d |
98e948fb60d4
bpf: Allow delete from sockmap/sockhash only if update is allowed
|
general protection fault in ip6_pol_route
net
|
|
|
|
73 |
156d |
194d
|
26/28 |
155d |
b01e1c030770
ipv6: fix possible race in __fib6_drop_pcpu_from()
|
general protection fault in __fib6_drop_pcpu_from (5)
net
|
|
|
|
467 |
155d |
200d
|
26/28 |
155d |
b01e1c030770
ipv6: fix possible race in __fib6_drop_pcpu_from()
|
WARNING in ieee80211_link_info_change_notify (2)
wireless
|
C |
inconclusive |
|
8918 |
163d |
631d
|
26/28 |
155d |
02c665f048a4
wifi: mac80211: apply mcast rate only if interface is up
|
general protection fault in bpf_get_attach_cookie_tracing
bpf
trace
|
C |
error |
|
7 |
168d |
199d
|
26/28 |
155d |
d0d1df8ba18a
bpf: Set run context for rawtp test_run callback
|
KASAN: slab-use-after-free Read in bpf_link_free (2)
bpf
|
syz |
|
|
52 |
165d |
178d
|
26/28 |
155d |
2884dc7d08d9
bpf: Fix a potential use-after-free in bpf_link_free()
|
WARNING in ieee80211_rx_list
wireless
|
C |
inconclusive |
error |
3489 |
166d |
1518d
|
26/28 |
155d |
177c6ae9725d
wifi: mac80211: handle tasklet frames before stopping
|
WARNING in fuse_request_end
fuse
|
C |
error |
|
3 |
183d |
193d
|
26/28 |
159d |
246014876d78
fuse: clear FR_SENT when re-adding requests into pending list
|
WARNING in packet_setsockopt
net
|
C |
|
|
83 |
191d |
230d
|
26/28 |
160d |
86d43e2bf93c
af_packet: avoid a false positive warning in packet_setsockopt()
|
kernel BUG in dev_gro_receive
net
|
C |
done |
|
72 |
173d |
189d
|
25/28 |
162d |
be008726d0ac
net: gro: initialize network_offset in network layer
|
KMSAN: uninit-value in virtqueue_add (4)
mm
|
C |
|
|
203184 |
162d |
324d
|
25/28 |
162d |
61b258b0d2f6
x86: call instrumentation hooks from copy_mc.c
|
KMSAN: uninit-value in nilfs_add_checksums_on_logs (2)
nilfs
|
C |
|
|
171 |
162d |
323d
|
25/28 |
162d |
61b258b0d2f6
x86: call instrumentation hooks from copy_mc.c
|
KMSAN: uninit-value in nci_ntf_packet (2)
nfc
net
|
C |
|
|
13 |
165d |
178d
|
25/28 |
163d |
068648aab72c
nfc/nci: Add the inconsistency check between the input data length and count
|
UBSAN: shift-out-of-bounds in bch2_sb_dev_has_data
bcachefs
|
C |
done |
|
15 |
192d |
190d
|
25/28 |
163d |
bcfbaea8e547
bcachefs: Fix shift overflows in replicas.c
|
inconsistent lock state in valid_state (2)
sound
|
C |
inconclusive |
|
57405 |
163d |
288d
|
25/28 |
163d |
b79491896151
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
|
kernel panic: not locked: inodes NUM:ADDR:NUM cached
bcachefs
|
C |
|
|
2 |
190d |
186d
|
25/28 |
163d |
6ce26ad376bd
bcachefs: Fix missing parens in drop_locks_do()
|
kernel BUG in bch2_btree_iter_verify_entry_exit
bcachefs
|
C |
done |
|
3 |
183d |
188d
|
25/28 |
163d |
765b8cb8acab
bcachefs: Check for subvolues with bogus snapshot/inode fields
|
kernel BUG in bch2_checksum
bcachefs
|
C |
done |
|
9 |
180d |
190d
|
25/28 |
163d |
6b74fdcc8e25
bcachefs: bch2_checksum() returns 0 for unknown checksum type
|
WARNING in sock_map_close
bpf
net
|
C |
error |
|
182 |
163d |
226d
|
25/28 |
163d |
4b4647add7d3
sock_map: avoid race between sock_map_close and sk_psock_put
|
possible deadlock in sock_hash_delete_elem (2)
bpf
net
|
C |
|
|
1127 |
163d |
246d
|
25/28 |
163d |
98e948fb60d4
bpf: Allow delete from sockmap/sockhash only if update is allowed
|
general protection fault in poll_state_synchronize_srcu
bcachefs
|
|
|
|
5 |
183d |
183d
|
25/28 |
163d |
d293ece10810
bcachefs: Fix shutdown ordering
|
KASAN: slab-use-after-free Read in p9_fid_destroy
v9fs
|
C |
|
|
13 |
178d |
258d
|
25/28 |
163d |
f89ea63f1c65
netfs, 9p: Fix race between umount and async request completion
|
kernel BUG in cpu_replicas_add_entry
bcachefs
|
C |
done |
|
11 |
174d |
192d
|
25/28 |
163d |
5fa421448d1f
bcachefs: Fix bogus verify_replicas_entry() assert
|
kernel BUG in __journal_res_get
bcachefs
|
C |
done |
|
7 |
171d |
195d
|
25/28 |
163d |
cd3b31f9d417
bcachefs: Ensure we're RW before journalling
|
general protection fault in nf_tproxy_laddr4
netfilter
|
C |
error |
|
5 |
182d |
191d
|
25/28 |
163d |
21a673bddc8f
netfilter: tproxy: bail out if IP has been disabled on the device
|
KASAN: slab-use-after-free Read in p9_client_destroy
v9fs
|
|
|
|
7 |
181d |
194d
|
25/28 |
163d |
f89ea63f1c65
netfs, 9p: Fix race between umount and async request completion
|
KASAN: stack-out-of-bounds Read in __bch2_encrypt_bio
bcachefs
|
C |
done |
|
2 |
193d |
190d
|
25/28 |
163d |
2ba24864d2f6
bcachefs: Fix stack oob in __bch2_encrypt_bio()
|
KASAN: slab-use-after-free Write in v9fs_free_request
v9fs
|
|
|
|
9 |
178d |
192d
|
25/28 |
163d |
f89ea63f1c65
netfs, 9p: Fix race between umount and async request completion
|
INFO: rcu detected stall in packet_release
net
|
C |
unreliable |
|
1 |
255d |
177d
|
25/28 |
163d |
fb66df20a720
net/sched: taprio: extend minimum interval restriction to entire cycle too
|
WARNING in collect_domain_accesses
lsm
|
C |
done |
|
3 |
182d |
194d
|
25/28 |
163d |
88da52ccd66e
landlock: Fix d_parent walk
|
WARNING: suspicious RCU usage in nfqnl_reinject
netfilter
|
|
|
|
2 |
173d |
190d
|
25/28 |
163d |
dc21c6cc3d69
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
|
UBSAN: shift-out-of-bounds in bch2_btree_lost_data
bcachefs
|
C |
done |
|
3 |
189d |
187d
|
25/28 |
163d |
f108ddd467b5
bcachefs: Fix shift overflow in btree_lost_data()
|
KMSAN: uninit-value in p9_client_rpc (2)
v9fs
|
C |
|
|
5 |
202d |
235d
|
25/28 |
163d |
25460d6f3902
net/9p: fix uninit-value in p9_client_rpc()
|
WARNING: lock held when returning to user space in srcu_lock_acquire
rcu
|
C |
|
|
3 |
193d |
191d
|
25/28 |
163d |
70dd062e27e6
bcachefs: Fix btree_trans leak in bch2_readahead()
|
kernel BUG in bch2_fs_release
bcachefs
|
|
|
|
3 |
175d |
180d
|
25/28 |
163d |
d509cadc3a48
bcachefs: Fix debug assert
|
kernel panic: bch_dev->ref underflow, last put: bch2_trigger_alloc
bcachefs
|
C |
done |
|
6 |
180d |
191d
|
25/28 |
163d |
9667214b30ef
bcachefs: Fix ref in trans_mark_dev_sbs() error path
|
KMSAN: uninit-value in io_issue_sqe
io-uring
|
|
|
|
2 |
164d |
177d
|
25/28 |
163d |
18414a4a2eab
io_uring/net: assign kmsg inq/flags before buffer selection
|
general protection fault in __bch2_insert_snapshot_whiteouts
bcachefs
|
C |
done |
|
65 |
178d |
190d
|
25/28 |
163d |
6d48e61364ae
bcachefs: Add missing guard in bch2_snapshot_has_children()
|
KASAN: slab-use-after-free Read in evict_inodes
bcachefs
|
C |
done |
|
2 |
195d |
191d
|
25/28 |
163d |
d93ff5fa40b9
bcachefs: Fix race path in bch2_inode_insert()
|
INFO: task hung in nilfs_detach_log_writer
nilfs
|
C |
inconclusive |
|
125 |
182d |
758d
|
25/28 |
163d |
eb85dace897c
nilfs2: fix potential hang in nilfs_detach_log_writer()
|
general protection fault in crypto_skcipher_encrypt
crypto
bcachefs
|
C |
error |
|
66 |
163d |
190d
|
25/28 |
163d |
c06a8b75679d
bcachefs: Fix bch2_alloc_ciphers()
|
INFO: rcu detected stall in snd_timer_user_release (3)
sound
|
C |
inconclusive |
|
3 |
196d |
205d
|
25/28 |
163d |
4a63bd179fa8
ALSA: timer: Set lower bound of start tick time
|
KMSAN: uninit-value in bch2_dirent_invalid
bcachefs
|
C |
|
|
239 |
163d |
191d
|
25/28 |
163d |
2195b755ebd2
bcachefs: Fix unsafety in bch2_dirent_name_bytes()
|
kernel BUG in bch2_fs_recovery
bcachefs
|
C |
done |
done |
161 |
195d |
201d
|
25/28 |
163d |
7ffec9ccdc6a
bcachefs: don't free error pointers
|
INFO: trying to register non-static key in __timer_delete_sync (2)
net
|
C |
|
|
45524 |
190d |
208d
|
25/28 |
166d |
3c668cef61ad
net: hsr: init prune_proxy_timer sooner
|
possible deadlock in nr_rt_ioctl
hams
|
C |
inconclusive |
|
8 |
172d |
200d
|
25/28 |
166d |
e03e7f20ebf7
netrom: fix possible dead-lock in nr_rt_ioctl()
|
WARNING in __inet_accept
net
|
C |
done |
|
3 |
184d |
185d
|
25/28 |
168d |
26afda78cda3
UPSTREAM: net: relax socket state check at accept time.
|
KASAN: slab-out-of-bounds Read in f2fs_get_node_info
f2fs
|
C |
error |
|
4 |
196d |
209d
|
25/28 |
168d |
20faaf30e555
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
|
BUG: soft lockup in batadv_purge_orig
batman
|
|
|
|
1 |
236d |
236d
|
25/28 |
168d |
40dc8ab60589
batman-adv: bypass empty buckets in batadv_purge_orig_ref()
|
general protection fault in subflow_v6_route_req
mptcp
|
C |
done |
|
2 |
198d |
198d
|
25/28 |
168d |
445c0b69c729
mptcp: fix possible NULL dereferences
|
general protection fault in ip6_output
net
|
|
|
|
4 |
202d |
221d
|
25/28 |
168d |
4db783d68b9b
ipv6: prevent NULL dereference in ip6_output()
|
WARNING in sg_remove_sfp_usercontext
scsi
|
C |
|
|
36031 |
223d |
237d
|
25/28 |
168d |
d4e655c49f47
scsi: sg: Avoid race in error handling & drop bogus warn
|
KMSAN: uninit-value in __bpf_strtoull
bpf
|
C |
|
|
119 |
169d |
246d
|
25/28 |
168d |
e8742081db7d
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
|
WARNING in iomap_iter (2)
iomap
|
C |
|
|
4 |
206d |
202d
|
25/28 |
168d |
0c12028aec83
block: refine the EOF check in blkdev_iomap_begin
|
inconsistent lock state in padata_do_parallel (2)
crypto
|
|
|
|
2 |
234d |
233d
|
25/28 |
168d |
58329c431203
padata: Disable BH when taking works lock on MT path
|
KMSAN: uninit-value in trie_delete_elem
bpf
|
C |
|
|
52 |
169d |
239d
|
25/28 |
168d |
e8742081db7d
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
|
UBSAN: shift-out-of-bounds in read_one_super
bcachefs
|
C |
done |
|
31 |
169d |
198d
|
25/28 |
168d |
71dac2482ad3
bcachefs: BCH_SB_LAYOUT_SIZE_BITS_MAX
|
KMSAN: uninit-value in nci_rx_work
net
nfc
|
C |
|
|
582 |
168d |
324d
|
25/28 |
168d |
e4a87abf5885
nfc: nci: Fix uninit-value in nci_rx_work
|
KASAN: slab-use-after-free Read in unix_del_edges
net
|
C |
done |
|
2 |
216d |
215d
|
25/28 |
168d |
1af2dface5d2
af_unix: Don't access successor in unix_del_edges() during GC.
|
INFO: task hung in ext4_quota_write
ext4
|
C |
inconclusive |
|
22 |
219d |
324d
|
25/28 |
168d |
0a46ef234756
ext4: do not create EA inode under buffer lock
|
WARNING: kmalloc bug in bch2_dev_buckets_resize
bcachefs
|
C |
|
|
17 |
169d |
200d
|
25/28 |
168d |
db42549d402c
bcachefs: Add a better limit for maximum number of buckets
|
general protection fault in fib6_rule_action
net
|
|
|
|
1 |
217d |
217d
|
25/28 |
168d |
d101291b2681
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
|
WARNING in mb_cache_destroy
ext4
|
C |
done |
|
738 |
186d |
204d
|
25/28 |
168d |
0c0b4a49d3e7
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
|
WARNING in __virt_to_phys (3)
bcachefs
|
C |
|
|
447 |
168d |
201d
|
25/28 |
168d |
7ffec9ccdc6a
bcachefs: don't free error pointers
|
KMSAN: uninit-value in br_dev_xmit (2)
bridge
|
C |
|
|
2 |
196d |
192d
|
25/28 |
168d |
8bd67ebb50c0
net: bridge: xmit: make sure we have at least eth header len bytes
|
KMSAN: uninit-value in dev_map_lookup_elem
bpf
net
|
C |
|
|
3 |
234d |
240d
|
25/28 |
168d |
e8742081db7d
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
|
KMSAN: uninit-value in __bch2_write_index
bcachefs
|
|
|
|
1 |
200d |
200d
|
25/28 |
168d |
1267df40acb2
bcachefs: Initialize bch_write_op->failed in inline data path
|
BUG: sleeping function called from invalid context in console_lock (2)
serial
|
C |
inconclusive |
inconclusive |
7447 |
168d |
1262d
|
25/28 |
168d |
6bd23e0c2bb6
tty: add the option to have a tty reject a new ldisc
|
KMSAN: uninit-value in trie_lookup_elem
bpf
|
C |
|
|
12 |
226d |
244d
|
25/28 |
168d |
e8742081db7d
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
|
possible deadlock in kvfree_call_rcu
bpf
|
C |
|
|
1431 |
170d |
239d
|
25/28 |
168d |
59f2f841179a
bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.
|
BUG: unable to handle kernel paging request in bch2_fs_btree_key_cache_exit
bcachefs
|
C |
|
|
1002 |
168d |
201d
|
25/28 |
168d |
b30b70ad8bff
bcachefs: Fix early error path in bch2_fs_btree_key_cache_exit()
|
WARNING: suspicious RCU usage in bch2_fs_quota_read
bcachefs
|
C |
done |
|
24 |
169d |
199d
|
25/28 |
168d |
8060bf1d83f7
bcachefs: Fix snapshot_t() usage in bch2_fs_quota_read_inode()
|
WARNING in kcov_remote_start (3)
usb
|
|
|
|
265513 |
168d |
237d
|
25/28 |
168d |
19e35f24750d
nfc: nci: Fix kcov check in nci_rx_work()
|
KASAN: slab-out-of-bounds Write in do_handle_open
nfs
|
C |
|
|
643 |
230d |
232d
|
25/28 |
168d |
68d6f4f3fbd9
fs: Annotate struct file_handle with __counted_by() and use struct_size()
|
UBSAN: shift-out-of-bounds in __bch2_bkey_invalid
bcachefs
|
C |
done |
|
6 |
173d |
199d
|
25/28 |
168d |
2bb9600d5d47
bcachefs: Guard against unknown k.k->type in __bkey_invalid()
|
BUG: unable to handle kernel paging request in bpf_prog_ADDR (2)
bpf
|
C |
|
|
3 |
212d |
226d
|
25/28 |
168d |
543576ec15b1
bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
|
KMSAN: uninit-value in unwind_dump
net
|
|
|
|
1 |
219d |
215d
|
25/28 |
168d |
90d1f14cbb9d
kmsan: compiler_types: declare __no_sanitize_or_inline
|
KASAN: slab-out-of-bounds Read in bch2_sb_downgrade_to_text
bcachefs
|
C |
done |
|
32 |
185d |
198d
|
25/28 |
168d |
692aa7a54b2b
bcachefs: Fix sb_field_downgrade validation
|
KMSAN: uninit-value in array_map_lookup_elem
bpf
|
C |
|
|
10 |
224d |
243d
|
25/28 |
168d |
e8742081db7d
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
|
KMSAN: uninit-value in sock_map_delete_elem
bpf
net
|
C |
|
|
44 |
170d |
240d
|
25/28 |
168d |
e8742081db7d
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
|
KASAN: slab-use-after-free Read in fsnotify
ext4
|
C |
error |
|
3 |
217d |
223d
|
25/28 |
168d |
795bb82d12a1
fsnotify: fix UAF from FS_ERROR event on a shutting down filesystem
|
KASAN: slab-out-of-bounds Read in bch2_sb_clean_to_text
bcachefs
|
C |
done |
|
3 |
190d |
199d
|
25/28 |
168d |
f39055220f6f
bcachefs: Add missing validation for superblock section clean
|
WARNING in ar5523_cmd/usb_submit_urb
usb
wireless
|
C |
error |
|
39 |
201d |
1757d
|
25/28 |
168d |
e120b6388d7d
wifi: ar5523: enable proper endpoint verification
|
possible deadlock in sch_direct_xmit (4)
net
|
|
|
|
1 |
207d |
207d
|
25/28 |
168d |
86735b57c905
net/sched: unregister lockdep keys in qdisc_create/qdisc_alloc error path
|
WARNING in qdisc_alloc
net
|
C |
error |
|
1069 |
191d |
204d
|
25/28 |
168d |
86735b57c905
net/sched: unregister lockdep keys in qdisc_create/qdisc_alloc error path
|
WARNING in __mark_chain_precision (4)
bpf
|
C |
|
|
8 |
213d |
233d
|
25/28 |
168d |
1f2a74b41ea8
bpf: prevent r10 register from being marked as precise
|
kernel BUG in bch2_alloc_v4_invalid
bcachefs
|
C |
error |
|
3 |
176d |
199d
|
25/28 |
168d |
6b8cbfc3db75
bcachefs: Fix assert in bch2_alloc_v4_invalid()
|
KASAN: slab-out-of-bounds Read in bch2_varint_decode_fast
bcachefs
|
C |
|
|
583 |
168d |
201d
|
25/28 |
168d |
4a8521b6bb81
bcachefs: Inodes need extra padding for varint_decode_fast()
|
WARNING in __page_table_check_ptes_set
mm
|
C |
|
|
2 |
217d |
213d
|
25/28 |
168d |
c88033efe9a3
mm/userfaultfd: reset ptes when close() for wr-protected ones
|
KASAN: global-out-of-bounds Read in __nla_validate_parse
net
|
C |
|
|
5 |
226d |
227d
|
25/28 |
168d |
8750539ba317
net: team: fix incorrect maxattr
|
UBSAN: shift-out-of-bounds in bch2_bkey_format_invalid
bcachefs
|
C |
|
|
45 |
171d |
196d
|
25/28 |
168d |
61692c7812ab
bcachefs: bch2_bkey_format_field_overflows()
|
WARNING in __mod_memcg_lruvec_state
cgroups
mm
|
C |
|
|
270 |
197d |
232d
|
25/28 |
168d |
4f687281012e
mm: do not update memcg stats for NR_{FILE/SHMEM}_PMDMAPPED
|
WARNING in carl9170_usb_send_rx_irq_urb/usb_submit_urb
usb
wireless
|
C |
error |
inconclusive |
18 |
213d |
1356d
|
25/28 |
168d |
b6dd09b3dac8
wifi: carl9170: add a proper sanity check for endpoints
|
UBSAN: shift-out-of-bounds in rewrite_old_nodes_pred
bcachefs
|
C |
done |
|
3 |
199d |
199d
|
25/28 |
168d |
0ec5b3b7ccfc
bcachefs: Fix shift-by-64 in bformat_needs_redo()
|
kernel BUG in bch2_btree_node_read_done
bcachefs
|
C |
error |
|
5 |
199d |
201d
|
25/28 |
168d |
a2ddaf965f6a
bcachefs: bucket_pos_to_bp_noerror()
|
WARNING: suspicious RCU usage in br_mst_set_state
bridge
|
|
|
|
45 |
168d |
202d
|
25/28 |
168d |
3a7c1661ae13
net: bridge: mst: fix vlan use-after-free
|
KASAN: slab-use-after-free Read in vhost_task_fn
kvm
net
virt
|
C |
done |
|
2661 |
202d |
204d
|
25/28 |
168d |
db5247d9bf5c
vhost_task: Handle SIGKILL by flushing work and exiting
|
WARNING: zero-size vmalloc in ubi_read_volume_table
mtd
|
C |
|
|
3 |
235d |
233d
|
25/28 |
180d |
68a24aba7c59
ubi: Check for too small LEB size in VTBL code
|
WARNING in emit_fiemap_extent
btrfs
|
C |
error |
done |
14 |
263d |
519d
|
25/28 |
181d |
a1a4a9ca77f1
btrfs: fix race between ordered extent completion and fiemap
|
KASAN: slab-use-after-free Read in ovs_ct_exit
openvswitch
|
|
|
|
6 |
212d |
238d
|
25/28 |
181d |
5ea7b72d4fac
net: openvswitch: Fix Use-After-Free in ovs_ct_exit
|
possible deadlock in move_pages
mm
|
C |
|
|
206 |
238d |
246d
|
25/28 |
182d |
30af24facf0a
userfaultfd: fix deadlock warning when locking src and dst VMAs
|
KASAN: stack-out-of-bounds Read in hash
bpf
|
C |
done |
|
5 |
221d |
228d
|
25/28 |
182d |
a8d89feba7e5
bpf: Check bloom filter map value size
|
possible deadlock in force_sig_info_to_task
bpf
trace
|
C |
error |
|
6 |
202d |
209d
|
25/28 |
182d |
02b670c1f88e
x86/mm: Remove broken vsyscall emulation code from the page fault code
|
KMSAN: kernel-infoleak in btrfs_ioctl_logical_to_ino (2)
btrfs
|
|
|
|
1 |
218d |
218d
|
25/28 |
182d |
2f7ef5bb4a2f
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
|
possible deadlock in seq_read_iter (3)
overlayfs
|
|
|
|
148 |
193d |
282d
|
25/28 |
182d |
16b52bbee482
kernfs: annotate different lockdep class for of->mutex of writable files
|
KMSAN: uninit-value in geneve_xmit (3)
net
|
C |
|
|
14 |
224d |
231d
|
25/28 |
182d |
d8a6213d70ac
geneve: fix header validation in geneve[6]_xmit_skb
|
WARNING in mmu_free_root_page
kvm
|
C |
|
|
104 |
214d |
237d
|
25/28 |
182d |
1bc26cb90902
KVM: x86/mmu: Precisely invalidate MMU root_role during CPUID update
|
KMSAN: kernel-infoleak in __skb_datagram_iter (3)
net
|
C |
|
|
25 |
184d |
239d
|
25/28 |
182d |
d313eb8b7755
net/sched: act_skbmod: prevent kernel-infoleak
|
KASAN: slab-use-after-free Read in ip_skb_dst_mtu
netfilter
|
C |
error |
|
5 |
228d |
259d
|
25/28 |
182d |
18685451fc4e
inet: inet_defrag: prevent sk release while still in use
|
KMSAN: uninit-value in gre_rcv (3)
net
|
C |
|
|
3 |
237d |
237d
|
25/28 |
182d |
17af420545a7
erspan: make sure erspan_base_hdr is present in skb->head
|
KMSAN: uninit-value in line6_pod_process_message
sound
|
C |
|
|
5 |
232d |
233d
|
25/28 |
182d |
c4e51e424e2c
ALSA: line6: Zero-initialize message buffers
|
KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue
bpf
net
|
|
|
|
1 |
250d |
243d
|
25/28 |
182d |
6648e613226e
bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
|
net-next boot error: WARNING: refcount bug in __free_pages_ok
virt
|
|
|
|
799 |
209d |
243d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
WARNING: suspicious RCU usage in __do_softirq
kernel
|
C |
|
|
199 |
205d |
232d
|
25/28 |
182d |
1dd1eff161bd
softirq: Fix suspicious RCU usage in __do_softirq()
|
upstream boot error: WARNING: refcount bug in __reset_page_owner
mm
|
|
|
|
555 |
216d |
247d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
KASAN: slab-out-of-bounds Read in nfc_llcp_setsockopt
net
nfc
|
C |
error |
|
5 |
219d |
228d
|
25/28 |
182d |
7a87441c9651
nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
|
KASAN: slab-use-after-free Read in __vma_reservation_common
mm
|
syz |
|
|
13 |
208d |
222d
|
25/28 |
182d |
37641efaa3fa
hugetlb: check for anon_vma prior to folio allocation
|
linux-next boot error: WARNING: refcount bug in __free_pages_ok
virt
|
|
|
|
177 |
239d |
276d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
riscv/fixes boot error: can't ssh into the instance (3)
|
|
|
|
210 |
184d |
237d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
upstream test error: WARNING: refcount bug in __reset_page_owner
mm
|
|
|
|
13 |
224d |
246d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
net boot error: WARNING: refcount bug in __free_pages_ok
virt
|
|
|
|
297 |
209d |
239d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
WARNING in vmk80xx_auto_attach/usb_submit_urb
usb
|
C |
unreliable |
inconclusive |
2 |
257d |
1258d
|
25/28 |
182d |
d1718530e3f6
comedi: vmk80xx: fix incomplete endpoint checking
|
WARNING: refcount bug in __reset_page_owner
mm
|
C |
|
|
93128 |
215d |
246d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
upstream boot error: WARNING: refcount bug in __free_pages_ok
virt
|
|
|
|
1463 |
216d |
246d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
KASAN: slab-out-of-bounds Read in update_counters
bridge
netfilter
|
C |
|
|
3 |
229d |
229d
|
25/28 |
182d |
0c83842df40f
netfilter: validate user input for expected length
|
KMSAN: uninit-value in ieee80211_rx_handlers (2)
wireless
|
C |
|
|
4 |
221d |
240d
|
25/28 |
182d |
7c1c73bf84c5
wifi: mac80211: check EHT/TTLM action frame length
|
KASAN: slab-out-of-bounds Read in do_ipt_set_ctl
netfilter
|
C |
|
|
111 |
219d |
230d
|
25/28 |
182d |
0c83842df40f
netfilter: validate user input for expected length
|
usb-testing boot error: WARNING: refcount bug in __reset_page_owner
mm
|
|
|
|
126 |
211d |
239d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
bpf-next boot error: WARNING: refcount bug in __free_pages_ok
virt
|
|
|
|
210 |
205d |
234d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
bpf boot error: WARNING: refcount bug in __free_pages_ok
virt
|
|
|
|
132 |
208d |
235d
|
25/28 |
182d |
f5c12105c15f
mm,page_owner: fix refcount imbalance
|
possible deadlock in tty_port_tty_get (2)
bpf
net
|
|
|
|
3 |
225d |
244d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in put_pwq_unlocked
trace
bpf
|
|
|
|
3 |
219d |
219d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
WARNING in sock_map_delete_elem
bpf
net
|
C |
|
|
17183 |
208d |
247d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in scheduler_tick (3)
bpf
net
|
C |
|
|
1179 |
209d |
245d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in pit_timer_fn
bpf
net
|
|
|
|
7 |
219d |
231d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
BUG: soft lockup in sys_sendmsg
tipc
batman
|
C |
|
|
3 |
241d |
282d
|
25/28 |
182d |
b1f532a3b1e6
batman-adv: Avoid infinite loop trying to resize local TT
|
possible deadlock in rcu_exp_handler
bpf
net
|
C |
|
|
1 |
222d |
218d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
KMSAN: uninit-value in v9fs_evict_inode
v9fs
|
C |
|
|
5206 |
237d |
249d
|
25/28 |
182d |
6630036b7c22
fs/9p: fix uninitialized values during inode evict
|
possible deadlock in rcu_report_exp_cpu_mult
net
bpf
|
C |
done |
|
30 |
209d |
247d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in try_to_wake_up (4)
bpf
net
|
C |
error |
|
19 |
184d |
247d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in ahci_single_level_irq_intr
bpf
net
|
C |
|
|
10 |
230d |
238d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
WARNING in sock_map_unref
bpf
net
|
C |
error |
|
97 |
209d |
223d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
INFO: rcu detected stall in rtnl_newlink (4)
fs
batman
|
C |
error |
|
9 |
189d |
265d
|
25/28 |
182d |
b1f532a3b1e6
batman-adv: Avoid infinite loop trying to resize local TT
|
possible deadlock in __lock_task_sighand (2)
bpf
net
|
C |
|
|
1476 |
183d |
247d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
WARNING in sock_hash_delete_elem
bpf
net
|
C |
done |
|
16982 |
208d |
247d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in hrtimer_run_queues
net
bpf
|
C |
error |
|
592 |
209d |
246d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in swake_up_one
bpf
net
|
C |
|
|
4 |
220d |
219d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
BUG: unable to handle kernel paging request in copy_from_kernel_nofault (2)
mm
|
C |
|
|
2 |
223d |
233d
|
25/28 |
182d |
c6f48506ba30
arm32, bpf: Reimplement sign-extension mov instruction
|
possible deadlock in pwq_dec_nr_in_flight
trace
bpf
|
|
|
|
1 |
224d |
220d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
WARNING in _prb_commit
net
bpf
|
|
|
|
4 |
219d |
215d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in posix_timer_fn (2)
net
bpf
|
|
|
|
1 |
223d |
219d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
possible deadlock in drm_handle_vblank
bpf
net
|
|
|
|
30 |
220d |
245d
|
25/28 |
182d |
ff9105993240
bpf, sockmap: Prevent lock inversion deadlock in map delete elem
|
KASAN: slab-out-of-bounds Read in xsk_setsockopt
bpf
net
|
C |
|
|
17 |
221d |
230d
|
25/28 |
182d |
237f3cf13b20
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
|
KMSAN: uninit-value in ipvlan_queue_xmit (2)
net
|
C |
|
|
2 |
255d |
216d
|
25/28 |
182d |
4b911a9690d7
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
|
possible deadlock in __unix_gc
net
|
C |
done |
|
5 |
209d |
211d
|
25/28 |
182d |
1971d13ffa84
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
|
WARNING in gre_tap_xmit (2)
net
|
C |
done |
|
67 |
190d |
215d
|
25/28 |
182d |
4b911a9690d7
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
|
UBSAN: array-index-out-of-bounds in check_stack_range_initialized
bpf
|
C |
error |
|
21 |
213d |
246d
|
25/28 |
182d |
ecc6a2101840
bpf: Protect against int overflow for stack access size
|
general protection fault in dev_map_enqueue
bpf
net
|
C |
|
|
676 |
182d |
239d
|
25/28 |
182d |
5bcf0dcbf906
xdp: use flags field to disambiguate broadcast redirect
|
KMSAN: uninit-value in xt_check_entry_offsets
netfilter
|
|
|
|
1 |
226d |
226d
|
25/28 |
182d |
65acf6e0501a
netfilter: complete validation of user input
|
KMSAN: uninit-value in nci_ntf_packet
net
nfc
|
C |
|
|
79 |
183d |
324d
|
25/28 |
182d |
d24b03535e5e
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
|
KASAN: slab-use-after-free Read in v9fs_stat2inode_dotl
v9fs
|
C |
done |
|
585 |
237d |
293d
|
25/28 |
182d |
11763a8598f8
fs/9p: fix uaf in in v9fs_stat2inode_dotl
|
possible deadlock in unix_del_edges
net
|
C |
|
|
49 |
225d |
230d
|
25/28 |
182d |
b46f4eaa4f0e
af_unix: Clear stale u->oob_skb.
|
WARNING in __hugetlb_cgroup_uncharge_folio
mm
|
syz |
|
|
3 |
211d |
220d
|
25/28 |
182d |
b76b46902c2d
mm/hugetlb: fix missing hugetlb_lock for resv uncharge
|
KASAN: slab-use-after-free Read in bpf_link_free
bpf
|
syz |
|
|
181 |
182d |
230d
|
25/28 |
182d |
1a80dbcb2dba
bpf: support deferring bpf_link dealloc to after RCU grace period
|
WARNING: refcount bug in ax25_release (2)
hams
|
C |
|
|
240 |
182d |
247d
|
25/28 |
182d |
467324bcfe1a
ax25: Fix netdev refcount issue
|
KASAN: slab-out-of-bounds Read in data_sock_setsockopt
isdn4linux
|
C |
|
|
2 |
227d |
227d
|
25/28 |
182d |
138b787804f4
mISDN: fix MISDN_TIME_STAMP handling
|
KASAN: slab-use-after-free Read in bpf_trace_run4
bpf
trace
|
C |
error |
|
169 |
226d |
244d
|
25/28 |
182d |
1a80dbcb2dba
bpf: support deferring bpf_link dealloc to after RCU grace period
|
KMSAN: uninit-value in nci_dev_up
nfc
net
|
C |
|
|
7 |
241d |
300d
|
25/28 |
182d |
d24b03535e5e
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
|
UBSAN: array-index-out-of-bounds in nilfs_add_link
nilfs
|
C |
error |
|
4 |
218d |
219d
|
25/28 |
182d |
c4a7dc9523b5
nilfs2: fix OOB in nilfs_set_de_type
|
KASAN: slab-use-after-free Read in bpf_trace_run2
bpf
trace
|
C |
error |
|
653 |
226d |
244d
|
25/28 |
182d |
1a80dbcb2dba
bpf: support deferring bpf_link dealloc to after RCU grace period
|
KASAN: slab-use-after-free Read in __fput (2)
fs
|
C |
done |
|
6 |
206d |
211d
|
25/28 |
182d |
4efaa5acf0a1
epoll: be better about file lifetimes
|
KASAN: slab-use-after-free Read in bpf_trace_run1
bpf
trace
|
C |
error |
|
78 |
226d |
241d
|
25/28 |
182d |
1a80dbcb2dba
bpf: support deferring bpf_link dealloc to after RCU grace period
|
possible deadlock in unix_notinflight
net
|
C |
|
|
7 |
208d |
224d
|
25/28 |
182d |
b46f4eaa4f0e
af_unix: Clear stale u->oob_skb.
|
general protection fault in __ep_remove
fs
|
C |
|
|
1 |
227d |
226d
|
25/28 |
182d |
4efaa5acf0a1
epoll: be better about file lifetimes
|
general protection fault in jbd2__journal_start
ext4
|
C |
error |
|
3 |
245d |
299d
|
25/28 |
182d |
f2e812c1522d
xfs: don't use current->journal_info
|
kernel BUG in sg_init_one
mm
|
C |
|
|
1032 |
237d |
247d
|
25/28 |
182d |
9c500835f279
mm: zswap: fix kernel BUG in sg_init_one
|
WARNING in __rate_control_send_low
wireless
|
C |
inconclusive |
|
2759 |
182d |
1498d
|
25/28 |
182d |
ab9177d83c04
wifi: mac80211: don't use rate mask for scanning
|
kernel BUG in PageHuge
mm
|
|
|
|
1 |
245d |
241d
|
25/28 |
182d |
d99e3140a4d3
mm: turn folio_test_hugetlb into a PageType
|
WARNING in clear_dirty_gfn_range
kvm
|
C |
|
|
3 |
231d |
253d
|
25/28 |
182d |
2673dfb591a3
KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status
|
KMSAN: uninit-value in nf_flow_offload_ip_hook
netfilter
|
C |
|
|
5 |
230d |
230d
|
25/28 |
182d |
87b3593bed18
netfilter: flowtable: validate pppoe header
|
WARNING: ODEBUG bug in bdev_super_lock (2)
fs
|
C |
done |
|
3 |
220d |
217d
|
25/28 |
182d |
22650a99821d
fs,block: yield devices early
|
WARNING in hugetlb_change_protection (2)
mm
|
C |
|
|
631 |
202d |
229d
|
25/28 |
182d |
c5977c95dff1
mm/userfaultfd: allow hugetlb change protection upon poison entry
|
WARNING in __kvm_gpc_refresh
kvm
|
C |
|
|
178 |
183d |
247d
|
25/28 |
182d |
5c9ca4ed8908
KVM: Check validity of offset+length of gfn_to_pfn_cache prior to activation
|
WARNING in btrfs_sync_log
btrfs
|
C |
error |
inconclusive |
6 |
255d |
766d
|
25/28 |
182d |
8bb808c6ad91
btrfs: don't print stack trace when transaction is aborted due to ENOMEM
|
WARNING in btrfs_put_transaction
btrfs
|
C |
error |
inconclusive |
83 |
199d |
721d
|
25/28 |
182d |
8bb808c6ad91
btrfs: don't print stack trace when transaction is aborted due to ENOMEM
|
WARNING in __btrfs_free_extent
btrfs
|
C |
error |
|
300 |
191d |
749d
|
25/28 |
182d |
8bb808c6ad91
btrfs: don't print stack trace when transaction is aborted due to ENOMEM
|
WARNING in btrfs_get_root_ref
btrfs
|
syz |
unreliable |
inconclusive |
3 |
257d |
272d
|
25/28 |
183d |
e2b54eaf28df
btrfs: fix double free of anonymous device after snapshot creation failure
|
kernel BUG at fs/inode.c:LINE! (2)
fs
|
C |
done |
unreliable |
322 |
197d |
1545d
|
25/28 |
183d |
319c15174757
epoll: take epitem list out of struct file
|
kernel BUG in create_pending_snapshot
btrfs
|
C |
error |
done |
32 |
422d |
728d
|
25/28 |
185d |
df9f27823904
btrfs: do not BUG_ON on failure to get dir index for new snapshot
|
WARNING in btrfs_free_reserved_data_space_noquota
btrfs
|
C |
done |
done |
7 |
310d |
722d
|
25/28 |
186d |
9e65bfca24cf
btrfs: fix qgroup_free_reserved_data int overflow
|
WARNING in stashed_dentry_prune (2)
fs
|
C |
done |
|
54 |
209d |
217d
|
25/28 |
186d |
9d9539db8638
pidfs: remove config option
|
kernel BUG in __extent_writepage_io
btrfs
|
syz |
done |
inconclusive |
8 |
263d |
381d
|
25/28 |
187d |
5571e41ec6e5
btrfs: don't drop extent_map for free space inode on write error
|
BUG: sleeping function called from invalid context in gsm_send
serial
|
C |
error |
|
16 |
270d |
784d
|
25/28 |
208d |
acdab4cb4ba7
Revert "tty: n_gsm: avoid call of sleeping functions from atomic context"
|
kernel BUG in submit_bh_wbc
nilfs
|
C |
done |
|
10 |
210d |
220d
|
25/28 |
210d |
269cdf353b5b
nilfs2: prevent kernel bug at submit_bh_wbc()
|
inconsistent lock state in snd_hrtimer_callback (2)
sound
|
C |
|
|
2600 |
219d |
221d
|
25/28 |
212d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
possible deadlock in snd_timer_close_locked (2)
sound
|
C |
done |
|
3036 |
219d |
221d
|
25/28 |
212d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
inconsistent lock state in snd_timer_interrupt (3)
sound
|
C |
|
|
710 |
219d |
223d
|
25/28 |
212d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
INFO: rcu detected stall in snd_timer_user_release (2)
sound
|
C |
|
|
7 |
213d |
226d
|
25/28 |
212d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
possible deadlock in _snd_pcm_stream_lock_irqsave (5)
sound
|
C |
|
|
5210 |
219d |
221d
|
25/28 |
212d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
INFO: task hung in netlink_dump (4)
net
|
|
|
|
72 |
227d |
266d
|
25/28 |
222d |
00af2aa93b76
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
|
INFO: task hung in xfs_inodegc_flush
xfs
|
C |
error |
|
7 |
291d |
287d
|
25/28 |
222d |
c70e1779b73a
workqueue: Fix pwq->nr_in_flight corruption in try_to_grab_pending()
|
INFO: task hung in devinet_ioctl (4)
net
|
|
|
|
5 |
253d |
253d
|
25/28 |
222d |
00af2aa93b76
net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
|
WARNING in __sk_destruct
batman
fs
|
|
|
|
2 |
236d |
269d
|
25/28 |
223d |
2a750d6a5b36
rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
|
WARNING in cleanup_net (3)
net
|
syz |
|
|
240 |
223d |
356d
|
25/28 |
223d |
2a750d6a5b36
rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
|
WARNING in net_free (2)
net
|
syz |
|
|
27 |
229d |
275d
|
25/28 |
223d |
2a750d6a5b36
rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
|
inconsistent lock state in snd_timer_interrupt (2)
sound
|
C |
done |
|
208 |
223d |
225d
|
25/28 |
223d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
KMSAN: uninit-value in em_ret_far
kvm
|
C |
|
|
37 |
250d |
316d
|
25/28 |
223d |
6fd1e3963f20
KVM: x86: Clean up partially uninitialized integer in emulate_pop()
|
KMSAN: uninit-value in em_ret_near_imm
kvm
|
|
|
|
2 |
261d |
274d
|
25/28 |
223d |
6fd1e3963f20
KVM: x86: Clean up partially uninitialized integer in emulate_pop()
|
KMSAN: uninit-value in em_ret
kvm
|
|
|
|
3 |
252d |
273d
|
25/28 |
223d |
6fd1e3963f20
KVM: x86: Clean up partially uninitialized integer in emulate_pop()
|
KMSAN: uninit-value in ip_tunnel_rcv (2)
net
|
|
|
|
1 |
259d |
259d
|
25/28 |
223d |
b0ec2abf9826
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
|
WARNING in stashed_dentry_prune
fs
|
C |
done |
|
20 |
253d |
252d
|
25/28 |
223d |
9d9539db8638
pidfs: remove config option
|
possible deadlock in sch_direct_xmit (3)
net
|
|
|
|
1 |
282d |
282d
|
25/28 |
224d |
0bef512012b1
UPSTREAM: net: add netdev_lockdep_set_classes() to virtual drivers
|
BUG: bad usercopy in raw_getsockopt
mm
hardening
|
C |
done |
|
4 |
274d |
274d
|
25/28 |
224d |
c8fba5d6df5e
can: raw: fix getsockopt() for new CAN_RAW_XL_VCID_OPTS
|
WARNING: ODEBUG bug in bdev_super_lock
fs
|
C |
|
|
3 |
227d |
237d
|
25/28 |
224d |
59a55a63c246
fs,block: get holder during claim
|
KMSAN: uninit-value in cookie_v4_check
net
|
C |
|
|
9 |
246d |
252d
|
25/28 |
224d |
956c0d619107
tcp: Clear req->syncookie in reqsk_alloc().
|
linux-next boot error: WARNING in register_btf_kfunc_id_set
bpf
|
|
|
|
9 |
293d |
293d
|
25/28 |
224d |
a05e90427ef6
bpf: btf: Add BTF_KFUNCS_START/END macro pair
|
KMSAN: uninit-value in bcmp (2)
sound
btrfs
|
C |
|
|
7 |
289d |
311d
|
25/28 |
225d |
fde2497d2bc3
fat: fix uninitialized field in nostale filehandles
|
KASAN: slab-use-after-free Read in sys_io_cancel
fs
|
C |
done |
|
894 |
225d |
262d
|
25/28 |
225d |
28468cbed92e
Revert "fs/aio: Make io_cancel() generate completions again"
|
possible deadlock in _snd_pcm_stream_lock_irqsave (4)
sound
|
C |
|
|
24677 |
225d |
247d
|
25/28 |
225d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
divide error in isd200_ata_command
usb-storage
|
C |
done |
|
10 |
264d |
268d
|
25/28 |
225d |
014bcf41d946
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
|
KASAN: slab-use-after-free Read in rt6_fill_node
net
|
|
|
|
1 |
276d |
276d
|
25/28 |
225d |
685f7d531264
net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
|
KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt
net
|
|
|
|
1 |
251d |
251d
|
25/28 |
225d |
6ebfad33161a
packet: annotate data-races around ignore_outgoing
|
UBSAN: shift-out-of-bounds in taprio_change
net
|
C |
done |
|
4 |
254d |
254d
|
25/28 |
225d |
343041b59b78
net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check
|
WARNING: suspicious RCU usage in in6_dump_addrs (2)
net
|
C |
done |
|
3 |
267d |
267d
|
25/28 |
225d |
67ea41d19d2a
inet6: expand rcu_read_lock() scope in inet6_dump_addr()
|
KASAN: slab-use-after-free Read in f2fs_filemap_fault
f2fs
|
C |
unreliable |
|
40 |
229d |
310d
|
25/28 |
225d |
eb70d5a6c932
f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault
|
KMSAN: uninit-value in ieee80211_amsdu_to_8023s
wireless
|
C |
|
|
4 |
261d |
268d
|
25/28 |
225d |
9ad797485692
wifi: cfg80211: check A-MSDU format more carefully
|
general protection fault in btintel_read_version
bluetooth
|
C |
error |
|
5 |
297d |
308d
|
25/28 |
225d |
b79e04091010
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
|
KMSAN: uninit-value in hsr_get_node (2)
net
|
C |
|
|
49 |
225d |
311d
|
25/28 |
225d |
ddbec99f5857
hsr: Fix uninit-value access in hsr_get_node()
|
KMSAN: kernel-infoleak in sys_name_to_handle_at (4)
nfs
|
C |
|
|
7 |
262d |
311d
|
25/28 |
225d |
3948abaa4e2b
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
|
KASAN: slab-use-after-free Write in __hci_acl_create_connection_sync
bluetooth
|
C |
done |
|
87 |
275d |
286d
|
25/28 |
225d |
5f641f03abcc
Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync
|
WARNING in mpls_gso_segment
net
|
C |
done |
|
20 |
270d |
273d
|
25/28 |
225d |
025f8ad20f2e
net: mpls: error out if inner headers are not set
|
possible deadlock in snd_pcm_period_elapsed (4)
sound
|
C |
done |
|
90659 |
225d |
250d
|
25/28 |
225d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
possible deadlock in xfs_ilock
xfs
|
|
|
|
30 |
225d |
251d
|
25/28 |
225d |
0c6ca06aad84
xfs: quota radix tree allocations need to be NOFS on insert
|
inconsistent lock state in snd_timer_interrupt
sound
|
C |
|
|
1927 |
225d |
247d
|
25/28 |
225d |
587d67fd929a
ALSA: timer: Fix missing irq-disable at closing
|
WARNING in rds_conn_connect_if_down
rds
|
C |
error |
|
17 |
258d |
589d
|
25/28 |
225d |
c055fc00c07b
net/rds: fix WARNING in rds_conn_connect_if_down
|
general protection fault in bpf_struct_ops_find_value
bpf
|
C |
done |
|
9 |
297d |
300d
|
25/28 |
225d |
e6be8cd5d3cf
bpf: Fix error checks against bpf_get_btf_vmlinux().
|
BUG: unable to handle kernel NULL pointer dereference in dev_map_hash_update_elem
bpf
net
|
C |
|
|
2 |
269d |
276d
|
25/28 |
225d |
281d464a34f5
bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
|
WARNING in sk_nulls_del_node_init_rcu
net
|
|
|
|
1 |
258d |
257d
|
25/28 |
225d |
04d9d1fc428a
tcp: Fix refcnt handling in __inet_hash_connect().
|
KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll (2)
wireguard
|
|
|
|
721 |
244d |
1016d
|
25/28 |
225d |
bba045dc4d99
wireguard: receive: annotate data-race around receiving_counter.counter
|
KMSAN: uninit-value in geneve_udp_encap_recv
net
|
C |
|
|
2 |
269d |
300d
|
25/28 |
225d |
1ca1ba465e55
geneve: make sure to pull inner header in geneve_rx()
|
WARNING in ovl_copy_up_file
overlayfs
|
C |
|
|
2 |
253d |
252d
|
25/28 |
225d |
77a28aa47687
ovl: relax WARN_ON in ovl_verify_area()
|
kernel BUG at fs/buffer.c:LINE!
nilfs
|
C |
done |
error |
567 |
226d |
2407d
|
25/28 |
225d |
f2f26b4a84a0
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
|
kernel BUG in __nla_validate_parse
net
|
C |
done |
|
13 |
254d |
256d
|
25/28 |
225d |
d8a21070b6e1
nexthop: Fix out-of-bounds access during attribute validation
|
KASAN: slab-use-after-free Read in pvr2_context_set_notify (2)
pvrusb2
|
C |
|
|
1069 |
225d |
295d
|
25/28 |
225d |
0a0b79ea55de
media: pvrusb2: fix uaf in pvr2_context_set_notify
|
possible deadlock in xfs_qm_dqget_cache_insert
xfs
|
|
|
|
8 |
251d |
251d
|
25/28 |
225d |
0c6ca06aad84
xfs: quota radix tree allocations need to be NOFS on insert
|
KMSAN: uninit-value in ima_add_template_entry
erofs
|
C |
|
|
5 |
262d |
274d
|
25/28 |
225d |
893e5e9b7369
erofs: fix uninitialized page cache reported by KMSAN
|
BUG: sleeping function called from invalid context in __getblk_gfp
fs
|
C |
error |
done |
3673 |
329d |
723d
|
25/28 |
225d |
f123dc86388c
sysv: don't call sb_bread() with pointers_lock held
|
general protection fault in btf_is_module
bpf
|
C |
error |
|
318 |
297d |
300d
|
25/28 |
225d |
e6be8cd5d3cf
bpf: Fix error checks against bpf_get_btf_vmlinux().
|
KMSAN: uninit-value in io_sendrecv_fail
io-uring
|
C |
|
|
29 |
243d |
250d
|
25/28 |
225d |
e21e1c45e1fe
io_uring: clear opcode specific data for an early failure
|
INFO: task hung in deactivate_super (2)
reiserfs
|
C |
inconclusive |
done |
121 |
263d |
602d
|
25/28 |
226d |
6f861765464f
fs: Block writes to mounted block devices
|
BUG: sleeping function called from invalid context in __lock_sock_fast (2)
net
|
C |
|
|
6 |
264d |
266d
|
25/28 |
232d |
d6a9608af9a7
mptcp: fix possible deadlock in subflow diag
|
possible deadlock in tcp_diag_get_aux
net
|
C |
|
|
117 |
258d |
275d
|
25/28 |
232d |
d6a9608af9a7
mptcp: fix possible deadlock in subflow diag
|
kernel BUG in eth_header (2)
net
|
C |
|
|
2 |
309d |
309d
|
25/28 |
232d |
dad555c816a5
llc: make llc_ui_sendmsg() more robust against bonding changes
|
BUG: unable to handle kernel NULL pointer dereference in unix_stream_sendmsg
bpf
net
|
C |
|
|
1 |
268d |
268d
|
25/28 |
232d |
4cd12c6065df
bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
|
BUG: unable to handle kernel NULL pointer dereference in sk_psock_verdict_data_ready
net
bpf
|
C |
unreliable |
|
15 |
263d |
383d
|
25/28 |
232d |
4cd12c6065df
bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
|
WARNING in blk_rq_map_user_iov
block
|
C |
done |
|
3546 |
297d |
439d
|
25/28 |
236d |
13f3956eb568
block: Fix WARNING in _copy_from_iter
|
WARNING in copy_page_from_iter
block
|
C |
done |
|
1987 |
305d |
617d
|
25/28 |
236d |
13f3956eb568
block: Fix WARNING in _copy_from_iter
|
possible deadlock in unix_set_peek_off
net
|
|
|
|
8 |
273d |
278d
|
25/28 |
237d |
56667da7399e
net: implement lockless setsockopt(SO_PEEK_OFF)
|
INFO: task hung in unix_stream_sendmsg
net
|
C |
done |
|
4 |
273d |
276d
|
25/28 |
237d |
aa82ac51d633
af_unix: Drop oob_skb ref before purging queue in GC.
|
possible deadlock in __unix_dgram_recvmsg (2)
net
|
|
|
|
3 |
275d |
278d
|
25/28 |
237d |
56667da7399e
net: implement lockless setsockopt(SO_PEEK_OFF)
|
WARNING in __alloc_skb (3)
ppp
|
C |
|
|
2 |
289d |
290d
|
25/28 |
237d |
cb88cb53badb
ppp_async: limit MRU to 64K
|
BUG: unable to handle kernel paging request in copy_from_kernel_nofault
mm
|
C |
done |
|
5 |
268d |
367d
|
25/28 |
237d |
32019c659ecf
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
|
WARNING in zswap_folio_swapin
mm
|
|
|
|
1 |
295d |
291d
|
25/28 |
237d |
16e96ba5e92c
mm/swap_state: update zswap LRU's protection range with the folio locked
|
KASAN: slab-out-of-bounds Read in getname_kernel (2)
btrfs
|
C |
done |
|
5 |
291d |
338d
|
25/28 |
237d |
9845664b9ee4
btrfs: dev-replace: properly validate device names
|
kernel BUG in end_buffer_async_write
nilfs
|
C |
inconclusive |
|
6 |
326d |
536d
|
25/28 |
237d |
5bc09b397cbf
nilfs2: fix potential bug in end_buffer_async_write
|
WARNING in send_hsr_supervision_frame (3)
net
|
|
|
|
153 |
300d |
736d
|
25/28 |
237d |
37e8c97e5390
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
|
memory leak in pppoe_sendmsg
net
|
C |
|
|
26 |
328d |
2001d
|
25/28 |
237d |
dc34ebd5c018
pppoe: Fix memory leak in pppoe_sendmsg()
|
memory leak in corrupted
bluetooth
|
syz |
|
|
536 |
237d |
309d
|
25/28 |
237d |
0a186b49bba5
batman-adv: mcast: fix memory leak on deleting a batman-adv interface
|
WARNING in __unix_gc
net
|
C |
|
|
49 |
286d |
292d
|
25/28 |
237d |
1279f9d9dec2
af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
|
KMSAN: uninit-value in des3_ede_decrypt
crypto
|
|
|
|
1 |
278d |
274d
|
25/28 |
237d |
7cfc2ab3f025
crypto: lskcipher - Copy IV in lskcipher glue code always
|
kernel BUG in iov_iter_revert
exfat
|
C |
done |
|
5 |
290d |
309d
|
25/28 |
237d |
0991abeddefa
exfat: fix zero the unwritten part for dio read
|
WARNING: ODEBUG bug in ip_set_free
netfilter
|
C |
|
|
42 |
278d |
281d
|
25/28 |
238d |
27c5a095e251
netfilter: ipset: Missing gc cancellations fixed
|
BUG: unable to handle kernel NULL pointer dereference in hrtimer_active
kernel
|
|
|
|
1 |
284d |
282d
|
25/28 |
238d |
fe9f801355f0
net: veth: clear GRO when clearing XDP even when down
|
possible deadlock in rds_wake_sk_sleep (4)
rds
|
C |
error |
|
16 |
288d |
917d
|
25/28 |
238d |
f1acf1ac84d2
net:rds: Fix possible deadlock in rds_message_put
|
bpf test error: INFO: trying to register non-static key in inet_csk_listen_stop
net
|
|
|
|
4 |
303d |
303d
|
25/28 |
238d |
435e202d645c
ipv6: init the accept_queue's spinlocks in inet6_create
|
net test error: INFO: trying to register non-static key in inet_csk_listen_stop
net
|
|
|
|
21 |
302d |
305d
|
25/28 |
238d |
435e202d645c
ipv6: init the accept_queue's spinlocks in inet6_create
|
possible deadlock in rds_message_put
rds
|
C |
done |
error |
5 |
376d |
687d
|
25/28 |
238d |
f1acf1ac84d2
net:rds: Fix possible deadlock in rds_message_put
|
linux-next test error: INFO: trying to register non-static key in inet_csk_listen_stop
net
|
|
|
|
12 |
302d |
304d
|
25/28 |
238d |
435e202d645c
ipv6: init the accept_queue's spinlocks in inet6_create
|
possible deadlock in skb_queue_tail (6)
net
|
|
|
|
1 |
298d |
298d
|
25/28 |
238d |
4d322dce82a1
UPSTREAM: af_unix: fix lockdep positive in sk_diag_dump_icons()
|
KASAN: slab-use-after-free Read in sock_wfree (2)
intel-wired-lan
|
C |
|
|
4 |
300d |
308d
|
25/28 |
238d |
aa2b2eb39348
llc: call sock_orphan() at release time
|
WARNING: ODEBUG bug in hash_netiface4_destroy
netfilter
|
C |
done |
|
80 |
278d |
292d
|
25/28 |
238d |
27c5a095e251
netfilter: ipset: Missing gc cancellations fixed
|
KMSAN: uninit-value in __nla_validate_parse (3)
netfilter
|
|
|
|
24 |
253d |
274d
|
25/28 |
239d |
9a0d18853c28
netlink: add nla be16/32 types to minlen array
|
possible deadlock in j1939_sk_queue_drop_all
can
|
C |
error |
done |
281 |
296d |
1169d
|
25/28 |
239d |
6cdedc18ba7b
can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
|
possible deadlock in j1939_sk_errqueue (2)
can
|
C |
done |
|
24 |
279d |
506d
|
25/28 |
239d |
6cdedc18ba7b
can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
|
memory leak in virtual_ncidev_write (2)
net
nfc
|
C |
|
|
2 |
337d |
498d
|
25/28 |
239d |
bfb007aebe6b
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
|
general protection fault in tipc_udp_is_known_peer
tipc
|
C |
error |
|
1 |
325d |
338d
|
25/28 |
239d |
3871aa01e1a7
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
|
KMSAN: uninit-value in IP6_ECN_decapsulate (2)
net
|
C |
|
|
3 |
290d |
305d
|
25/28 |
239d |
8d975c15c0cd
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
|
INFO: task hung in rtnl_lock (3)
net
|
C |
|
|
128 |
244d |
596d
|
25/28 |
239d |
3871aa01e1a7
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
|
WARNING in inet_csk_destroy_sock (5)
net
|
|
|
|
1 |
304d |
304d
|
25/28 |
239d |
66b60b0c8c4a
dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().
|
possible deadlock in j1939_session_activate
can
|
C |
done |
done |
67 |
291d |
1125d
|
25/28 |
239d |
6cdedc18ba7b
can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
|
WARNING in bcm5974_start_traffic/usb_submit_urb
input
|
C |
error |
|
41 |
244d |
1839d
|
25/28 |
239d |
2b9c3eb32a69
Input: bcm5974 - check endpoint type before starting traffic
|
WARNING in ieee80211_bss_info_change_notify (2)
wireless
|
C |
done |
|
1392 |
261d |
405d
|
25/28 |
239d |
f78c1375339a
wifi: nl80211: reject iftype change with mesh ID change
|
WARNING in btrfs_issue_discard
btrfs
|
C |
done |
|
9 |
297d |
310d
|
25/28 |
239d |
a208b3f132b4
btrfs: don't warn if discard range is not aligned to sector
|
WARNING in __nf_unregister_net_hook (6)
netfilter
|
C |
error |
|
2 |
283d |
400d
|
25/28 |
239d |
bccebf647017
netfilter: nf_tables: set dormant flag on hook register failure
|
memory leak in sctp_packet_transmit
sctp
|
C |
|
|
14 |
365d |
1582d
|
25/28 |
239d |
4e45170d9acc
net: sctp: fix skb leak in sctp_inq_free()
|
KMSAN: uninit-value in geneve_xmit (2)
net
|
C |
|
|
12 |
244d |
321d
|
25/28 |
240d |
5ae1e9922bbd
net: ip_tunnel: prevent perpetual headroom growth
|
WARNING in ip6gre_tunnel_xmit
net
|
C |
done |
|
2 |
269d |
269d
|
25/28 |
240d |
5ae1e9922bbd
net: ip_tunnel: prevent perpetual headroom growth
|
KASAN: use-after-free Read in __skb_flow_dissect (3)
net
|
C |
|
|
1 |
314d |
324d
|
25/28 |
240d |
5ae1e9922bbd
net: ip_tunnel: prevent perpetual headroom growth
|
memory leak in add_block_entry
btrfs
|
C |
|
|
4 |
337d |
529d
|
25/28 |
240d |
f03e274a8b29
btrfs: ref-verify: free ref cache before clearing mount opt
|
INFO: task hung in nsim_create
net
|
|
|
|
1 |
288d |
288d
|
25/28 |
240d |
ba5e1272142d
netdevsim: avoid potential loop in nsim_dev_trap_report_work()
|
KMSAN: uninit-value in af_alg_free_sg (2)
crypto
|
|
|
|
1 |
317d |
311d
|
25/28 |
240d |
24c890dd712f
crypto: algif_hash - Remove bogus SGL free on zero-length error path
|
INFO: task hung in addrconf_dad_work (3)
net
|
C |
|
|
185 |
253d |
295d
|
25/28 |
240d |
ba5e1272142d
netdevsim: avoid potential loop in nsim_dev_trap_report_work()
|
KASAN: invalid-access Read in neon_aes_ctr_encrypt
arm
crypto
|
C |
|
|
3 |
267d |
278d
|
25/28 |
240d |
1c0cf6d19690
crypto: arm64/neonbs - fix out-of-bounds access on short input
|
memory leak in add_tree_block
btrfs
|
C |
|
|
5 |
322d |
723d
|
25/28 |
240d |
f03e274a8b29
btrfs: ref-verify: free ref cache before clearing mount opt
|
KASAN: slab-out-of-bounds Read in ntfs_listxattr (2)
ntfs3
|
C |
error |
|
15 |
288d |
330d
|
25/28 |
240d |
731ab1f98288
fs/ntfs3: Fix oob in ntfs_listxattr
|
KMSAN: kernel-infoleak in __skb_datagram_iter (2)
net
|
C |
|
|
126 |
241d |
292d
|
25/28 |
240d |
661779e1fcaf
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
|
INFO: task hung in unix_dgram_sendmsg
net
|
C |
done |
|
36 |
266d |
285d
|
25/28 |
240d |
25236c91b5ab
af_unix: Fix task hung while purging oob_skb in GC.
|
upstream boot error: can't ssh into the instance (16)
|
|
|
|
415 |
263d |
316d
|
25/28 |
240d |
f6564fce256a
mm, kmsan: fix infinite recursion due to RCU critical section
|
KMSAN: uninit-value in __llc_lookup_established
net
|
C |
|
|
46 |
308d |
351d
|
25/28 |
240d |
e3f9bed9bee2
llc: Drop support for ETH_P_TR_802_2.
|
INFO: task hung in migrate_pages_batch
nilfs
|
C |
|
|
22 |
286d |
297d
|
25/28 |
240d |
38296afe3c6e
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
|
BUG: unable to handle kernel NULL pointer dereference in crypto_arc4_crypt
crypto
|
C |
done |
|
4 |
298d |
296d
|
25/28 |
240d |
69fba378edca
crypto: cbc - Ensure statesize is zero
|
BUG: unable to handle kernel NULL pointer dereference in dtInsertEntry
jfs
|
C |
error |
done |
29 |
293d |
786d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
possible deadlock in reiserfs_dirty_inode
reiserfs
|
C |
done |
done |
519 |
295d |
723d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: use-after-free Read in ntfs_lookup_inode_by_name
ntfs3
|
C |
error |
done |
17 |
256d |
691d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in do_open_execat
ntfs3
|
C |
error |
done |
12 |
300d |
460d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: use-after-free Read in udf_finalize_lvid
udf
|
C |
inconclusive |
done |
39 |
317d |
520d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
BUG: sleeping function called from invalid context in gfs2_withdraw
gfs2
|
C |
error |
done |
182 |
317d |
438d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
UBSAN: shift-out-of-bounds in ntfs_iget
ntfs3
|
C |
error |
done |
9 |
298d |
539d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-out-of-bounds Read in ntfs_iget5
ntfs3
|
C |
done |
done |
3633 |
309d |
943d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-use-after-free Read in udf_free_blocks
udf
|
C |
done |
done |
2 |
319d |
530d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: trying to register non-static key in txEnd
jfs
|
C |
inconclusive |
done |
20 |
318d |
416d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
KMSAN: uninit-value in __crc32c_le_base (3)
xfs
|
|
|
|
15526 |
255d |
573d
|
25/28 |
245d |
0573676fdde7
xfs: initialise di_crc in xfs_log_dinode
|
KASAN: use-after-free Read in ntfs_read_folio
ntfs3
|
C |
error |
done |
12 |
306d |
614d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: task hung in hfs_mdb_commit
hfs
|
C |
error |
done |
25 |
296d |
674d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
possible deadlock in map_mft_record
ntfs3
|
C |
error |
done |
845 |
295d |
764d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
possible deadlock in ext4_xattr_inode_iget (2)
ext4
|
C |
done |
done |
22 |
310d |
503d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-out-of-bounds Write in hfs_bnode_read_key
hfs
|
C |
error |
done |
4 |
308d |
531d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-out-of-bounds Read in jfs_readdir
jfs
|
C |
error |
done |
17 |
318d |
678d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
BUG: sleeping function called from invalid context in __bread_gfp
fs
|
C |
error |
done |
359 |
321d |
722d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel BUG in ntfs_iget
ntfs3
|
C |
error |
done |
73 |
259d |
636d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: task hung in reiserfs_sync_fs
reiserfs
|
C |
error |
done |
22 |
321d |
700d
|
25/28 |
245d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in kvm_mmu_notifier_invalidate_range_start (3)
kvm
|
C |
inconclusive |
done |
44 |
309d |
370d
|
25/28 |
258d |
4cccb6221cae
fs/proc/task_mmu: move mmu notification mechanism inside mm lock
|
WARNING in gfs2_check_blk_type
gfs2
|
C |
error |
done |
67 |
306d |
709d
|
25/28 |
261d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in perf_event_open
perf
|
C |
done |
done |
43004 |
321d |
336d
|
25/28 |
267d |
7e2c1e4b34f0
perf: Fix perf_event_validate_size() lockdep splat
|
KASAN: slab-out-of-bounds Write in udf_adinicb_writepage
udf
|
C |
error |
done |
5 |
320d |
608d
|
25/28 |
269d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: task hung in lmLogClose (2)
jfs
|
C |
inconclusive |
done |
5 |
315d |
407d
|
25/28 |
271d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel panic: stack is corrupted in run_unpack_ex
ntfs3
|
C |
done |
done |
3 |
325d |
683d
|
25/28 |
271d |
6f861765464f
fs: Block writes to mounted block devices
|
general protection fault in common_perm_cond
apparmor
ext4
|
C |
error |
done |
1 |
325d |
490d
|
25/28 |
272d |
6f861765464f
fs: Block writes to mounted block devices
|
UBSAN: array-index-out-of-bounds in udf_process_sequence
udf
|
C |
error |
done |
6 |
319d |
478d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
general protection fault in __fget_files (2)
reiserfs
|
C |
done |
done |
1 |
328d |
324d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: task hung in __generic_file_fsync (3)
exfat
ntfs3
|
C |
inconclusive |
done |
8 |
326d |
834d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in ext4_discard_allocated_blocks
ext4
|
C |
inconclusive |
done |
4 |
319d |
436d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: task hung in write_cache_pages (3)
gfs2
|
C |
done |
done |
10 |
319d |
443d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: task hung in __get_metapage
jfs
|
C |
error |
done |
32 |
317d |
771d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: use-after-free Write in udf_close_lvid
udf
|
C |
done |
|
144 |
318d |
912d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: use-after-free Read in ext4_search_dir
prio:low
ext4
|
C |
error |
done |
20 |
318d |
559d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
BUG: unable to handle kernel paging request in reiserfs_readdir_inode
reiserfs
|
C |
error |
done |
11 |
319d |
685d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel BUG in entry_points_to_object
reiserfs
|
C |
done |
done |
21 |
319d |
364d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel panic: stack is corrupted in __lock_acquire (5)
ntfs3
|
C |
error |
done |
18 |
318d |
695d
|
25/28 |
273d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel BUG in txLock
jfs
|
C |
inconclusive |
done |
10 |
321d |
438d
|
25/28 |
278d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in lock_two_nondirectories
ext4
|
C |
|
|
3 |
331d |
341d
|
25/28 |
278d |
6f861765464f
fs: Block writes to mounted block devices
|
general protection fault in utf8nlookup
ext4
|
C |
done |
done |
3 |
321d |
428d
|
25/28 |
278d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel BUG in ext4_enable_quotas
ext4
|
C |
error |
done |
16 |
322d |
503d
|
25/28 |
278d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: out-of-bounds Read in ext4_ext_remove_space
ext4
|
C |
error |
done |
8 |
321d |
495d
|
25/28 |
278d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: vmalloc-out-of-bounds Read in cleanup_bitmap_list
reiserfs
|
C |
error |
done |
100 |
322d |
754d
|
25/28 |
278d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-use-after-free Read in hfsplus_read_wrapper
hfs
|
C |
inconclusive |
done |
7 |
329d |
552d
|
25/28 |
279d |
6f861765464f
fs: Block writes to mounted block devices
|
KMSAN: uninit-value in io_rw_fail (2)
io-uring
|
|
|
|
1 |
289d |
285d
|
25/28 |
280d |
0a535eddbe0d
io_uring/rw: ensure io->bytes_done is always initialized
|
KASAN: null-ptr-deref Read in ida_free (4)
bluetooth
|
C |
done |
done |
29 |
333d |
372d
|
25/28 |
280d |
af73483f4e8b
ida: Fix crash in ida_free when the bitmap is empty
|
KASAN: use-after-free Read in set_de_name_and_namelen
reiserfs
|
C |
error |
done |
15 |
325d |
726d
|
25/28 |
281d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-out-of-bounds Read in dtSearch
jfs
|
C |
error |
done |
33 |
324d |
787d
|
25/28 |
281d |
6f861765464f
fs: Block writes to mounted block devices
|
KMSAN: uninit-value in tcp_recvmsg (3)
net
|
|
|
|
1 |
326d |
313d
|
25/28 |
285d |
78fbb92af27d
nbd: always initialize struct msghdr completely
|
UBSAN: shift-out-of-bounds in dbSplit
jfs
|
C |
error |
done |
7 |
324d |
778d
|
25/28 |
285d |
6f861765464f
fs: Block writes to mounted block devices
|
possible deadlock in hci_rfkill_set_block
bluetooth
|
C |
done |
|
3391 |
321d |
394d
|
25/28 |
289d |
769bf60e17ee
Bluetooth: Fix deadlock in vhci_send_frame
|
KASAN: use-after-free Read in udf_sync_fs
udf
|
C |
done |
done |
37 |
328d |
466d
|
25/28 |
291d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-use-after-free Read in ext4_convert_inline_data_nolock
ext4
|
C |
error |
done |
7 |
328d |
604d
|
25/28 |
291d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING: ODEBUG bug in netdev_run_todo
batman
|
C |
error |
error |
5467 |
515d |
1569d
|
25/28 |
291d |
abac3ac97fe8
batman-adv: Broken sync while rescheduling delayed work
|
BUG: unable to handle kernel NULL pointer dereference in reiserfs_find_entry
reiserfs
|
C |
error |
done |
25 |
328d |
765d
|
25/28 |
292d |
6f861765464f
fs: Block writes to mounted block devices
|
UBSAN: shift-out-of-bounds in ext4_handle_clustersize (2)
ext4
|
C |
error |
done |
3 |
329d |
333d
|
25/28 |
292d |
6f861765464f
fs: Block writes to mounted block devices
|
possible deadlock in seq_read_iter (2)
overlayfs
|
C |
done |
done |
14 |
331d |
490d
|
25/28 |
292d |
da40448ce4eb
fs: move file_start_write() into direct_splice_actor()
|
KMSAN: uninit-value in io_rw_fail
io-uring
|
C |
|
|
25 |
295d |
311d
|
25/28 |
293d |
0a535eddbe0d
io_uring/rw: ensure io->bytes_done is always initialized
|
KASAN: slab-use-after-free Write in fib6_purge_rt
net
|
|
|
|
1 |
363d |
363d
|
25/28 |
293d |
5a08d0065a91
ipv6: add debug checks in fib6_info_release()
|
KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim (2)
net
|
C |
|
|
17 |
295d |
320d
|
25/28 |
293d |
d375b98e0248
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
|
riscv/fixes boot error: failed to read from qemu: EOF
|
|
|
|
54 |
349d |
358d
|
25/28 |
293d |
420370f3ae3d
riscv: Check if the code to patch lies in the exit section
|
kernel BUG in ntfs_truncate
ntfs3
|
C |
error |
done |
4 |
330d |
688d
|
25/28 |
294d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: task hung in hfsplus_find_init
hfs
|
C |
error |
done |
1 |
336d |
430d
|
25/28 |
294d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: use-after-free Read in reiserfs_get_unused_objectid
reiserfs
|
C |
inconclusive |
done |
3 |
330d |
603d
|
25/28 |
294d |
6f861765464f
fs: Block writes to mounted block devices
|
general protection fault in timerqueue_del (2)
kernel
|
C |
done |
done |
3 |
336d |
477d
|
25/28 |
294d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in udf_new_block
udf
|
C |
inconclusive |
done |
31 |
330d |
614d
|
25/28 |
294d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in __mark_chain_precision (3)
bpf
|
C |
done |
|
19 |
325d |
346d
|
25/28 |
294d |
482d548d40b0
bpf: handle fake register spill to stack with BPF_ST_MEM instruction
|
KMSAN: uninit-value in subflow_check_req
mptcp
|
C |
|
|
63 |
321d |
315d
|
25/28 |
294d |
66ff70df1a91
mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()
|
KASAN: use-after-free Read in ext4_find_extent (3)
prio:low
ext4
|
C |
error |
done |
31 |
330d |
512d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel BUG in ext4_write_inline_data_end
ext4
|
C |
error |
done |
32 |
331d |
629d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
INFO: task hung in path_mount (2)
jfs
|
C |
error |
done |
8 |
331d |
460d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: use-after-free Read in crc_itu_t
udf
|
C |
inconclusive |
done |
50 |
331d |
781d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
general protection fault in scatterwalk_copychunks (5)
crypto
|
C |
done |
|
2920 |
324d |
330d
|
25/28 |
295d |
744e1885922a
crypto: scomp - fix req->dst buffer overflow
|
KASAN: slab-out-of-bounds Write in squashfs_readahead (2)
squashfs
|
C |
done |
|
2 |
379d |
375d
|
25/28 |
295d |
12427de9439d
Squashfs: fix variable overflow triggered by sysbot
|
KASAN: slab-use-after-free Read in nla_find
bpf
net
|
C |
done |
|
4 |
339d |
338d
|
25/28 |
295d |
2130c519a401
bpf: Use nla_ok() instead of checking nla_len directly
|
KASAN: slab-use-after-free Read in nfc_alloc_send_skb
net
nfc
|
C |
error |
|
3 |
348d |
377d
|
25/28 |
295d |
c95f919567d6
nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local
|
KASAN: slab-use-after-free Read in jfs_evict_inode
jfs
|
syz |
error |
|
1 |
395d |
391d
|
25/28 |
295d |
e0e1958f4c36
jfs: fix uaf in jfs_evict_inode
|
kernel BUG in move_pages
mm
|
C |
done |
|
2 |
318d |
314d
|
25/28 |
295d |
5d4747a6cc8e
userfaultfd: avoid huge_zero_page in UFFDIO_MOVE
|
general protection fault in bio_first_folio
block
|
C |
done |
|
683 |
307d |
341d
|
25/28 |
295d |
7bed6f3d08b7
block: Fix iterating over an empty bio with bio_for_each_folio_all
|
general protection fault in bfs_get_block (2)
bfs
|
C |
error |
done |
2 |
342d |
361d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-out-of-bounds Read in arc4_crypt
crypto
|
C |
done |
|
6 |
327d |
338d
|
25/28 |
295d |
37c6fc323a81
crypto: skcipher - Pass statesize for simple lskcipher instances
|
WARNING in get_pte_pfn
mm
io-uring
|
C |
error |
|
2 |
324d |
334d
|
25/28 |
295d |
c28ac3c7eb94
mm/mglru: skip special VMAs in lru_gen_look_around()
|
UBSAN: array-index-out-of-bounds in diNewExt
jfs
|
C |
inconclusive |
|
31 |
295d |
346d
|
25/28 |
295d |
49f9637aafa6
jfs: fix array-index-out-of-bounds in diNewExt
|
INFO: task hung in gfs2_gl_hash_clear (3)
gfs2
|
C |
error |
done |
80 |
334d |
722d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
BUG: corrupted list in efivar_entry_remove
efi
|
C |
|
|
104 |
296d |
817d
|
25/28 |
295d |
cdb46a8aefbf
efivarfs: Move efivarfs list into superblock s_fs_info
|
KCSAN: data-race in udpv6_sendmsg / udpv6_sendmsg (6)
net
|
|
|
|
1 |
317d |
313d
|
25/28 |
295d |
482521d8e0c6
udp: annotate data-races around up->pending
|
general protection fault in dtSplitUp
jfs
|
C |
error |
done |
2 |
345d |
781d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in ip6_route_multipath_add
net
|
|
|
|
1 |
346d |
346d
|
25/28 |
295d |
a3c205d0560f
ipv6: do not check fib6_has_expires() in fib6_info_release()
|
BUG: unable to handle kernel NULL pointer dereference in __bio_release_pages
block
|
C |
|
|
6 |
312d |
309d
|
25/28 |
295d |
7bed6f3d08b7
block: Fix iterating over an empty bio with bio_for_each_folio_all
|
general protection fault in tomoyo_check_acl (3)
hfs
|
C |
inconclusive |
done |
1 |
345d |
502d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
general protection fault in hfsc_tcf_block
net
|
C |
done |
|
1020 |
318d |
325d
|
25/28 |
295d |
94e2557d086a
net: sched: move block device tracking into tcf_block_get/put_ext()
|
possible deadlock in chown_common
reiserfs
|
C |
error |
done |
22 |
303d |
773d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in __udf_add_aext (2)
udf
|
syz |
error |
done |
6 |
346d |
526d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
BUG: sleeping function called from invalid context in glock_hash_walk
gfs2
|
C |
done |
done |
31 |
341d |
442d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
UBSAN: array-index-out-of-bounds in diWrite
jfs
|
C |
error |
done |
13 |
342d |
762d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-use-after-free Read in pvr2_context_set_notify
usb
pvrusb2
|
C |
|
|
3814 |
295d |
501d
|
25/28 |
295d |
ded85b0c0edd
media: pvrusb2: fix use after free on context disconnection
|
BUG: sleeping function called from invalid context in gfs2_make_fs_ro
gfs2
|
C |
error |
done |
1 |
341d |
484d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-use-after-free Read in kill_f2fs_super
f2fs
|
C |
done |
|
2331 |
308d |
313d
|
25/28 |
295d |
c919330dd578
f2fs: fix double free of f2fs_sb_info
|
kernel BUG in balance_leaf
reiserfs
|
C |
error |
done |
16 |
335d |
686d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING: locking bug in corrupted (2)
bpf
reiserfs
|
C |
done |
done |
1 |
345d |
499d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in mptcp_check_listen_stop
mptcp
|
C |
done |
|
47 |
295d |
343d
|
25/28 |
295d |
4c0288299fd0
mptcp: prevent tcp diag from closing listener subflows
|
WARNING in __sk_msg_free
bpf
net
|
C |
done |
|
4 |
321d |
320d
|
25/28 |
295d |
dc9dfc8dc629
net: tls, fix WARNIING in __sk_msg_free
|
possible deadlock in pipe_write
fs
|
C |
inconclusive |
|
181 |
298d |
976d
|
25/28 |
295d |
055ca8355991
fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
|
KMSAN: uninit-value in z_erofs_lz4_decompress (2)
erofs
|
C |
|
|
33 |
297d |
329d
|
25/28 |
295d |
496530c7c1df
erofs: avoid debugging output for (de)compressed data
|
INFO: trying to register non-static key in do_mpage_readpage
ntfs3
|
C |
error |
done |
24 |
339d |
693d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel BUG in direntry_check_right
reiserfs
|
C |
done |
done |
2 |
334d |
377d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-out-of-bounds Read in dsa_user_changeupper
net
|
C |
done |
|
1303 |
302d |
316d
|
25/28 |
295d |
844f104790bd
net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
|
WARNING in __folio_rmap_sanity_checks
mm
|
C |
done |
|
168 |
318d |
322d
|
25/28 |
295d |
9c5938694cd0
mm/rmap: silence VM_WARN_ON_FOLIO() in __folio_rmap_sanity_checks()
|
WARNING in ea_get
jfs
|
C |
error |
done |
10 |
338d |
783d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
riscv/fixes boot error: kernel BUG in __phys_addr_symbol
riscv
|
|
|
|
24 |
336d |
348d
|
25/28 |
295d |
c29fc621e1a4
riscv: Fix wrong usage of lm_alias() when splitting a huge linear mapping
|
INFO: task hung in find_inode_fast (2)
ext4
|
C |
unreliable |
done |
10 |
342d |
496d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
KASAN: slab-out-of-bounds Read in search_by_key (2)
reiserfs
|
C |
|
|
4435 |
317d |
748d
|
25/28 |
295d |
dd8f87f21dc3
reiserfs: fix uninit-value in comp_keys
|
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs
|
C |
error |
inconclusive |
2 |
439d |
767d
|
25/28 |
295d |
27e56f59bab5
UBSAN: array-index-out-of-bounds in dtSplitRoot
|
possible deadlock in ntfs_set_state
ntfs3
|
C |
done |
done |
1360 |
307d |
700d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
kernel BUG in txEnd
jfs
|
C |
inconclusive |
done |
6 |
305d |
519d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING: suspicious RCU usage in __cfg80211_bss_update
wireless
|
C |
done |
|
92 |
320d |
322d
|
25/28 |
295d |
1184950e341c
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
|
general protection fault in qdisc_create
net
|
C |
done |
|
2821 |
318d |
325d
|
25/28 |
295d |
94e2557d086a
net: sched: move block device tracking into tcf_block_get/put_ext()
|
BUG: unable to handle kernel paging request in lookup_open
ntfs3
|
C |
error |
done |
1 |
344d |
489d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
BUG: unable to handle kernel NULL pointer dereference in gfs2_rgrp_dump
gfs2
|
C |
done |
|
9 |
352d |
695d
|
25/28 |
295d |
8877243beafa
gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
|
general protection fault in __hrtimer_run_queues (3)
reiserfs
|
C |
error |
done |
2 |
346d |
511d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in dev_watchdog (2)
net
|
C |
inconclusive |
|
6791 |
297d |
1696d
|
25/28 |
295d |
e316dd1cf135
net: don't dump stack on queue timeout
|
WARNING in kvm_mmu_notifier_change_pte
kvm
|
C |
inconclusive |
|
2 |
333d |
343d
|
25/28 |
295d |
4cccb6221cae
fs/proc/task_mmu: move mmu notification mechanism inside mm lock
|
WARNING: refcount bug in tcp_sigpool_alloc_ahash
net
|
|
|
|
1 |
336d |
336d
|
25/28 |
295d |
b901a4e27694
net/tcp_sigpool: Use kref_get_unless_zero()
|
possible deadlock in stack_depot_put
kasan
|
|
|
|
23 |
339d |
361d
|
25/28 |
295d |
a414d4286f34
kasan: handle concurrent kasan_record_aux_stack calls
|
KMSAN: uninit-value in netif_skb_features (2)
net
|
C |
|
|
9 |
339d |
427d
|
25/28 |
295d |
9181d6f8a2bb
net: add more sanity check in virtio_net_hdr_to_skb()
|
INFO: task hung in hwrng_fillfn
crypto
|
C |
error |
|
27 |
297d |
361d
|
25/28 |
295d |
78aafb3884f6
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
|
kernel BUG in ext4_split_extent_at (2)
ext4
|
C |
error |
done |
3 |
332d |
527d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
BUG: unable to handle kernel NULL pointer dereference in gfs2_rindex_update
gfs2
|
C |
error |
done |
4 |
341d |
699d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
WARNING in ip6_route_info_create
net
|
C |
done |
|
241 |
345d |
349d
|
25/28 |
295d |
a3c205d0560f
ipv6: do not check fib6_has_expires() in fib6_info_release()
|
general protection fault in page_pool_unlist
net
|
C |
done |
|
648 |
355d |
357d
|
25/28 |
295d |
f9893fdac319
net: page_pool: fix general protection fault in page_pool_unlist
|
KMSAN: uninit-value in shrinker_alloc
mm
|
syz |
|
|
2 |
345d |
323d
|
25/28 |
295d |
7fba9420b726
mm: shrinker: use kvzalloc_node() from expand_one_shrinker_info()
|
possible deadlock in __run_timers
reiserfs
|
C |
error |
done |
1 |
343d |
339d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
UBSAN: shift-out-of-bounds in dbJoin
jfs
|
C |
error |
|
3 |
388d |
772d
|
25/28 |
295d |
cca974daeb6c
jfs: fix shift-out-of-bounds in dbJoin
|
KCSAN: data-race in ipv6_mc_down / mld_ifc_work (2)
net
|
|
|
|
2 |
307d |
313d
|
25/28 |
295d |
2e7ef287f07c
ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
|
UBSAN: array-index-out-of-bounds in dbAdjTree
jfs
|
C |
error |
error |
41 |
309d |
786d
|
25/28 |
295d |
9862ec7ac1cb
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
74ecdda68242
jfs: fix array-index-out-of-bounds in dbAdjTree
|
KASAN: slab-use-after-free Read in destroy_device_list
f2fs
|
C |
done |
|
3597 |
308d |
312d
|
25/28 |
295d |
c919330dd578
f2fs: fix double free of f2fs_sb_info
|
kernel BUG in gfs2_quota_cleanup
gfs2
|
C |
done |
|
4 |
337d |
437d
|
25/28 |
295d |
71733b492200
gfs2: fix kernel BUG in gfs2_quota_cleanup
|
KMSAN: uninit-value in validate_xmit_skb
net
|
C |
|
|
21 |
296d |
314d
|
25/28 |
295d |
9181d6f8a2bb
net: add more sanity check in virtio_net_hdr_to_skb()
|
kernel BUG in flush_journal_list
reiserfs
|
C |
done |
done |
3 |
339d |
527d
|
25/28 |
295d |
6f861765464f
fs: Block writes to mounted block devices
|
general protection fault in htb_tcf_block
net
|
C |
done |
|
885 |
318d |
325d
|
25/28 |
295d |
94e2557d086a
net: sched: move block device tracking into tcf_block_get/put_ext()
|
KMSAN: uninit-value in ppp_sync_receive
ppp
|
|
|
|
2 |
372d |
371d
|
25/28 |
296d |
719639853d88
tty: Fix uninit-value access in ppp_sync_receive()
|
INFO: trying to register non-static key in debugfs_file_get
fs
|
|
|
|
289 |
335d |
335d
|
25/28 |
302d |
88ac06a9f938
Revert "debugfs: annotate debugfs handlers vs. removal with lockdep"
|
WARNING in debugfs_file_get
fs
|
|
|
|
239 |
336d |
354d
|
25/28 |
302d |
88ac06a9f938
Revert "debugfs: annotate debugfs handlers vs. removal with lockdep"
|
kernel BUG in prog_array_map_poke_run
bpf
|
C |
done |
done |
35 |
338d |
379d
|
25/28 |
303d |
4b7de801606e
bpf: Fix prog_array_map_poke_run map poke update
|
WARNING in rose_device_event
hams
|
|
|
|
1 |
343d |
343d
|
25/28 |
303d |
64b8bc7d5f14
net/rose: fix races in rose_kill_by_device()
|
general protection fault in skb_segment (4)
net
|
C |
error |
|
4 |
340d |
347d
|
25/28 |
304d |
23d05d563b7e
net: prevent mss overflow in skb_segment()
|
Internal error in fib6_table_lookup
net
|
|
|
|
2 |
372d |
373d
|
25/28 |
304d |
18f039428c7d
ipvlan: add ipvlan_route_v6_outbound() helper
|
KCSAN: data-race in wg_xmit / wg_xmit (4)
wireguard
|
|
|
|
1 |
377d |
371d
|
25/28 |
304d |
93da8d75a665
wireguard: use DEV_STATS_INC()
|
Internal error in fib6_rule_lookup
net
|
|
|
|
2 |
375d |
383d
|
25/28 |
304d |
18f039428c7d
ipvlan: add ipvlan_route_v6_outbound() helper
|
KASAN: slab-use-after-free Read in ife_tlv_meta_decode
net
|
|
|
|
1 |
350d |
348d
|
25/28 |
304d |
19391a2ca98b
net: sched: ife: fix potential use-after-free
|
WARNING in fib6_add (5)
net
|
C |
done |
|
6 |
349d |
512d
|
25/28 |
304d |
75475bb51e78
ipv6: fix potential NULL deref in fib6_add()
|
KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent
btrfs
|
C |
done |
|
40 |
373d |
384d
|
25/28 |
305d |
6c8e69e4a702
btrfs: fix race between accounting qgroup extents and removing a qgroup
|
KASAN: slab-out-of-bounds Read in dns_resolver_preparse
net
|
C |
done |
|
46 |
329d |
342d
|
25/28 |
305d |
1997b3cb4217
keys, dns: Fix missing size check of V1 server-list header
|
WARNING in rate_control_rate_init (2)
wireless
|
C |
done |
|
9 |
336d |
507d
|
25/28 |
305d |
c1393c132b90
wifi: mac80211: check if the existing link config remains unchanged
|
general protection fault in dccp_write_xmit (2)
dccp
|
C |
done |
|
32 |
337d |
392d
|
25/28 |
305d |
cac23b7d7627
net: Return error from sk_stream_wait_connect() if sk_wait_event() fails
|
WARNING in ieee80211_rfkill_poll
wireless
|
C |
|
|
684 |
345d |
378d
|
25/28 |
305d |
8e2f6f236621
wifi: cfg80211: lock wiphy mutex for rfkill poll
|
general protection fault in d_path
integrity
overlayfs
|
C |
done |
|
210 |
362d |
504d
|
25/28 |
305d |
8a924db2d7b5
fs: Pass AT_GETATTR_NOSEC flag to getattr interface function
|
KASAN: null-ptr-deref Write in unix_stream_bpf_update_proto
bpf
net
|
C |
done |
|
54 |
326d |
356d
|
25/28 |
305d |
8d6650646ce4
bpf: syzkaller found null ptr deref in unix_bpf proto add
|
memory leak in skb_copy (2)
nfc
net
|
syz |
|
|
3 |
377d |
495d
|
25/28 |
305d |
84d2db91f14a
nfc: virtual_ncidev: Add variable to check if ndev is running
|
WARNING in squashfs_read_data
squashfs
|
C |
error |
|
2 |
375d |
371d
|
25/28 |
305d |
eb66b8abae98
squashfs: squashfs_read_data need to check if the length is 0
|
general protection fault in hugetlb_vma_lock_write
mm
|
C |
done |
|
110 |
348d |
388d
|
25/28 |
305d |
187da0f8250a
hugetlb: fix null-ptr-deref in hugetlb_vma_lock_write
|
general protection fault in tls_merge_open_record
net
|
syz |
unreliable |
|
5 |
388d |
388d
|
25/28 |
305d |
53f2cb491b50
tls: fix NULL deref on tls_sw_splice_eof() with empty record
|
WARNING in pagemap_scan_pmd_entry
fs
|
C |
inconclusive |
|
48 |
349d |
371d
|
25/28 |
305d |
0dff1b407def
mm/pagemap: fix ioctl(PAGEMAP_SCAN) on vma check
|
WARNING in __alloc_skb (2)
ppp
|
C |
done |
|
2 |
360d |
375d
|
25/28 |
305d |
c0a2a1b0d631
ppp: limit MRU to 64K
|
WARNING in nilfs_sufile_set_segment_usage
nilfs
|
C |
inconclusive |
|
341 |
364d |
782d
|
25/28 |
305d |
675abf8df135
nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
|
WARNING in unmap_page_range (2)
mm
|
C |
done |
|
2112 |
345d |
371d
|
25/28 |
305d |
4980e837cab7
mm/pagemap: fix wr-protect even if PM_SCAN_WP_MATCHING not set
|
UBSAN: array-index-out-of-bounds in FSE_decompress_wksp_body_bmi2
btrfs
|
|
|
|
1 |
452d |
448d
|
25/28 |
305d |
77618db34645
zstd: Fix array-index-out-of-bounds UBSAN warning
|
memory leak in btrfs_ref_tree_mod
btrfs
|
syz |
|
|
1 |
467d |
463d
|
25/28 |
305d |
f91192cd6859
btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()
|
general protection fault in autofs_fill_super
autofs
|
syz |
done |
|
7 |
364d |
373d
|
25/28 |
305d |
66917f85db60
autofs: add: new_inode check in autofs_fill_super()
|
general protection fault in __mptcp_set_connected
mptcp
|
|
|
|
2 |
376d |
380d
|
25/28 |
305d |
d109a7767273
mptcp: fix possible NULL pointer dereference on close
|
BUG: unable to handle kernel paging request in __pte_offset_map_lock
mm
|
C |
|
|
2 |
381d |
391d
|
25/28 |
305d |
9aa1345d66b8
mm: fix oops when filemap_map_pmd() without prealloc_pte
|
memory leak in ovl_parse_param
overlayfs
|
C |
|
|
1 |
379d |
375d
|
25/28 |
305d |
37f32f526438
ovl: fix memory leak in ovl_parse_param()
|
KMSAN: uninit-value in drm_mode_setcrtc
dri
|
C |
|
|
41 |
346d |
522d
|
25/28 |
305d |
3823119b9c2b
drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
6e455f5dcdd1
drm/crtc: fix uninitialized variable use
|
WARNING in blk_mq_start_request
block
|
C |
done |
|
29 |
363d |
379d
|
25/28 |
305d |
53f2bca26092
block/null_blk: Fix double blk_mq_start_request() warning
|
KASAN: slab-use-after-free Read in unix_stream_read_actor
net
|
C |
error |
|
6 |
359d |
376d
|
25/28 |
305d |
4b7b492615cf
af_unix: fix use-after-free in unix_stream_read_actor()
|
WARNING in create_pending_snapshot
btrfs
|
C |
done |
|
3 |
372d |
377d
|
25/28 |
305d |
8049ba5d0a28
btrfs: do not abort transaction if there is already an existing qgroup
|
general protection fault in ptp_ioctl
net
|
C |
done |
|
8 |
380d |
381d
|
25/28 |
305d |
8a4f030dbced
ptp: Fixes a null pointer dereference in ptp_ioctl
|
kernel BUG in ip6gre_header (2)
net
|
C |
|
|
2 |
404d |
419d
|
25/28 |
305d |
3cffa2ddc4d3
bonding: stop the device in bond_setup_by_slave()
|
KMSAN: uninit-value in mptcp_incoming_options
mptcp
|
C |
|
|
93 |
356d |
364d
|
25/28 |
305d |
237ff253f2d4
mptcp: fix uninit-value in mptcp_incoming_options
|
WARNING in __kernel_write_iter
btrfs
|
C |
inconclusive |
|
1149 |
356d |
772d
|
25/28 |
305d |
0ac1d13a55eb
btrfs: send: ensure send_fd is writable
|
memory leak in btrfs_add_delayed_tree_ref
btrfs
|
C |
|
|
6 |
376d |
380d
|
25/28 |
305d |
609d99379736
btrfs: fix qgroup record leaks when using simple quotas
|
WARNING in ext4_dio_write_end_io
ext4
|
C |
done |
|
2 |
365d |
364d
|
25/28 |
305d |
619f75dae2cf
ext4: fix warning in ext4_dio_write_end_io()
|
KASAN: slab-use-after-free Read in iommufd_vfio_ioas
iommu
|
C |
done |
|
4 |
366d |
384d
|
25/28 |
305d |
6f9c4d8c468c
iommufd: Do not UAF during iommufd_put_object()
|
BUG: unable to handle kernel paging request in nsim_bpf
net
|
C |
|
|
3 |
362d |
378d
|
25/28 |
305d |
c0c6bde586c7
netdevsim: Don't accept device bound programs
|
WARNING in subflow_data_ready
mptcp
|
|
|
|
42 |
308d |
392d
|
25/28 |
305d |
4fd19a307016
mptcp: fix inconsistent state on fastopen race
|
BUG: Dentry still in use in unmount
f2fs
|
C |
done |
|
58 |
340d |
817d
|
25/28 |
305d |
413ba91089c7
ovl: fix dentry reference leak after changes to underlying layers
|
kernel BUG in ipgre_header
net
|
C |
|
|
4 |
354d |
369d
|
25/28 |
305d |
3cffa2ddc4d3
bonding: stop the device in bond_setup_by_slave()
|
KCSAN: data-race in virtnet_poll / virtnet_stats (2)
net
virt
|
|
|
|
1 |
424d |
423d
|
25/28 |
310d |
61217d8f6360
virtio_net: use u64_stats_t infra to avoid data-races
|
KASAN: use-after-free Read in j1939_session_get_by_addr
|
C |
done |
error |
66 |
1831d |
1843d
|
25/28 |
313d |
d966635b384b
can: j1939: transport: make sure the aborted session will be deactivated only once
|
KASAN: stack-out-of-bounds Read in tcp_inbound_hash
net
|
C |
done |
|
28 |
374d |
388d
|
25/28 |
315d |
02f0717e9835
net/tcp: fix possible out-of-bounds reads in tcp_hash_fail()
|
WARNING in dev_index_reserve (2)
net
|
C |
done |
|
68 |
395d |
405d
|
25/28 |
315d |
cbfbfe3aee71
tun: prevent negative ifindex
|
possible deadlock in super_lock
reiserfs
|
C |
done |
done |
52 |
363d |
444d
|
25/28 |
316d |
fd1464105cb3
fs: Avoid grabbing sb->s_umount under bdev->bd_holder_lock
|
KMSAN: uninit-value in dccp_v6_err
dccp
|
C |
|
|
4 |
430d |
435d
|
25/28 |
317d |
6af289746a63
dccp: fix dccp_v4_err()/dccp_v6_err() again
|
KCSAN: data-race in fib_select_path / fib_select_path
net
|
|
|
|
1 |
413d |
400d
|
25/28 |
317d |
195374d89368
ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr
|
UBSAN: array-index-out-of-bounds in xtSearch
jfs
|
C |
unreliable |
done |
122 |
360d |
778d
|
25/28 |
317d |
a779ed754e52
jfs: define xtree root and page independently
|
UBSAN: array-index-out-of-bounds in txCommit
jfs
|
C |
error |
done |
396 |
384d |
765d
|
25/28 |
317d |
a779ed754e52
jfs: define xtree root and page independently
|
inconsistent lock state in nf_connlabels_put
netfilter
|
C |
done |
|
4 |
391d |
392d
|
25/28 |
322d |
643d12603664
netfilter: conntrack: switch connlabels to atomic_t
|
KCSAN: data-race in xfrm_sk_policy_insert / xfrm_sk_policy_insert (3)
net
|
|
|
|
1 |
467d |
439d
|
25/28 |
322d |
3e4bc23926b8
xfrm: fix a data-race in xfrm_gen_index()
|
KASAN: use-after-free Read in __media_entity_remove_links
usb
media
|
C |
|
|
7 |
1703d |
1801d
|
25/28 |
322d |
68035c80e129
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
|
KASAN: slab-out-of-bounds Read in ntfs_listxattr
ntfs3
|
C |
done |
|
70 |
335d |
714d
|
25/28 |
334d |
8e7e27b2ee1e
fs/ntfs3: fix panic about slab-out-of-bounds caused by ntfs_list_ea()
3c675ddffb17
ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
|
KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (7)
net
|
|
|
|
1 |
419d |
414d
|
25/28 |
334d |
d0f95894fda7
netlink: annotate data-races around sk->sk_err
|
general protection fault in scatterwalk_copychunks (4)
net
crypto
|
C |
done |
done |
1341 |
334d |
1345d
|
25/28 |
334d |
cfaa80c91f6f
net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
|
WARNING in bpf_mprog_pos_after
bpf
|
|
|
|
3 |
421d |
430d
|
25/28 |
336d |
f9b0e1088bbf
bpf, mprog: Fix maximum program check on mprog attachment
|
WARNING in page_copy_sane
fs
mm
|
C |
done |
|
3 |
433d |
430d
|
25/28 |
336d |
a08c7193e4f1
mm/filemap: remove hugetlb special casing in filemap.c
|
general protection fault in ovl_encode_real_fh
overlayfs
|
C |
done |
|
3 |
415d |
415d
|
25/28 |
336d |
c7242a45cb8c
ovl: fix NULL pointer defer when encoding non-decodable lower fid
|
KASAN: slab-use-after-free Read in ptp_poll
net
|
|
|
|
1 |
379d |
379d
|
25/28 |
336d |
b714ca2ccf6a
ptp: ptp_read should not release queue
|
possible deadlock in __btrfs_release_delayed_node (3)
btrfs
|
syz |
|
|
2 |
454d |
450d
|
25/28 |
336d |
e110f8911ddb
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
|
kernel BUG in btrfs_insert_delayed_dir_index
btrfs
|
|
|
|
3 |
446d |
452d
|
25/28 |
336d |
8e7f82deb0c0
btrfs: fix race between reading a directory and adding entries to it
|
KMSAN: uninit-value in smsc95xx_reset
usb
|
C |
|
|
425 |
391d |
1556d
|
25/28 |
336d |
51a32e828109
net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
|
general protection fault in lbmStartIO
jfs
|
C |
done |
|
2 |
403d |
410d
|
25/28 |
336d |
6306ff39a7fc
jfs: fix log->bdev_handle null ptr deref in lbmStartIO
|
general protection fault in usb_hub_create_port_device
kernel
|
C |
done |
done |
4 |
436d |
442d
|
25/28 |
336d |
fd6f7ad2fd4d
driver core: return an error when dev_set_name() hasn't happened
|
KASAN: slab-out-of-bounds Read in create_monitor_event
bluetooth
|
C |
done |
|
952 |
394d |
408d
|
25/28 |
336d |
18f547f3fc07
Bluetooth: hci_sock: fix slab oob read in create_monitor_event
|
WARNING: zero-size vmalloc in xskq_create
bpf
net
|
|
|
|
20 |
405d |
413d
|
25/28 |
336d |
a12bbb3cccf0
xdp: Fix zero-size allocation warning in xskq_create()
|
WARNING: zero-size vmalloc in print_tainted
bpf
net
|
C |
|
|
79 |
528d |
562d
|
25/28 |
336d |
a12bbb3cccf0
xdp: Fix zero-size allocation warning in xskq_create()
|
BUG: unable to handle kernel NULL pointer dereference in __io_remove_buffers (2)
io-uring
|
|
|
|
86 |
411d |
415d
|
25/28 |
336d |
f8024f1f36a3
io_uring/kbuf: don't allow registered buffer rings on highmem pages
|
UBSAN: shift-out-of-bounds in dbAlloc (2)
jfs
|
|
|
|
1 |
433d |
429d
|
25/28 |
336d |
525b861a0081
fs/jfs: Add check for negative db_l2nbperpage
|
kernel BUG in __block_write_begin_int
block
|
C |
done |
|
14 |
425d |
443d
|
25/28 |
336d |
4aa8cdd5e523
iomap: handle error conditions more gracefully in iomap_to_bh
|
WARNING in ext4_iomap_begin (2)
ext4
|
C |
done |
|
7 |
408d |
523d
|
25/28 |
336d |
ce56d21355cd
ext4: fix racy may inline data check in dio write
|
KASAN: use-after-free Read in bcmp
ntfs3
|
C |
done |
|
289 |
339d |
497d
|
25/28 |
336d |
34e6552a442f
fs/ntfs3: Fix OOB read in ntfs_init_from_boot
|
general protection fault in serio_handle_event
kernel
|
C |
done |
done |
6 |
431d |
439d
|
25/28 |
336d |
fd6f7ad2fd4d
driver core: return an error when dev_set_name() hasn't happened
|
KMSAN: uninit-value in IP6_ECN_decapsulate
net
|
C |
|
|
981 |
337d |
2253d
|
25/28 |
336d |
484b4833c604
hsr: Fix uninit-value access in fill_frame_info()
|
UBSAN: array-index-out-of-bounds in diAlloc
jfs
|
C |
error |
inconclusive |
37 |
376d |
785d
|
25/28 |
336d |
05d9ea1ceb62
jfs: fix array-index-out-of-bounds in diAlloc
|
KMSAN: uninit-value in __tipc_nl_bearer_enable (2)
tipc
|
C |
|
|
21 |
381d |
426d
|
25/28 |
336d |
19b3f72a41a8
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
|
memory leak in kcm_sendmsg (2)
net
|
C |
|
|
1 |
449d |
483d
|
25/28 |
336d |
c821a88bd720
kcm: Fix memory leak in error path of kcm_sendmsg()
|
INFO: task hung in clean_bdev_aliases
block
|
C |
done |
|
201 |
417d |
443d
|
25/28 |
336d |
381c043233e6
iomap: add a workaround for racy i_size updates on block devices
|
KMSAN: uninit-value in virtio_transport_recv_pkt
net
|
C |
|
|
20713 |
377d |
390d
|
25/28 |
336d |
34c4effacfc3
virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()
|
WARNING in skb_warn_bad_offload (4)
net
|
C |
done |
|
1763 |
398d |
426d
|
25/28 |
336d |
fc8b2a619469
net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
|
UBSAN: array-index-out-of-bounds in io_setup_async_msg
io-uring
|
C |
done |
|
3 |
435d |
434d
|
25/28 |
336d |
c21a8027ad8a
io_uring/net: fix iter retargeting for selected buf
|
linux-next boot error: KASAN: slab-out-of-bounds Write in vhci_setup
usb
|
|
|
|
34 |
401d |
405d
|
25/28 |
336d |
17d6b82d2d6d
usb/usbip: fix wrong data added to platform device
|
WARNING in bpf_mprog_attach
bpf
|
C |
|
|
3 |
413d |
421d
|
25/28 |
336d |
f9b0e1088bbf
bpf, mprog: Fix maximum program check on mprog attachment
|
WARNING in __ip6_append_data
net
|
C |
unreliable |
|
5 |
406d |
435d
|
25/28 |
336d |
9d4c75800f61
ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
|
BUG: unable to handle kernel NULL pointer dereference in hdr_find_e (2)
ntfs3
|
C |
done |
|
4 |
403d |
475d
|
25/28 |
336d |
1f9b94af923c
fs/ntfs3: Fix possible null-pointer dereference in hdr_find_e()
|
BUG: corrupted list in ptp_open
net
|
C |
done |
|
7 |
382d |
391d
|
25/28 |
336d |
1bea2c3e6df8
ptp: fix corrupted list in ptp_open
b714ca2ccf6a
ptp: ptp_read should not release queue
|
general protection fault in nfc_register_device
kernel
|
C |
done |
|
190 |
337d |
450d
|
25/28 |
336d |
fd6f7ad2fd4d
driver core: return an error when dev_set_name() hasn't happened
|
possible deadlock in rfkill_send_events
wireless
|
C |
done |
|
22 |
398d |
408d
|
25/28 |
336d |
f2ac54ebf856
net: rfkill: reduce data->mtx scope in rfkill_fop_open
|
general protection fault in wpan_phy_register
kernel
|
C |
done |
done |
7 |
428d |
435d
|
25/28 |
336d |
fd6f7ad2fd4d
driver core: return an error when dev_set_name() hasn't happened
|
BUG: Bad page map (7)
mm
|
C |
done |
|
19 |
416d |
438d
|
25/28 |
336d |
ce60f27bb62d
mm: abstract moving to the next PFN
|
KMSAN: uninit-value in mii_nway_restart
usb
|
C |
|
|
2449 |
405d |
1996d
|
25/28 |
336d |
8f8abb863fa5
net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
|
WARNING in bpf_mprog_pos_before
bpf
|
C |
done |
|
26 |
413d |
421d
|
25/28 |
336d |
f9b0e1088bbf
bpf, mprog: Fix maximum program check on mprog attachment
|
KCSAN: data-race in xfrmi_xmit / xfrmi_xmit (3)
net
|
|
|
|
2 |
421d |
445d
|
25/28 |
336d |
f7c4e3e5d4f6
xfrm: interface: use DEV_STATS_INC()
|
kernel BUG in f2fs_put_super
f2fs
|
|
|
|
2 |
412d |
442d
|
25/28 |
336d |
a4639380bbe6
f2fs: fix to drop meta_inode's page cache in f2fs_put_super()
|
general protection fault in io_get_cqe_overflow
io-uring
|
C |
done |
|
2 |
417d |
415d
|
25/28 |
336d |
1658633c0465
io_uring: ensure io_lockdep_assert_cq_locked() handles disabled rings
|
general protection fault in hci_register_dev
kernel
|
C |
unreliable |
done |
4 |
433d |
440d
|
25/28 |
336d |
fd6f7ad2fd4d
driver core: return an error when dev_set_name() hasn't happened
|
WARNING in skb_checksum_help (2)
net
|
C |
done |
|
3816 |
336d |
426d
|
25/28 |
336d |
fc8b2a619469
net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
|
divide error in iommufd_test
iommu
|
C |
done |
|
4 |
388d |
390d
|
25/28 |
336d |
2e22aac3ea9c
iommufd/selftest: Fix page-size check in iommufd_test_dirty()
|
KMSAN: uninit-value in tipc_nl_node_reset_link_stats
tipc
|
C |
|
|
2 |
417d |
426d
|
25/28 |
336d |
19b3f72a41a8
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
|
WARNING: suspicious RCU usage in gfs2_permission
gfs2
|
C |
done |
|
263 |
387d |
407d
|
25/28 |
336d |
074d7306a4fe
gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
|
BUG: corrupted list in nfc_llcp_register_device
nfc
net
|
C |
error |
|
136 |
412d |
700d
|
25/28 |
336d |
dfc7f7a988da
net: nfc: llcp: Add lock when modifying device list
|
KASAN: slab-use-after-free Read in pwq_release_workfn
kernel
|
C |
unreliable |
|
79 |
398d |
448d
|
25/28 |
336d |
643445531829
workqueue: Fix UAF report by KASAN in pwq_release_workfn()
|
UBSAN: array-index-out-of-bounds in dbFindLeaf
jfs
|
C |
error |
|
6 |
435d |
750d
|
25/28 |
336d |
22cad8bc1d36
jfs: fix array-index-out-of-bounds in dbFindLeaf
|
KMSAN: uninit-value in smsc75xx_bind
usb
|
C |
|
|
63 |
434d |
1930d
|
25/28 |
336d |
e9c65989920f
net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
|
BUG: sleeping function called from invalid context in __hci_cmd_sync_sk
bluetooth
|
C |
done |
|
34 |
405d |
522d
|
25/28 |
336d |
acab8ff29a2a
Bluetooth: ISO: Fix invalid context error
|
general protection fault in bpf_prog_offload_verifier_prep
bpf
|
C |
done |
|
31 |
425d |
444d
|
25/28 |
336d |
1a49f4195d34
bpf: Avoid dummy bpf_offload_netdev in __bpf_prog_dev_bound_init
|
possible deadlock in btrfs_search_slot (2)
btrfs
|
C |
error |
|
2 |
457d |
453d
|
25/28 |
336d |
ee34a82e890a
btrfs: release path before inode lookup during the ino lookup ioctl
|
KASAN: slab-out-of-bounds Read in imon_probe
media
usb
|
syz |
|
|
2 |
431d |
453d
|
25/28 |
336d |
a1766a4fd83b
media: imon: fix access to invalid resource for the second interface
|
KASAN: slab-use-after-free Write in gfs2_qd_dealloc
gfs2
|
C |
inconclusive |
|
27 |
365d |
418d
|
25/28 |
336d |
bdcb8aa434c6
gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
|
memory leak in binder_transaction (2)
kernel
|
C |
|
|
2 |
436d |
731d
|
25/28 |
336d |
1aa3aaf8953c
binder: fix memory leaks of spam and pending work
|
general protection fault in inherit_task_group
perf
|
C |
done |
done |
4 |
388d |
386d
|
25/28 |
336d |
a71ef31485bb
perf/core: Fix potential NULL deref
|
KMSAN: uninit-value in smsc95xx_eeprom_confirm_not_busy
usb
|
C |
|
|
521 |
391d |
504d
|
25/28 |
336d |
51a32e828109
net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
|
UBSAN: shift-out-of-bounds in nci_activate_target
net
nfc
|
C |
done |
|
6 |
414d |
598d
|
25/28 |
336d |
354a6e707e29
nfc: nci: assert requested protocol is valid
|
KASAN: use-after-free Read in powermate_config_complete (4)
input
|
syz |
done |
unreliable |
14 |
439d |
811d
|
25/28 |
336d |
5c15c60e7be6
Input: powermate - fix use-after-free in powermate_config_complete
|
UBSAN: shift-out-of-bounds in set_flicker
usb
media
|
syz |
|
|
5 |
381d |
461d
|
25/28 |
336d |
099be1822d1f
media: gspca: cpia1: shift-out-of-bounds in set_flicker
|
UBSAN: shift-out-of-bounds in ntfs_fill_super (2)
ntfs3
|
C |
error |
|
5716 |
361d |
631d
|
25/28 |
336d |
91a4b1ee78cb
fs/ntfs3: Fix shift-out-of-bounds in ntfs_fill_super
|
possible deadlock in mnt_want_write (2)
integrity
overlayfs
|
C |
done |
|
867 |
386d |
1254d
|
25/28 |
336d |
e044374a8a0a
ima: annotate iint mutex to avoid lockdep false positive warnings
|
WARNING in inet_csk_get_port (2)
net
|
C |
done |
|
88 |
397d |
427d
|
25/28 |
336d |
8702cf12e6ba
tcp: Fix listen() warning with v4-mapped-v6 address.
|
WARNING in ieee80211_get_ringparam
wireless
|
C |
done |
|
151 |
422d |
429d
|
25/28 |
336d |
6b348f6e34ce
wifi: mac80211: ethtool: always hold wiphy mutex
|
KASAN: slab-use-after-free Read in ntfs_write_bh
ntfs3
|
C |
done |
|
100 |
412d |
436d
|
25/28 |
336d |
493c71926c20
ntfs3: put resources during ntfs_fill_super()
|
KCSAN: data-race in udp_lib_setsockopt / udp_lib_setsockopt
net
|
|
|
|
2 |
456d |
442d
|
25/28 |
336d |
882af43a0fc3
udplite: fix various data-races
|
KASAN: use-after-free Read in ntfs_test_inode
ntfs3
|
C |
done |
|
402 |
349d |
1283d
|
25/28 |
336d |
493c71926c20
ntfs3: put resources during ntfs_fill_super()
|
UBSAN: array-index-out-of-bounds in dbNextAG
jfs
|
C |
inconclusive |
inconclusive |
52 |
359d |
786d
|
25/28 |
336d |
64933ab7b048
fs/jfs: Add validity check for db_maxag and db_agpref
|
KMSAN: uninit-value in fq_change
net
|
C |
|
|
8 |
377d |
379d
|
25/28 |
336d |
f1a3b283f852
UPSTREAM: net_sched: sch_fq: better validate TCA_FQ_WEIGHTS and TCA_FQ_PRIOMAP
|
possible deadlock in ieee80211_change_mac
wireless
|
|
|
|
1 |
410d |
406d
|
25/28 |
336d |
74a7c93f45ab
wifi: mac80211: fix change_address deadlock during unregister
|
KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish (8)
bridge
|
|
|
|
1 |
431d |
429d
|
25/28 |
336d |
44bdb313da57
net: bridge: use DEV_STATS_INC()
|
KCSAN: data-race in xfrm_lookup_with_ifid / xfrm_lookup_with_ifid (7)
net
|
|
|
|
1 |
414d |
413d
|
25/28 |
336d |
de5724ca38fd
xfrm: fix a data-race in xfrm_lookup_with_ifid()
|
KMSAN: uninit-value in llc_station_rcv
net
|
C |
|
|
2 |
391d |
400d
|
25/28 |
336d |
7b3ba18703a6
llc: verify mac len before reading mac header
|
KASAN: invalid-free in ovl_copy_up_one
overlayfs
|
C |
done |
|
2 |
426d |
422d
|
25/28 |
336d |
5b02bfc1e7e3
ovl: do not encode lower fh with upper sb_writers held
|
WARNING in try_grab_page
xfs
mm
|
C |
|
|
48 |
421d |
506d
|
23/28 |
405d |
f443fd5af5db
crypto, cifs: fix error handling in extract_iter_to_sg()
|
kernel BUG in add_new_free_space
btrfs
|
C |
|
|
3 |
510d |
578d
|
23/28 |
405d |
d8ccbd21918f
btrfs: remove BUG_ON()'s in add_new_free_space()
|
KCSAN: data-race in sctp_poll / sctp_wfree (3)
sctp
|
|
|
|
1 |
451d |
450d
|
23/28 |
405d |
dc9511dd6f37
sctp: annotate data-races around sk->sk_wmem_queued
|
INFO: rcu detected stall in sys_close (5)
net
|
C |
done |
|
1 |
449d |
449d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
general protection fault in io_sqpoll_wq_cpu_affinity
io-uring
|
|
|
|
33 |
439d |
450d
|
23/28 |
405d |
bd6fc5da4c51
io_uring: Don't set affinity on a dying sqpoll thread
|
possible deadlock in shmem_uncharge (2)
mm
|
C |
done |
|
29 |
493d |
491d
|
23/28 |
405d |
509f006932de
shmem: fix quota lock nesting in huge hole handling
|
WARNING in unregister_vlan_dev
net
|
C |
done |
|
1310 |
458d |
467d
|
23/28 |
405d |
ace0ab3a4b54
Revert "vlan: Fix VLAN 0 memory leak"
|
general protection fault in __drop_extent_tree
f2fs
|
C |
error |
|
3 |
550d |
589d
|
23/28 |
405d |
458c15dfbce6
f2fs: don't reset unchangable mount option in f2fs_remount()
|
KCSAN: data-race in ____sys_sendmsg / do_ipv6_setsockopt
net
|
|
|
|
1 |
528d |
511d
|
23/28 |
405d |
1ded5e5a5931
net: annotate data-races around sock->ops
|
general protection fault in io_uring_show_fdinfo
io-uring
|
C |
done |
|
17 |
437d |
446d
|
23/28 |
405d |
32f5dea040ee
io_uring/fdinfo: only print ->sq_array[] if it's there
|
KCSAN: data-race in random_recv_done / virtio_read (3)
crypto
|
|
|
|
13 |
515d |
579d
|
23/28 |
405d |
ac52578d6e8d
hwrng: virtio - Fix race on data_avail and actual data
|
KCSAN: data-race in netlink_setsockopt / netlink_setsockopt
net
|
|
|
|
1 |
469d |
469d
|
23/28 |
405d |
8fe08d70a2b6
netlink: convert nlk->flags to atomic flags
|
KASAN: slab-out-of-bounds Read in read_descriptors (3)
usb
|
C |
error |
|
7 |
493d |
520d
|
23/28 |
405d |
ff33299ec8bb
USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
|
WARNING in do_chunk_alloc
btrfs
|
C |
error |
done |
35 |
512d |
728d
|
23/28 |
405d |
cd361199ff23
btrfs: wait on uncached block groups on every allocation loop
|
general protection fault in generic_hwtstamp_ioctl_lower
net
|
C |
done |
|
7 |
472d |
474d
|
23/28 |
405d |
c35e927cbe09
net: omit ndo_hwtstamp_get() call when possible in dev_set_hwtstamp_phylib()
|
KASAN: use-after-free Read in raw_release
can
|
|
|
|
1 |
477d |
477d
|
23/28 |
405d |
11c9027c983e
can: raw: fix lockdep issue in raw_release()
|
INFO: rcu detected stall in unix_release
net
|
C |
done |
|
1 |
469d |
465d
|
23/28 |
405d |
da71714e359b
net/sched: fix a qdisc modification with ambiguous command request
|
UBSAN: array-index-out-of-bounds in f2fs_iget
f2fs
|
C |
done |
|
6 |
445d |
490d
|
23/28 |
405d |
958ccbbf1ce7
Revert "f2fs: fix to do sanity check on extent cache correctly"
|
WARNING in init_module_from_file
modules
|
C |
|
|
98 |
498d |
506d
|
23/28 |
405d |
f1962207150c
module: fix init_module_from_file() error handling
|
WARNING: refcount bug in xp_put_pool
bpf
net
|
C |
done |
|
2 |
480d |
478d
|
23/28 |
405d |
85c2c79a0730
xsk: fix refcount underflow in error path
|
WARNING in ip6_tnl_exit_batch_net
net
|
C |
done |
|
29 |
461d |
467d
|
23/28 |
405d |
ace0ab3a4b54
Revert "vlan: Fix VLAN 0 memory leak"
|
KASAN: invalid-free in dbUnmount
jfs
|
syz |
error |
|
119 |
422d |
682d
|
23/28 |
405d |
cade5397e546
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
|
KASAN: stack-out-of-bounds Write in __nla_validate_parse
net
|
C |
done |
|
4 |
473d |
488d
|
23/28 |
405d |
4d50e50045aa
net: flower: fix stack-out-of-bounds in fl_set_key_cfm()
|
KMSAN: uninit-value in af_alg_free_resources
crypto
|
C |
|
|
156 |
458d |
495d
|
23/28 |
405d |
080aa61e370b
crypto: fix uninit-value in af_alg_free_resources
|
general protection fault in sco_conn_add
bluetooth
|
C |
done |
|
4 |
491d |
500d
|
23/28 |
405d |
b4066eb04bb6
Bluetooth: hci_conn: return ERR_PTR instead of NULL when there is no link
|
net-next test error: UBSAN: array-index-out-of-bounds in alloc_pid
kernel
|
|
|
|
30 |
504d |
507d
|
23/28 |
405d |
b69f0aeb0689
pid: Replace struct pid 1-element array with flex-array
|
KASAN: null-ptr-deref Read in txBegin
jfs
|
C |
error |
|
30 |
506d |
641d
|
23/28 |
405d |
47cfdc338d67
FS: JFS: Fix null-ptr-deref Read in txBegin
|
WARNING in ntfs_load_attr_list
ntfs3
|
C |
|
|
4 |
571d |
688d
|
23/28 |
405d |
ea303f72d70c
fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_load_attr_list()
|
WARNING in iommufd_access_destroy
iommu
|
C |
done |
|
3 |
494d |
495d
|
23/28 |
405d |
99f98a7c0d69
iommufd: IOMMUFD_DESTROY should not increase the refcount
|
BUG: unable to handle kernel paging request in handshake_nl_done_doit
tls
|
C |
|
|
2 |
451d |
451d
|
23/28 |
405d |
82ba0ff7bf04
net/handshake: fix null-ptr-deref in handshake_nl_done_doit()
|
WARNING: bad unlock balance in sockopt_release_sock
net
|
C |
done |
|
2 |
454d |
454d
|
23/28 |
405d |
8be6f88b9d3f
inet: fix IP_TRANSPARENT error handling
|
KASAN: slab-use-after-free Read in xsk_diag_dump
net
bpf
|
C |
done |
|
9 |
440d |
449d
|
23/28 |
405d |
3e019d8a05a3
xsk: Fix xsk_diag use-after-free error during socket cleanup
|
linux-next test error: UBSAN: array-index-out-of-bounds in alloc_pid
kernel
|
|
|
|
9 |
553d |
553d
|
23/28 |
405d |
b69f0aeb0689
pid: Replace struct pid 1-element array with flex-array
|
KMSAN: uninit-value in alauda_check_media
usb
usb-storage
|
C |
|
|
1059 |
488d |
1871d
|
23/28 |
405d |
a6ff6e7a9dd6
usb-storage: alauda: Fix uninit-value in alauda_check_media()
|
INFO: rcu detected stall in tipc_sendmsg (2)
tipc
|
|
|
|
1 |
475d |
475d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
UBSAN: array-index-out-of-bounds in xfs_attr3_leaf_add_work
xfs
|
C |
error |
done |
1923 |
482d |
522d
|
23/28 |
405d |
a49bbce58ea9
xfs: convert flex-array declarations in xfs attr leaf blocks
|
UBSAN: array-index-out-of-bounds in bpf_mprog_detach
bpf
|
|
|
|
3 |
474d |
480d
|
23/28 |
405d |
d210f9735e13
bpf: Fix mprog detachment for empty mprog entry
|
KASAN: slab-use-after-free Read in input_dev_uevent
input
|
C |
done |
|
7 |
446d |
457d
|
23/28 |
405d |
dd613a4e45f8
HID: uclogic: Correct devm device reference for hidinput input_dev name
|
BUG: unable to handle kernel paging request in ovs_vport_add
openvswitch
|
C |
done |
|
2 |
468d |
467d
|
23/28 |
405d |
a552bfa16bab
net: openvswitch: reject negative ifindex
|
KASAN: slab-use-after-free Read in nilfs_load_inode_block (2)
nilfs
|
C |
done |
|
4 |
472d |
487d
|
23/28 |
405d |
f8654743a0e6
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
|
KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update (2)
bpf
|
|
|
|
1 |
450d |
449d
|
23/28 |
405d |
6a86b5b5cd76
bpf: Annotate bpf_long_memcpy with data_race
|
memory leak in autofs_wait
autofs
|
C |
|
|
4 |
539d |
910d
|
23/28 |
405d |
ccbe77f7e45d
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
|
KCSAN: data-race in dccp_connect / dccp_sendmsg (3)
dccp
|
|
|
|
1 |
475d |
475d
|
23/28 |
405d |
a47e598fbd86
dccp: fix data-race around dp->dccps_mss_cache
|
general protection fault in f2fs_drop_extent_tree
f2fs
|
C |
error |
done |
1 |
515d |
511d
|
23/28 |
405d |
458c15dfbce6
f2fs: don't reset unchangable mount option in f2fs_remount()
|
KCSAN: data-race in __ip4_datagram_connect / __ip_make_skb (5)
net
|
|
|
|
3 |
483d |
511d
|
23/28 |
405d |
f866fbc842de
ipv4: fix data-races around inet->inet_id
|
WARNING in mark_buffer_dirty (5)
nilfs
|
C |
done |
|
172 |
408d |
527d
|
23/28 |
405d |
cdaac8e7e5a0
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
|
KMSAN: uninit-value in udf_name_from_CS0
udf
|
|
|
|
1 |
519d |
519d
|
23/28 |
405d |
028f6055c912
udf: Fix uninitialized array access for some pathnames
|
INFO: rcu detected stall in statfs
fs
|
|
|
|
1 |
466d |
466d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
WARNING in ieee80211_probe_client
wireless
|
C |
done |
error |
124 |
437d |
1506d
|
23/28 |
405d |
67dfa589aa88
wifi: mac80211: check for station first in client probe
|
general protection fault in skb_segment (3)
net
|
C |
done |
|
2 |
465d |
465d
|
23/28 |
405d |
b616be6b9768
net: do not allow gso_size to be set to GSO_BY_FRAGS
|
INFO: rcu detected stall in bond_3ad_state_machine_handler
net
|
|
|
|
1 |
483d |
483d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
BUG: soft lockup in fq_pie_timer (4)
net
|
syz |
|
|
5 |
435d |
486d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
UBSAN: array-index-out-of-bounds in dbAllocDmapLev
jfs
|
C |
error |
|
2 |
525d |
698d
|
23/28 |
405d |
4e302336d5ca
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
|
INFO: rcu detected stall in nsim_dev_trap_report_work
net
|
syz |
|
|
4 |
441d |
484d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
WARNING in rtnl_dellink (3)
net
|
C |
done |
|
492 |
457d |
467d
|
23/28 |
405d |
ace0ab3a4b54
Revert "vlan: Fix VLAN 0 memory leak"
|
INFO: rcu detected stall in shmem_fault (5)
cgroups
mm
|
|
|
|
3 |
461d |
481d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
KASAN: slab-use-after-free Read in team_device_event
net
|
C |
done |
|
2 |
441d |
440d
|
23/28 |
405d |
6afcf0fb9270
Revert "net: team: do not use dynamic lockdep key"
|
general protection fault in ext4_finish_bio
ext4
|
C |
done |
|
1 |
510d |
506d
|
23/28 |
405d |
0b7ec177b589
crypto: algif_hash - Fix race between MORE and non-MORE sends
|
WARNING in sta_info_insert_rcu (3)
wireless
|
C |
done |
|
6 |
453d |
494d
|
23/28 |
405d |
5d4e04bf3a0f
wifi: cfg80211: reject auth/assoc to AP with our address
|
KCSAN: data-race in fib_release_info / fib_table_lookup
net
|
|
|
|
1 |
450d |
450d
|
23/28 |
405d |
fce92af1c29d
ipv4: annotate data-races around fi->fib_dead
|
KASAN: slab-use-after-free Read in fuse_test_super
fuse
|
C |
done |
|
6 |
449d |
452d
|
23/28 |
405d |
dc3216b14160
super: ensure valid info
|
KASAN: slab-use-after-free Read in iopt_unmap_iova_range
iommu
|
C |
error |
|
7 |
512d |
524d
|
23/28 |
405d |
804ca14d04df
iommufd: Do not access the area pointer after unlocking
|
possible deadlock in inode_add_bytes
fs
|
C |
done |
|
124 |
493d |
491d
|
23/28 |
405d |
509f006932de
shmem: fix quota lock nesting in huge hole handling
|
general protection fault in ingress_destroy
net
|
|
|
|
10 |
485d |
489d
|
23/28 |
405d |
079082c60aff
tcx: Fix splat during dev unregister
|
KCSAN: data-race in tcp_make_synack / tcp_rtx_synack
net
|
|
|
|
1 |
497d |
495d
|
23/28 |
405d |
5e5265522a9a
tcp: annotate data-races around tcp_rsk(req)->txhash
|
KASAN: slab-out-of-bounds Read in xlog_pack_data
xfs
|
C |
error |
done |
4 |
526d |
522d
|
23/28 |
405d |
f1e1765aad7d
xfs: journal geometry is not properly bounds checked
|
WARNING in tcx_uninstall
bpf
net
|
C |
done |
|
7 |
479d |
484d
|
23/28 |
405d |
079082c60aff
tcx: Fix splat during dev unregister
|
INFO: task hung in pipe_release (4)
fs
|
C |
done |
|
51 |
497d |
497d
|
23/28 |
405d |
0f71c9caf267
udp: Fix __ip_append_data()'s handling of MSG_SPLICE_PAGES
|
possible deadlock in do_user_addr_fault
exfat
|
C |
unreliable |
done |
39 |
512d |
603d
|
23/28 |
405d |
ff84772fd45d
exfat: release s_lock before calling dir_emit()
|
KCSAN: data-race in tcp_check_req / tcp_check_req
net
|
|
|
|
2 |
513d |
511d
|
23/28 |
405d |
eba20811f326
tcp: annotate data-races around tcp_rsk(req)->ts_recent
|
general protection fault in sys_finit_module
modules
|
C |
error |
done |
84 |
505d |
505d
|
23/28 |
405d |
f1962207150c
module: fix init_module_from_file() error handling
|
KASAN: slab-out-of-bounds Read in do_csum
net
|
C |
|
|
160 |
410d |
450d
|
23/28 |
405d |
8bd795fedb84
arm64: csum: Fix OoB access in IP checksum code for negative lengths
|
kernel BUG in btrfs_ioctl
btrfs
|
C |
error |
|
1 |
522d |
518d
|
23/28 |
405d |
b19c98f237cd
btrfs: fix race between balance and cancel/pause
|
KCSAN: data-race in iptunnel_xmit / iptunnel_xmit (5)
net
|
|
|
|
1 |
442d |
442d
|
23/28 |
405d |
9b271ebaf9a2
ip_tunnels: use DEV_STATS_INC()
|
KMSAN: uninit-value in hwsim_cloned_frame_received_nl
wireless
|
C |
|
|
8315 |
449d |
1518d
|
23/28 |
405d |
fba360a047d5
wifi: mac80211_hwsim: drop short frames
|
WARNING in dev_index_reserve
bridge
|
C |
done |
|
7120 |
407d |
462d
|
23/28 |
405d |
f534f6581ec0
net: validate veth and vxcan peer ifindexes
30188bd7838c
rtnetlink: Reject negative ifindexes in RTM_NEWLINK
|
memory leak in raw_open
usb
|
C |
|
|
1 |
500d |
496d
|
23/28 |
405d |
83e30f2bf86e
USB: gadget: Fix the memory leak in raw_gadget driver
|
possible deadlock in lock_mm_and_find_vma
exfat
|
C |
error |
|
2 |
477d |
496d
|
23/28 |
405d |
ff84772fd45d
exfat: release s_lock before calling dir_emit()
|
possible deadlock in raw_bind
can
|
|
|
|
4535 |
478d |
491d
|
23/28 |
405d |
11c9027c983e
can: raw: fix lockdep issue in raw_release()
|
KCSAN: data-race in __ip_make_skb / __ip_make_skb
net
|
|
|
|
624 |
454d |
1023d
|
23/28 |
405d |
f866fbc842de
ipv4: fix data-races around inet->inet_id
|
WARNING in netdev_open
staging
|
|
|
|
1 |
483d |
479d
|
23/28 |
405d |
1422b526fba9
staging: rtl8712: fix race condition
|
KASAN: use-after-free Read in gsm_cleanup_mux
serial
|
C |
done |
done |
16 |
471d |
750d
|
23/28 |
405d |
3c4f8333b582
tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
|
inconsistent lock state in btrfs_run_delayed_iputs
btrfs
|
|
|
|
1 |
508d |
504d
|
23/28 |
405d |
866e98a4d95d
btrfs: use irq safe locking when running and adding delayed iputs
|
UBSAN: shift-out-of-bounds in ext2_fill_super (2)
ext4
|
C |
|
|
571 |
483d |
527d
|
23/28 |
405d |
404615d7f1dc
ext2: Drop fragment support
|
WARNING in bpf_xdp_adjust_tail (4)
bpf
|
C |
error |
|
466 |
471d |
681d
|
23/28 |
405d |
d14eea09edf4
net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()
|
KMSAN: uninit-value in ieee802154_subif_start_xmit
bpf
|
C |
done |
|
119 |
476d |
472d
|
23/28 |
405d |
db2baf82b098
bpf: Fix an incorrect verification success with movsx insn
|
WARNING: ODEBUG bug in ingress_destroy
net
|
C |
done |
|
16 |
486d |
489d
|
23/28 |
405d |
dc644b540a2d
tcx: Fix splat in ingress_destroy upon tcx_entry_free
|
WARNING in ext4_file_write_iter
ext4
|
C |
error |
|
17314 |
423d |
522d
|
23/28 |
405d |
194505b55dd7
ext4: drop dio overwrite only flag and associated warning
|
KASAN: slab-out-of-bounds Read in mt_validate_nulls
mm
|
C |
error |
done |
15 |
506d |
504d
|
23/28 |
405d |
ae80b4041984
mm: validate the mm before dropping the mmap lock
|
general protection fault in rxe_completer
rdma
|
|
|
|
281 |
440d |
520d
|
23/28 |
405d |
5993b75d0bc7
RDMA/rxe: Fix unsafe drain work queue code
|
general protection fault in prepare_to_wait (2)
hams
|
syz |
inconclusive |
|
4 |
422d |
460d
|
23/28 |
405d |
c2f8fd794960
netrom: Deny concurrent connect().
|
kernel BUG in validate_mm (2)
mm
|
C |
unreliable |
done |
217 |
505d |
504d
|
23/28 |
405d |
ae80b4041984
mm: validate the mm before dropping the mmap lock
|
KASAN: invalid-free in init_file
overlayfs
|
C |
done |
|
6 |
507d |
508d
|
23/28 |
405d |
dff745c1221a
fs: move cleanup from init_file() into its callers
|
kernel BUG in prepare_to_merge
btrfs
|
C |
done |
|
48 |
469d |
508d
|
23/28 |
405d |
773e722a98e2
btrfs: avoid race between qgroup tree creation and relocation
05d7ce504545
btrfs: exit gracefully if reloc roots don't match
6ebcd021c92b
btrfs: reject invalid reloc tree root keys with stack dump
|
KASAN: slab-out-of-bounds Read in bio_split_rw
block
|
C |
done |
|
1 |
510d |
506d
|
23/28 |
405d |
0b7ec177b589
crypto: algif_hash - Fix race between MORE and non-MORE sends
|
WARNING: ODEBUG bug in tcx_uninstall
net
bpf
|
C |
done |
|
38 |
485d |
489d
|
23/28 |
405d |
dc644b540a2d
tcx: Fix splat in ingress_destroy upon tcx_entry_free
|
INFO: rcu detected stall in ext4_file_write_iter (7)
mm
bpf
ext4
|
|
|
|
3 |
447d |
489d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! (2)
kernel
|
C |
|
|
2688 |
406d |
1363d
|
23/28 |
405d |
39285e124edb
net: team: do not use dynamic lockdep key
|
KMSAN: uninit-value in ieee80211_rx_handlers
wireless
|
C |
|
|
8 |
451d |
506d
|
23/28 |
405d |
19e4a47ee747
wifi: mac80211: check S1G action frame size
|
WARNING in call_netdevice_notifiers_info
batman
|
C |
done |
|
20 |
455d |
457d
|
23/28 |
405d |
987aae75fc10
batman-adv: Hold rtnl lock during MTU update via netlink
|
KASAN: slab-use-after-free Read in test_bdev_super_fc
fs
|
C |
done |
|
7 |
472d |
475d
|
23/28 |
405d |
aca740cecbe5
fs: open block device after superblock creation
|
KASAN: slab-use-after-free Read in afs_dynroot_test_super
afs
|
C |
done |
|
4 |
449d |
445d
|
23/28 |
405d |
dc3216b14160
super: ensure valid info
|
general protection fault in folio_create_empty_buffers
nilfs
|
C |
error |
|
6 |
474d |
549d
|
23/28 |
405d |
f83913f8c5b8
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
|
WARNING in corrupted (3)
usb
|
C |
done |
|
19 |
500d |
548d
|
23/28 |
405d |
6f489a966fbe
media: usb: siano: Fix warning due to null work_func_t function pointer
|
KCSAN: data-race in macsec_handle_frame / macsec_handle_frame (3)
net
|
|
|
|
2 |
475d |
476d
|
23/28 |
405d |
32d0a49d36a2
macsec: use DEV_STATS_INC()
|
general protection fault in gfs2_lookup_simple
gfs2
|
C |
done |
|
3 |
476d |
473d
|
23/28 |
405d |
111c7d27a1b7
gfs2: Use mapping->gfp_mask for metadata inodes
|
KASAN: slab-use-after-free Write in sco_chan_del
bluetooth
|
C |
done |
|
19 |
421d |
555d
|
23/28 |
405d |
3344d318337d
Bluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early
|
WARNING in usbnet_start_xmit/usb_submit_urb
usb
|
C |
done |
|
92 |
519d |
1101d
|
23/28 |
405d |
5e1627cb43dd
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
|
WARNING in ieee80211_bss_info_change_notify
wireless
|
C |
done |
|
7725 |
405d |
1510d
|
23/28 |
405d |
abc76cf552e1
wifi: cfg80211: ocb: don't leave if not joined
|
UBSAN: shift-out-of-bounds in dbFree
jfs
|
C |
error |
|
3 |
545d |
611d
|
23/28 |
405d |
11509910c599
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
|
UBSAN: array-index-out-of-bounds in print_bpf_insn
bpf
|
C |
done |
|
9 |
477d |
478d
|
23/28 |
405d |
e99688eba2e9
bpf: Fix an array-index-out-of-bounds issue in disasm.c
|
WARNING in macvlan_device_event
net
|
|
|
|
3 |
462d |
463d
|
23/28 |
405d |
ace0ab3a4b54
Revert "vlan: Fix VLAN 0 memory leak"
|
general protection fault in ext4_acquire_dquot
ext4
|
C |
|
|
4 |
519d |
558d
|
23/28 |
405d |
6a4e3363792e
quota: Properly disable quotas when add_dquot_ref() fails
|
BUG: unable to handle kernel paging request in ext4_calculate_overhead
ext4
|
C |
done |
|
31 |
452d |
453d
|
23/28 |
405d |
ee5c807137ce
ext4: ext4_get_{dev}_journal return proper error value
|
KASAN: slab-use-after-free Read in f2fs_truncate_data_blocks_range
f2fs
|
C |
error |
|
1 |
518d |
514d
|
23/28 |
405d |
a6ec83786ab9
f2fs: fix to do sanity check on direct node in truncate_dnode()
|
WARNING in diUnmount
jfs
|
C |
error |
|
100 |
432d |
726d
|
23/28 |
405d |
6e2bda2c192d
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
|
WARNING in vlan_device_event
net
|
|
|
|
1 |
463d |
463d
|
23/28 |
405d |
ace0ab3a4b54
Revert "vlan: Fix VLAN 0 memory leak"
|
KMSAN: uninit-value in __netif_receive_skb_core
wireguard
wireless
|
C |
done |
|
353 |
445d |
2414d
|
23/28 |
405d |
dc644b540a2d
tcx: Fix splat in ingress_destroy upon tcx_entry_free
|
memory leak in snd_seq_create_port
sound
|
C |
|
|
1 |
497d |
493d
|
23/28 |
405d |
057849ccc3d8
ALSA: seq: Fix memory leak at error path in snd_seq_create_port()
|
INFO: rcu detected stall in uinput_write
input
|
|
|
|
1 |
485d |
485d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
possible deadlock in f2fs_getxattr
f2fs
|
C |
done |
|
4570 |
422d |
503d
|
23/28 |
405d |
5c13e2388bf3
f2fs: avoid false alarm of circular locking
|
general protection fault in btrfs_finish_ordered_extent
btrfs
|
C |
done |
|
8 |
495d |
496d
|
23/28 |
405d |
7cad645ebf20
btrfs: fix ordered extent split error handling in btrfs_dio_submit_io
|
memory leak in _r8712_init_xmit_priv
staging
usb
|
C |
|
|
1 |
501d |
497d
|
23/28 |
405d |
ac83631230f7
staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
|
kernel BUG in f2fs_evict_inode
f2fs
|
C |
error |
|
135 |
420d |
700d
|
23/28 |
405d |
a3ab55746612
f2fs: flush inode if atomic file is aborted
|
INFO: rcu detected stall in hci_cmd_timeout
bluetooth
|
|
|
|
1 |
468d |
468d
|
23/28 |
405d |
8c21ab1bae94
net/sched: fq_pie: avoid stalls in fq_pie_timer()
|
KASAN: use-after-free Read in qd_unlock (2)
gfs2
|
C |
error |
done |
5 |
459d |
688d
|
23/28 |
405d |
f66af88e3321
gfs2: Stop using gfs2_make_fs_ro for withdraw
|
WARNING in kvm_arch_vcpu_ioctl_run (5)
kvm
|
C |
error |
|
343 |
439d |
527d
|
23/28 |
405d |
26a0652cb453
KVM: x86: Disallow KVM_SET_SREGS{2} if incoming CR0 is invalid
|
UBSAN: shift-out-of-bounds in extAlloc
jfs
|
C |
error |
|
6605 |
426d |
786d
|
23/28 |
405d |
0225e10972fa
jfs: validate max amount of blocks before allocation.
|
WARNING in __gup_longterm_locked
mm
|
C |
error |
|
90 |
504d |
505d
|
23/28 |
405d |
6cd06ab12d1a
gup: make the stack expansion warning a bit more targeted
|
KASAN: slab-use-after-free Write in mini_qdisc_pair_swap
net
|
C |
error |
|
76 |
454d |
608d
|
23/28 |
419d |
84ad0af0bccd
net/sched: qdisc_destroy() old ingress and clsact Qdiscs before grafting
c7cfbd115001
net/sched: sch_ingress: Only create under TC_H_INGRESS
|
KASAN: slab-out-of-bounds Read in extract_iter_to_sg
crypto
|
C |
done |
|
13 |
523d |
527d
|
23/28 |
419d |
4380499218c6
crypto: Fix af_alg_sendmsg(MSG_SPLICE_PAGES) sglist limit
b6d972f68983
crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
|
upstream build error (20)
kernel
|
|
|
|
498 |
469d |
507d
|
23/28 |
419d |
0a9567ac5e6a
x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build
|
memory leak in htc_connect_service
wireless
|
C |
|
|
1 |
554d |
636d
|
23/28 |
419d |
061b0cb9327b
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
|
general protection fault in shash_async_final
crypto
|
C |
done |
|
13 |
519d |
527d
|
23/28 |
419d |
b6d972f68983
crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
|
WARNING in blkdev_put (3)
reiserfs
block
|
C |
done |
|
377 |
519d |
522d
|
23/28 |
419d |
c576c4bf9ecf
reiserfs: fix blkdev_put() warning from release_journal_dev()
|
WARNING in iommufd_test_check_pages
iommu
|
C |
error |
|
4 |
519d |
569d
|
23/28 |
419d |
9883c7f84053
mm/gup: do not return 0 from pin_user_pages_fast() for bad args
|
possible deadlock in static_key_slow_inc (3)
cgroups
|
C |
done |
|
6387 |
483d |
531d
|
23/28 |
419d |
f0cc749254d1
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex in freezer_css_{online,offline}()
|
KCSAN: data-race in drain_all_stock / drain_obj_stock (4)
cgroups
mm
|
|
|
|
3 |
563d |
579d
|
23/28 |
419d |
3b8abb323953
mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
|
WARNING in sock_i_ino
net
|
C |
error |
|
22 |
512d |
516d
|
23/28 |
419d |
25a9c8a4431c
netlink: Add __sock_i_ino() for __netlink_diag_dump().
|
INFO: trying to register non-static key in skb_dequeue (2)
rdma
|
syz |
error |
|
123 |
524d |
567d
|
23/28 |
419d |
2a62b6210ce8
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
|
KMSAN: kernel-infoleak in __skb_datagram_iter
net
|
|
|
|
68 |
421d |
526d
|
23/28 |
419d |
aa5406950726
netlink: do not hard code device address lenth in fdb dumps
|
WARNING: ODEBUG bug in __mod_timer
kernel
|
|
|
|
1 |
580d |
541d
|
23/28 |
419d |
8b64d420fe24
debugobjects: Recheck debug_objects_enabled before reporting
|
kernel BUG in assertfail (2)
btrfs
|
C |
done |
done |
162 |
525d |
786d
|
23/28 |
419d |
745806fb4554
btrfs: do not ASSERT() on duplicated global roots
|
general protection fault in crypto_shash_final
crypto
|
C |
done |
|
2 |
530d |
527d
|
23/28 |
419d |
b6d972f68983
crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
|
KCSAN: data-race in __bpf_lru_list_rotate / __htab_lru_percpu_map_update_elem (5)
bpf
|
|
|
|
13 |
514d |
575d
|
23/28 |
419d |
ee9fd0ac3017
bpf: Address KCSAN report on bpf_lru_list
|
KMSAN: uninit-value in reiserfs_security_init
reiserfs
|
|
|
|
4169 |
500d |
560d
|
23/28 |
419d |
d031f4e8b493
reiserfs: Initialize sec->length in reiserfs_security_init().
|
WARNING in extract_iter_to_sg
crypto
|
|
|
|
1 |
504d |
504d
|
23/28 |
419d |
3fc40265ae2b
iov_iter: Kill ITER_PIPE
|
general protection fault in shash_async_update
crypto
|
C |
done |
done |
12 |
519d |
516d
|
23/28 |
419d |
b6d972f68983
crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
|
KASAN: stack-out-of-bounds Read in ip6mr_ioctl
net
|
C |
done |
|
192 |
518d |
523d
|
23/28 |
419d |
3a4f0edbb793
ipv6: fix a typo in ip6mr_sk_ioctl()
|
WARNING in btf_type_id_size (2)
bpf
|
C |
error |
|
8 |
515d |
546d
|
23/28 |
419d |
e6c2f594ed96
bpf: Silence a warning in btf_type_id_size()
|
WARNING: bad unlock balance in bpf
bpf
|
C |
done |
|
12 |
544d |
544d
|
23/28 |
419d |
4266f41feaee
bpf: Fix bad unlock balance on freeze_mutex
|
general protection fault in shash_ahash_update
crypto
|
C |
done |
done |
5 |
520d |
520d
|
23/28 |
419d |
b6d972f68983
crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
|
WARNING in blkdev_get_by_dev
block
|
C |
done |
|
45 |
518d |
522d
|
23/28 |
419d |
985958b8584c
block: fix wrong mode for blkdev_get_by_dev() from disk_scan_partitions()
|
BUG: sleeping function called from invalid context in ext4_update_super
ext4
|
|
|
|
1 |
533d |
529d
|
23/28 |
419d |
f451fd97dd2b
ext4: drop the call to ext4_error() from ext4_get_group_info()
|
BUG: sleeping function called from invalid context in __lock_sock_fast
net
|
|
|
|
2 |
517d |
516d
|
23/28 |
419d |
57fc0f1ceaa4
mptcp: ensure listener is unhashed before updating the sk status
|
inconsistent lock state in lru_gen_rotate_memcg
mm
|
C |
|
|
61 |
509d |
520d
|
23/28 |
419d |
814bc1de03ea
mm/mglru: make memcg_lru->lock irq safe
|
INFO: trying to register non-static key in skb_queue_tail
wireless
|
C |
unreliable |
done |
171 |
510d |
1612d
|
23/28 |
419d |
061b0cb9327b
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
|
kernel BUG in ip6gre_header
net
|
C |
|
|
5 |
455d |
526d
|
23/28 |
419d |
9eed321cde22
net: lapbether: only support ethernet devices
|
WARNING in unreserve_psock
net
|
C |
done |
|
2816 |
519d |
526d
|
23/28 |
419d |
9f8d0dc0ec4a
kcm: Fix unnecessary psock unreservation.
|
WARNING in btrfs_split_ordered_extent
btrfs
|
C |
done |
|
5 |
527d |
549d
|
23/28 |
419d |
7833b865953c
btrfs: fix iomap_begin length for nocow writes
|
general protection fault in splice_to_socket
fs
|
C |
done |
|
4 |
524d |
527d
|
23/28 |
419d |
ca2d49f77ce4
splice, net: Fix splice_to_socket() to handle pipe bufs larger than a page
|
KASAN: null-ptr-deref Write in get_block (2)
fs
|
C |
error |
|
11 |
514d |
548d
|
23/28 |
419d |
ea2b62f30589
fs/sysv: Null check to prevent null-ptr-deref bug
|
WARNING: refcount bug in fib6_nh_init
net
|
C |
done |
|
45 |
519d |
524d
|
23/28 |
419d |
3515440df461
ipv6: also use netdev_hold() in ip6_route_check_nh()
|
WARNING in nilfs_btree_assign
nilfs
|
C |
error |
|
799 |
484d |
787d
|
23/28 |
419d |
679bd7ebdd31
nilfs2: fix buffer corruption due to concurrent device reads
|
linux-next test error: WARNING in register_net_sysctl
net
|
|
|
|
9 |
554d |
554d
|
23/28 |
419d |
e7480a44d7c4
Revert "net: Remove low_thresh in ip defrag"
|
general protection fault in shash_async_export
crypto
|
C |
done |
|
25 |
521d |
527d
|
23/28 |
419d |
b6d972f68983
crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
|
KMSAN: uninit-value in ath9k_wmi_ctrl_rx
wireless
|
C |
|
|
45 |
503d |
625d
|
23/28 |
419d |
f24292e82708
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
|
net-next test error: WARNING in register_net_sysctl
net
|
|
|
|
21 |
554d |
554d
|
23/28 |
419d |
e7480a44d7c4
Revert "net: Remove low_thresh in ip defrag"
|
general protection fault in nilfs_clear_dirty_page
nilfs
|
C |
done |
|
15 |
526d |
760d
|
23/28 |
419d |
782e53d0c144
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
|
INFO: task hung in btrfs_sync_file (2)
btrfs
|
C |
error |
|
5 |
542d |
538d
|
23/28 |
419d |
745806fb4554
btrfs: do not ASSERT() on duplicated global roots
|
KASAN: stack-out-of-bounds Read in skb_splice_from_iter
net
|
C |
done |
|
64 |
519d |
527d
|
23/28 |
419d |
5a6f6873606e
ip, ip6: Fix splice to raw and ping sockets
|
KCSAN: data-race in do_timer_create / do_timer_create (8)
kernel
|
|
|
|
9 |
549d |
579d
|
23/28 |
419d |
8ce8849dd1e7
posix-timers: Ensure timer ID search-loop limit is valid
|
possible deadlock in netlink_set_err
net
|
|
|
|
1 |
519d |
518d
|
23/28 |
419d |
8d61f926d420
netlink: fix potential deadlock in netlink_set_err()
|
possible deadlock in pie_timer (2)
net
|
|
|
|
2 |
517d |
517d
|
23/28 |
419d |
11b73313c124
sch_netem: fix issues in netem_change() vs get_dist_table()
|
WARNING in bpf_verifier_vlog
bpf
|
C |
inconclusive |
|
6 |
567d |
804d
|
23/28 |
419d |
cff36398bd4c
bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log
|
general protection fault in skb_queue_tail (3)
afs
|
C |
inconclusive |
done |
9 |
537d |
770d
|
23/28 |
419d |
061b0cb9327b
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
|
KASAN: slab-out-of-bounds Read in taprio_dequeue_from_txq
net
|
syz |
error |
|
4 |
533d |
558d
|
23/28 |
419d |
be3618d96510
net/sched: taprio: fix slab-out-of-bounds Read in taprio_dequeue_from_txq
|
possible deadlock in scheduler_tick (2)
ntfs3
|
C |
|
|
10 |
534d |
550d
|
23/28 |
419d |
726ccdba1521
kasan,kmsan: remove __GFP_KSWAPD_RECLAIM usage from kasan/kmsan
|
WARNING in scm_recv
net
|
C |
done |
|
8 |
506d |
509d
|
23/28 |
419d |
603fc57ab70c
af_unix: Skip SCM_PIDFD if scm->pid is NULL.
|
general protection fault in cryptd_hash_export
crypto
|
C |
done |
done |
12 |
519d |
527d
|
23/28 |
419d |
b6d972f68983
crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
|
KASAN: stack-out-of-bounds Read in ipmr_ioctl
net
|
C |
done |
|
208 |
518d |
523d
|
23/28 |
419d |
634236b34d7a
net: remove sk_is_ipmr() and sk_is_icmpv6() helpers
|
general protection fault in crypto_shash_finup
crypto
|
C |
done |
|
6 |
520d |
527d
|
23/28 |
419d |
b6d972f68983
crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
|
possible deadlock in quotactl_fd
ext4
|
C |
error |
done |
141 |
509d |
589d
|
23/28 |
462d |
949f95ff39bf
ext4: fix lockdep warning when enabling MMP
|
possible deadlock in btrfs_search_slot
btrfs
|
C |
error |
done |
188 |
470d |
744d
|
23/28 |
468d |
b740d8061669
btrfs: free btrfs_path before copying root refs to userspace
|
WARNING in class_register
usb
|
C |
done |
|
10 |
601d |
599d
|
23/28 |
468d |
f326ea63ecc6
driver core: class: fix slab-use-after-free Read in class_register()
|
KASAN: use-after-free Write in j1939_sock_pending_del
can
|
syz |
done |
error |
17 |
1831d |
1843d
|
23/28 |
468d |
fd81ebfe7975
can: j1939: socket: rework socket locking for j1939_sk_release() and j1939_sk_sendmsg()
|
BUG: soft lockup in addrconf_rs_timer (2)
net
|
C |
|
|
51 |
518d |
539d
|
23/28 |
505d |
cd2b8113c2e8
net/sched: fq_pie: ensure reasonable TCA_FQ_PIE_QUANTUM values
|
INFO: task hung in sync_inodes_sb (4)
nilfs
|
C |
done |
inconclusive |
345 |
506d |
1461d
|
23/28 |
505d |
92c5d1b860e9
nilfs2: reject devices with insufficient block count
|
riscv/fixes boot error: can't ssh into the instance (2)
|
|
|
|
109 |
532d |
538d
|
23/28 |
505d |
25abe0db9243
riscv: Fix kfence now that the linear mapping can be backed by PUD/P4D/PGD
|
KCSAN: data-race in dev_graft_qdisc / qdisc_lookup_rcu
net
|
|
|
|
1 |
544d |
544d
|
23/28 |
505d |
d636fc5dd692
net: sched: add rcu annotations around qdisc->qdisc_sleeping
|
kernel BUG in nilfs_btnode_create_block
nilfs
|
C |
|
|
8 |
551d |
758d
|
23/28 |
505d |
2f012f2baca1
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
|
WARNING in nilfs_segctor_do_construct (2)
nilfs
|
C |
error |
|
3 |
557d |
555d
|
23/28 |
505d |
fee5eaecca86
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
|
divide error in damon_set_attrs
damon
|
|
|
|
2 |
533d |
544d
|
23/28 |
505d |
5ff6e2fff88e
mm/damon/core: fix divide error in damon_nr_accesses_to_accesses_bp()
|
general protection fault in vhost_work_queue
kvm
net
virt
|
|
|
|
1 |
545d |
540d
|
23/28 |
505d |
a284f09effea
vhost: Fix crash during early vhost_transport_send_pkt calls
|
KCSAN: data-race in inotify_handle_inode_event / inotify_remove_from_idr
fs
|
|
|
|
363 |
563d |
576d
|
22/28 |
508d |
c915d8f5918b
inotify: Avoid reporting event with invalid wd
|
WARNING in __ext4fs_dirhash
ext4
|
C |
done |
|
25 |
559d |
560d
|
22/28 |
508d |
4b3cb1d108bf
ext4: improve error handling from ext4_dirhash()
|
KCSAN: data-race in __es_find_extent_range / __es_find_extent_range (6)
ext4
|
|
|
|
4 |
586d |
576d
|
22/28 |
508d |
492888df0c7b
ext4: fix data races when using cached status extents
|
WARNING in ext4_iomap_overwrite_begin
ext4
|
|
|
|
1 |
585d |
581d
|
22/28 |
508d |
fa83c34e3e56
ext4: check iomap type only if ext4_iomap_begin() does not fail
|
possible deadlock in __mod_timer (2)
kernel
|
|
|
|
1 |
561d |
560d
|
22/28 |
508d |
eb799279fb1f
debugobjects: Don't wake up kswapd from fill_pool()
|
KASAN: user-memory-access Write in zram_slot_lock
block
reiserfs
|
C |
done |
|
3 |
548d |
548d
|
22/28 |
508d |
3eb96946f0be
block: make bio_check_eod work for zero sized devices
|
kernel BUG in btrfs_exclop_balance (2)
btrfs
|
C |
error |
|
8 |
534d |
636d
|
22/28 |
508d |
ac868bc9d136
btrfs: fix assertion of exclop condition when starting balance
|
KMSAN: uninit-value in htree_dirblock_to_tree
ext4
|
|
|
|
204 |
556d |
687d
|
22/28 |
508d |
4b3cb1d108bf
ext4: improve error handling from ext4_dirhash()
|
WARNING: locking bug in ext4_xattr_inode_iget
ext4
|
C |
error |
|
23 |
531d |
562d
|
22/28 |
508d |
2bc7e7c1a3bc
ext4: disallow ea_inodes with extended attributes
|
possible deadlock in ext4_xattr_get
ext4
|
C |
inconclusive |
|
3 |
563d |
836d
|
22/28 |
508d |
b3e6bcb94590
ext4: add EA_INODE checking to ext4_iget()
|
WARNING in dlfb_submit_urb/usb_submit_urb (2)
fbdev
usb
|
C |
|
|
2 |
557d |
553d
|
22/28 |
508d |
ed9de4ed3987
fbdev: udlfb: Fix endpoint check
|
KASAN: slab-use-after-free Read in hci_conn_del
bluetooth
|
|
|
|
7 |
545d |
569d
|
22/28 |
508d |
ca1fd42e7dbf
Bluetooth: Fix potential double free caused by hci_conn_unlink
|
INFO: task hung in __sync_dirty_buffer
ext4
|
C |
inconclusive |
error |
832 |
528d |
1176d
|
22/28 |
508d |
f4ce24f54d9c
ext4: fix deadlock when converting an inline directory in nojournal mode
|
KCSAN: data-race in do_recvmmsg / do_recvmmsg (2)
net
|
|
|
|
1 |
588d |
562d
|
22/28 |
508d |
e05a5f510f26
net: annotate sk->sk_err write from do_recvmmsg()
|
upstream boot error: BUG: unable to handle kernel NULL pointer dereference in load_balance
kernel
|
|
|
|
5 |
560d |
565d
|
22/28 |
508d |
2b951b0efbaa
ARM: 9297/1: vfp: avoid unbalanced stack on 'success' return path
|
possible deadlock in ext4_multi_mount_protect
ext4
|
C |
|
|
584 |
508d |
593d
|
22/28 |
508d |
949f95ff39bf
ext4: fix lockdep warning when enabling MMP
|
general protection fault in __aria_aesni_avx_gfni_crypt_16way
crypto
|
C |
|
|
49 |
546d |
562d
|
22/28 |
508d |
6ab39f99927e
crypto: x86/aria - Use 16 byte alignment for GFNI constant vectors
|
WARNING: locking bug in ext4_xattr_inode_update_ref
ext4
|
C |
error |
|
4 |
552d |
679d
|
22/28 |
508d |
b928dfdcb27d
ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find()
|
KCSAN: data-race in tcp_disconnect / tcp_poll (7)
net
|
|
|
|
2 |
584d |
562d
|
22/28 |
508d |
e14cadfd80d7
tcp: add annotations around sk->sk_shutdown accesses
|
possible deadlock in ext4_setattr
ext4
|
C |
done |
|
7 |
557d |
676d
|
22/28 |
508d |
b3e6bcb94590
ext4: add EA_INODE checking to ext4_iget()
|
general protection fault in gfs2_evict_inode (2)
gfs2
|
C |
error |
done |
134 |
557d |
877d
|
22/28 |
508d |
504a10d9e46b
gfs2: Don't deref jdesc in evict
|
WARNING in usbtmc_ioctl/usb_submit_urb (2)
usb
|
C |
done |
|
3 |
569d |
581d
|
22/28 |
508d |
94d25e912898
USB: usbtmc: Fix direction for 0-length ioctl control messages
|
possible deadlock in do_writepages
fs
mm
|
|
|
|
15 |
573d |
576d
|
22/28 |
508d |
00d873c17e29
ext4: avoid deadlock in fs reclaim with page writeback
|
KASAN: slab-use-after-free Write in nilfs_inode_sub_blocks
nilfs
|
|
|
|
4 |
555d |
559d
|
22/28 |
508d |
9b5a04ac3ad9
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
|
KASAN: slab-use-after-free Read in nilfs_load_inode_block
nilfs
|
C |
error |
|
18 |
510d |
563d
|
22/28 |
508d |
9b5a04ac3ad9
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
|
KASAN: slab-out-of-bounds Read in get_max_inline_xattr_value_size
ext4
|
C |
|
|
21 |
563d |
601d
|
22/28 |
508d |
2220eaf90992
ext4: add bounds checking in get_max_inline_xattr_value_size()
|
KASAN: slab-out-of-bounds Read in ext4_group_desc_csum
ext4
|
C |
error |
|
26 |
556d |
657d
|
22/28 |
508d |
4f04351888a8
ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
|
kernel BUG in ext4_get_group_info
ext4
|
C |
error |
|
237 |
556d |
1189d
|
22/28 |
508d |
5354b2af3406
ext4: allow ext4_get_group_info() to fail
463808f237cf
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
|
WARNING in ext4_xattr_block_set (2)
ext4
|
C |
error |
|
32 |
559d |
623d
|
22/28 |
508d |
a44be64bbecb
ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
|
kernel BUG in nsh_gso_segment
net
|
|
|
|
1 |
575d |
560d
|
22/28 |
508d |
c83b49383b59
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
|
WARNING in kvfree (2)
ext4
|
C |
|
|
47 |
564d |
616d
|
22/28 |
508d |
b87c7cdf2bed
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
|
possible deadlock in sco_conn_del
bluetooth
|
C |
done |
done |
279 |
554d |
958d
|
22/28 |
508d |
a2ac591cb4d8
Bluetooth: Fix UAF in hci_conn_hash_flush again
|
general protection fault in __sk_mem_raise_allocated
net
|
|
|
|
1 |
553d |
549d
|
22/28 |
508d |
ad42a35bdfc6
udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
|
KMSAN: uninit-value in xfrm_state_find
net
|
C |
error |
done |
215 |
551d |
2350d
|
22/28 |
508d |
3d776e31c841
xfrm: Reject optional tunnel/BEET mode templates in outbound policies
|
kernel BUG in workingset_activation (2)
kernel
|
C |
inconclusive |
done |
40 |
544d |
736d
|
22/28 |
508d |
0143d148d1e8
usb: usbfs: Enforce page requirements for mmap
|
KMSAN: uninit-value in vlan_dev_hard_start_xmit (2)
net
|
|
|
|
1 |
584d |
584d
|
22/28 |
508d |
dacab578c7c6
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
|
memory leak in class_create
usb
|
C |
|
|
9 |
551d |
569d
|
22/28 |
508d |
ddaf098ea779
driver core: class: properly reference count class_dev_iter()
|
memory leak in ext4_expand_extra_isize_ea
ext4
|
C |
|
|
2 |
562d |
630d
|
22/28 |
508d |
b87c7cdf2bed
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
|
divide error in tcp_rcv_space_adjust (2)
net
|
|
|
|
1 |
599d |
599d
|
22/28 |
508d |
4faeee0cf8a5
tcp: deny tcp_disconnect() when threads are waiting
|
possible deadlock in ext4_xattr_inode_iget
ext4
|
C |
done |
|
351 |
517d |
675d
|
22/28 |
508d |
aff3bea95388
ext4: add lockdep annotations for i_data_sem for ea_inode's
|
general protection fault in soft_cursor
fbdev
|
C |
|
|
3 |
544d |
544d
|
22/28 |
508d |
d78bd6cc6827
fbcon: Fix null-ptr-deref in soft_cursor
|
KASAN: slab-out-of-bounds Read in xfs_getbmap
xfs
|
C |
done |
|
5 |
568d |
569d
|
22/28 |
508d |
1bba82fe1afa
xfs: fix negative array access in xfs_getbmap
|
KCSAN: data-race in sk_stream_wait_connect / tcp_disconnect (2)
net
|
|
|
|
1 |
593d |
562d
|
22/28 |
508d |
d0ac89f6f987
net: deal with most data-races in sk_wait_event()
|
kernel BUG in btrfs_csum_one_bio
btrfs
|
C |
done |
|
4 |
587d |
665d
|
22/28 |
508d |
806570c0bb7b
btrfs: handle memory allocation failure in btrfs_csum_one_bio
|
kernel BUG in btrfs_ioctl_add_dev
btrfs
|
C |
error |
done |
46 |
564d |
639d
|
22/28 |
508d |
ac868bc9d136
btrfs: fix assertion of exclop condition when starting balance
|
general protection fault in erofs_bread (2)
erofs
|
C |
done |
|
7 |
543d |
553d
|
22/28 |
508d |
0a17567b4a85
erofs: fix null-ptr-deref caused by erofs_xattr_prefixes_init
erofs: fix null-ptr-deref caused by erofs_xattr_prefixes_init
|
possible deadlock in ext4_xattr_set_handle (3)
ext4
|
C |
|
|
451 |
508d |
666d
|
22/28 |
508d |
b3e6bcb94590
ext4: add EA_INODE checking to ext4_iget()
|
KCSAN: data-race in __netlink_dump_start / netlink_recvmsg (5)
net
|
|
|
|
2 |
591d |
562d
|
22/28 |
508d |
a939d14919b7
netlink: annotate accesses to nlk->cb_running
|
KASAN: slab-use-after-free Read in hci_conn_hash_flush
bluetooth
|
C |
error |
|
3511 |
534d |
628d
|
22/28 |
508d |
a2ac591cb4d8
Bluetooth: Fix UAF in hci_conn_hash_flush again
ca1fd42e7dbf
Bluetooth: Fix potential double free caused by hci_conn_unlink
|
kernel BUG in page_table_check_clear
mm
|
C |
error |
|
17 |
533d |
566d
|
22/28 |
508d |
44d0fb387b53
mm: page_table_check: Ensure user pages are not slab pages
0143d148d1e8
usb: usbfs: Enforce page requirements for mmap
|
memory leak in hwsim_new_radio_nl
wireless
|
C |
|
|
1 |
559d |
558d
|
22/28 |
508d |
098abbd48ec1
mac80211_hwsim: fix memory leak in hwsim_new_radio_nl
|
WARNING in mb_find_extent
ext4
|
C |
error |
error |
135 |
650d |
691d
|
22/28 |
508d |
fa08a7b61dff
ext4: fix WARNING in mb_find_extent
|
kernel BUG in vmf_insert_pfn_prot
|
C |
done |
done |
1933 |
556d |
1160d
|
22/28 |
525d |
a5b44c4adb16
drm/fbdev-generic: Always use shadow buffering
|
WARNING in __usbnet_read_cmd/usb_submit_urb
usb
|
C |
error |
|
5 |
653d |
684d
|
22/28 |
527d |
93fd565919cf
net: USB: Fix wrong-direction WARNING in plusb.c
net: USB: Fix wrong-direction WARNING in plusb.c
|
WARNING in iomap_iter
iomap
|
C |
inconclusive |
|
141 |
681d |
1108d
|
22/28 |
527d |
6acd87d50998
erofs/zmap.c: Fix incorrect offset calculation
c490a0b5a4f3
loop: Check for overflow while configuring loop
|
KASAN: slab-out-of-bounds Write in udf_find_entry
udf
|
C |
error |
|
19 |
741d |
772d
|
22/28 |
527d |
c8af247de385
udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
1c80afa04db3
udf: Implement searching for directory entry using new iteration code
|
memory leak in tcf_pedit_init
net
|
C |
|
|
1 |
571d |
571d
|
22/28 |
531d |
1b483d9f5805
net/sched: act_pedit: free pedit keys on bail from offset check
|
INFO: trying to register non-static key in rxe_cleanup_task (2)
rdma
|
|
|
|
148 |
565d |
631d
|
22/28 |
531d |
b2b1ddc45745
RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task"
|
KMSAN: kernel-infoleak in iommufd_vfio_ioctl
iommu
|
C |
|
|
15 |
633d |
646d
|
22/28 |
531d |
b3551ead6163
iommufd: Make sure to zero vfio_iommu_type1_info before copying to user
|
KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit (12)
net
|
|
|
|
3 |
624d |
623d
|
22/28 |
531d |
4b397c06cb98
net: tunnels: annotate lockless accesses to dev->needed_headroom
|
KASAN: wild-memory-access Write in v9fs_get_acl
v9fs
|
C |
|
|
7 |
590d |
624d
|
22/28 |
531d |
707823e7f22f
9P FS: Fix wild-memory-access write in v9fs_get_acl
|
WARNING: stack going in the wrong direction? at do_syscall_64
kernel
|
|
|
|
193 |
638d |
645d
|
22/28 |
531d |
00c8f01c4e84
objtool: Fix ORC 'signal' propagation
|
WARNING in sisusb_send_bulk_msg/usb_submit_urb
usb
|
C |
unreliable |
|
418 |
583d |
1968d
|
22/28 |
531d |
df05a9b05e46
USB: sisusbvga: Add endpoint checks
|
general protection fault in pause_prepare_data
net
|
C |
error |
|
34 |
665d |
666d
|
22/28 |
531d |
f5be9caf7bf0
net: ethtool: fix NULL pointer dereference in pause_prepare_data()
|
KASAN: slab-use-after-free Read in nilfs_segctor_thread
nilfs
|
|
|
|
1 |
610d |
604d
|
22/28 |
531d |
6be49d100c22
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
|
WARNING in udf_expand_dir_adinicb
udf
|
C |
done |
|
2 |
655d |
651d
|
22/28 |
531d |
df97f64dfa31
udf: Avoid directory type conversion failure due to ENOMEM
|
memory leak in vfs_tmpfile_open
overlayfs
|
C |
|
|
14 |
668d |
769d
|
22/28 |
531d |
baabaa505563
ovl: fix tmpfile leak
|
WARNING: stack going in the wrong direction? at finish_task_switch.isra.NUM
kernel
|
|
|
|
2 |
640d |
641d
|
22/28 |
531d |
00c8f01c4e84
objtool: Fix ORC 'signal' propagation
|
WARNING in io_get_cqe_overflow
io-uring
|
|
|
|
1 |
668d |
668d
|
22/28 |
531d |
e12d7a46f65a
io_uring/msg_ring: fix missing lock on overflow for IOPOLL
|
kernel BUG in find_mergeable_anon_vma
mm
|
C |
error |
|
4 |
627d |
623d
|
22/28 |
531d |
3dd443254941
mm: enable maple tree RCU mode by default
|
unregister_netdevice: waiting for DEV to become free (7)
|
C |
inconclusive |
|
20422 |
531d |
733d
|
22/28 |
531d |
266e9b3475ba
RDMA/siw: Remove namespace check from siw_netdev_event()
|
possible deadlock in nilfs_evict_inode
nilfs
|
|
|
|
5 |
611d |
629d
|
22/28 |
531d |
42560f9c92cc
nilfs2: fix sysfs interface lifetime
|
UBSAN: shift-out-of-bounds in fbcon_set_font
fbdev
|
C |
error |
|
3 |
661d |
662d
|
22/28 |
531d |
2b09d5d36498
fbcon: Check font dimension limits
|
KASAN: use-after-free Write in gadgetfs_kill_sb
usb
|
C |
error |
|
5 |
674d |
708d
|
22/28 |
531d |
d18dcfe9860e
USB: gadgetfs: Fix race between mounting and unmounting
|
BUG: unable to handle kernel paging request in __alloc_skb
net
|
|
|
|
1 |
722d |
722d
|
22/28 |
531d |
031af50045ea
arm64: cmpxchg_double*: hazard against entire exchange variable
|
possible deadlock in jbd2_log_wait_commit
ext4
|
C |
done |
|
429 |
607d |
631d
|
22/28 |
531d |
3c92792da850
ext4: Fix deadlock during directory rename
|
possible deadlock in static_key_slow_inc (2)
cgroups
|
C |
error |
|
32622 |
531d |
749d
|
22/28 |
531d |
57dcd64c7e03
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex
|
INFO: task hung in rfcomm_process_sessions (2)
bluetooth
|
C |
error |
done |
14 |
693d |
967d
|
22/28 |
531d |
1d80d57ffcb5
Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
|
WARNING: proc registration bug in clusterip_tg_check (3)
netfilter
|
C |
done |
inconclusive |
9 |
670d |
1204d
|
22/28 |
531d |
9db5d918e2c0
netfilter: ip_tables: remove clusterip target
|
KASAN: use-after-free Write in nr_release
hams
|
C |
done |
error |
1784 |
545d |
1818d
|
22/28 |
531d |
611792920925
netrom: Fix use-after-free caused by accept on already connected socket
|
KASAN: use-after-free Read in do_csum
net
|
C |
|
|
72 |
534d |
699d
|
22/28 |
531d |
1ac885574470
inet: control sockets should not use current thread task_frag
|
KCSAN: data-race in rxrpc_send_data / rxrpc_set_call_completion
afs
net
|
|
|
|
2 |
597d |
576d
|
22/28 |
531d |
2b5fdc0f5caa
rxrpc: Fix potential data race in rxrpc_wait_to_be_connected()
|
WARNING in ext4_update_inline_data
ext4
|
C |
error |
|
21 |
627d |
692d
|
22/28 |
531d |
2b96b4a5d944
ext4: fix WARNING in ext4_update_inline_data
|
KMSAN: uninit-value in ethnl_set_linkmodes (2)
net
|
C |
|
|
40 |
564d |
870d
|
22/28 |
531d |
9ad685dbfe7e
ethtool: Fix uninitialized number of lanes
|
KCSAN: data-race in __neigh_event_send / neigh_resolve_output (7)
net
|
|
|
|
43 |
589d |
562d
|
22/28 |
531d |
b071af523579
neighbour: annotate lockless accesses to n->nud_state
|
general protection fault in free_percpu (2)
wireless
|
|
|
|
1 |
678d |
678d
|
22/28 |
531d |
80f8a66dede0
Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
|
KASAN: null-ptr-deref Read in ida_free (3)
fs
|
C |
error |
|
4 |
606d |
602d
|
22/28 |
531d |
cb2239c198ad
fs: drop peer group ids under namespace lock
|
possible deadlock in ext4_bmap
ext4
|
C |
error |
|
78083 |
531d |
835d
|
22/28 |
531d |
62913ae96de7
ext4, jbd2: add an optimized bmap for the journal inode
|
WARNING in put_pmu_ctx
perf
|
C |
error |
|
66 |
648d |
702d
|
22/28 |
531d |
4f64a6c9f6f1
perf: Fix perf_event_pmu_context serialization
|
WARNING in htb_destroy
net
|
C |
done |
|
2 |
649d |
649d
|
22/28 |
531d |
4fab64126891
net/sched: fix error recovery in qdisc_create()
|
KASAN: use-after-free Read in xfs_btree_lookup_get_block
xfs
|
C |
error |
done |
7 |
595d |
692d
|
22/28 |
531d |
22ed903eee23
xfs: verify buffer contents when we skip log replay
|
general protection fault in ethnl_set_plca_cfg
net
|
C |
done |
|
37 |
674d |
675d
|
22/28 |
531d |
28dbf774bc87
plca.c: fix obvious mistake in checking retval
|
KMSAN: uninit-value in nilfs_add_checksums_on_logs
nilfs
|
|
|
|
1079 |
532d |
625d
|
22/28 |
531d |
7397031622e0
nilfs2: initialize "struct nilfs_binfo_dat"->bi_pad field
ef832747a82d
nilfs2: initialize unused bytes in segment summary blocks
|
memory leak in tcindex_set_parms (3)
net
|
C |
|
|
1 |
719d |
715d
|
22/28 |
531d |
8c710f75256b
net/sched: Retire tcindex classifier
|
WARNING in hfsplus_cat_write_inode
hfs
|
C |
error |
|
141 |
559d |
725d
|
22/28 |
531d |
81b21c0f0138
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
|
INFO: rcu detected stall in ext4_file_write_iter (6)
ext4
|
C |
error |
|
8 |
588d |
651d
|
22/28 |
531d |
d125d1349abe
alarmtimer: Prevent starvation by small intervals and SIG_IGN
|
KASAN: null-ptr-deref Write in udf_write_fi
udf
|
C |
inconclusive |
done |
51 |
663d |
786d
|
22/28 |
531d |
e9109a92d2a9
udf: Convert udf_rename() to new directory iteration code
|
WARNING in c_start (2)
kernel
|
|
|
|
616173 |
604d |
622d
|
22/28 |
531d |
e7304080e0e5
cpumask: relax sanity checking constraints
|
KCSAN: data-race in __neigh_update / neigh_resolve_output
net
|
|
|
|
1 |
595d |
562d
|
22/28 |
531d |
b071af523579
neighbour: annotate lockless accesses to n->nud_state
|
WARNING in hfs_write_inode
hfs
|
C |
done |
|
3 |
688d |
686d
|
22/28 |
531d |
cb7a95af78d2
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
|
KASAN: slab-out-of-bounds Read in __xfs_xattr_put_listent
xfs
|
|
|
|
12 |
645d |
650d
|
22/28 |
531d |
dd07bb8b6baf
xfs: revert commit 8954c44ff477
|
INFO: task hung in tcindex_partial_destroy_work
|
C |
done |
unreliable |
84 |
1379d |
1514d
|
22/28 |
531d |
8c710f75256b
net/sched: Retire tcindex classifier
|
general protection fault in nl802154_trigger_scan
wpan
|
C |
error |
|
31 |
609d |
628d
|
22/28 |
531d |
02f18662f6c6
ieee802154: Prevent user from crashing the host
|
BUG: unable to handle kernel NULL pointer dereference in __build_skb_around
net
bpf
|
C |
done |
|
29 |
611d |
616d
|
22/28 |
531d |
e5995bc7e2ba
bpf, test_run: fix crashes due to XDP frame overwriting/corruption
|
KASAN: null-ptr-deref Read in filemap_fault
mm
udf
|
C |
done |
|
112 |
559d |
572d
|
22/28 |
531d |
38a55db9877c
filemap: Handle error return from __filemap_get_folio()
|
WARNING in udf_free_inode
udf
|
C |
error |
|
19 |
642d |
776d
|
22/28 |
531d |
85a37983ec69
udf: Detect system inodes linked into directory hierarchy
|
INFO: task hung in do_user_addr_fault (3)
ntfs3
|
C |
|
|
32 |
614d |
689d
|
22/28 |
531d |
0226635c304c
fs/ntfs3: don't hold ni_lock when calling truncate_setsize()
|
general protection fault in virtio_transport_purge_skbs
net
|
C |
done |
|
3 |
608d |
608d
|
22/28 |
531d |
b465518dc27d
vsock/loopback: use only sk_buff_head.lock to protect the packet queue
|
WARNING in do_symlinkat
ntfs3
|
C |
error |
done |
66 |
535d |
700d
|
22/28 |
531d |
267a36ba30a7
fs/ntfs3: Remove noacsrules
|
KASAN: use-after-free Read in ext4_find_extent (2)
ext4
|
C |
error |
|
2 |
566d |
690d
|
22/28 |
531d |
835659598c67
ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline
|
general protection fault in nilfs_btree_insert
nilfs
|
C |
error |
|
2 |
696d |
693d
|
22/28 |
531d |
7633355e5c7f
nilfs2: fix general protection fault in nilfs_btree_insert()
|
KASAN: slab-out-of-bounds Write in copy_array (2)
bpf
|
|
|
|
108 |
531d |
560d
|
22/28 |
531d |
45435d8da71f
bpf: Always use maximal size for copy_array()
|
WARNING: stack going in the wrong direction? at __sys_setsockopt
net
|
|
|
|
6 |
638d |
643d
|
22/28 |
531d |
00c8f01c4e84
objtool: Fix ORC 'signal' propagation
|
KMSAN: uninit-value in ondemand_readahead
fs
mm
|
C |
|
|
221 |
629d |
792d
|
22/28 |
531d |
3e35102666f8
fs/cramfs/inode.c: initialize file_ra_state
|
upstream test error: unregister_netdevice: waiting for DEV to become free
net
|
|
|
|
204 |
643d |
650d
|
22/28 |
531d |
b20b8aec6ffc
devlink: Fix netdev notifier chain corruption
|
KMSAN: uninit-value in longest_match
btrfs
|
|
|
|
4 |
708d |
712d
|
22/28 |
531d |
eadd7deca0ad
btrfs: zlib: zero-initialize zlib workspace
|
WARNING in j1939_session_deactivate_activate_next
can
|
C |
error |
done |
502 |
597d |
1002d
|
22/28 |
531d |
d0553680f94c
can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
|
WARNING in net_free
net
|
|
|
|
1 |
585d |
585d
|
22/28 |
531d |
9744d2bf1976
smc: Fix use-after-free in tcp_write_timer_handler().
|
WARNING: fbcon: Driver 'vkmsdrmfb' missed to adjust virtual screen size (0x0 vs. 64x768)
|
C |
unreliable |
error |
24 |
864d |
863d
|
22/28 |
531d |
1935f0deb611
drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
|
WARNING in cleanup_net (2)
net
|
C |
error |
|
72 |
566d |
593d
|
22/28 |
531d |
9744d2bf1976
smc: Fix use-after-free in tcp_write_timer_handler().
|
KASAN: use-after-free Read in cfusbl_device_notify
net
|
C |
done |
|
341 |
623d |
770d
|
22/28 |
531d |
9781e98a9711
net: caif: Fix use-after-free in cfusbl_device_notify()
|
KMSAN: uninit-value in kalmia_send_init_packet
usb
|
C |
|
|
2 |
660d |
659d
|
22/28 |
531d |
c68f345b7c42
net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
|
general protection fault in taprio_dequeue
net
|
|
|
|
1 |
690d |
690d
|
22/28 |
531d |
3a415d59c1db
net/sched: sch_taprio: fix possible use-after-free
|
WARNING in ip6erspan_tunnel_xmit (2)
net
|
C |
unreliable |
|
5 |
611d |
611d
|
22/28 |
531d |
8e50ed774554
erspan: do not use skb_mac_header() in ndo_start_xmit()
|
KMSAN: uninit-value in qrtr_tx_resume
arm-msm
net
|
C |
|
|
8 |
604d |
665d
|
22/28 |
531d |
6417070918de
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
|
general protection fault in __d_add
ntfs3
|
C |
error |
|
16 |
717d |
772d
|
22/28 |
531d |
254e69f284d7
fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
|
INFO: task hung in tls_sw_sendpage (3)
net
|
|
|
|
30 |
635d |
632d
|
22/28 |
531d |
f3221361dc85
net: tls: avoid hanging tasks on the tx_lock
|
WARNING in pegasus_open/usb_submit_urb
input
usb
|
C |
|
|
7 |
612d |
1622d
|
22/28 |
531d |
b3d80fd27a3c
Input: pegasus-notetaker - check pipe type when probing
|
WARNING: locking bug in umh_complete
kernel
|
|
|
|
1 |
668d |
664d
|
22/28 |
531d |
eedeb787ebb5
freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL
|
possible deadlock in j1939_sk_errqueue
can
|
C |
unreliable |
|
227 |
603d |
1140d
|
22/28 |
531d |
d1366b283d94
can: j1939: prevent deadlock by moving j1939_sk_errqueue()
|
KASAN: use-after-free Read in __update_extent_tree_range
f2fs
|
C |
done |
|
9 |
643d |
691d
|
22/28 |
531d |
a46bebd502fe
f2fs: synchronize atomic write aborts
|
WARNING in nla_get_range_unsigned (2)
net
|
C |
done |
|
433 |
607d |
643d
|
22/28 |
531d |
b20b8aec6ffc
devlink: Fix netdev notifier chain corruption
|
KASAN: slab-out-of-bounds Read in indx_insert_into_buffer
ntfs3
|
C |
error |
|
2 |
717d |
717d
|
22/28 |
531d |
b8c44949044e
fs/ntfs3: Fix OOB read in indx_insert_into_buffer
|
WARNING: kmalloc bug in btrfs_ioctl_send
btrfs
|
C |
done |
|
53 |
652d |
722d
|
22/28 |
531d |
33e17b3f5ab7
btrfs: send: limit number of clones and allocated memory size
|
WARNING in shark_write_reg/usb_submit_urb
usb
|
C |
error |
|
63 |
581d |
1954d
|
22/28 |
531d |
76e31045ba03
media: radio-shark: Add endpoint checks
|
BUG: unable to handle kernel paging request in atm_tc_destroy
net
|
C |
error |
|
3 |
650d |
649d
|
22/28 |
531d |
4fab64126891
net/sched: fix error recovery in qdisc_create()
|
kernel BUG in ip_frag_next
net
|
C |
done |
|
9 |
665d |
672d
|
22/28 |
531d |
f72ff8b81ebc
net: fix kfree_skb_list use of skb_mark_not_on_list
|
WARNING in xfs_qm_dqget_cache_insert
xfs
|
C |
error |
|
123 |
557d |
729d
|
22/28 |
531d |
4b827b3f305d
xfs: remove WARN when dquot cache insertion fails
|
KMSAN: kernel-infoleak in _copy_to_iter (8)
mm
|
C |
|
|
21180 |
531d |
625d
|
22/28 |
531d |
8222d5910dae
xfrm: Zero padding when dumping algos and encap
|
WARNING in io_cqring_event_overflow
io-uring
|
C |
|
|
7 |
671d |
678d
|
22/28 |
531d |
544d163d659d
io_uring: lock overflowing for IOPOLL
|
net test error: WARNING: suspicious RCU usage in veth_set_xdp_features
net
|
|
|
|
24 |
616d |
618d
|
22/28 |
531d |
5ce76fe1eead
veth: rely on rtnl_dereference() instead of on rcu_dereference() in veth_set_xdp_features()
|
riscv/fixes boot error: WARNING in __apply_to_page_range (2)
bpf
|
|
|
|
5 |
639d |
700d
|
22/28 |
531d |
96f9d4daf745
riscv: Rework kasan population functions
|
linux-next test error: WARNING: suspicious RCU usage in veth_set_xdp_features
net
|
|
|
|
12 |
616d |
618d
|
22/28 |
531d |
5ce76fe1eead
veth: rely on rtnl_dereference() instead of on rcu_dereference() in veth_set_xdp_features()
|
KCSAN: data-race in netlink_getname / netlink_insert (4)
net
|
|
|
|
2 |
666d |
671d
|
22/28 |
531d |
c1bb9484e3b0
netlink: annotate data races around nlk->portid
|
WARNING: locking bug in inet_autobind
net
|
C |
done |
error |
103 |
693d |
2016d
|
22/28 |
531d |
0b2c59720e65
l2tp: close all race conditions in l2tp_tunnel_register()
|
UBSAN: array-index-out-of-bounds in qfq_update_agg (4)
net
|
|
|
|
1 |
582d |
582d
|
22/28 |
531d |
3037933448f6
net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
|
WARNING in rmqueue
erofs
|
C |
error |
|
2 |
600d |
722d
|
22/28 |
531d |
cc4efd3dd2ac
erofs: stop parsing non-compact HEAD index if clusterofs is invalid
|
KMSAN: kernel-infoleak in nilfs_ioctl_wrap_copy
nilfs
|
|
|
|
4 |
598d |
625d
|
22/28 |
531d |
003587000276
nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
|
KMSAN: uninit-value in raw_sock_get
net
|
|
|
|
1 |
591d |
589d
|
22/28 |
531d |
0a78cf7264d2
raw: Fix NULL deref in raw_get_next().
|
BUG: scheduling while atomic in msleep
net
|
C |
done |
|
40 |
665d |
673d
|
22/28 |
531d |
ea4fdbaa2f77
net/sched: sch_taprio: do not schedule in taprio_reset()
|
WARNING in __dev_queue_xmit (2)
net
|
C |
|
|
76 |
563d |
635d
|
22/28 |
531d |
693aa2c0d9b6
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
|
memory leak in ath9k_hif_usb_rx_cb
wireless
|
C |
|
|
1 |
707d |
703d
|
22/28 |
531d |
0af54343a762
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
|
kernel BUG in icmp_glue_bits
net
|
|
|
|
2 |
537d |
601d
|
22/28 |
531d |
7d63b6712538
icmp: guard against too small mtu
|
general protection fault in bpf_struct_ops_link_create
bpf
net
|
C |
done |
|
17 |
605d |
608d
|
22/28 |
531d |
55fbae05476d
bpf: Check IS_ERR for the bpf_map_get() return value
|
WARNING: can't access registers at entry_SYSCALL_64_after_hwframe
|
C |
|
|
15 |
638d |
643d
|
22/28 |
531d |
00c8f01c4e84
objtool: Fix ORC 'signal' propagation
|
INFO: task hung in find_inode_fast
ext4
|
C |
error |
|
28 |
534d |
683d
|
22/28 |
531d |
0f7bfd6f8164
ext4: fix task hung in ext4_xattr_delete_inode
|
memory leak in io_submit_sqes (4)
io-uring
|
C |
|
|
1 |
682d |
682d
|
22/28 |
531d |
febb985c06cb
io_uring/poll: add hash if ready poll request can't complete inline
|
WARNING in hfsplus_cat_read_inode
hfs
|
C |
error |
|
599 |
556d |
720d
|
22/28 |
531d |
81b21c0f0138
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
|
KASAN: slab-out-of-bounds Read in udf_get_filelongad
udf
|
C |
|
|
2 |
710d |
709d
|
22/28 |
531d |
53cafe1d6d8e
udf: Do not bother merging very long extents
|
BUG: unable to handle kernel NULL pointer dereference in ni_write_inode
ntfs3
|
C |
error |
|
596 |
557d |
789d
|
22/28 |
531d |
8dae4f6341e3
fs/ntfs3: Fix NULL dereference in ni_write_inode
db2a3cc6a348
fs/ntfs3: Fix NULL pointer dereference in 'ni_write_inode'
|
KASAN: use-after-free Read in put_pmu_ctx
perf
|
C |
|
|
51 |
686d |
702d
|
22/28 |
531d |
a551844e345b
perf: Fix use-after-free in error path
|
KASAN: stack-out-of-bounds Read in proc_pid_stack
riscv
|
|
|
|
3 |
534d |
568d
|
22/28 |
531d |
76950340cf03
riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
|
KASAN: vmalloc-out-of-bounds Read in __ebt_unregister_table
bridge
netfilter
|
C |
error |
|
4 |
642d |
642d
|
22/28 |
531d |
e58a171d35e3
netfilter: ebtables: fix table blob use-after-free
|
WARNING: refcount bug in qrtr_recvmsg (2)
arm-msm
net
|
C |
error |
|
2 |
615d |
609d
|
22/28 |
531d |
44d807320000
net: qrtr: Fix a refcount bug in qrtr_recvmsg()
|
WARNING in remove_proc_entry (5)
scsi
|
C |
|
|
158 |
614d |
657d
|
22/28 |
531d |
2172e84ea00b
SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes
|
possible deadlock in __jbd2_log_wait_for_space
ext4
|
C |
error |
|
34993 |
587d |
835d
|
22/28 |
531d |
62913ae96de7
ext4, jbd2: add an optimized bmap for the journal inode
|
WARNING in split_huge_page_to_list (2)
mm
|
C |
error |
|
2334 |
556d |
820d
|
22/28 |
531d |
4737edbbdd49
mm/huge_memory.c: warn with pr_warn_ratelimited instead of VM_WARN_ON_ONCE_FOLIO
|
KASAN: slab-use-after-free Read in mas_next_entry
mm
|
syz |
error |
|
3 |
593d |
596d
|
22/28 |
531d |
f4e9e0e69468
mm/mempolicy: fix use-after-free of VMA iterator
|
UBSAN: shift-out-of-bounds in blkstol2
jfs
|
C |
error |
|
2 |
750d |
750d
|
22/28 |
531d |
fad376fce0af
fs/jfs: fix shift exponent db_agl2size negative
|
WARNING in sock_map_del_link
bpf
net
|
|
|
|
91 |
587d |
587d
|
22/28 |
531d |
8c5c2a4898e3
bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
|
WARNING in nilfs_dat_prepare_end
nilfs
|
C |
error |
|
288 |
626d |
779d
|
22/28 |
531d |
5124a0a54985
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
|
general protection fault in cache_first_page
squashfs
|
C |
error |
|
4 |
671d |
684d
|
22/28 |
531d |
f65c4bbbd682
Squashfs: fix handling and sanity checking of xattr_ids count
72e544b1b283
squashfs: harden sanity check in squashfs_read_xattr_id_table
|
general protection fault in jhash
wireless
|
C |
done |
done |
15 |
580d |
599d
|
22/28 |
531d |
2bef4d1fb8b3
wifi: mac80211_hwsim: fix potential NULL deref in hwsim_pmsr_report_nl()
|
general protection fault in mark_buffer_dirty_inode (2)
udf
|
C |
|
|
32 |
564d |
722d
|
22/28 |
531d |
e9109a92d2a9
udf: Convert udf_rename() to new directory iteration code
|
WARNING in blkdev_put (2)
block
|
C |
unreliable |
|
250 |
607d |
635d
|
22/28 |
531d |
428913bce1e6
block: fix wrong mode for blkdev_put() from disk_scan_partitions()
|
WARNING: refcount bug in nr_release (4)
hams
|
C |
|
|
24 |
646d |
951d
|
22/28 |
531d |
409db27e3a2e
netrom: Fix use-after-free of a listening socket.
|
KASAN: use-after-free Read in hfsplus_release_folio
hfs
|
C |
error |
|
23 |
630d |
705d
|
22/28 |
531d |
07db5e247ab5
fs: hfsplus: fix UAF issue in hfsplus_put_super
|
net-next boot error: BUG: bad usercopy in qrtr_sendmsg
hardening
mm
|
|
|
|
30 |
650d |
652d
|
22/28 |
531d |
0b34d68049b0
net: enable usercopy for skb_small_head_cache
|
memory leak in __proc_create
scsi
usb
|
syz |
|
|
1 |
624d |
624d
|
22/28 |
531d |
be03df3d4bfe
scsi: core: Fix a procfs host directory removal regression
|
KASAN: use-after-free Read in ovs_vport_locate
openvswitch
|
|
|
|
1 |
706d |
701d
|
22/28 |
531d |
95637d91fefd
net: openvswitch: release vport resources on failure
|
general protection fault in pn533_out_complete
nfc
|
C |
error |
|
15 |
662d |
676d
|
22/28 |
531d |
484b7059796e
nfc: pn533: initialize struct pn533_out_arg properly
|
general protection fault in __xfs_free_extent
xfs
|
C |
error |
done |
17 |
585d |
704d
|
22/28 |
531d |
b2ccab3199aa
xfs: pass per-ag references to xfs_free_extent
|
WARNING: bad unlock balance in ext4_rename2
ext4
|
|
|
|
105 |
607d |
625d
|
22/28 |
531d |
70e42feab2e2
ext4: fix possible double unlock when moving a directory
|
INFO: task hung in lock_mount
nilfs
|
C |
error |
error |
1238 |
581d |
2396d
|
22/28 |
531d |
a6a491c04888
nilfs2: fix infinite loop in nilfs_mdt_get_block()
|
kernel BUG in hpage_collapse_scan_file
mm
|
C |
unreliable |
|
3 |
583d |
621d
|
22/28 |
531d |
2ce0bdfebc74
mm: khugepaged: fix kernel BUG in hpage_collapse_scan_file()
|
INFO: task hung in nfnetlink_rcv_msg (3)
netfilter
|
C |
done |
|
5 |
712d |
723d
|
22/28 |
531d |
5e29dc36bd5e
netfilter: ipset: Rework long task execution when adding/deleting entries
|
WARNING in io_sync_cancel
io-uring
|
C |
error |
|
3 |
704d |
701d
|
22/28 |
531d |
23fffb2f09ce
io_uring/cancel: re-grab ctx mutex after finishing wait
|
WARNING: refcount bug in consume_skb
net
|
|
|
|
3 |
650d |
659d
|
22/28 |
531d |
b20b8aec6ffc
devlink: Fix netdev notifier chain corruption
|
KMSAN: uninit-value in xfs_getfsmap_helper
xfs
|
|
|
|
1 |
655d |
649d
|
22/28 |
531d |
60b730a40c43
xfs: fix uninitialized variable access
|
WARNING in io_cqring_overflow_flush
io-uring
|
C |
|
|
2 |
705d |
701d
|
22/28 |
531d |
52ea806ad983
io_uring: finish waiting before flushing overflow entries
|
KASAN: slab-out-of-bounds Write in copy_verifier_state
bpf
|
C |
error |
done |
825 |
685d |
702d
|
22/28 |
531d |
45435d8da71f
bpf: Always use maximal size for copy_array()
|
INFO: trying to register non-static key in net_free
net
|
syz |
error |
|
17982 |
639d |
652d
|
22/28 |
531d |
6e77a5a4af05
net: initialize net->notrefcnt_tracker earlier
|
BUG: unable to handle kernel paging request in clear_user_rep_good
iomap
|
syz |
error |
done |
2 |
600d |
656d
|
22/28 |
531d |
d2c95f9d6802
x86: don't use REP_GOOD or ERMS for user memory clearing
|
WARNING: suspicious RCU usage in bond_mii_monitor
net
|
C |
|
|
13 |
685d |
704d
|
22/28 |
531d |
42c7ded0eeac
bonding: fix lockdep splat in bond_miimon_commit()
|
general protection fault in start_transaction
btrfs
|
C |
error |
|
3 |
686d |
699d
|
22/28 |
531d |
b7adbf9ada35
btrfs: fix race between quota rescan and disable leading to NULL pointer deref
|
WARNING in mbind_range
mm
|
C |
error |
|
3 |
681d |
681d
|
22/28 |
531d |
17dc622c7b0f
maple_tree: fix mas_prev() and mas_find() state handling
|
BUG: stack guard page was hit in inet6_release
bpf
net
|
C |
done |
|
4 |
666d |
715d
|
22/28 |
531d |
ddce1e091757
bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
|
general protection fault in ext4_fill_super (2)
ext4
|
|
|
|
1 |
573d |
573d
|
22/28 |
531d |
d5e72c4e3256
ext4: fix lost error code reporting in __ext4_fill_super()
|
memory leak in copy_process (5)
kernel
|
C |
|
|
1 |
628d |
624d
|
22/28 |
531d |
2aab4b969002
af_unix: fix struct pid leaks in OOB support
|
possible deadlock in l2tp_tunnel_register (2)
net
|
C |
|
|
153 |
625d |
635d
|
22/28 |
531d |
0b2c59720e65
l2tp: close all race conditions in l2tp_tunnel_register()
|
KASAN: slab-use-after-free Read in tcf_action_destroy
net
|
C |
error |
|
32 |
558d |
633d
|
22/28 |
531d |
dfd2f0eb2347
net/sched: flower: fix fl_change() error recovery path
|
possible deadlock in release_sock
net
|
C |
done |
|
42 |
671d |
673d
|
22/28 |
531d |
b9fb10d131b8
l2tp: prevent lockdep issue in l2tp_tunnel_register()
|
possible deadlock in tty_port_tty_get
serial
|
C |
|
|
22661 |
581d |
782d
|
22/28 |
531d |
1007843a9190
mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
|
WARNING in j1939_xtp_rx_abort_one
|
C |
done |
|
379 |
667d |
1204d
|
22/28 |
531d |
d0553680f94c
can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
|
WARNING: suspicious RCU usage in mas_walk
kernfs
|
C |
error |
|
234 |
607d |
937d
|
22/28 |
531d |
6db504ce55bd
mm/ksm: fix race with VMA iteration and mm_struct teardown
|
memory leak in nfc_genl_se_io
net
nfc
|
C |
|
|
1 |
646d |
642d
|
22/28 |
531d |
25ff6f8a5a3b
nfc: fix memory leak of se_io context in nfc_genl_se_io
|
BUG: bad usercopy in con_font_op
hardening
mm
|
C |
done |
|
1 |
628d |
628d
|
22/28 |
531d |
18365ebf23f3
tty: vt: protect KD_FONT_OP_GET_TALL from unbound access
|
general protection fault in xpad_probe
usb
|
C |
done |
|
24 |
567d |
589d
|
22/28 |
531d |
53bea86b5712
Revert "Input: xpad - fix support for some third-party controllers"
|
BUG: bad usercopy in put_cmsg
hardening
mm
|
C |
|
|
3 |
646d |
647d
|
22/28 |
531d |
2558b8039d05
net: use a bounce buffer for copying skb->mark
|
general protection fault in tcindex_set_parms
net
|
C |
done |
|
2 |
646d |
646d
|
22/28 |
531d |
42018a322bd4
net/sched: tcindex: search key must be 16 bits
|
KCSAN: data-race in strscpy / strscpy (3)
ext4
mm
|
|
|
|
3 |
595d |
579d
|
22/28 |
531d |
cf587db2ee02
kernel: Allow a kernel thread's name to be set in copy_process
|
UBSAN: shift-out-of-bounds in dbAllocBits
jfs
|
C |
error |
done |
4 |
639d |
772d
|
22/28 |
531d |
fad376fce0af
fs/jfs: fix shift exponent db_agl2size negative
|
kernel BUG in fou_build_udp
net
|
C |
|
|
1 |
567d |
567d
|
22/28 |
531d |
c88f8d5cd95f
UPSTREAM: sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
|
KASAN: use-after-free Read in io_worker_get
io-uring
|
C |
done |
done |
5 |
647d |
682d
|
22/28 |
531d |
e6db6f9398da
io_uring/io-wq: only free worker if it was allocated for creation
|
INFO: task hung in nilfs_segctor_thread
nilfs
|
C |
error |
|
94 |
568d |
742d
|
22/28 |
531d |
99b9402a36f0
nilfs2: fix underflow in second superblock position calculations
|
KASAN: use-after-free Read in do_accept
hams
|
|
|
|
1 |
677d |
672d
|
22/28 |
531d |
409db27e3a2e
netrom: Fix use-after-free of a listening socket.
|
general protection fault in drm_crtc_next_vblank_start
dri
|
C |
done |
|
4 |
600d |
597d
|
22/28 |
531d |
6f1ccbf07453
drm/vblank: Fix for drivers that do not drm_vblank_init()
|
KCSAN: data-race in ip_finish_output2 / ip_tunnel_xmit
net
|
|
|
|
1 |
661d |
660d
|
22/28 |
531d |
4b397c06cb98
net: tunnels: annotate lockless accesses to dev->needed_headroom
|
memory leak in nr_create (2)
hams
|
C |
|
|
11 |
601d |
661d
|
22/28 |
531d |
611792920925
netrom: Fix use-after-free caused by accept on already connected socket
|
kernel BUG in rxrpc_put_call
afs
net
|
C |
done |
|
9 |
669d |
681d
|
22/28 |
531d |
01644a1f98ff
rxrpc: Fix wrong error return in rxrpc_connect_call()
|
kernel BUG in rxrpc_put_peer
afs
net
|
C |
|
|
80 |
672d |
715d
|
22/28 |
531d |
9d35d880e0e4
rxrpc: Move client call connection to the I/O thread
03fc55adf876
rxrpc: Only disconnect calls in the I/O thread
|
WARNING in nilfs_dat_commit_end
nilfs
|
C |
error |
|
267 |
626d |
782d
|
22/28 |
531d |
602ce7b8e134
nilfs2: prevent WARNING in nilfs_dat_commit_end()
|
KASAN: slab-use-after-free Read in kvm_tdp_mmu_invalidate_all_roots
kvm
|
|
|
|
3 |
578d |
576d
|
22/28 |
531d |
edbdb43fc96b
KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated
|
WARNING: bad unlock balance in l2cap_recv_frame
bluetooth
|
|
|
|
75 |
574d |
585d
|
22/28 |
531d |
25e97f7b1866
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
|
possible deadlock in freeze_super (2)
gfs2
|
C |
error |
done |
15 |
556d |
772d
|
22/28 |
531d |
b66f723bb552
gfs2: Improve gfs2_make_fs_rw error handling
|
INFO: task hung in write_cache_pages (2)
mm
fs
|
C |
done |
|
36 |
559d |
630d
|
22/28 |
531d |
fb3592c41a44
migrate_pages: fix deadlock in batched migration
|
KMSAN: uninit-value in vfs_write
fs
|
C |
|
|
3 |
655d |
624d
|
22/28 |
531d |
2b4c99f7d9a5
can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
|
WARNING in _copy_from_iter
block
tipc
|
C |
error |
|
32057 |
619d |
713d
|
22/28 |
531d |
11a4d6f67cf5
tipc: fix kernel warning when sending SYN message
|
UBSAN: shift-out-of-bounds in dbFindCtl
jfs
|
C |
inconclusive |
done |
45 |
631d |
773d
|
22/28 |
531d |
fad376fce0af
fs/jfs: fix shift exponent db_agl2size negative
|
INFO: rcu detected stall in devlink_nl_cmd_port_get_dumpit
net
|
syz |
|
|
7 |
630d |
647d
|
22/28 |
531d |
b20b8aec6ffc
devlink: Fix netdev notifier chain corruption
|
KASAN: use-after-free Read in io_wq_worker_wake
io-uring
|
C |
done |
done |
1 |
648d |
681d
|
22/28 |
531d |
e6db6f9398da
io_uring/io-wq: only free worker if it was allocated for creation
|
UBSAN: array-index-out-of-bounds in __gfs2_iomap_get
gfs2
|
C |
error |
|
26 |
577d |
700d
|
22/28 |
531d |
cfcdb5bad34f
gfs2: Fix inode height consistency check
|
KASAN: slab-use-after-free Read in class_register
usb
|
C |
done |
|
13 |
601d |
599d
|
22/28 |
531d |
f326ea63ecc6
driver core: class: fix slab-use-after-free Read in class_register()
|
memory leak in ath9k_hif_usb_firmware_cb
wireless
|
C |
|
|
1591 |
675d |
1471d
|
22/28 |
531d |
9b25e3985477
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
|
WARNING in inet_sock_destruct (3)
net
|
C |
|
|
87 |
535d |
638d
|
22/28 |
531d |
880ce5f20033
net: avoid skb end_offset change in __skb_unclone_keeptruesize()
|
WARNING in devlink_free
net
|
|
|
|
10 |
666d |
679d
|
22/28 |
531d |
93e71edfd90c
devlink: keep the instance mutex alive until references are gone
|
KMSAN: uninit-value in ipv6_find_tlv
net
|
C |
|
|
271 |
573d |
1926d
|
22/28 |
531d |
ea30388baebc
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
|
WARNING in mark_buffer_dirty (4)
bfs
nilfs
|
C |
inconclusive |
|
1152 |
531d |
870d
|
22/28 |
531d |
28a65b49eb53
nilfs2: do not write dirty data after degenerating to read-only
|
possible deadlock in __nilfs_error (2)
nilfs
|
|
|
|
1 |
613d |
609d
|
22/28 |
531d |
42560f9c92cc
nilfs2: fix sysfs interface lifetime
|
WARNING in fscrypt_destroy_keyring
fscrypt
ext4
|
C |
|
|
2 |
620d |
618d
|
22/28 |
531d |
ccb820dc7d22
fscrypt: destroy keyring after security_sb_delete()
|
WARNING in default_device_exit_batch (4)
net
|
C |
error |
|
954 |
607d |
733d
|
22/28 |
531d |
e667d4690986
bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
|
upstream-arm64 build error
|
|
|
|
11 |
639d |
642d
|
22/28 |
531d |
d54170812ef1
arm64: fix .idmap.text assertion for large kernels
|
WARNING: locking bug in __perf_event_task_sched_in (2)
perf
|
|
|
|
79 |
662d |
680d
|
22/28 |
531d |
93e71edfd90c
devlink: keep the instance mutex alive until references are gone
|
memory leak in regulatory_hint_core
wireless
|
C |
|
|
2 |
730d |
758d
|
22/28 |
531d |
399ab7fe0fa0
net: sched: fix memory leak in tcindex_set_parms
|
WARNING in __udf_add_aext
udf
|
C |
error |
|
170 |
535d |
772d
|
22/28 |
531d |
e9109a92d2a9
udf: Convert udf_rename() to new directory iteration code
|
BUG: unable to handle kernel NULL pointer dereference in __writepage
udf
|
C |
done |
|
17 |
640d |
704d
|
22/28 |
531d |
79d3c6dbada4
udf: Convert in-ICB files to use udf_writepages()
|
KMSAN: kernel-infoleak in copyout (2)
net
|
C |
|
|
6723 |
532d |
1700d
|
22/28 |
531d |
8222d5910dae
xfrm: Zero padding when dumping algos and encap
|
WARNING in ath6kl_htc_pipe_rx_complete
usb
wireless
|
C |
error |
|
2008 |
570d |
1840d
|
22/28 |
531d |
75c4a8154cb6
wifi: ath6kl: reduce WARN to dev_dbg() in callback
|
WARNING in udf_setsize
udf
|
C |
done |
|
24 |
534d |
704d
|
22/28 |
531d |
256fe4162f8b
udf: Do not update file length for failed writes to inline files
|
kernel BUG in hfs_bnode_put
hfs
|
C |
error |
|
5 |
662d |
717d
|
22/28 |
531d |
a9dc087fd3c4
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
|
KASAN: null-ptr-deref Read in __fl_put
net
|
C |
error |
|
16 |
613d |
632d
|
22/28 |
531d |
dfd2f0eb2347
net/sched: flower: fix fl_change() error recovery path
|
general protection fault in udf_fiiter_write_fi
udf
|
C |
error |
|
2 |
678d |
682d
|
22/28 |
531d |
f950fd052913
udf: Protect rename against modification of moved directory
|
general protection fault in sctp_outq_tail
sctp
|
C |
error |
|
5 |
597d |
609d
|
22/28 |
531d |
2584024b2355
sctp: check send stream number after wait_for_sndbuf
|
WARNING: CPU: NUM PID: NUM at mm/page_alloc.c:LINE get_page_from_freeli
mm
erofs
|
C |
error |
|
1 |
703d |
699d
|
22/28 |
531d |
12724ba38992
erofs: fix kvcalloc() misuse with __GFP_NOFAIL
|
WARNING in kvm_tdp_mmu_invalidate_all_roots
kvm
|
|
|
|
1658 |
576d |
579d
|
22/28 |
531d |
edbdb43fc96b
KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated
|
WARNING in kvm_arch_vcpu_ioctl_run (4)
kvm
|
C |
error |
|
288 |
532d |
615d
|
22/28 |
531d |
0dc902267cb3
KVM: x86: Suppress pending MMIO write exits if emulator detects exception
|
WARNING in __mod_timer
keyrings
lsm
|
|
|
|
2 |
598d |
633d
|
22/28 |
531d |
63a759694eed
debugobject: Prevent init race with static objects
|
general protection fault in hrtimer_active (5)
kernel
|
C |
error |
|
22 |
646d |
650d
|
22/28 |
531d |
4fab64126891
net/sched: fix error recovery in qdisc_create()
|
WARNING in __kernel_read (2)
fsverity
|
C |
error |
|
318 |
576d |
1517d
|
22/28 |
531d |
04839139213c
fsverity: reject FS_IOC_ENABLE_VERITY on mode 3 fds
|
INFO: task hung in extent_write_cache_pages
btrfs
|
C |
error |
|
5 |
563d |
671d
|
22/28 |
531d |
519b7e13b5ae
btrfs: lock the inode in shared mode before starting fiemap
|
kernel BUG in inet_sock_destruct
net
|
C |
error |
|
3 |
688d |
687d
|
22/28 |
531d |
1ac885574470
inet: control sockets should not use current thread task_frag
|
possible deadlock in inet_put_port
net
|
|
|
|
2 |
672d |
672d
|
22/28 |
531d |
b9fb10d131b8
l2tp: prevent lockdep issue in l2tp_tunnel_register()
|
BUG: corrupted list in taprio_destroy
net
|
C |
done |
|
2 |
648d |
648d
|
22/28 |
531d |
4fab64126891
net/sched: fix error recovery in qdisc_create()
|
WARNING: suspicious RCU usage in mas_start
kernfs
|
C |
error |
done |
23 |
603d |
635d
|
22/28 |
531d |
6db504ce55bd
mm/ksm: fix race with VMA iteration and mm_struct teardown
|
WARNING in shark_write_val/usb_submit_urb
usb
|
C |
error |
done |
51 |
588d |
1948d
|
22/28 |
531d |
76e31045ba03
media: radio-shark: Add endpoint checks
|
memory leak in prctl
mm
|
C |
|
|
1 |
705d |
701d
|
22/28 |
531d |
a1193de562f5
mm: fix vma->anon_name memory leak for anonymous shmem VMAs
|
KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (6)
net
|
|
|
|
2 |
600d |
597d
|
22/28 |
531d |
a1865f2e7d10
netlink: annotate lockless accesses to nlk->max_recvmsg_len
|
WARNING in print_tainted
ext4
|
C |
|
|
162 |
531d |
702d
|
22/28 |
531d |
c6adf659a8ba
can: isotp: check CAN address family in isotp_bind()
4f027cba8216
can: isotp: split tx timer into transmission and timeout
|
WARNING in vkms_get_vblank_timestamp
dri
|
syz |
error |
|
41 |
534d |
594d
|
22/28 |
531d |
f2c7ca890182
drm/atomic-helper: Don't set deadline for modesets
|
KASAN: invalid-free in skb_free_head (2)
net
|
C |
error |
|
25 |
573d |
638d
|
22/28 |
531d |
880ce5f20033
net: avoid skb end_offset change in __skb_unclone_keeptruesize()
|
riscv/fixes test error: BUG: soft lockup in corrupted (2)
net
virt
|
|
|
|
4 |
771d |
847d
|
22/28 |
531d |
61fc1ee8be26
riscv: Bump COMMAND_LINE_SIZE value to 1024
|
general protection fault in skb_dequeue (3)
wireless
|
C |
done |
|
6 |
649d |
658d
|
22/28 |
531d |
33b3b041543e
splice: Add a func to do a splice from an O_DIRECT file without ITER_PIPE
|
possible deadlock in jbd2_journal_lock_updates
ext4
|
C |
error |
|
83148 |
538d |
835d
|
22/28 |
531d |
62913ae96de7
ext4, jbd2: add an optimized bmap for the journal inode
|
memory leak in __build_skb (3)
wireless
|
C |
|
|
2 |
691d |
689d
|
22/28 |
531d |
9b25e3985477
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
|
INFO: task hung in freeze_super (3)
gfs2
|
C |
error |
|
19 |
552d |
712d
|
22/28 |
531d |
b66f723bb552
gfs2: Improve gfs2_make_fs_rw error handling
|
KMSAN: uninit-value in qdisc_run
kernel
|
C |
|
|
2 |
743d |
679d
|
22/28 |
531d |
3a415d59c1db
net/sched: sch_taprio: fix possible use-after-free
|
UBSAN: shift-out-of-bounds in ext2_fill_super
ext4
|
C |
|
|
2265 |
531d |
635d
|
22/28 |
531d |
62aeb94433fc
ext2: Check block size validity during mount
|
KASAN: wild-memory-access Read in io_wq_worker_running
io-uring
|
C |
|
|
39 |
677d |
684d
|
22/28 |
531d |
e6db6f9398da
io_uring/io-wq: only free worker if it was allocated for creation
|
KASAN: slab-out-of-bounds Read in hdr_delete_de
ntfs3
|
C |
error |
|
2 |
716d |
715d
|
22/28 |
531d |
ab84eee4c7ab
fs/ntfs3: Fix slab-out-of-bounds read in hdr_delete_de()
|
WARNING in inet_csk_destroy_sock (3)
net
|
|
|
|
1 |
545d |
545d
|
22/28 |
544d |
e0833d1fedb0
dccp/tcp: Fixup bhash2 bucket when connect() fails.
|
WARNING in submit_bio_checks
|
C |
done |
unreliable |
1851 |
974d |
1594d
|
22/28 |
583d |
57e95e4670d1
block: fix and cleanup bio_check_ro
|
general protection fault in dma_fence_array_first
dri
media
|
C |
done |
|
7 |
967d |
967d
|
22/28 |
588d |
21d139d73f77
dma-buf/sync-file: fix logic error in new fence merge code
|
BUG: sleeping function called from invalid context in folio_copy
mm
|
C |
unreliable |
|
271 |
1216d |
1214d
|
22/28 |
588d |
715cbfd6c5c5
mm/migrate: Add folio_migrate_copy()
|
KASAN: use-after-free Read in hci_cmd_timeout
|
C |
done |
error |
371 |
712d |
2024d
|
22/28 |
588d |
97dfaf073f58
Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
|
KASAN: slab-out-of-bounds Read in sk_psock_get
net
|
C |
done |
error |
9 |
849d |
1183d
|
22/28 |
588d |
2a0133723f9e
net: fix refcount bug in sk_psock_get (2)
|
KASAN: use-after-free Read in delete_partition (2)
block
|
C |
done |
|
1 |
1332d |
1331d
|
22/28 |
588d |
b5cfbd35ecca
block: check disk exist before trying to add partition
|
INFO: task hung in port100_probe
usb
nfc
|
C |
error |
inconclusive |
10 |
989d |
1247d
|
22/28 |
588d |
f80cfe2f2658
NFC: port100: fix use-after-free in port100_send_complete
|
KASAN: slab-out-of-bounds Read in ntfs_get_ea
ntfs3
|
C |
error |
done |
9 |
738d |
806d
|
22/28 |
588d |
0e8235d28f3a
fs/ntfs3: Check fields while reading
|
possible deadlock in nci_start_poll
net
nfc
|
C |
error |
done |
83 |
636d |
737d
|
22/28 |
589d |
b2e44aac91b2
NFC: nci: Allow to create multiple virtual nci devices
|
possible deadlock in bpf_trace_printk
bpf
trace
|
C |
done |
done |
68 |
640d |
895d
|
22/28 |
608d |
05b24ff9b2cf
bpf: Prevent bpf program recursion for raw tracepoint probes
|
WARNING in btrfs_run_delayed_refs
btrfs
|
C |
error |
done |
15 |
652d |
766d
|
22/28 |
616d |
8bb808c6ad91
btrfs: don't print stack trace when transaction is aborted due to ENOMEM
|
kernel BUG in pskb_expand_head
net
|
C |
done |
|
1600 |
650d |
1101d
|
22/28 |
634d |
5f33a09e769a
can: isotp: convert struct tpcon::{idx,len} to unsigned int
7c759040c1dd
can: isotp: fix potential CAN frame reception race in isotp_rcv()
|
KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
kvm
|
C |
|
|
20 |
843d |
876d
|
22/28 |
635d |
8a414f943f8b
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
|
kernel BUG in __text_poke
kernel
|
C |
|
|
80 |
835d |
1010d
|
22/28 |
635d |
1d5f82d9dd47
bpf, x86: fix freeing of not-finalized bpf_prog_pack
d24d2a2b0a81
bpf: bpf_prog_pack: Set proper size before freeing ro_header
|
KASAN: vmalloc-out-of-bounds Read in bpf_jit_free
bpf
|
C |
|
|
68 |
835d |
1010d
|
22/28 |
635d |
1d5f82d9dd47
bpf, x86: fix freeing of not-finalized bpf_prog_pack
d24d2a2b0a81
bpf: bpf_prog_pack: Set proper size before freeing ro_header
|
WARNING in __dev_queue_xmit
|
C |
done |
|
16774 |
635d |
849d
|
22/28 |
635d |
dc633700f00f
net/af_packet: check len when min_header_len equals to 0
b12e924a2f5b
net/ieee802154: don't warn zero-sized raw_sendmsg()
3a4d061c699b
net/ieee802154: reject zero-sized raw_sendmsg()
|
INFO: trying to register non-static key in ieee80211_do_stop
wireless
|
C |
error |
|
70591 |
820d |
860d
|
22/28 |
635d |
aa40d5a43526
wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop()
wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop()
|
KASAN: use-after-free Read in mgmt_pending_remove
bluetooth
|
C |
unreliable |
|
9 |
806d |
826d
|
22/28 |
635d |
3cfbc6ac22d6
Bluetooth: hci_sync: fix double mgmt_pending_free() in remove_adv_monitor()
Bluetooth: hci_sync: fix double mgmt_pending_free() in remove_adv_monitor()
|
WARNING in alloc_charge_hpage
mm
|
C |
error |
|
112 |
684d |
754d
|
22/28 |
635d |
e031ff96b334
mm: khugepaged: allow page allocation fallback to eligible nodes
dec1d352de5c
mm: replace VM_WARN_ON to pr_warn if the node is offline with __GFP_THISNODE
|
possible deadlock in worker_thread
rdma
|
|
|
|
1 |
1018d |
1014d
|
22/28 |
635d |
081bdc9fe05b
RDMA/ib_srp: Fix a deadlock
bf23747ee053
loop: revert "make autoclear operation asynchronous"
|
KMSAN: uninit-value in ext4_evict_inode
ext4
|
|
|
|
2734 |
681d |
735d
|
22/28 |
635d |
7ea71af94eaa
ext4: fix uninititialized value in 'ext4_evict_inode'
|
WARNING in ipgre_xmit
net
|
C |
done |
|
9916 |
886d |
902d
|
22/28 |
635d |
8d21e9963bec
ip_gre: test csum_start instead of transport header
|
kernel panic: corrupted stack end in vm_area_alloc
kernel
|
|
|
|
1 |
870d |
870d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
kernel panic: corrupted stack end in vlan_ioctl_handler
kernfs
|
|
|
|
1 |
891d |
891d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
inconsistent lock state in fs_reclaim_acquire (3)
kernel
|
C |
|
|
2 |
750d |
756d
|
22/28 |
635d |
2d1f274b95c6
skmsg: pass gfp argument to alloc_sk_msg()
|
net boot error: INFO: task hung in add_early_randomness
crypto
|
|
|
|
18 |
888d |
894d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
KASAN: use-after-free Read in mas_next_nentry
fs
|
C |
error |
done |
343 |
744d |
938d
|
22/28 |
635d |
59f2f4b8a757
fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()
|
KASAN: use-after-free Read in tty_release
io-uring
serial
|
C |
done |
|
23 |
964d |
974d
|
22/28 |
635d |
d89a4fac0fbc
io_uring: fix assuming triggered poll waitqueue is the single poll
|
linux-next boot error: kernel BUG in putname
fs
|
|
|
|
1 |
827d |
827d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
WARNING: ODEBUG bug in ops_free_list
net
|
|
|
|
1 |
963d |
963d
|
22/28 |
635d |
1946014ca3b1
rxrpc: fix a race in rxrpc_exit_net()
|
KMSAN: uninit-value in ax88178_reset
usb
|
C |
|
|
284 |
943d |
1050d
|
22/28 |
635d |
920a9fa27e78
net: asix: add proper error handling of usb read errors
|
general protection fault in br_mst_info_size
bridge
|
C |
error |
|
26 |
972d |
975d
|
22/28 |
635d |
cde3fc244b3d
net: bridge: mst: prevent NULL deref in br_mst_info_size()
|
KASAN: wild-memory-access Read in skb_copy_bits
net
|
C |
|
|
2 |
804d |
804d
|
22/28 |
635d |
0d24148bd276
inet: ping: fix recent breakage
|
general protection fault in list_lru_add
mm
|
C |
done |
|
1125 |
685d |
973d
|
22/28 |
635d |
ae085d7f9365
mm: kfence: fix missing objcg housekeeping for SLAB
|
KCSAN: data-race in __ip_append_data / __ip_append_data
net
|
|
|
|
1 |
1020d |
1016d
|
22/28 |
635d |
a1cdec57e03a
net-timestamp: convert sk->sk_tskey to atomic_t
|
kernel panic: corrupted stack end in tun_chr_close
fs
|
|
|
|
1 |
927d |
927d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
KMSAN: uninit-value in tipc_nl_compat_name_table_dump (3)
tipc
|
C |
|
|
65 |
732d |
748d
|
22/28 |
635d |
1c075b192fe4
tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
|
WARNING: kmalloc bug in xdp_umem_create (2)
bpf
net
|
C |
done |
|
21 |
1015d |
1080d
|
22/28 |
635d |
0708a0afe291
mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
|
general protection fault in sg_alloc_append_table_from_pages
dri
media
|
C |
done |
|
477 |
668d |
1134d
|
22/28 |
635d |
2b6dd600dd72
udmabuf: validate ubuf->pagecount
|
WARNING in c_start
kernel
|
|
|
|
75097 |
766d |
768d
|
22/28 |
635d |
80493877d7d0
Revert "cpumask: fix checking valid cpu range".
|
KCSAN: data-race in tcp_send_challenge_ack / tcp_send_challenge_ack
net
|
|
|
|
1 |
813d |
813d
|
22/28 |
635d |
8c70521238b7
tcp: annotate data-race around challenge_timestamp
|
BUG: sleeping function called from invalid context in sk_psock_skb_ingress_self
net
bpf
|
C |
done |
|
151 |
745d |
767d
|
22/28 |
635d |
2d1f274b95c6
skmsg: pass gfp argument to alloc_sk_msg()
|
INFO: task hung in addrconf_verify_work (6)
|
C |
done |
|
86 |
639d |
876d
|
22/28 |
635d |
ff1fa2081d17
net: tun: avoid disabling NAPI twice
|
KASAN: use-after-free Read in ipvlan_queue_xmit (3)
net
|
C |
error |
error |
8 |
839d |
1437d
|
22/28 |
635d |
81225b2ea161
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
|
WARNING in change_protection
mm
|
C |
unreliable |
|
13 |
777d |
783d
|
22/28 |
635d |
515778e2d790
mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in
|
possible deadlock in dccp_v4_ctl_send_reset
mptcp
|
C |
done |
|
26 |
722d |
734d
|
22/28 |
635d |
af295e854a4e
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
|
WARNING in exit_tasks_rcu_finish
kernel
|
C |
done |
|
20 |
890d |
892d
|
22/28 |
635d |
0356d4e66214
rcu-tasks: Track blocked RCU Tasks Trace readers
|
memory leak in kobject_set_name_vargs (5)
nilfs
|
C |
|
|
4 |
780d |
882d
|
22/28 |
635d |
d0d51a97063d
nilfs2: fix leak of nilfs_root in case of writer thread creation failure
|
BUG: unable to handle kernel NULL pointer dereference in ni_find_attr
ntfs3
|
C |
done |
done |
81 |
684d |
819d
|
22/28 |
635d |
2681631c2973
fs/ntfs3: Add null pointer check to attr_load_runs_vcn
|
possible deadlock in console_unlock (2)
serial
|
C |
error |
done |
599 |
652d |
1102d
|
22/28 |
635d |
09c5ba0aa2fc
printk: add kthread console printers
|
KASAN: use-after-free Read in ucma_destroy_private_ctx
rdma
|
|
|
|
1 |
1058d |
1052d
|
22/28 |
635d |
36e8169ec973
RDMA/ucma: Protect mc during concurrent multicast leaves
|
general protection fault in llc_build_and_send_xid_pkt
net
|
C |
done |
|
2 |
972d |
972d
|
22/28 |
635d |
2d327a79ee17
llc: only change llc->dev when bind() succeeds
|
KASAN: use-after-free Read in unregister_shrinker (2)
mm
|
C |
error |
|
3799 |
748d |
791d
|
22/28 |
635d |
bd86c69dae65
NFSD: unregister shrinker when nfsd_init_net() fails
|
linux-next boot error: general protection fault in driver_bound
kernel
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KMSAN: uninit-value in mpol_rebind_mm (2)
mm
|
C |
|
|
11 |
889d |
1013d
|
22/28 |
635d |
018160ad314d
mm/mempolicy: fix uninit-value in mpol_rebind_policy()
|
possible deadlock in snd_timer_interrupt (2)
sound
|
C |
error |
|
29 |
834d |
1095d
|
22/28 |
635d |
95cc637c1afd
ALSA: timer: Use deferred fasync helper
|
possible deadlock in display_open
usb
|
C |
inconclusive |
|
48888 |
903d |
1930d
|
22/28 |
635d |
db264d4c66c0
media: imon: reorganize serialization
|
kernel BUG in __clear_extent_bit
btrfs
|
C |
error |
|
5 |
711d |
726d
|
22/28 |
635d |
5a75034e71ef
btrfs: do not panic if we can't allocate a prealloc extent state
|
KASAN: use-after-free Read in reqsk_queue_unlink
net
|
|
|
|
4 |
722d |
772d
|
22/28 |
635d |
740ea3c4a0b2
tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
|
kernel BUG in dev_args_match_device
btrfs
|
|
|
|
1 |
749d |
749d
|
22/28 |
635d |
0fca385d6ebc
btrfs: fix match incorrectly in dev_args_match_device
|
KASAN: use-after-free Read in pty_close
serial
io-uring
fuse
|
C |
done |
|
4 |
840d |
867d
|
22/28 |
635d |
7a121ced6e64
io_uring: don't miss setting REQ_F_DOUBLE_POLL
|
KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer (2)
media
|
C |
inconclusive |
done |
14 |
660d |
1172d
|
22/28 |
635d |
94a7ad928346
media: vivid: fix compose size exceed boundary
|
general protection fault in pm_qos_update_target
pm
|
syz |
inconclusive |
done |
1 |
975d |
1283d
|
22/28 |
635d |
3c3201f8c7bb
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
|
KMSAN: uninit-value in asix_mdio_read (3)
usb
|
C |
|
|
1582 |
919d |
983d
|
22/28 |
635d |
920a9fa27e78
net: asix: add proper error handling of usb read errors
|
WARNING: refcount bug in tcp_release_cb
net
|
|
|
|
2 |
710d |
720d
|
22/28 |
635d |
0a182f8d6074
bpf, sockmap: fix race in sock_map_free()
|
INFO: rcu detected stall in sys_lsetxattr
fs
|
C |
done |
|
2 |
947d |
946d
|
22/28 |
635d |
0014edaedfd8
fs: unset MNT_WRITE_HOLD on failure
|
WARNING in ext4_da_release_space
ext4
|
C |
error |
|
9 |
648d |
770d
|
22/28 |
635d |
1b8f787ef547
ext4: fix warning in 'ext4_da_release_space'
|
BUG: unable to handle kernel NULL pointer dereference in ntfs_sparse_cluster
ntfs3
|
C |
error |
done |
11 |
701d |
703d
|
22/28 |
635d |
c380b52f6c57
fs/ntfs3: Change new sparse cluster processing
|
WARNING in cpuset_attach
cgroups
|
C |
error |
|
20922 |
818d |
819d
|
22/28 |
635d |
43626dade36f
cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
|
net boot error: WARNING in genl_register_family
net
|
|
|
|
3 |
754d |
754d
|
22/28 |
635d |
e4ba4554209f
net: openvswitch: add missing .resv_start_op
|
WARNING in __skb_flow_dissect (4)
net
|
C |
error |
|
6 |
746d |
755d
|
22/28 |
635d |
9f225444467b
ppp: associate skb with a device at tx
|
WARNING in inet_csk_get_port
net
|
C |
done |
|
1166 |
684d |
912d
|
22/28 |
635d |
593d1ebe00a4
Revert "net: Add a second bind table hashed by port and address"
|
upstream boot error: general protection fault in __proc_create
fs
|
|
|
|
1 |
830d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
panic: runtime error: floating point error
kernel
|
|
|
|
2 |
647d |
926d
|
22/28 |
635d |
59f5ede3bc0f
x86/fpu: Prevent FPU state corruption
|
inconsistent lock state in kmem_cache_alloc_trace (2)
kernel
|
|
|
|
2 |
764d |
765d
|
22/28 |
635d |
2d1f274b95c6
skmsg: pass gfp argument to alloc_sk_msg()
|
memory leak in __insert_pending
ext4
|
C |
|
|
1 |
752d |
748d
|
22/28 |
635d |
1da18e38cb97
ext4: fix reserved cluster accounting in __es_remove_extent()
|
memory leak in crypto_create_tfm_node
ext4
crypto
|
C |
|
|
3 |
766d |
771d
|
22/28 |
635d |
ccd30a476f8e
fscrypt: fix keyring memory leak on mount failure
|
WARNING in vcpu_enter_guest (2)
kvm
|
C |
|
|
42 |
748d |
757d
|
22/28 |
635d |
dea0d5a2fde6
KVM: x86: Exempt pending triple fault from event injection sanity check
|
KASAN: use-after-free Read in drm_gem_object_release_handle
|
C |
done |
|
362 |
716d |
1100d
|
22/28 |
635d |
24013314be6e
drm/shmem-helper: Remove errant put in error path
|
KMSAN: uninit-value in btrfs_clean_tree_block (2)
btrfs
nilfs
|
|
|
|
15960 |
635d |
1096d
|
22/28 |
635d |
cbddcc4fa344
btrfs: set generation before calling btrfs_clean_tree_block in btrfs_init_new_buffer
|
KASAN: use-after-free Read in do_shrink_slab (2)
mm
|
|
|
|
105 |
761d |
785d
|
22/28 |
635d |
bd86c69dae65
NFSD: unregister shrinker when nfsd_init_net() fails
|
WARNING in ext2_fill_super
ext4
|
C |
|
|
2 |
821d |
817d
|
22/28 |
635d |
d766f2d1e3e3
ext2: Add sanity checks for group and filesystem size
e7c7fbb9a857
ext2: Use kvmalloc() for group descriptor array
|
KASAN: use-after-free Read in btrfs_scan_one_device (2)
btrfs
|
C |
|
|
2 |
997d |
993d
|
22/28 |
635d |
79c9234ba596
btrfs: don't access possibly stale fs_info data in device_list_add
|
KASAN: use-after-free Read in free_netdev (3)
net
|
C |
inconclusive |
|
130 |
727d |
883d
|
22/28 |
635d |
3b9bc84d3111
net: tun: unlink NAPI from device on destruction
|
WARNING in bpf_skb_load_helper_16_no_cache
bpf
|
C |
done |
|
6 |
842d |
872d
|
22/28 |
635d |
0326195f523a
bpf: Make sure mac_header was set before using it
|
general protection fault in release_udmabuf
dri
media
|
C |
inconclusive |
|
31 |
774d |
825d
|
22/28 |
635d |
d9c04a1b7a15
udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
|
KASAN: slab-out-of-bounds Read in cttimeout_net_exit
netfilter
|
C |
|
|
1444 |
880d |
918d
|
22/28 |
635d |
aeed55a08d0b
netfilter: cttimeout: fix slab-out-of-bounds read in cttimeout_net_exit
394e771684f7
netfilter: cttimeout: fix slab-out-of-bounds read typo in cttimeout_net_exit
|
WARNING in snd_usbmidi_output_open
alsa
usb
|
C |
done |
|
37 |
733d |
740d
|
22/28 |
635d |
ad72c3c3f6eb
ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
|
WARNING in send_packet/usb_submit_urb
usb
|
C |
inconclusive |
|
847 |
703d |
870d
|
22/28 |
635d |
813ceef062b5
media: imon: fix a race condition in send_packet()
|
KASAN: slab-out-of-bounds Read in io_uring_show_fdinfo
io-uring
|
C |
done |
|
5 |
767d |
772d
|
22/28 |
635d |
00927931cb63
io_uring: fix fdinfo sqe offsets calculation
|
KCSAN: data-race in dev_activate / qdisc_lookup_rcu
net
|
|
|
|
1 |
1013d |
1013d
|
22/28 |
635d |
5891cd5ec46c
net_sched: add __rcu annotation to netdev->qdisc
|
KASAN: slab-out-of-bounds Read in thrustmaster_probe
input
usb
|
C |
unreliable |
|
92 |
980d |
1004d
|
22/28 |
635d |
fc3ef2e3297b
HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts
|
INFO: rcu detected stall in sys_setxattr (2)
fs
|
C |
done |
|
3 |
947d |
946d
|
22/28 |
635d |
0014edaedfd8
fs: unset MNT_WRITE_HOLD on failure
|
BUG: unable to handle kernel paging request in vmx_handle_exit_irqoff
kvm
|
C |
error |
|
7736 |
727d |
749d
|
22/28 |
635d |
1cfaac2400c7
x86/kasan: Populate shadow for shared chunk of the CPU entry area
|
WARNING in skb_try_coalesce
net
|
C |
error |
|
1521 |
907d |
1361d
|
22/28 |
635d |
763087dab975
net: add skb_set_end_offset() helper
|
INFO: task hung in misc_open (4)
usb
|
C |
error |
inconclusive |
144 |
663d |
1376d
|
22/28 |
635d |
8386c414e27c
PM: hibernate: defer device probing when resuming from hibernation
|
kernel panic: corrupted stack end in netdev_run_todo
net
|
|
|
|
1 |
879d |
879d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
general protection fault in sock_reserve_memory
net
|
C |
done |
|
2 |
1011d |
1011d
|
22/28 |
635d |
25206111512d
crypto: af_alg - get rid of alg_memory_allocated
|
general protection fault in __dentry_path (2)
fs
|
C |
error |
|
174 |
940d |
951d
|
22/28 |
635d |
5c697c367a66
KVM: Initialize debugfs_dentry when a VM is created to avoid NULL deref
|
WARNING in tcp_enter_loss (3)
net
|
C |
inconclusive |
|
7 |
752d |
1049d
|
22/28 |
635d |
0c175da7b037
tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
|
divide error in dbNextAG
jfs
|
syz |
error |
|
2 |
981d |
977d
|
22/28 |
635d |
2cc7cc01c15f
jfs: fix divide error in dbNextAG
|
usb-testing boot error: BUG: unable to handle kernel paging request in dequeue_task_fair
acpi
|
|
|
|
1 |
814d |
814d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
general protection fault in tls_sk_proto_close (3)
net
|
C |
done |
|
276 |
884d |
1283d
|
22/28 |
635d |
69135c572d1f
net/tls: fix tls_sk_proto_close executed repeatedly
|
KCSAN: data-race in lru_add_fn / skb_append_pagefrags
mm
|
|
|
|
1 |
760d |
756d
|
22/28 |
635d |
228ebc41dfab
net: do not sense pfmemalloc status in skb_append_pagefrags()
|
possible deadlock in hugetlb_fault
mm
|
|
|
|
2 |
739d |
747d
|
22/28 |
635d |
04ada095dcfc
hugetlb: don't delete vma_lock in hugetlb MADV_DONTNEED processing
|
KASAN: use-after-free Read in nilfs_mdt_destroy
nilfs
|
C |
error |
|
20 |
776d |
791d
|
22/28 |
635d |
2e488f13755f
fs: fix UAF/GPF bug in nilfs_mdt_destroy
|
KASAN: slab-out-of-bounds Read in hfs_cat_keycmp
hfs
|
C |
error |
done |
2 |
639d |
704d
|
22/28 |
635d |
c53ed55cb275
hfs: Fix OOB Write in hfs_asc2mac
|
possible deadlock in l2tp_tunnel_register
net
|
C |
error |
|
9492 |
635d |
734d
|
22/28 |
635d |
af295e854a4e
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
|
general protection fault in em_cmp_match
net
|
C |
|
|
4 |
711d |
707d
|
22/28 |
635d |
9cd3fd2054c3
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
|
kernel BUG in __filemap_get_folio
kernel
|
C |
done |
|
814 |
775d |
945d
|
22/28 |
635d |
63b1898fffcd
XArray: Disallow sibling entries of nodes
|
kernel BUG in commit_creds
io-uring
|
C |
done |
|
5 |
947d |
951d
|
22/28 |
635d |
701521403cfb
io_uring: abort file assignment prior to assigning creds
|
WARNING in mntput_no_expire (3)
fs
|
C |
inconclusive |
|
29 |
685d |
1101d
|
22/28 |
635d |
a91714312eb1
percpu_ref_init(): clean ->percpu_count_ref on failure
|
WARNING in nilfs_segctor_do_construct
nilfs
|
C |
|
|
5 |
662d |
785d
|
22/28 |
635d |
723ac751208f
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
|
KASAN: slab-out-of-bounds Read in vxlan_vnifilter_dump_dev
|
C |
done |
|
30 |
965d |
966d
|
22/28 |
635d |
9d570741aec1
vxlan: do not feed vxlan_vnifilter_dump_dev with non vxlan devices
|
general protection fault in ip6_rcv_core
net
|
C |
done |
|
275 |
725d |
952d
|
22/28 |
635d |
0339d25a2807
ipv6: fix NULL deref in ip6_rcv_core()
|
BUG: unable to handle kernel paging request in ovl_set_acl
overlayfs
|
C |
error |
|
4 |
748d |
749d
|
22/28 |
635d |
5b52aebef895
ovl: call posix_acl_release() after error checking
|
KASAN: use-after-free Read in z_erofs_transform_plain
erofs
|
C |
done |
|
4 |
639d |
716d
|
22/28 |
635d |
c505feba4c0d
erofs: validate the extent length for uncompressed pclusters
|
KMSAN: uninit-value in mpol_rebind_task (2)
mm
|
C |
|
|
7 |
891d |
1051d
|
22/28 |
635d |
018160ad314d
mm/mempolicy: fix uninit-value in mpol_rebind_policy()
|
KASAN: use-after-free Read in nh_netdev_event
net
|
|
|
|
3 |
736d |
812d
|
22/28 |
635d |
5daadc86f27e
net: tun: Fix use-after-free in tun_detach()
|
KASAN: use-after-free Read in rxrpc_lookup_local
afs
net
|
C |
|
|
3997 |
686d |
715d
|
22/28 |
635d |
8fbcc83334a7
rxrpc: Fix I/O thread startup getting skipped
eaa02390adb0
rxrpc: Fix NULL deref in rxrpc_unuse_local()
|
WARNING in kernfs_active
kernfs
|
C |
error |
|
150 |
649d |
772d
|
22/28 |
635d |
1edfe4ea16ca
kernfs: Fix spurious lockdep warning in kernfs_find_and_get_node_by_id()
|
kernel BUG in warn_crc32c_csum_combine
net
|
C |
error |
|
17 |
749d |
759d
|
22/28 |
635d |
7f57f8165cb6
af_key: Fix send_acquire race with pfkey_register
|
kernel panic: corrupted stack end in nf_tables_getset
net
|
|
|
|
1 |
744d |
744d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
net-next test error: WARNING in devl_port_unregister
net
|
|
|
|
52 |
741d |
743d
|
22/28 |
635d |
1fb22ed67195
devlink: Fix warning when unregistering a port
|
KMSAN: kernel-infoleak in v4l2_compat_put_array_args
media
|
|
|
|
8 |
733d |
1037d
|
22/28 |
635d |
4e768c8e34e6
media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args()
|
kernel panic: stack is corrupted in ksys_write
fs
|
|
|
|
1 |
808d |
804d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
KASAN: use-after-free Read in dev_uevent
kernel
|
syz |
|
|
54 |
643d |
1616d
|
22/28 |
635d |
16b1941eac2b
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
|
WARNING in u32_change
net
|
C |
|
|
28 |
690d |
787d
|
22/28 |
635d |
7cba18332e36
net: sched: cls_u32: Avoid memcpy() false-positive warning
|
general protection fault in metadata_dst_free
net
|
C |
|
|
348 |
766d |
805d
|
22/28 |
635d |
c52add61c27e
macsec: don't free NULL metadata_dst
|
memory leak in watch_queue_set_size
kernel
|
C |
|
|
1 |
977d |
970d
|
22/28 |
635d |
b490207017ba
watch_queue: Free the page array when watch_queue is dismantled
|
memory leak in virtual_ncidev_write
net
nfc
|
C |
|
|
1 |
734d |
734d
|
22/28 |
635d |
53270fb0fd77
NFC: nci: fix memory leak in nci_rx_data_packet()
|
memory leak in __vsock_create
net
|
C |
|
|
1 |
960d |
956d
|
22/28 |
635d |
7e97cfed9929
vsock: Fix memory leak in vsock_connect()
|
kernel panic: corrupted stack end in inet6_sendmsg
netfilter
|
|
|
|
1 |
783d |
783d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
WARNING: locking bug in hugetlb_no_page
mm
|
C |
|
|
1 |
739d |
739d
|
22/28 |
635d |
04ada095dcfc
hugetlb: don't delete vma_lock in hugetlb MADV_DONTNEED processing
|
KASAN: slab-out-of-bounds Read in __fscache_acquire_volume
fs
|
C |
done |
done |
1 |
815d |
814d
|
22/28 |
635d |
9f0933ac026f
fscache: fix OOB Read in __fscache_acquire_volume
|
usb-testing boot error: BUG: unable to handle kernel paging request in __handle_mm_fault
mm
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
general protection fault in blk_mq_update_nr_hw_queues
block
|
C |
error |
|
16 |
733d |
745d
|
22/28 |
635d |
90b0296ece4b
block: fix crash in 'blk_mq_elv_switch_none'
|
KCSAN: data-race in netlink_recvmsg / netlink_recvmsg (5)
net
|
|
|
|
12 |
677d |
930d
|
22/28 |
635d |
d5076fe4049c
netlink: do not reset transport header in netlink_recvmsg()
|
general protection fault in __inet_hash_connect
net
|
|
|
|
5 |
743d |
889d
|
22/28 |
635d |
593d1ebe00a4
Revert "net: Add a second bind table hashed by port and address"
|
kernel panic: corrupted stack end in tc_ctl_action
net
|
|
|
|
2 |
767d |
821d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
WARNING in skb_checksum_help
net
|
|
|
|
15 |
641d |
813d
|
22/28 |
635d |
0d24148bd276
inet: ping: fix recent breakage
|
WARNING in skb_tunnel_check_pmtu
net
|
C |
done |
|
8 |
877d |
883d
|
22/28 |
635d |
853a76148802
tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
|
general protection fault in nilfs_palloc_commit_free_entry
nilfs
|
C |
error |
|
2 |
751d |
759d
|
22/28 |
635d |
f0a0ccda18d6
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
|
BUG: sleeping function called from invalid context in smc_pnet_apply_ib
rdma
|
C |
inconclusive |
|
92 |
999d |
1007d
|
22/28 |
635d |
7ff57e98fb78
net/smc: Use a mutex for locking "struct smc_pnettable"
|
KASAN: use-after-free Read in nf_hook_entries_grow
netfilter
|
C |
done |
done |
5 |
1026d |
1066d
|
22/28 |
635d |
6069da443bf6
netfilter: nf_tables: unregister flowtable hooks on netns exit
|
BUG: unable to handle kernel NULL pointer dereference in lock_page
nilfs
|
C |
error |
|
4 |
745d |
754d
|
22/28 |
635d |
512c5ca01a36
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
|
WARNING: lock held when returning to user space in ieee80211_change_mac
wireless
|
|
|
|
1 |
785d |
781d
|
22/28 |
635d |
ceb3d688f922
wifi: mac80211: unlock on error in ieee80211_can_powered_addr_change()
|
KASAN: use-after-free Read in do_sync_mmap_readahead
fs
mm
|
|
|
|
1 |
914d |
910d
|
22/28 |
635d |
dcfa24ba6899
filemap: Cache the value of vm_flags
|
KMSAN: kernel-infoleak in vcs_read (2)
serial
|
C |
|
|
1556 |
658d |
1813d
|
22/28 |
635d |
af77c56aa353
tty: vt: initialize unicode screen buffer
|
usb-testing boot error: general protection fault in rcu_core
mm
fs
|
|
|
|
23 |
809d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
memory leak in ipv6_renew_options
net
|
C |
|
|
1 |
861d |
857d
|
22/28 |
635d |
e27326009a3d
net: ping6: Fix memleak in ipv6_renew_options().
|
KMSAN: uninit-value in pagecache_write
ext4
|
|
|
|
5 |
761d |
744d
|
22/28 |
635d |
956510c0c743
fs: ext4: initialize fsdata in pagecache_write()
|
KASAN: vmalloc-out-of-bounds Write in imageblit (2)
fbdev
|
C |
done |
|
701 |
810d |
1097d
|
22/28 |
635d |
566f9c9f8933
vt: Clear selection before changing the font
|
UBSAN: shift-out-of-bounds in ntfs_fill_super
ntfs3
|
C |
done |
|
3643 |
635d |
944d
|
22/28 |
635d |
a3b774342fa7
fs/ntfs3: validate BOOT sectors_per_clusters
|
possible deadlock in kcm_ioctl
net
|
C |
error |
|
20 |
821d |
823d
|
22/28 |
635d |
8fc29ff3910f
kcm: fix strp_init() order and cleanup
|
KMSAN: uninit-value in can_send
can
|
C |
|
|
630 |
730d |
748d
|
22/28 |
635d |
3eb3d283e857
can: j1939: j1939_send_one(): fix missing CAN header initialization
|
KASAN: invalid-access Read in copy_page
arm
|
|
|
|
302 |
772d |
838d
|
22/28 |
635d |
a8e5e5146ad0
arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored
|
memory leak in __tcp_send_ack
net
|
C |
|
|
10 |
773d |
1304d
|
22/28 |
635d |
07d120aa33cc
net: tun: call napi_schedule_prep() to ensure we own a napi
|
INFO: task hung in hub_port_init (2)
usb
|
C |
error |
|
486 |
639d |
1101d
|
22/28 |
635d |
26fbe9772b8c
USB: core: Fix hang in usb_kill_urb by adding memory barriers
|
usb-testing boot error: WARNING in anon_vma_clone
mm
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KMSAN: uninit-value in __tipc_nl_bearer_enable
tipc
|
C |
|
|
1288 |
636d |
2164d
|
22/28 |
635d |
7f36f798f89b
tipc: check attribute length for bearer name
|
kernel BUG in __skb_gso_segment
net
|
C |
done |
|
11 |
903d |
901d
|
22/28 |
635d |
e9d3f80935b6
net/af_packet: make sure to pull mac header
|
inconsistent lock state in kmem_cache_alloc
io-uring
|
C |
|
|
4 |
779d |
786d
|
22/28 |
635d |
b000145e9907
io_uring/rw: defer fsnotify calls to task context
|
general protection fault in rlb_clear_slave
net
|
|
|
|
1 |
878d |
878d
|
22/28 |
635d |
ab84db251c04
net: bonding: fix possible NULL deref in rlb code
|
WARNING: ODEBUG bug in mgmt_index_removed
bluetooth
|
|
|
|
1 |
809d |
804d
|
22/28 |
635d |
f74ca25d6d66
Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()
|
inconsistent lock state in padata_do_serial (2)
crypto
|
|
|
|
1 |
798d |
794d
|
22/28 |
635d |
34c3a47d20ae
padata: Always leave BHs disabled when running ->parallel()
|
WARNING in vmx_queue_exception (2)
kvm
|
C |
|
|
5 |
934d |
933d
|
22/28 |
635d |
053d2290c030
KVM: VMX: Exit to userspace if vCPU has injected exception and invalid state
|
usb-testing boot error: INFO: task hung in add_early_randomness
crypto
|
|
|
|
7 |
891d |
898d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
BUG: unable to handle kernel NULL pointer dereference in gsmld_receive_buf
serial
|
C |
error |
|
324 |
809d |
835d
|
22/28 |
635d |
f16c6d2e58a4
tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()
|
KASAN: null-ptr-deref Write in io_file_get_normal
io-uring
fs
|
C |
done |
|
107 |
881d |
965d
|
22/28 |
635d |
d5361233e9ab
io_uring: drop the old style inflight file tracking
|
general protection fault in i2c_setup_smbus_alert
acpi
usb
|
C |
done |
|
20 |
1002d |
1020d
|
22/28 |
635d |
8302532f47bb
i2c: smbus: Check for parent device before dereference
|
KASAN: use-after-free Write in sco_sock_timeout
bluetooth
|
C |
done |
|
272 |
910d |
1182d
|
22/28 |
635d |
7aa1e7d15f8a
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
|
general protection fault in tcp_create_openreq_child
net
|
C |
unreliable |
|
83 |
940d |
943d
|
22/28 |
635d |
ba5a4fdd63ae
tcp: make sure treq->af_specific is initialized
|
INFO: trying to register non-static key in rxe_cleanup_task
rdma
|
syz |
|
|
299 |
636d |
912d
|
22/28 |
635d |
fd5382c5805c
RDMA/rxe: Fix error unwind in rxe_create_qp()
|
WARNING in netif_rx
can
|
|
|
|
2 |
1001d |
1002d
|
22/28 |
635d |
167053f8dd0e
net: Correct wrong BH disable in hard-interrupt.
|
KASAN: out-of-bounds Read in ntfs_set_ea
ntfs3
|
C |
error |
done |
4 |
701d |
704d
|
22/28 |
635d |
0e8235d28f3a
fs/ntfs3: Check fields while reading
|
UBSAN: array-index-out-of-bounds in nfnetlink_unbind
netfilter
|
C |
done |
|
6621 |
901d |
918d
|
22/28 |
635d |
ffd219efd9ee
netfilter: nfnetlink: fix warn in nfnetlink_unbind
|
INFO: trying to register non-static key in nilfs_bmap_lookup_at_level
nilfs
|
C |
error |
|
124 |
745d |
783d
|
22/28 |
635d |
21a87d88c225
nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
|
general protection fault in ovl_dentry_upper
overlayfs
|
C |
error |
|
2 |
732d |
728d
|
22/28 |
635d |
672e4268b286
ovl: fix use inode directly in rcu-walk mode
|
net-next test error: WARNING in __napi_schedule
wireguard
|
|
|
|
110 |
975d |
978d
|
22/28 |
635d |
351bdbb6419c
net: Revert the softirq will run annotation in ____napi_schedule().
|
BUG: unable to handle kernel paging request in get_desc
kernel
|
syz |
error |
|
8 |
735d |
747d
|
22/28 |
635d |
97650148a15e
x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area
|
general protection fault in ath9k_hif_usb_rx_cb (2)
wireless
|
C |
error |
|
1678 |
833d |
1587d
|
22/28 |
635d |
0ac4827f78c7
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
|
upstream test error: WARNING in __queue_work
kernel
|
|
|
|
1 |
818d |
814d
|
22/28 |
635d |
deee93d13d38
Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works
|
UBSAN: shift-out-of-bounds in dbAllocAG
jfs
|
C |
error |
|
10 |
752d |
784d
|
22/28 |
635d |
898f70669568
fs: jfs: fix shift-out-of-bounds in dbAllocAG
|
kernel panic: corrupted stack end in tun_chr_ioctl
kernfs
|
|
|
|
1 |
882d |
882d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
KCSAN: data-race in veth_xmit / veth_xmit
net
|
|
|
|
1 |
1021d |
1016d
|
22/28 |
635d |
68468d8c4cd4
veth: fix races around rq->rx_notify_masked
|
KASAN: vmalloc-out-of-bounds Write in ringbuf_map_alloc
bpf
|
C |
done |
|
541 |
1021d |
1024d
|
22/28 |
635d |
b293dcc473d2
bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
|
kernel BUG in mld_newpack
net
|
|
|
|
1 |
767d |
767d
|
22/28 |
635d |
d89d7ff01235
ipv6: ensure sane device mtu in tunnels
|
BUG: sleeping function called from invalid context in break_ksm
mm
|
C |
|
|
9 |
762d |
762d
|
22/28 |
635d |
d7c0e68dab98
mm/ksm: convert break_ksm() to use walk_page_range_vma()
|
KMSAN: uninit-value in ipvlan_queue_xmit
net
|
C |
|
|
2 |
814d |
1396d
|
22/28 |
635d |
81225b2ea161
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
|
possible deadlock in btrfs_commit_transaction
btrfs
|
C |
error |
done |
6 |
725d |
737d
|
22/28 |
635d |
b740d8061669
btrfs: free btrfs_path before copying root refs to userspace
|
net-next boot error: INFO: task hung in add_early_randomness
crypto
|
|
|
|
23 |
888d |
894d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
UBSAN: shift-out-of-bounds in __access_remote_vm
ntfs3
|
C |
done |
|
3 |
824d |
820d
|
22/28 |
635d |
caad9dd8792a
fs/ntfs3: Avoid UBSAN error on true_sectors_per_clst()
|
WARNING in kcov_mmap
mm
|
|
|
|
14 |
912d |
967d
|
22/28 |
635d |
ecc04463d1a3
kcov: don't generate a warning on vm_insert_page()'s failure
|
WARNING: suspicious RCU usage in ipmr_rtm_dumplink
net
|
|
|
|
11 |
877d |
880d
|
22/28 |
635d |
0fcae3c8b1b3
ipmr: fix a lockdep splat in ipmr_rtm_dumplink()
|
possible deadlock in nci_set_local_general_bytes
net
nfc
|
C |
|
|
32 |
686d |
737d
|
22/28 |
635d |
b2e44aac91b2
NFC: nci: Allow to create multiple virtual nci devices
|
KASAN: slab-out-of-bounds Read in run_unpack
ntfs3
|
C |
|
|
97 |
683d |
790d
|
22/28 |
635d |
887bfc546097
fs/ntfs3: Fix slab-out-of-bounds read in run_unpack
|
upstream boot error: BUG: corrupted list in copy_process
kernel
|
|
|
|
1 |
830d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KASAN: use-after-free Read in __snd_rawmidi_transmit_peek
sound
usb
|
syz |
error |
|
48 |
837d |
947d
|
22/28 |
635d |
0665886ad139
ALSA: usb-audio: Clear MIDI port active flag after draining
|
BUG: MAX_LOCK_DEPTH too low! (3)
net
s390
|
C |
done |
|
18 |
1007d |
1016d
|
22/28 |
635d |
1de9770d121e
net/smc: Avoid overwriting the copies of clcsock callback functions
|
UBSAN: shift-out-of-bounds in hid_report_raw_event (2)
input
usb
|
C |
error |
|
1 |
740d |
736d
|
22/28 |
635d |
ec61b4191858
HID: core: fix shift-out-of-bounds in hid_report_raw_event
|
KASAN: use-after-free Read in port100_send_complete
nfc
usb
|
C |
|
|
1 |
992d |
988d
|
22/28 |
635d |
f80cfe2f2658
NFC: port100: fix use-after-free in port100_send_complete
|
KMSAN: uninit-value in iforce_init_device (2)
input
|
|
|
|
3 |
771d |
744d
|
22/28 |
635d |
b8ebf250997c
Input: iforce - invert valid length check when fetching device IDs
|
KASAN: use-after-free Read in usb_udc_uevent
usb
|
syz |
error |
|
30 |
846d |
1632d
|
22/28 |
635d |
2191c00855b0
USB: gadget: Fix use-after-free Read in usb_udc_uevent()
|
bpf-next boot error: WARNING in bpf_prog_pack_free
bpf
|
|
|
|
12 |
975d |
975d
|
22/28 |
635d |
96805674e562
bpf: Fix bpf_prog_pack for multi-node setup
|
general protection fault in skb_clone (5)
net
|
C |
done |
|
7 |
751d |
768d
|
22/28 |
635d |
d8b57135fd9f
net: hsr: avoid possible NULL deref in skb_clone()
|
KCSAN: data-race in fib6_info_hw_flags_set / fib6_purge_rt
net
|
|
|
|
1 |
1040d |
1038d
|
22/28 |
635d |
d95d6320ba7a
ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt
|
KASAN: use-after-free Read in macsec_get_iflink
net
|
|
|
|
1 |
912d |
908d
|
22/28 |
635d |
196a888ca657
macsec: fix UAF bug for real_dev
|
KASAN: slab-out-of-bounds Write in dbgfs_rm_context_write
damon
|
C |
error |
|
6 |
746d |
752d
|
22/28 |
635d |
1de09a7281ed
mm/damon/dbgfs: check if rm_contexts input is for a real context
|
KMSAN: kernel-infoleak in _copy_to_iter (7)
net
|
C |
|
|
138977 |
635d |
987d
|
22/28 |
635d |
633593a80898
sctp: fix kernel-infoleak for SCTP sockets
|
KASAN: use-after-free Write in inet_put_port
net
|
|
|
|
1 |
893d |
888d
|
22/28 |
635d |
593d1ebe00a4
Revert "net: Add a second bind table hashed by port and address"
|
upstream boot error: general protection fault in ieee80211_register_hw
wireless
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KASAN: use-after-free Read in bio_poll
block
|
C |
done |
|
6 |
926d |
926d
|
22/28 |
635d |
9650b453a3d4
block: ignore RWF_HIPRI hint for sync dio
|
WARNING in tcp_disconnect
net
|
|
|
|
2 |
763d |
767d
|
22/28 |
635d |
72e560cb8c6f
tcp: cdg: allow tcp_cdg_release() to be called multiple times
|
possible deadlock in virtual_nci_close
net
nfc
|
C |
done |
|
939 |
636d |
738d
|
22/28 |
635d |
b2e44aac91b2
NFC: nci: Allow to create multiple virtual nci devices
|
WARNING in tcp_mtup_probe_success
net
|
|
|
|
3 |
903d |
909d
|
22/28 |
635d |
11825765291a
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
|
usb-testing boot error: BUG: unable to handle kernel paging request in insert_header
fs
|
|
|
|
1 |
814d |
814d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KASAN: slab-out-of-bounds Read in mi_find_attr
ntfs3
|
C |
done |
done |
1 |
707d |
703d
|
22/28 |
635d |
4f1dc7d9756e
fs/ntfs3: Validate attribute name offset
|
KASAN: use-after-free Read in do_garbage_collect
f2fs
|
C |
inconclusive |
|
2 |
738d |
738d
|
22/28 |
635d |
d3b7b4afd6b2
f2fs: fix to do sanity check on i_extra_isize in is_alive()
|
BUG: sleeping function called from invalid context in smc_pnet_add
net
|
C |
done |
|
45 |
1017d |
1018d
|
22/28 |
635d |
94fdd7c02a56
net/smc: use GFP_ATOMIC allocation in smc_pnet_add_eth()
|
KASAN: slab-out-of-bounds Write in bpf_prog_test_run_xdp
bpf
net
|
C |
done |
|
18 |
1011d |
1028d
|
22/28 |
635d |
a6763080856f
bpf: test_run: Fix OOB access in bpf_prog_test_run_xdp
|
usb-testing boot error: general protection fault in __handle_irq_event_percpu
kernel
|
|
|
|
1 |
814d |
814d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KASAN: slab-out-of-bounds Read in smc_fback_error_report
net
s390
|
C |
error |
|
72 |
938d |
1014d
|
22/28 |
635d |
0558226cebee
net/smc: Fix slab-out-of-bounds issue in fallback
|
memory leak in iovec_from_user
fs
io-uring
|
C |
|
|
1 |
953d |
949d
|
22/28 |
635d |
323b190ba2de
io_uring: free iovec if file assignment fails
|
BUG: unable to handle kernel paging request in mi_enum_attr
ntfs3
|
C |
error |
done |
18 |
685d |
811d
|
22/28 |
635d |
0e8235d28f3a
fs/ntfs3: Check fields while reading
|
WARNING: refcount bug in nldev_newlink
rdma
|
C |
|
|
33 |
709d |
714d
|
22/28 |
635d |
e42f9c2e6aad
RDMA: Add missed netdev_put() for the netdevice_tracker
|
KASAN: slab-out-of-bounds Read in __hfs_brec_find
hfs
|
C |
|
|
5 |
709d |
723d
|
22/28 |
635d |
8d824e69d9f3
hfs: fix OOB Read in __hfs_brec_find
|
WARNING in bpf_check (3)
|
C |
done |
done |
1736 |
781d |
1714d
|
22/28 |
635d |
34dd3bad1a6f
bpf: Relax the requirement to use preallocated hash maps in tracing progs.
|
KASAN: use-after-free Read in raw_notifier_call_chain
kernel
|
|
|
|
68 |
722d |
960d
|
22/28 |
635d |
5daadc86f27e
net: tun: Fix use-after-free in tun_detach()
|
KCSAN: data-race in packet_setsockopt / packet_setsockopt
net
|
|
|
|
1 |
1042d |
1030d
|
22/28 |
635d |
e42e70ad6ae2
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
|
memory leak in usb_set_configuration (3)
usb
|
C |
|
|
2 |
873d |
900d
|
22/28 |
635d |
945a9a8e448b
media: pvrusb2: fix memory leak in pvr_probe
|
KASAN: use-after-free Read in ar5523_cmd_tx_cb
usb
wireless
|
C |
inconclusive |
|
372 |
731d |
786d
|
22/28 |
635d |
b6702a942a06
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
|
kernel panic: corrupted stack end in shmem_fault
cgroups
mm
|
|
|
|
5 |
642d |
773d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
possible deadlock in strp_work
net
|
C |
error |
|
4 |
821d |
822d
|
22/28 |
635d |
8fc29ff3910f
kcm: fix strp_init() order and cleanup
|
KASAN: use-after-free Read in __fib6_clean_all
net
|
|
|
|
30 |
725d |
978d
|
22/28 |
635d |
5daadc86f27e
net: tun: Fix use-after-free in tun_detach()
|
KCSAN: data-race in do_epoll_wait / do_epoll_wait
fs
|
|
|
|
83 |
911d |
1120d
|
22/28 |
635d |
d679ae94fdd5
list: fix a data-race around ep->rdllist
|
KMSAN: uninit-value in asix_mdio_write_nopm
net
usb
|
|
|
|
2 |
960d |
981d
|
22/28 |
635d |
920a9fa27e78
net: asix: add proper error handling of usb read errors
|
WARNING in dlfb_submit_urb/usb_submit_urb
usb
fbdev
|
C |
done |
|
481 |
708d |
1969d
|
22/28 |
635d |
aaf7dbe07385
video: fbdev: udlfb: properly check endpoint type
|
KCSAN: data-race in kcm_rcv_strparser / kcm_rfree (7)
net
|
|
|
|
1 |
764d |
764d
|
22/28 |
635d |
0c745b5141a4
kcm: annotate data-races around kcm->rx_wait
|
linux-next test error: WARNING in set_peer
wireguard
|
|
|
|
39 |
792d |
799d
|
22/28 |
635d |
26c013108c12
wireguard: netlink: avoid variable-sized memcpy on sockaddr
|
BUG: sleeping function called from invalid context in blk_mq_release
block
|
|
|
|
1 |
965d |
965d
|
22/28 |
635d |
d578c770c852
block: avoid calling blkg_free() in atomic context
|
WARNING in devl_port_unregister
net
|
C |
|
|
1690 |
639d |
741d
|
22/28 |
635d |
1fb22ed67195
devlink: Fix warning when unregistering a port
|
WARNING: suspicious RCU usage in corrupted (2)
net
|
C |
unreliable |
|
7 |
880d |
891d
|
22/28 |
635d |
4e43e64d0f13
ipv6: fix lockdep splat in in6_dump_addrs()
|
possible deadlock in __btrfs_release_delayed_node
btrfs
|
|
|
|
1 |
733d |
733d
|
22/28 |
635d |
796787c978ef
btrfs: do not modify log tree while holding a leaf from fs tree locked
|
usb-testing boot error: BUG: unable to handle kernel paging request in enqueue_task_fair
mm
|
|
|
|
1 |
813d |
813d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
kernel BUG in vhost_get_vq_desc
kvm
net
virt
|
C |
inconclusive |
|
19 |
999d |
1012d
|
22/28 |
635d |
a58da53ffd70
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
|
kernel panic: corrupted stack end in hub_event
kernfs
|
|
|
|
93 |
643d |
988d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
KASAN: use-after-free Read in snd_rawmidi_transmit
usb
sound
|
C |
done |
done |
7 |
903d |
938d
|
22/28 |
635d |
0125de38122f
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
|
kernel panic: corrupted stack end in dput (2)
ext4
|
|
|
|
1 |
734d |
734d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
WARNING in skb_warn_bad_offload (3)
net
|
C |
done |
|
115 |
636d |
773d
|
22/28 |
635d |
87445f369cca
ipv6: ping: fix wrong checksum for large frames
|
WARNING in arp_ioctl
net
|
C |
error |
done |
17 |
708d |
777d
|
22/28 |
635d |
b5f0de6df6dc
net: dev: Convert sa_data to flexible array in struct sockaddr
|
kernel panic: corrupted stack end in tcp_setsockopt
netfilter
|
|
|
|
3 |
740d |
889d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
general protection fault in __pm_runtime_resume (2)
pm
|
C |
error |
|
7 |
974d |
984d
|
22/28 |
635d |
32cb08e95869
Bluetooth: hci_uart: add missing NULL check in h5_enqueue
|
KMSAN: kernel-usb-infoleak in hif_usb_send
wireless
|
C |
|
|
18149 |
943d |
1562d
|
22/28 |
635d |
d1e0df1c57bd
ath9k_htc: fix uninit value bugs
|
WARNING in ipvlan_queue_xmit
net
|
C |
inconclusive |
|
4 |
813d |
814d
|
22/28 |
635d |
81225b2ea161
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
|
kernel panic: corrupted stack end in loop_workfn
ext4
|
|
|
|
1 |
943d |
943d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
KASAN: use-after-free Read in notifier_call_chain
kernel
|
C |
error |
|
157 |
727d |
733d
|
22/28 |
635d |
5daadc86f27e
net: tun: Fix use-after-free in tun_detach()
|
WARNING in wnd_init
ntfs3
|
C |
done |
|
23 |
701d |
783d
|
22/28 |
635d |
0d0f659bf713
fs/ntfs3: Use __GFP_NOWARN allocation at wnd_init()
019d22eb0eb7
fs/ntfs3: Validate attribute data and valid sizes
|
upstream build error (18)
kernel
|
|
|
|
20 |
637d |
908d
|
22/28 |
635d |
e68b823ab0ba
arm64/hugetlb: Fix building errors in huge_ptep_clear_flush()
|
usb-testing boot error: general protection fault in __register_sysctl_table (2)
fs
|
|
|
|
1 |
813d |
813d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KASAN: use-after-free Read in si470x_int_in_callback (2)
usb
media
|
C |
error |
|
7303 |
703d |
1860d
|
22/28 |
635d |
7d21e0b1b41b
media: si470x: Fix use-after-free in si470x_int_in_callback()
|
BUG: unable to handle kernel NULL pointer dereference in f2fs_stop_discard_thread
f2fs
|
C |
done |
|
23 |
704d |
769d
|
22/28 |
635d |
91586ce0d39a
f2fs: fix to invalidate dcc->f2fs_issue_discard in error path
|
WARNING in __perf_event_overflow
perf
|
C |
done |
|
9 |
724d |
749d
|
22/28 |
635d |
bb88f9695460
perf: Improve missing SIGTRAP checking
|
WARNING: still has locks held in tls_rx_reader_lock
net
|
C |
done |
|
4 |
853d |
854d
|
22/28 |
635d |
dde06aaa89b7
tls: rx: release the sock lock on locking timeout
|
KASAN: use-after-free Read in setup_rw_floppy
block
|
|
|
|
3 |
1006d |
1022d
|
22/28 |
635d |
233087ca0636
floppy: disable FDRAWCMD by default
|
memory leak in gs_usb_probe
can
usb
|
C |
|
|
1 |
971d |
967d
|
22/28 |
635d |
50d34a0d151d
can: gs_usb: gs_make_candev(): fix memory leak for devices with extended bit timing configuration
|
memory leak in airspy_probe
media
usb
|
C |
|
|
1 |
837d |
833d
|
22/28 |
635d |
23bc5eb55f8c
media: airspy: fix memory leak in airspy probe
|
general protection fault in hugetlbfs_parse_param
fs
mm
|
C |
|
|
5 |
751d |
763d
|
22/28 |
635d |
26215b7ee923
hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
|
possible deadlock in __snd_pcm_lib_xfer
sound
|
C |
unreliable |
|
3 |
968d |
967d
|
22/28 |
635d |
bc55cfd5718c
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
|
WARNING: suspicious RCU usage in in6_dump_addrs
net
|
C |
unreliable |
|
613 |
847d |
891d
|
22/28 |
635d |
4e43e64d0f13
ipv6: fix lockdep splat in in6_dump_addrs()
|
upstream boot error: INFO: task hung in hwrng_register
crypto
|
|
|
|
23 |
893d |
900d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
kernel panic: corrupted stack end in inet_rtm_newaddr
net
|
|
|
|
23 |
638d |
975d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
KASAN: use-after-free Read in __oom_reap_task_mm
mm
|
|
|
|
1 |
1016d |
1010d
|
22/28 |
635d |
f798a1d4f94d
mm: fix use-after-free bug when mm->mmap is reused after being freed
|
inconsistent lock state in smc_fback_state_change
s390
net
|
C |
error |
|
7 |
727d |
733d
|
22/28 |
635d |
af295e854a4e
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
|
memory leak in blk_iolatency_init (2)
block
cgroups
|
C |
|
|
131 |
777d |
984d
|
22/28 |
635d |
daaca3522a8e
block: release rq qos structures for queue without disk
|
linux-next test error: WARNING in devl_port_unregister
net
|
|
|
|
23 |
741d |
744d
|
22/28 |
635d |
1fb22ed67195
devlink: Fix warning when unregistering a port
|
KMSAN: uninit-value in idmouse_open
usb
|
C |
|
|
5 |
798d |
793d
|
22/28 |
635d |
bce2b0539933
usb: idmouse: fix an uninit-value in idmouse_open
|
KASAN: use-after-free Read in tcp_retransmit_timer (5)
net
|
C |
unreliable |
|
16000 |
719d |
1731d
|
22/28 |
635d |
3a58f13a881e
net: rds: acquire refcount on TCP sockets
|
WARNING in inet_csk_destroy_sock (2)
io-uring
net
|
C |
done |
|
8 |
684d |
771d
|
22/28 |
635d |
e0833d1fedb0
dccp/tcp: Fixup bhash2 bucket when connect() fails.
|
WARNING in ovl_fh_to_dentry
overlayfs
|
C |
|
|
169 |
709d |
789d
|
22/28 |
635d |
cf8aa9bf97ca
ovl: Use "buf" flexible array for memcpy() destination
|
WARNING in notify_change (2)
fuse
|
C |
unreliable |
|
2 |
729d |
730d
|
22/28 |
635d |
44361e8cf9dd
fuse: lock inode unconditionally in fuse_fallocate()
|
KASAN: null-ptr-deref Read in ida_free (2)
usb
|
C |
done |
|
3 |
880d |
880d
|
22/28 |
635d |
90bc2af24638
USB: gadget: Fix double-free bug in raw_gadget driver
|
KASAN: use-after-free Read in nf_confirm
netfilter
|
C |
done |
|
605 |
902d |
918d
|
22/28 |
635d |
56b14ecec97f
netfilter: conntrack: re-fetch conntrack after insertion
|
WARNING in __vunmap
net
|
C |
error |
error |
154 |
784d |
2104d
|
22/28 |
635d |
8a04d2fc700f
xfrm: Update ipcomp_scratches with NULL when freed
|
memory leak in xas_nomem
mm
|
C |
|
|
1 |
912d |
908d
|
22/28 |
635d |
69a37a8ba1b4
mm/huge_memory: Fix xarray node memory leak
|
WARNING in io_req_complete_failed
io-uring
|
C |
error |
|
2 |
727d |
723d
|
22/28 |
635d |
c06c6c5d2767
io_uring: always lock in io_apoll_task_func
|
memory leak in napi_get_frags
net
|
C |
|
|
11 |
1384d |
1405d
|
22/28 |
635d |
07d120aa33cc
net: tun: call napi_schedule_prep() to ensure we own a napi
|
kernel panic: corrupted stack end in mld_dad_work
mm
|
|
|
|
1 |
807d |
807d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
memory leak in netlink_policy_dump_add_policy
net
|
C |
|
|
1 |
835d |
831d
|
22/28 |
635d |
249801360db3
net: genl: fix error path memory leak in policy dumping
|
KCSAN: data-race in fib6_clean_node / inet6_csk_route_socket
net
|
|
|
|
1 |
1035d |
1035d
|
22/28 |
635d |
aafc2e3285c2
ipv6: annotate accesses to fn->fn_sernum
|
KCSAN: data-race in lru_add_fn / tcp_build_frag
mm
|
|
|
|
4 |
805d |
814d
|
22/28 |
635d |
84ce071e38a6
net: introduce __skb_fill_page_desc_noacc
|
KASAN: use-after-free Read in nf_tables_trans_destroy_work
netfilter
|
C |
done |
|
6 |
765d |
772d
|
22/28 |
635d |
d4bc8271db21
netfilter: nf_tables: netlink notifier might race to release objects
26b5934ff419
netfilter: nf_tables: release flow rule object from commit path
|
linux-next boot error: WARNING in kfence_protect
kasan
mm
|
|
|
|
12 |
733d |
734d
|
22/28 |
635d |
3e844d842d49
x86/mm: Ensure forced page table splitting
|
KASAN: use-after-free Read in jbd2_journal_wait_updates
ext4
|
C |
error |
|
143 |
972d |
1016d
|
22/28 |
635d |
cc16eecae687
jbd2: fix use-after-free of transaction_t race
|
BUG: unable to handle kernel paging request in inet_unhash
net
|
|
|
|
3 |
731d |
812d
|
22/28 |
635d |
d1e96cc4fbe0
mptcp: fix tracking issue in mptcp_subflow_create_socket()
|
bpf boot error: INFO: task hung in add_early_randomness
crypto
|
|
|
|
13 |
887d |
894d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
KASAN: vmalloc-out-of-bounds Read in __text_poke
kernel
|
|
|
|
5 |
938d |
1010d
|
22/28 |
635d |
d24d2a2b0a81
bpf: bpf_prog_pack: Set proper size before freeing ro_header
|
usb-testing boot error: BUG: unable to handle kernel paging request in follow_page_mask
mm
|
|
|
|
1 |
810d |
806d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
general protection fault in llc_ui_connect
net
|
C |
done |
|
17 |
968d |
972d
|
22/28 |
635d |
2d327a79ee17
llc: only change llc->dev when bind() succeeds
|
memory leak in ndisc_send_rs
net
|
C |
|
|
2 |
1132d |
1179d
|
22/28 |
635d |
07d120aa33cc
net: tun: call napi_schedule_prep() to ensure we own a napi
|
WARNING in find_vma
mm
|
C |
done |
|
2616 |
812d |
835d
|
22/28 |
635d |
d6f35446d076
binder_alloc: Add missing mmap_lock calls when using the VMA
44e602b4e52f
binder_alloc: add missing mmap_lock calls when using the VMA
|
BUG: unable to handle kernel paging request in kvm_arch_hardware_enable
kvm
|
C |
error |
|
28 |
824d |
827d
|
22/28 |
635d |
4ba4f4194274
KVM: Properly unwind VM creation if creating debugfs fails
|
WARNING in __brelse
udf
|
C |
inconclusive |
|
22 |
642d |
784d
|
22/28 |
635d |
c791730f2554
udf: Avoid double brelse() in udf_rename()
|
WARNING: ODEBUG bug in kvm_xen_vcpu_set_attr
kvm
io-uring
|
C |
done |
|
4 |
843d |
895d
|
22/28 |
635d |
af735db31285
KVM: x86/xen: Initialize Xen timer only once
c03689913635
KVM: x86/xen: Stop Xen timer before changing IRQ
|
WARNING in erofs_iget
erofs
mm
|
C |
|
|
6 |
756d |
806d
|
22/28 |
635d |
1dd73601a1cb
erofs: fix order >= MAX_ORDER warning due to crafted negative i_size
|
KCSAN: data-race in bond_3ad_initiate_agg_selection / bond_3ad_state_machine_handler (2)
net
|
|
|
|
1 |
1010d |
1010d
|
22/28 |
635d |
9ceaf6f76b20
bonding: fix data-races around agg_select_timer
|
INFO: task hung in hci_dev_close_sync
bluetooth
|
C |
unreliable |
|
2366 |
776d |
932d
|
22/28 |
635d |
e36bea6e78ab
Bluetooth: core: Fix deadlock on hci_power_on_sync.
|
KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl (2)
kernel
|
C |
|
|
2 |
784d |
784d
|
22/28 |
635d |
e5b0d06d9b10
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
|
general protection fault in llc_ui_sendmsg
net
|
C |
done |
|
365 |
968d |
972d
|
22/28 |
635d |
2d327a79ee17
llc: only change llc->dev when bind() succeeds
|
WARNING in nf_tables_exit_net
netfilter
|
C |
error |
|
3 |
754d |
753d
|
22/28 |
635d |
03c1f1ef1584
netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
|
upstream boot error: general protection fault in __get_vm_area_node
kernel
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
possible deadlock in console_lock_spinning_enable (2)
serial
|
C |
inconclusive |
done |
117 |
916d |
1102d
|
22/28 |
635d |
09c5ba0aa2fc
printk: add kthread console printers
|
WARNING in scsi_alloc_sgtables
scsi
fuse
|
C |
|
|
93 |
875d |
1221d
|
22/28 |
635d |
d9a434fa0c12
scsi: core: Fix warning in scsi_alloc_sgtables()
|
UBSAN: shift-out-of-bounds in nilfs_load_super_block
nilfs
|
C |
error |
|
3 |
747d |
757d
|
22/28 |
635d |
610a2a3d7d8b
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
|
INFO: task hung in blk_freeze_queue (3)
arm
|
C |
|
|
8 |
732d |
812d
|
22/28 |
635d |
1de7c3cf48fc
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
|
UBSAN: shift-out-of-bounds in init_sb (3)
gfs2
|
C |
|
|
40 |
765d |
830d
|
22/28 |
635d |
670f8ce56dd0
gfs2: Check sb_bsize_shift after reading superblock
|
memory leak in keyctl_watch_key
keyrings
lsm
|
C |
|
|
1 |
980d |
976d
|
22/28 |
635d |
3d8dcf278b1e
watch_queue: Actually free the watch
|
memory leak in fbcon_set_font (2)
fbdev
|
C |
|
|
1 |
717d |
717d
|
22/28 |
635d |
3c3bfb8586f8
fbdev: fbcon: release buffer when fbcon_do_set_font() failed
|
KASAN: use-after-free Read in inet_twsk_kill
net
|
|
|
|
86 |
1028d |
1030d
|
22/28 |
635d |
fbb8295248e1
tcp: allocate tcp_death_row outside of struct netns_ipv4
|
INFO: task hung in scsi_remove_host
scsi
usb
|
C |
done |
|
328 |
786d |
822d
|
22/28 |
635d |
2b36209ca818
scsi: core: Revert "Call blk_mq_free_tag_set() earlier"
d94b2d00f7bf
scsi: core: Revert "Make sure that hosts outlive targets"
f782201ebc2b
scsi: core: Revert "Make sure that targets outlive devices"
70e8d057bef5
scsi: core: Revert "Simplify LLD module reference counting"
|
KASAN: slab-out-of-bounds Read in packet_recvmsg
net
|
C |
inconclusive |
|
12 |
984d |
1385d
|
22/28 |
635d |
c700525fcc06
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
|
WARNING in binder_alloc_vma_close
kernel
|
C |
done |
|
18 |
787d |
877d
|
22/28 |
635d |
b0cab80ecd54
android: binder: fix lockdep check on clearing vma
|
general protection fault in ext4_fill_super
ext4
|
C |
done |
|
5 |
823d |
1038d
|
22/28 |
635d |
7c268d4ce2d3
ext4: fix potential NULL pointer dereference in ext4_fill_super()
|
INFO: task hung in vhost_work_dev_flush
kvm
net
virt
|
C |
error |
|
2 |
1015d |
1006d
|
22/28 |
635d |
e2ae38cf3d91
vhost: fix hung thread due to erroneous iotlb entries
|
stack segment fault in skb_clone
net
|
C |
unreliable |
inconclusive |
3 |
890d |
1075d
|
22/28 |
635d |
d8b57135fd9f
net: hsr: avoid possible NULL deref in skb_clone()
|
WARNING: suspicious RCU usage in bond_ethtool_get_ts_info
net
|
C |
done |
|
6 |
921d |
923d
|
22/28 |
635d |
9b80ccda233f
bonding: fix missed rcu protection
|
WARNING in nsim_map_alloc_elem
mm
|
C |
error |
|
7 |
830d |
850d
|
22/28 |
635d |
d0b80a9edb1a
netdevsim: Avoid allocation warnings triggered from user space
|
KASAN: use-after-free Read in nilfs_segctor_sync
nilfs
|
C |
error |
|
3 |
741d |
751d
|
22/28 |
635d |
8cccf05fe857
nilfs2: fix use-after-free bug of ns_writer on remount
|
KASAN: slab-out-of-bounds Write in watch_queue_set_filter
kernel
|
C |
inconclusive |
|
7 |
976d |
979d
|
22/28 |
635d |
c993ee0f9f81
watch_queue: Fix filter limit check
|
UBSAN: array-index-out-of-bounds in pvr2_i2c_core_init
pvrusb2
usb
|
C |
inconclusive |
|
4 |
919d |
951d
|
22/28 |
635d |
471bec68457a
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
|
upstream boot error: BUG: unable to handle kernel paging request in copy_thread
kernel
|
|
|
|
1 |
827d |
827d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
WARNING in ext4_expand_extra_isize_ea
ext4
|
C |
error |
done |
3 |
709d |
721d
|
22/28 |
635d |
cc12a6f25e07
ext4: allocate extended attribute value in vmalloc area
|
general protection fault in do_check_common
bpf
|
C |
done |
|
5 |
868d |
872d
|
22/28 |
635d |
d1a6edecc1fd
bpf: Check attach_func_proto more carefully in check_return_code
|
usb-testing boot error: BUG: unable to handle kernel paging request in copy_namespaces
kernel
|
|
|
|
1 |
812d |
812d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
general protection fault in rlb_req_update_slave_clients
net
|
C |
inconclusive |
|
3 |
899d |
899d
|
22/28 |
635d |
ab84db251c04
net: bonding: fix possible NULL deref in rlb code
|
WARNING in usbtmc_ioctl/usb_submit_urb
usb
|
C |
inconclusive |
|
8 |
648d |
993d
|
22/28 |
635d |
e9b667a82cdc
usb: usbtmc: Fix bug in pipe direction for control transfers
|
BUG: unable to handle kernel paging request in evict
exfat
|
C |
error |
done |
23 |
743d |
788d
|
22/28 |
635d |
4e3c51f4e805
fs: do not update freeing inode i_io_list
|
BUG: unable to handle kernel paging request in truncate_inode_partial_folio
fs
mm
|
C |
error |
|
4 |
837d |
876d
|
22/28 |
635d |
84ac013046cc
secretmem: fix unhandled fault in truncate
|
WARNING in hugetlb_wp
mm
|
C |
error |
|
3 |
747d |
754d
|
22/28 |
635d |
f347454d0341
mm/gup: disallow FOLL_FORCE|FOLL_WRITE on hugetlb mappings
|
inconsistent lock state in l2tp_tunnel_register
net
|
|
|
|
5599 |
721d |
734d
|
22/28 |
635d |
af295e854a4e
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
|
KASAN: invalid-free in tcp_disconnect
net
|
C |
unreliable |
|
74 |
764d |
778d
|
22/28 |
635d |
72e560cb8c6f
tcp: cdg: allow tcp_cdg_release() to be called multiple times
|
riscv/fixes boot error: INFO: task hung in add_early_randomness
crypto
|
|
|
|
8 |
837d |
888d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
WARNING in wireless_send_event
wireless
|
C |
|
|
210 |
752d |
789d
|
22/28 |
635d |
e3e6e1d16a4c
wifi: wext: use flex array destination for memcpy()
|
WARNING in register_shrinker_prepared
mm
f2fs
|
C |
error |
|
64 |
897d |
898d
|
22/28 |
635d |
5035ebc644ae
mm: shrinkers: introduce debugfs interface for memory shrinkers
|
WARNING in __split_huge_page_tail
arch
mm
io-uring
|
C |
error |
|
155 |
684d |
756d
|
22/28 |
635d |
5aae9265ee1a
mm: prep_compound_tail() clear page->private
|
WARNING in __folio_mark_dirty
gfs2
|
C |
error |
|
1791 |
635d |
1119d
|
22/28 |
635d |
e897be17a441
nilfs2: fix lockdep warnings in page operations for btree nodes
|
BUG: sleeping function called from invalid context in static_key_slow_inc
|
C |
done |
|
82 |
722d |
734d
|
22/28 |
635d |
af295e854a4e
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
|
KCSAN: data-race in ip6_dst_gc / ip6_dst_gc (3)
net
|
|
|
|
2 |
951d |
953d
|
22/28 |
635d |
9cb7c013420f
ipv6: make ip6_rt_gc_expire an atomic_t
|
KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2)
|
C |
done |
|
48810 |
832d |
1465d
|
22/28 |
635d |
0ac4827f78c7
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
|
kernel BUG in ntfs_read_inode_mount
fs
|
|
|
|
1 |
1039d |
1038d
|
22/28 |
635d |
714fbf2647b1
ntfs: add sanity check on allocation size
|
kernel BUG in btrfs_drop_extents
btrfs
|
C |
|
|
4 |
711d |
726d
|
22/28 |
635d |
162d053e15fe
btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range
|
BUG: sleeping function called from invalid context in binder_ioctl
kernel
|
C |
done |
|
30 |
913d |
918d
|
22/28 |
635d |
aed86f8add0e
binder: fix atomic sleep when get extended error
|
KASAN: use-after-free Read in madvise_update_vma
|
C |
done |
|
38 |
999d |
1017d
|
22/28 |
635d |
942341dcc574
mm: fix use-after-free when anon vma name is used after vma is freed
|
WARNING in mcba_usb_probe/usb_submit_urb
usb
can
|
C |
error |
|
537 |
965d |
1960d
|
22/28 |
635d |
136bed0bfd3b
can: mcba_usb: properly check endpoint type
|
KASAN: use-after-free Read in register_shrinker_prepared (2)
mm
|
C |
done |
|
1145 |
748d |
785d
|
22/28 |
635d |
bd86c69dae65
NFSD: unregister shrinker when nfsd_init_net() fails
|
possible deadlock in rds_tcp_reset_callbacks
rds
|
C |
error |
|
1458 |
744d |
823d
|
22/28 |
635d |
a91b750fd662
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
|
BUG: unable to handle kernel NULL pointer dereference in smack_inode_permission
lsm
|
C |
|
|
1 |
742d |
738d
|
22/28 |
635d |
578b565b240a
9p/fd: Fix write overflow in p9_read_work
|
possible deadlock in nci_close_device
net
nfc
|
|
|
|
2 |
715d |
729d
|
22/28 |
635d |
b2e44aac91b2
NFC: nci: Allow to create multiple virtual nci devices
|
memory leak in nft_chain_parse_hook
netfilter
|
C |
|
|
1 |
817d |
814d
|
22/28 |
635d |
77972a36ecc4
netfilter: nf_tables: clean up hook list when offload flags check fails
|
memory leak in sctp_sched_prio_set
sctp
|
C |
|
|
2 |
728d |
734d
|
22/28 |
635d |
9ed7bfc79542
sctp: fix memory leak in sctp_stream_outq_migrate()
|
BUG: sleeping function called from invalid context in sk_psock_stop
|
C |
done |
|
232 |
836d |
894d
|
22/28 |
635d |
697fb80a5364
bpf: Fix sockmap calling sleepable function in teardown path
|
KCSAN: data-race in dropmon_net_event / trace_napi_poll_hit
net
|
|
|
|
1 |
1031d |
1014d
|
22/28 |
635d |
dcd54265c8bc
drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
|
linux-next boot error: BUG: unable to handle kernel paging request in copy_namespaces
kernel
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
upstream boot error: general protection fault in enqueue_entity
block
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
general protection fault in btrfs_stop_all_workers
btrfs
|
C |
done |
|
554 |
933d |
938d
|
22/28 |
635d |
385de0ef387d
btrfs: use a normal workqueue for rmw_workers
|
BUG: corrupted list in hci_conn_add_sysfs
bluetooth
|
C |
error |
done |
9 |
790d |
789d
|
22/28 |
635d |
448a496f7606
Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
|
kernel BUG in __set_page_owner_handle
gfs2
|
C |
|
|
37 |
765d |
928d
|
22/28 |
635d |
cd8c1fd8cdd1
mm/page_owner: use strscpy() instead of strlcpy()
|
kernel BUG in netem_enqueue
net
|
|
|
|
9 |
706d |
931d
|
22/28 |
635d |
eeee4b77dc52
net: add more debug info in skb_checksum_help()
|
KASAN: slab-out-of-bounds Write in hfs_asc2mac
hfs
|
C |
error |
|
161 |
708d |
726d
|
22/28 |
635d |
c53ed55cb275
hfs: Fix OOB Write in hfs_asc2mac
|
WARNING in __dma_map_sg_attrs
|
C |
inconclusive |
|
65 |
835d |
1085d
|
22/28 |
635d |
9e9fa6a9198b
udmabuf: Set the DMA mask for the udmabuf device (v2)
|
WARNING: ODEBUG bug in __cancel_work
bluetooth
|
C |
inconclusive |
|
1 |
829d |
825d
|
22/28 |
635d |
2d2cb3066f2c
Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
|
kernel panic: corrupted stack end in ext4_file_mmap
ext4
|
|
|
|
2 |
640d |
785d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
INFO: trying to register non-static key in gsmld_write
serial
|
C |
error |
|
803 |
807d |
835d
|
22/28 |
635d |
4bb1a53be85f
tty: n_gsm: initialize more members at gsm_alloc_mux()
|
linux-next boot error: WARNING in kthread_should_stop
crypto
|
|
|
|
6 |
743d |
743d
|
22/28 |
635d |
db516da95ce4
hw_random: use add_hwgenerator_randomness() for early entropy
|
KMSAN: uninit-value in ath9k_htc_rx_msg
wireless
|
C |
|
|
17731 |
645d |
1564d
|
22/28 |
635d |
b383e8abed41
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
|
memory leak in vlan_dev_set_egress_priority (2)
net
|
C |
|
|
1 |
866d |
866d
|
22/28 |
635d |
72a0b329114b
vlan: fix memory leak in vlan_newlink()
|
WARNING in ieee80211_link_info_change_notify
wireless
|
C |
inconclusive |
|
1376 |
635d |
878d
|
22/28 |
635d |
591e73ee3f73
wifi: mac80211: properly skip link info driver update
|
general protection fault in ieee80211_subif_start_xmit (2)
wireless
|
C |
error |
|
5 |
752d |
759d
|
22/28 |
635d |
780854186946
wifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit()
|
kernel BUG in ext4_mb_use_inode_pa
ext4
|
C |
error |
done |
2 |
779d |
778d
|
22/28 |
635d |
4bb26f2885ac
ext4: avoid crash when inline data creation follows DIO write
|
kernel BUG in hugepage_add_anon_rmap
mm
|
|
|
|
2 |
999d |
995d
|
22/28 |
635d |
4eecb8b9163d
mm/migrate: Convert remove_migration_ptes() to folios
|
INFO: task hung in __writeback_inodes_sb_nr (5)
ext4
|
C |
done |
|
48 |
642d |
1013d
|
22/28 |
635d |
7d9b1b578d67
ip6mr: fix use-after-free in ip6mr_sk_done()
|
kernel BUG in mcopy_continue
mm
|
|
|
|
4 |
894d |
891d
|
22/28 |
635d |
73f37dbcfe17
mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages
|
memory leak in z_erofs_do_read_page
erofs
|
C |
|
|
1 |
720d |
720d
|
22/28 |
635d |
c42c0ffe8117
erofs: Fix pcluster memleak when its block address is zero
|
possible deadlock in fscrypt_initialize
fscrypt
|
|
|
|
10 |
636d |
945d
|
22/28 |
635d |
4c0d5778385c
ext4: don't set up encryption key during jbd2 transaction
|
linux-next boot error: general protection fault in rcu_core
kernel
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
upstream boot error: WARNING in genl_register_family
net
|
|
|
|
468 |
748d |
755d
|
22/28 |
635d |
e4ba4554209f
net: openvswitch: add missing .resv_start_op
|
upstream boot error: WARNING in copy_process
kernel
|
|
|
|
5 |
827d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KASAN: use-after-free Write in io_sendrecv_fail
io-uring
|
C |
|
|
75 |
766d |
789d
|
22/28 |
635d |
a75155faef4e
io_uring/net: fix UAF in io_sendrecv_fail()
|
general protection fault in reweight_entity
kernel
|
C |
error |
done |
10 |
1011d |
1065d
|
22/28 |
635d |
13765de8148f
sched/fair: Fix fault in reweight_entity
|
KASAN: use-after-free Read in __nf_register_net_hook
netfilter
|
C |
error |
|
5 |
997d |
997d
|
22/28 |
635d |
56763f12b0f0
netfilter: fix use-after-free in __nf_register_net_hook()
|
WARNING in bpf_test_finish
net
bpf
|
C |
done |
|
3 |
997d |
997d
|
22/28 |
635d |
530e214c5b5a
bpf, test_run: Fix overflow in XDP frags bpf_test_finish
|
general protection fault in gfs2_dump_glock
gfs2
|
C |
|
|
25 |
637d |
1038d
|
22/28 |
635d |
428f651cb80b
gfs2: assign rgrp glock before compute_bitstructs
|
upstream test error: WARNING: ODEBUG bug in mgmt_index_removed
bluetooth
|
|
|
|
551 |
832d |
839d
|
22/28 |
635d |
3f2893d3c142
Bluetooth: don't try to cancel uninitialized works at mgmt_index_removed()
|
BUG: corrupted list in p9_fd_cancel (2)
v9fs
fuse
|
C |
error |
|
8 |
734d |
759d
|
22/28 |
635d |
11c10956515b
9p/fd: fix issue of list_del corruption in p9_fd_cancel()
|
KASAN: use-after-free Read in ntfs_attr_find
ntfs3
|
C |
done |
|
74 |
652d |
818d
|
22/28 |
635d |
36a4d82dddbb
ntfs: fix out-of-bounds read in ntfs_attr_find()
|
upstream boot error: BUG: unable to handle kernel paging request in sched_change_group
cgroups
|
|
|
|
1 |
830d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KASAN: use-after-free Write in enqueue_timer
net
|
|
|
|
1 |
737d |
737d
|
22/28 |
635d |
ab0377803daf
mrp: introduce active flags to prevent UAF when applicant uninit
|
KMSAN: uninit-value in ___bpf_prog_run (3)
bpf
|
C |
|
|
5 |
950d |
951d
|
22/28 |
635d |
99c07327ae11
netlink: reset network and mac headers in netlink_dump()
|
kernel BUG in __page_mapcount
kernel
|
C |
error |
|
45 |
1035d |
1270d
|
22/28 |
635d |
24d7275ce279
fs/proc: task_mmu.c: don't read mapcount for migration entry
|
general protection fault in check_helper_call
bpf
|
C |
done |
|
4 |
854d |
859d
|
22/28 |
635d |
d1a6edecc1fd
bpf: Check attach_func_proto more carefully in check_return_code
|
memory leak in do_replace
netfilter
bridge
|
C |
|
|
1 |
797d |
793d
|
22/28 |
635d |
62ce44c4fff9
netfilter: ebtables: fix memory leak when blob is malformed
|
KASAN: null-ptr-deref Write in kcm_tx_work (3)
net
|
C |
inconclusive |
inconclusive |
7 |
782d |
883d
|
22/28 |
635d |
ec7eede369fe
kcm: avoid potential race in kcm_tx_work
|
general protection fault in ax25_send_frame (2)
hams
|
|
|
|
13 |
747d |
733d
|
22/28 |
635d |
e97c089d7a49
rose: Fix NULL pointer dereference in rose_send_frame()
|
general protection fault in xas_create_range
mm
|
|
|
|
1 |
979d |
975d
|
22/28 |
635d |
3e3c658055c0
XArray: Fix xas_create_range() when multi-order entry present
|
KASAN: use-after-free Read in nilfs_segctor_confirm
nilfs
|
C |
inconclusive |
|
19 |
763d |
781d
|
22/28 |
635d |
d325dc6eb763
nilfs2: fix use-after-free bug of struct nilfs_root
|
KASAN: invalid-free in free_prealloced_shrinker
mm
|
C |
done |
|
3 |
855d |
854d
|
22/28 |
635d |
14773bfa70e6
mm: shrinkers: fix double kfree on shrinker name
|
kernel panic: corrupted stack end in lo_ioctl
fs
mm
|
|
|
|
4 |
642d |
763d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
kernel panic: corrupted stack end in vfs_fallocate
ext4
|
|
|
|
1 |
761d |
757d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
kernel panic: corrupted stack end in rtnl_newlink
net
|
|
|
|
3489 |
635d |
982d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
WARNING: refcount bug in sk_psock_get (2)
net
|
C |
done |
|
4 |
860d |
901d
|
22/28 |
635d |
2a0133723f9e
net: fix refcount bug in sk_psock_get (2)
|
linux-next test error: WARNING in __napi_schedule
wireguard
|
|
|
|
15 |
978d |
977d
|
22/28 |
635d |
351bdbb6419c
net: Revert the softirq will run annotation in ____napi_schedule().
|
WARNING in free_loaded_vmcs (3)
kvm
|
C |
inconclusive |
|
2 |
1031d |
1031d
|
22/28 |
635d |
f7e570780efc
KVM: x86: Forcibly leave nested virt when SMM state is toggled
|
upstream boot error: general protection fault in copy_signal
kernel
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
general protection fault in submit_bio_checks
block
btrfs
|
C |
done |
|
1258 |
1002d |
1025d
|
22/28 |
635d |
78e3437450be
block: call bio_associate_blkg from bio_reset
|
WARNING in nci_send_cmd
net
nfc
|
C |
|
|
13 |
722d |
735d
|
22/28 |
635d |
0ad6bded175e
nfc/nci: fix race with opening and closing
|
WARNING in ext2_get_group_desc
ext4
|
|
|
|
1 |
857d |
853d
|
22/28 |
635d |
fa78f3369372
ext2: Add more validity checks for inode counts
|
kernel BUG in binder_alloc_deferred_release
kernel
|
C |
done |
|
4 |
883d |
885d
|
22/28 |
635d |
a43cfc87caaf
android: binder: stop saving a pointer to the VMA
|
WARNING in nfnetlink_unbind
netfilter
|
C |
done |
|
235 |
902d |
918d
|
22/28 |
635d |
ffd219efd9ee
netfilter: nfnetlink: fix warn in nfnetlink_unbind
|
general protection fault in legacy_parse_param
fs
|
C |
done |
|
20 |
975d |
1237d
|
22/28 |
635d |
ecff30575b5a
LSM: general protection fault in legacy_parse_param
|
KCSAN: data-race in kcm_rfree / unreserve_rx_kcm (3)
net
|
|
|
|
4 |
760d |
765d
|
22/28 |
635d |
15e4dabda11b
kcm: annotate data-races around kcm->rx_psock
|
INFO: trying to register non-static key in f2fs_handle_error
f2fs
|
C |
|
|
523 |
685d |
746d
|
22/28 |
635d |
cc249e4cba9a
f2fs: fix to avoid accessing uninitialized spinlock
92b4cf5b4895
f2fs: initialize locks earlier in f2fs_fill_super()
|
general protection fault in btf_decl_tag_resolve
bpf
|
C |
done |
|
6 |
1022d |
1022d
|
22/28 |
635d |
d7e7b42f4f95
bpf: Fix a btf decl_tag bug when tagging a function
|
possible deadlock in p9_req_put
|
C |
done |
|
2815 |
745d |
835d
|
22/28 |
635d |
52f1c45dde91
9p: trans_fd/p9_conn_cancel: drop client lock earlier
|
KASAN: use-after-free Write in null_skcipher_crypt
crypto
|
C |
done |
|
3 |
993d |
1191d
|
22/28 |
635d |
ebe48d368e97
esp: Fix possible buffer overflow in ESP transformation
|
WARNING in nci_add_new_protocol
net
nfc
|
|
|
|
1 |
728d |
724d
|
22/28 |
635d |
e329e71013c9
NFC: nci: Bounds check struct nfc_target arrays
|
memory leak in mld_newpack
net
|
C |
|
|
2 |
796d |
1214d
|
22/28 |
635d |
a43206156263
usbnet: Fix memory leak in usbnet_disconnect()
|
KASAN: use-after-free Read in io_rsrc_node_ref_zero
fs
|
C |
done |
|
3 |
1003d |
1003d
|
22/28 |
635d |
80912cef18f1
io_uring: disallow modification of rsrc_data during quiesce
|
kernel panic: corrupted stack end in cleanup_net
wireguard
|
|
|
|
2 |
693d |
913d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
WARNING in netif_napi_add_weight
net
|
C |
inconclusive |
done |
45 |
874d |
887d
|
22/28 |
635d |
3b9bc84d3111
net: tun: unlink NAPI from device on destruction
|
WARNING in isotp_tx_timer_handler (2)
can
|
C |
|
|
1416 |
661d |
984d
|
22/28 |
635d |
3ea566422cbd
can: isotp: sanitize CAN ID checks in isotp_bind()
d73497081710
can: isotp: stop timeout monitoring when no first frame was sent
|
WARNING in ext4_xattr_block_set
ext4
|
C |
error |
|
57 |
641d |
747d
|
22/28 |
635d |
fae381a3d79b
ext4: init quota for 'old.inode' in 'ext4_rename'
|
general protection fault in shm_close
kernel
|
C |
done |
|
48 |
736d |
738d
|
22/28 |
635d |
b6305049f306
ipc/shm: call underlying open/close vm_ops
|
linux-next boot error: WARNING: suspicious RCU usage in cpuacct_charge
cgroups
|
|
|
|
21 |
981d |
992d
|
22/28 |
635d |
f2aa197e4794
cgroup: Fix suspicious rcu_dereference_check() usage warning
|
KASAN: use-after-free Read in udl_get_urb_timeout
dri
usb
|
C |
done |
|
142 |
791d |
821d
|
22/28 |
635d |
ed9605a66b62
Revert "drm/udl: Kill pending URBs at suspend and disconnect"
|
WARNING in kvm_arch_vcpu_ioctl_run (3)
kvm
|
C |
done |
error |
16157 |
636d |
2429d
|
22/28 |
635d |
ec6e4d863258
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
|
WARNING in kvm_mmu_notifier_invalidate_range_start (2)
kvm
|
C |
done |
|
14 |
962d |
975d
|
22/28 |
635d |
01e67e04c281
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
|
memory leak in dvb_usb_device_init
media
usb
|
syz |
|
|
1 |
741d |
911d
|
22/28 |
635d |
94d90fb06b94
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
|
BUG: using smp_processor_id() in preemptible code in tun_chr_write_iter
net
|
C |
done |
|
1834 |
975d |
984d
|
22/28 |
635d |
fc93db153b01
net: disable preemption in dev_core_stats_XXX_inc() helpers
|
upstream boot error: BUG: corrupted list in find_and_remove_object
mm
|
|
|
|
1 |
830d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
WARNING in cpuset_write_resmask
cgroups
|
C |
done |
done |
127 |
991d |
1057d
|
22/28 |
635d |
d068eebbd482
cgroup/cpuset: Make child cpusets restrict parents on v1 hierarchy
|
WARNING in f2fs_is_valid_blkaddr
f2fs
|
C |
done |
|
2562 |
904d |
1521d
|
22/28 |
635d |
dc2f78e2d4cc
f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
|
general protection fault in binder_alloc_new_buf
kernel
|
C |
error |
|
315 |
791d |
823d
|
22/28 |
635d |
1da52815d5f1
binder: fix alloc->vma_vm_mm null-ptr dereference
|
BUG: using smp_processor_id() in preemptible code in netdev_core_stats_alloc
net
|
C |
error |
|
2210 |
975d |
984d
|
22/28 |
635d |
fc93db153b01
net: disable preemption in dev_core_stats_XXX_inc() helpers
|
KASAN: use-after-free Read in remove_wait_queue (3)
kernfs
|
C |
inconclusive |
|
123 |
675d |
1100d
|
22/28 |
635d |
a06247c6804f
psi: Fix uaf issue when psi trigger is destroyed while being polled
|
KASAN: use-after-free Write in sctp_auth_shkey_hold (2)
sctp
|
C |
inconclusive |
|
7 |
787d |
786d
|
22/28 |
635d |
022152aaebe1
sctp: handle the error returned from sctp_auth_asoc_init_active_key
|
WARNING in ovs_dp_reset_user_features
openvswitch
|
C |
done |
|
3 |
754d |
770d
|
22/28 |
635d |
fd954cc1919e
openvswitch: switch from WARN to pr_warn
|
kernel BUG in ext4_ind_remove_space
ext4
|
C |
error |
done |
10 |
961d |
1011d
|
22/28 |
635d |
2da376228a24
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
|
linux-next boot error: WARNING: refcount bug in dvb_register_device
media
|
|
|
|
42 |
715d |
723d
|
22/28 |
635d |
3a664569b71b
media: dvbdev: fix refcnt bug
|
kernel BUG in f2fs_init_xattr_caches
f2fs
|
C |
|
|
24 |
791d |
814d
|
22/28 |
635d |
7e9c323c52b3
mm/slub: fix to return errno if kmalloc() fails
|
KASAN: use-after-free Read in hugetlb_fault
mm
|
C |
|
|
383 |
664d |
759d
|
22/28 |
635d |
04ada095dcfc
hugetlb: don't delete vma_lock in hugetlb MADV_DONTNEED processing
|
BUG: missing reserved tailroom
bpf
net
|
C |
done |
|
2 |
986d |
986d
|
22/28 |
635d |
b6f1f780b393
bpf, test_run: Fix packet size check for live packet mode
|
upstream boot error: stack segment fault in kvmalloc_node
wireless
|
|
|
|
1 |
830d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
general protection fault in smc_pnet_add (2)
net
s390
|
C |
inconclusive |
|
590 |
951d |
966d
|
22/28 |
635d |
d22f4f977236
net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
|
WARNING in ntfs_fill_super
ntfs3
|
C |
error |
|
20 |
716d |
780d
|
22/28 |
635d |
59bfd7a483da
fs/ntfs3: Use __GFP_NOWARN allocation at ntfs_fill_super()
|
WARNING: refcount bug in free_netdevs
rdma
|
|
|
|
3 |
709d |
712d
|
22/28 |
635d |
e42f9c2e6aad
RDMA: Add missed netdev_put() for the netdevice_tracker
|
possible deadlock in ___neigh_create
net
|
C |
error |
|
24 |
1021d |
1024d
|
22/28 |
635d |
4a81f6da9cb2
net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work
|
BUG: unable to handle kernel paging request in kernfs_put_active
kernfs
nilfs
|
C |
|
|
2 |
796d |
796d
|
22/28 |
635d |
2e488f13755f
fs: fix UAF/GPF bug in nilfs_mdt_destroy
|
KASAN: slab-out-of-bounds Read in ntfs_trim_fs
ntfs3
|
C |
done |
|
204 |
688d |
785d
|
22/28 |
635d |
557d19675a47
fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs
|
BUG: unable to handle kernel paging request in percpu_counter_add_batch
kernel
|
|
|
|
140 |
659d |
762d
|
22/28 |
635d |
64b4c411a6c7
ipc/msg.c: fix percpu_counter use after free
|
WARNING in pskb_expand_head
|
C |
done |
done |
222 |
749d |
1396d
|
22/28 |
635d |
dbae2b062824
net: skb: introduce and use a single page frag cache
|
KASAN: use-after-free Read in __tcf_qdisc_find
net
|
|
|
|
1 |
808d |
808d
|
22/28 |
635d |
ebda44da44f6
net: sched: fix race condition in qdisc_graft()
|
KCSAN: data-race in __ip4_datagram_connect / raw_bind (2)
net
|
|
|
|
1 |
1031d |
1030d
|
22/28 |
635d |
153a0d187e76
ipv4: raw: lock the socket in raw_bind()
|
general protection fault in llc_build_and_send_ui_pkt
net
|
C |
done |
|
26 |
969d |
972d
|
22/28 |
635d |
2d327a79ee17
llc: only change llc->dev when bind() succeeds
|
net-next test error: WARNING: suspicious RCU usage in hsr_node_get_first
net
|
|
|
|
189 |
1005d |
1014d
|
22/28 |
635d |
e7f27420681f
net: hsr: fix suspicious RCU usage warning in hsr_node_get_first()
|
KFENCE: memory corruption in p9_req_put
v9fs
|
|
|
|
2 |
732d |
735d
|
22/28 |
635d |
26273ade77f5
9p: set req refcount to zero to avoid uninitialized usage
|
general protection fault in llc_alloc_frame
net
|
|
|
|
1 |
971d |
971d
|
22/28 |
635d |
2d327a79ee17
llc: only change llc->dev when bind() succeeds
|
memory leak in kvm_vcpu_ioctl_set_cpuid2
kvm
|
C |
|
|
1 |
1033d |
1029d
|
22/28 |
635d |
811f95ff9527
KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}
|
BUG: unable to handle kernel paging request in can_rcv_filter
can
|
C |
|
|
5 |
718d |
715d
|
22/28 |
635d |
0acc442309a0
can: af_can: fix NULL pointer dereference in can_rcv_filter
|
general protection fault in ntfs_update_mftmirr
ntfs3
|
C |
error |
|
6680 |
820d |
944d
|
22/28 |
635d |
321460ca3b55
fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr
|
WARNING in tls_strp_done
net
|
C |
error |
|
22 |
825d |
829d
|
22/28 |
635d |
849f16bbfb68
tls: rx: react to strparser initialization errors
|
linux-next test error: general protection fault in xfrm_policy_lookup_bytype
net
|
|
|
|
15 |
728d |
730d
|
22/28 |
635d |
b97df039a68b
xfrm: Fix oops in __xfrm_state_delete()
|
WARNING in __set_page_dirty
nilfs
|
C |
error |
|
9 |
995d |
1219d
|
22/28 |
635d |
e897be17a441
nilfs2: fix lockdep warnings in page operations for btree nodes
|
KASAN: use-after-free Read in __post_watch_notification
kernel
|
C |
inconclusive |
|
1 |
849d |
847d
|
22/28 |
635d |
e64ab2dbd882
watch_queue: Fix missing locking in add_watch_to_object()
|
WARNING: locking bug in hfa384x_usbctlx_completion_task
staging
usb
|
C |
|
|
2 |
882d |
878d
|
22/28 |
635d |
ee6c6e734247
staging/wlan-ng: get the correct struct hfa384x in work callback
|
BUG: unable to handle kernel NULL pointer dereference in __rxe_do_task
rdma
|
syz |
|
|
120 |
762d |
830d
|
22/28 |
635d |
a625ca30eff8
RDMA/rxe: Fix "kernel NULL pointer dereference" error
|
KASAN: slab-out-of-bounds Write in __build_skb_around
bpf
net
|
C |
error |
|
2536 |
709d |
723d
|
22/28 |
635d |
ce098da1497c
skbuff: Introduce slab_build_skb()
|
general protection fault in end_page_writeback
mm
nilfs
|
C |
error |
done |
2 |
734d |
765d
|
22/28 |
635d |
512c5ca01a36
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
|
KASAN: use-after-free Read in add_wait_queue
fs
io-uring
|
C |
done |
done |
13 |
968d |
974d
|
22/28 |
635d |
d89a4fac0fbc
io_uring: fix assuming triggered poll waitqueue is the single poll
|
WARNING in sk_stream_kill_queues (8)
net
|
C |
unreliable |
|
4268 |
639d |
875d
|
22/28 |
635d |
e9c6e7976026
tcp: fix sock skb accounting in tcp_read_skb()
|
KMSAN: uninit-value in r871xu_drv_init
usb
|
C |
|
|
7342 |
883d |
1994d
|
22/28 |
635d |
0458e5428e5e
staging: rtl8712: fix uninit-value in r871xu_drv_init()
d1b57669732d
staging: rtl8712: fix uninit-value in usb_read8() and friends
|
KCSAN: data-race in register_netdevice / type_show (2)
x25
|
|
|
|
2 |
887d |
889d
|
22/28 |
635d |
cc26c2661fef
net: fix data-race in dev_isalive()
|
WARNING in fuse_write_file_get
fuse
|
C |
done |
|
85 |
822d |
950d
|
22/28 |
635d |
035ff33cf4db
fuse: write inode in fuse_release()
|
general protection fault in rose_send_frame (2)
hams
|
|
|
|
7 |
749d |
774d
|
22/28 |
635d |
e97c089d7a49
rose: Fix NULL pointer dereference in rose_send_frame()
|
WARNING in mroute_clean_tables
net
|
C |
|
|
10 |
994d |
1014d
|
22/28 |
635d |
5611a00697c8
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
|
general protection fault in pse_prepare_data
net
|
C |
inconclusive |
|
6 |
685d |
763d
|
22/28 |
635d |
46cdedf2a0fa
ethtool: pse-pd: fix null-deref on genl_info in dump
|
BUG: unable to handle kernel NULL pointer dereference in io_do_iopoll
fs
io-uring
|
C |
done |
|
3 |
919d |
918d
|
22/28 |
635d |
aa184e8671f0
io_uring: don't attempt to IOPOLL for MSG_RING requests
|
WARNING in btf_type_id_size
bpf
|
C |
done |
|
10 |
696d |
766d
|
22/28 |
635d |
ea68376c8bed
bpf: prevent decl_tag from being referenced in func_proto
|
KMSAN: uninit-value in bcmp
net
|
C |
error |
done |
907 |
671d |
1992d
|
22/28 |
635d |
4f1dc7d9756e
fs/ntfs3: Validate attribute name offset
|
KASAN: use-after-free Read in move_expired_inodes (2)
exfat
|
C |
done |
|
4 |
731d |
771d
|
22/28 |
635d |
4e3c51f4e805
fs: do not update freeing inode i_io_list
|
UBSAN: shift-out-of-bounds in tcf_pedit_init
net
|
C |
done |
|
59 |
916d |
923d
|
22/28 |
635d |
4d42d54a7d6a
net/sched: act_pedit: sanitize shift argument before usage
|
KASAN: use-after-free Read in ip6_fragment (2)
net
|
|
|
|
1 |
728d |
723d
|
22/28 |
635d |
803e84867de5
ipv6: avoid use-after-free in ip6_fragment()
|
general protection fault in llc_build_and_send_test_pkt
net
|
C |
done |
|
25 |
967d |
972d
|
22/28 |
635d |
2d327a79ee17
llc: only change llc->dev when bind() succeeds
|
KASAN: null-ptr-deref Write in snd_pcm_format_set_silence
sound
|
C |
unreliable |
|
8 |
812d |
957d
|
22/28 |
635d |
2f7a26abb824
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
|
BUG: corrupted list in rdma_listen (2)
rdma
|
C |
inconclusive |
|
5 |
1016d |
1082d
|
22/28 |
635d |
22e9f71072fa
RDMA/cma: Do not change route.addr.src_addr outside state checks
|
linux-next boot error: INFO: task hung in add_early_randomness (2)
crypto
|
|
|
|
14 |
897d |
902d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
WARNING in vhost_dev_cleanup (2)
kvm
net
virt
|
|
|
|
79 |
999d |
1008d
|
22/28 |
635d |
a58da53ffd70
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
|
possible deadlock in snd_hrtimer_callback (2)
fs
|
C |
inconclusive |
|
582 |
840d |
1106d
|
22/28 |
635d |
96b097091c66
ALSA: pcm: Use deferred fasync helper
95cc637c1afd
ALSA: timer: Use deferred fasync helper
|
KASAN: use-after-free Read in __kernfs_remove
|
C |
done |
|
3985 |
775d |
818d
|
22/28 |
635d |
4abc99652812
kernfs: fix use-after-free in __kernfs_remove
|
BUG: unable to handle kernel paging request in bitfill_aligned (3)
fbdev
|
C |
unreliable |
|
11 |
821d |
863d
|
22/28 |
635d |
a5a923038d70
fbdev: fbcon: Properly revert changes when vc_resize() failed
|
BUG: unable to handle kernel NULL pointer dereference in em_u32_match
net
|
C |
|
|
2 |
690d |
747d
|
22/28 |
635d |
9cd3fd2054c3
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
|
WARNING: ODEBUG bug in htab_map_alloc
bpf
|
C |
|
|
6456 |
778d |
803d
|
22/28 |
635d |
cf7de6a53600
bpf: add missing percpu_counter_destroy() in htab_map_alloc()
|
memory leak in ntfs_init_fs_context
ntfs3
|
C |
|
|
169 |
700d |
821d
|
22/28 |
635d |
51e76a232f8c
fs/ntfs3: Fix memory leak on ntfs_fill_super() error path
|
inconsistent lock state in p9_req_put
v9fs
|
|
|
|
181 |
777d |
828d
|
22/28 |
635d |
296ab4a81384
net/9p: use a dedicated spinlock for trans_fd
|
KCSAN: data-race in sit_tunnel_xmit / sit_tunnel_xmit
net
|
|
|
|
702 |
709d |
1806d
|
22/28 |
635d |
cb34b7cf17ec
ipv6/sit: use DEV_STATS_INC() to avoid data-races
|
KASAN: use-after-free Read in tipc_named_reinit (2)
tipc
|
|
|
|
1 |
936d |
933d
|
22/28 |
635d |
911600bf5a5e
tipc: fix use-after-free Read in tipc_named_reinit
|
kernel BUG in ext4_es_cache_extent
ext4
|
C |
inconclusive |
|
6 |
659d |
1018d
|
22/28 |
635d |
c878bea3c9d7
ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
|
WARNING in ip6erspan_tunnel_xmit
net
|
|
|
|
23 |
643d |
887d
|
22/28 |
635d |
301bd140ed0b
erspan: do not assume transport header is always set
|
BUG: sleeping function called from invalid context in vm_area_dup
kernel
|
C |
|
|
3 |
762d |
762d
|
22/28 |
635d |
d7c0e68dab98
mm/ksm: convert break_ksm() to use walk_page_range_vma()
|
BUG: sleeping function called from invalid context in kernfs_walk_and_get_ns
kernfs
|
C |
error |
|
196 |
764d |
770d
|
22/28 |
635d |
46307fd6e27a
cgroup: Reorganize css_set_lock and kernfs path processing
|
WARNING: refcount bug in rds_tcp_tune
rds
|
|
|
|
166 |
923d |
932d
|
22/28 |
635d |
6997fbd7a3da
net: rds: use maybe_get_net() when acquiring refcount on TCP sockets
|
KASAN: use-after-free Read in hugetlb_handle_userfault
mm
|
C |
|
|
4 |
780d |
804d
|
22/28 |
635d |
958f32ce832b
mm: hugetlb: fix UAF in hugetlb_handle_userfault
|
WARNING in iomap_read_inline_data
gfs2
iomap
|
C |
|
|
3 |
704d |
722d
|
22/28 |
635d |
70376c7ff312
gfs2: Always check inode size of inline inodes
|
general protection fault in skb_unlink
net
|
C |
done |
error |
8 |
804d |
2365d
|
22/28 |
635d |
5121197ecc5d
kcm: close race conditions on sk_receive_queue
|
memory leak in kvm_set_memslot
kvm
|
C |
|
|
1 |
919d |
919d
|
22/28 |
635d |
c87661f855c3
KVM: Free new dirty bitmap if creating a new memslot fails
|
upstream boot error: WARNING in wiphy_register
wireless
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
WARNING in sk_destruct
net
|
C |
done |
|
454 |
911d |
1038d
|
22/28 |
635d |
ebdc1a030962
tcp: add a missing sk_defer_free_flush() in tcp_splice_read()
|
BUG: unable to handle kernel paging request in eventfd_ctx_put
fs
|
C |
done |
|
7 |
760d |
788d
|
22/28 |
635d |
7353633814f6
KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()
|
KASAN: use-after-free Read in task_work_run (2)
kernel
|
C |
unreliable |
|
18 |
714d |
806d
|
22/28 |
635d |
517e6a301f34
perf: Fix perf_pending_task() UaF
|
KASAN: slab-out-of-bounds Read in ipvlan_queue_xmit
net
|
C |
error |
error |
8 |
998d |
1475d
|
22/28 |
635d |
81225b2ea161
ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
|
memory leak in do_seccomp (2)
kernel
|
C |
|
|
4 |
818d |
1367d
|
22/28 |
635d |
a1140cb215fa
seccomp: Move copy_seccomp() to no failure path.
|
WARNING in wdev_chandef
wireless
|
|
|
|
12 |
837d |
879d
|
22/28 |
635d |
206bbcf76121
wifi: nl80211: hold wdev mutex for tid config
|
KASAN: use-after-free Read in __io_remove_buffers
io-uring
|
C |
done |
|
2 |
838d |
834d
|
22/28 |
635d |
ec8516f3b7c4
io_uring: fix free of unallocated buffer list
|
kernel panic: corrupted stack end in packet_sendmsg
net
|
|
|
|
1 |
806d |
806d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
general protection fault in virtio_gpu_array_put_free
dri
virt
|
|
|
|
4 |
1045d |
1082d
|
22/28 |
635d |
6b79f96f4a23
drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free()
|
BUG: bad usercopy in bpf_prog_get_info_by_fd
hardening
mm
|
|
|
|
1 |
908d |
908d
|
22/28 |
635d |
10f3b29c65bb
bpf, arm64: Clear prog->jited_len along prog->jited
|
WARNING in tcp_ack (3)
net
|
|
|
|
16 |
902d |
960d
|
22/28 |
635d |
40570375356c
tcp: add accessors to read/set tp->snd_cwnd
|
WARNING in cfg80211_ch_switch_notify
wireless
|
C |
done |
|
744 |
836d |
879d
|
22/28 |
635d |
77e7b6ba78ed
wifi: cfg80211: handle IBSS in channel switch
|
WARNING in napi_complete_done
net
|
C |
error |
|
104 |
743d |
747d
|
22/28 |
635d |
07d120aa33cc
net: tun: call napi_schedule_prep() to ensure we own a napi
|
KCSAN: data-race in inet6_recvmsg / ipv6_setsockopt
net
|
|
|
|
1 |
1019d |
1016d
|
22/28 |
635d |
086d49058cd8
ipv6: annotate some data-races around sk->sk_prot
|
INFO: task hung in add_early_randomness (2)
usb
crypto
|
C |
done |
|
182 |
683d |
901d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
WARNING: kmalloc bug in bpf
bpf
|
C |
done |
done |
562 |
973d |
1091d
|
22/28 |
635d |
0708a0afe291
mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
|
possible deadlock in f2fs_write_checkpoint
f2fs
|
C |
done |
|
2208 |
995d |
1041d
|
22/28 |
635d |
c7f91bd41029
f2fs: Restore rwsem lockdep support
|
KASAN: use-after-free Read in xfs_qm_dqfree_one
xfs
|
syz |
|
|
7 |
707d |
716d
|
22/28 |
635d |
52f31ed22821
xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING
|
KMSAN: uninit-value in tomoyo_path_chown
fs
|
C |
|
|
13763 |
792d |
793d
|
22/28 |
635d |
f52d74b190f8
open: always initialize ownership fields
|
KMSAN: uninit-value in asix_check_host_enable
usb
|
C |
|
|
109 |
944d |
1001d
|
22/28 |
635d |
920a9fa27e78
net: asix: add proper error handling of usb read errors
|
WARNING in bpf_skb_load_helper_32
bpf
|
C |
done |
|
9 |
836d |
867d
|
22/28 |
635d |
0326195f523a
bpf: Make sure mac_header was set before using it
|
KASAN: use-after-free Read in ip6mr_sk_done
net
|
C |
done |
|
10988 |
750d |
1019d
|
22/28 |
635d |
7d9b1b578d67
ip6mr: fix use-after-free in ip6mr_sk_done()
|
WARNING in jfs_symlink
jfs
|
C |
|
|
12 |
757d |
767d
|
22/28 |
635d |
ebe060369f8d
jfs: Fix fortify moan in symlink
|
possible deadlock in btrfs_search_slot_get_root
btrfs
|
C |
|
|
5 |
725d |
745d
|
22/28 |
635d |
b740d8061669
btrfs: free btrfs_path before copying root refs to userspace
|
WARNING in component_del
dri
|
C |
done |
|
6 |
1016d |
1038d
|
22/28 |
635d |
c853685d11c0
usb: core: Unregister device on component_add() failure
|
WARNING: refcount bug in smc_pnet_add
net
s390
|
C |
done |
|
98 |
1005d |
1019d
|
22/28 |
635d |
28f922213886
net/smc: fix ref_tracker issue in smc_pnet_add()
|
KASAN: use-after-free Write in mini_qdisc_pair_swap (2)
net
|
|
|
|
24 |
644d |
1025d
|
22/28 |
635d |
04c2a47ffb13
net: sched: fix use-after-free in tc_new_tfilter()
|
KASAN: use-after-free Read in hdr_find_e
ntfs3
|
C |
done |
done |
66 |
643d |
785d
|
22/28 |
635d |
0e8235d28f3a
fs/ntfs3: Check fields while reading
|
possible deadlock in blkdev_put (3)
block
|
C |
|
|
870 |
912d |
984d
|
22/28 |
635d |
d292dc80686a
loop: don't destroy lo->workqueue in __loop_clr_fd
|
KASAN: use-after-free Read in filp_close
io-uring
fs
|
C |
done |
|
17 |
677d |
905d
|
22/28 |
635d |
40a1926022d1
fix the breakage in close_fd_get_file() calling conventions change
|
KMSAN: uninit-value in tcp_recvmsg
net
|
C |
|
|
25918 |
758d |
882d
|
22/28 |
635d |
1228b34c8d0e
net: clear msg_get_inq in __sys_recvfrom() and __copy_msghdr_from_user()
|
memory leak in smc_sysctl_net_init
net
s390
|
C |
|
|
8 |
967d |
972d
|
22/28 |
635d |
5ae6acf1d00b
net/smc: fix a memory leak in smc_sysctl_net_exit()
|
upstream boot error: BUG: unable to handle kernel paging request in blk_mq_get_tag
block
|
|
|
|
1 |
830d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
general protection fault in binder_alloc_print_pages
kernel
|
C |
error |
|
157 |
791d |
822d
|
22/28 |
635d |
1da52815d5f1
binder: fix alloc->vma_vm_mm null-ptr dereference
|
WARNING: refcount bug in put_gid_ndev
rdma
|
|
|
|
3 |
712d |
712d
|
22/28 |
635d |
e42f9c2e6aad
RDMA: Add missed netdev_put() for the netdevice_tracker
|
KASAN: null-ptr-deref Read in __free_pages
kernel
|
C |
inconclusive |
|
21 |
714d |
976d
|
22/28 |
635d |
a635415a064e
watch_queue: Fix NULL dereference in error cleanup
|
upstream boot error: INFO: task hung in add_early_randomness
crypto
|
|
|
|
125 |
893d |
900d
|
22/28 |
635d |
228432551bd8
virtio-rng: make device ready before making request
|
KASAN: use-after-free Read in net_tx_action
kernel
|
C |
inconclusive |
|
3 |
770d |
815d
|
22/28 |
635d |
ebda44da44f6
net: sched: fix race condition in qdisc_graft()
|
usb-testing boot error: kernel BUG in putname
fs
|
|
|
|
1 |
813d |
813d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
kernel panic: stack is corrupted in __kmalloc
sctp
integrity
lsm
|
|
|
|
4 |
640d |
894d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
WARNING in blk_mq_release
block
|
C |
error |
|
11 |
816d |
835d
|
22/28 |
635d |
aa0c680c3aa9
block: Do not call blk_put_queue() if gendisk allocation fails
|
WARNING in hif_usb_send/usb_submit_urb
wireless
|
C |
unreliable |
done |
374 |
716d |
1507d
|
22/28 |
635d |
16ef02bad239
wifi: ath9k: verify the expected usb_endpoints are present
|
BUG: Bad page map (5)
mm
io-uring
|
C |
|
|
35 |
676d |
934d
|
22/28 |
635d |
4d24de9425f7
mm: MADV_COLLAPSE: refetch vm_end after reacquiring mmap_lock
|
KASAN: use-after-free Read in mas_next_entry
fs
|
C |
error |
|
16 |
746d |
760d
|
22/28 |
635d |
59f2f4b8a757
fs/userfaultfd: Fix maple tree iterator in userfaultfd_unregister()
|
linux-next boot error: general protection fault in add_mtd_device
mtd
|
|
|
|
117 |
841d |
874d
|
22/28 |
635d |
7ec4cdb32173
mtd: core: check partition before dereference
|
memory leak in hidraw_report_event
input
usb
|
C |
|
|
1 |
911d |
910d
|
22/28 |
635d |
a5623a203cff
HID: hidraw: fix memory leak in hidraw_release()
|
upstream boot error: WARNING in alloc_workqueue
rdma
|
|
|
|
1 |
830d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
usb-testing boot error: WARNING in __netif_set_xps_queue
net
virt
|
|
|
|
57 |
753d |
765d
|
22/28 |
635d |
fc8695eb11f0
Revert "net: fix cpu_max_bits_warn() usage in netif_attrmask_next{,_and}"
|
KASAN: use-after-free Read in inet_bind2_bucket_find
io-uring
net
|
C |
done |
|
13 |
890d |
897d
|
22/28 |
635d |
593d1ebe00a4
Revert "net: Add a second bind table hashed by port and address"
|
INFO: task hung in p9_fd_close
v9fs
|
C |
error |
error |
484 |
745d |
1909d
|
22/28 |
635d |
ef575281b21e
9p/trans_fd: always use O_NONBLOCK read/write
|
KASAN: use-after-free Read in post_one_notification
kernel
|
C |
inconclusive |
|
19 |
775d |
975d
|
22/28 |
635d |
353f7988dd84
watchqueue: make sure to serialize 'wqueue->defunct' properly
|
memory leak in smc_create (2)
net
s390
|
C |
|
|
2 |
972d |
968d
|
22/28 |
635d |
1a74e9932374
net/smc: Fix sock leak when release after smc_shutdown()
|
general protection fault in kernel_accept (5)
tipc
|
|
|
|
1 |
789d |
785d
|
22/28 |
635d |
82cb4e4612c6
tipc: fix a null-ptr-deref in tipc_topsrv_accept
|
WARNING in bpf_bprintf_prepare (2)
bpf
|
C |
|
|
2 |
769d |
808d
|
22/28 |
635d |
05b24ff9b2cf
bpf: Prevent bpf program recursion for raw tracepoint probes
|
KASAN: use-after-free Read in driver_register
usb
|
C |
|
|
131 |
879d |
929d
|
22/28 |
635d |
5f0b5f4d50fa
usb: gadget: fix race when gadget driver register via ioctl
|
possible deadlock in __inet_inherit_port
net
|
C |
done |
|
85 |
673d |
734d
|
22/28 |
635d |
af295e854a4e
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
|
WARNING: suspicious RCU usage in nft_do_chain
netfilter
|
|
|
|
1 |
997d |
997d
|
22/28 |
635d |
17a8f31bba7b
netfilter: egress: silence egress hook lockdep splats
|
WARNING: kobject bug in erofs_unregister_sysfs
erofs
|
C |
done |
|
5 |
976d |
978d
|
22/28 |
635d |
a942da24abc5
fs: erofs: add sanity check for kobject in erofs_unregister_sysfs
|
KASAN: use-after-free Read in blk_mq_sched_free_rqs
block
|
C |
error |
|
8 |
883d |
932d
|
22/28 |
635d |
50e34d78815e
block: disable the elevator int del_gendisk
|
WARNING in cleanup_net
net
|
|
|
|
613 |
635d |
757d
|
22/28 |
635d |
d1e96cc4fbe0
mptcp: fix tracking issue in mptcp_subflow_create_socket()
|
general protection fault in ip6_tnl_xmit
net
|
|
|
|
1 |
1016d |
1016d
|
22/28 |
635d |
3a5f238f2b36
ip6_tunnel: fix possible NULL deref in ip6_tnl_xmit
|
KASAN: use-after-free Read in __snd_rawmidi_transmit_ack
sound
|
|
|
|
1 |
914d |
910d
|
22/28 |
635d |
0125de38122f
ALSA: usb-audio: Cancel pending work at closing a MIDI substream
|
WARNING in driver_unregister
input
usb
|
C |
|
|
1 |
912d |
908d
|
22/28 |
635d |
f2d8c2606825
usb: gadget: Fix non-unique driver names in raw-gadget driver
|
possible deadlock in sk_common_release
net
|
|
|
|
5 |
723d |
734d
|
22/28 |
635d |
af295e854a4e
l2tp: Don't sleep and disable BH under writer-side sk_callback_lock
|
KASAN: use-after-free Read in ieee80211_scan_rx (3)
wireless
|
|
|
|
10 |
832d |
940d
|
22/28 |
635d |
60deb9f10eec
wifi: mac80211: Fix UAF in ieee80211_scan_rx()
|
KASAN: use-after-free Read in LZ4_decompress_safe_partial
erofs
|
C |
done |
|
13 |
963d |
1118d
|
22/28 |
635d |
eafc0a02391b
lz4: fix LZ4_decompress_safe_partial read out of bound
|
KASAN: null-ptr-deref Write in kill_f2fs_super
f2fs
|
C |
error |
|
49 |
748d |
769d
|
22/28 |
635d |
91586ce0d39a
f2fs: fix to invalidate dcc->f2fs_issue_discard in error path
|
memory leak in setup_mq_sysctls
kernel
|
C |
|
|
2 |
713d |
884d
|
22/28 |
635d |
db7cfc380900
ipc: Free mq_sysctls if ipc namespace creation failed
|
UBSAN: array-index-out-of-bounds in io_submit_sqes
fs
|
|
|
|
4 |
904d |
904d
|
22/28 |
635d |
fcde59feb1af
io_uring: add io_op_defs 'def' pointer in req init and issue
|
kernel panic: stack is corrupted in sys_clock_nanosleep
kernel
|
|
|
|
2 |
813d |
895d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
kernel panic: corrupted stack end in inet6_ioctl
net
|
|
|
|
1 |
727d |
726d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
memory leak in vhci_write
bluetooth
|
C |
|
|
1 |
827d |
823d
|
22/28 |
635d |
7c9524d92964
Bluetooth: L2CAP: Fix memory leak in vhci_write
|
WARNING in btrfs_commit_transaction
btrfs
|
C |
inconclusive |
done |
3 |
656d |
749d
|
22/28 |
635d |
8bb808c6ad91
btrfs: don't print stack trace when transaction is aborted due to ENOMEM
|
general protection fault in kvm_arch_vcpu_ioctl
kvm
|
C |
inconclusive |
|
365 |
836d |
873d
|
22/28 |
635d |
f83894b24c2a
KVM: x86: Fix handling of APIC LVT updates when userspace changes MCG_CAP
|
kernel panic: corrupted stack end in loop_control_ioctl
fs
|
|
|
|
2 |
757d |
842d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
INFO: task hung in ath6kl_usb_power_off
wireless
|
|
|
|
7454 |
832d |
1598d
|
22/28 |
635d |
62ebaf2f9261
ath6kl: avoid flush_scheduled_work() usage
|
possible deadlock in nilfs_count_free_blocks
nilfs
|
C |
|
|
60 |
753d |
765d
|
22/28 |
635d |
8ac932a4921a
nilfs2: fix deadlock in nilfs_count_free_blocks()
|
kernel BUG at fs/ext4/inline.c:LINE!
ext4
|
C |
done |
done |
76 |
675d |
1498d
|
22/28 |
635d |
5c099c4fdc43
ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
|
INFO: trying to register non-static key in hci_uart_flush (2)
bluetooth
|
syz |
error |
error |
37 |
763d |
1905d
|
22/28 |
635d |
3124d320c22f
Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
|
possible deadlock in snd_timer_notify (2)
fs
|
|
|
|
151 |
840d |
1104d
|
22/28 |
635d |
95cc637c1afd
ALSA: timer: Use deferred fasync helper
|
WARNING: still has locks held in io_ring_submit_lock
fs
io-uring
|
C |
done |
|
3 |
920d |
920d
|
22/28 |
635d |
e7637a492b9f
io_uring: fix locking state for empty buffer group
|
INFO: rcu detected stall in mld_ifc_work
net
|
C |
inconclusive |
|
1 |
1011d |
1011d
|
22/28 |
635d |
5740d0689096
net: sched: limit TC_ACT_REPEAT loops
|
WARNING in aiptek_open/usb_submit_urb
usb
input
|
C |
error |
|
2380 |
971d |
1993d
|
22/28 |
635d |
5600f6986628
Input: aiptek - properly check endpoint type
|
WARNING: refcount bug in u32_destroy_key
net
|
|
|
|
1 |
953d |
953d
|
22/28 |
635d |
3db09e762dc7
net/sched: cls_u32: fix netns refcount changes in u32_change()
|
KASAN: use-after-free Read in ip_mc_sf_allow
net
|
|
|
|
1 |
937d |
937d
|
22/28 |
635d |
dba5bdd57bea
net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
|
WARNING: kmalloc bug in snd_pcm_plugin_alloc (2)
sound
|
C |
done |
|
2 |
984d |
980d
|
22/28 |
635d |
efb6402c3c4a
ALSA: oss: Fix PCM OSS buffer allocation overflow
|
WARNING in __queue_work (3)
kernel
|
syz |
error |
|
953 |
736d |
1570d
|
22/28 |
635d |
877afadad2dc
Bluetooth: When HCI work queue is drained, only queue chained work
|
general protection fault in fq_codel_enqueue (3)
net
|
C |
inconclusive |
|
5 |
873d |
1118d
|
22/28 |
635d |
fd1894224407
bpf: Don't redirect packets with invalid pkt_len
|
KCSAN: data-race in fib_alias_hw_flags_set / fib_alias_hw_flags_set
net
|
|
|
|
1 |
1013d |
1010d
|
22/28 |
635d |
9fcf986cc4bc
ipv4: fix data races in fib_alias_hw_flags_set
|
KASAN: invalid-free in io_clean_op
io-uring
|
C |
|
|
13 |
770d |
787d
|
22/28 |
635d |
4c17a496a7a0
io_uring/net: fix cleanup double free free_iov init
|
WARNING in check_map_prog_compatibility
bpf
|
C |
inconclusive |
done |
128 |
787d |
950d
|
22/28 |
635d |
34dd3bad1a6f
bpf: Relax the requirement to use preallocated hash maps in tracing progs.
|
INFO: trying to register non-static key in __fib6_clean_all (2)
net
|
|
|
|
3 |
772d |
796d
|
22/28 |
635d |
5daadc86f27e
net: tun: Fix use-after-free in tun_detach()
|
upstream boot error: BUG: unable to handle kernel paging request in tomoyo_encode
tomoyo
|
|
|
|
1 |
828d |
828d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
WARNING: bad unlock balance in rxrpc_do_sendmsg
afs
net
|
C |
inconclusive |
|
14 |
840d |
1045d
|
22/28 |
635d |
b0f571ecd794
rxrpc: Fix locking in rxrpc's sendmsg
|
memory leak in tun_chr_open
net
|
C |
|
|
1 |
804d |
804d
|
22/28 |
635d |
1118b2049d77
net: tun: Fix memory leaks of napi_get_frags
|
possible deadlock in snd_pcm_period_elapsed (3)
sound
|
C |
inconclusive |
|
23 |
832d |
1058d
|
22/28 |
635d |
96b097091c66
ALSA: pcm: Use deferred fasync helper
|
upstream boot error: general protection fault in blk_mq_alloc_and_init_hctx
block
|
|
|
|
1 |
830d |
830d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
memory leak in blk_mq_init_tags
block
usb
|
C |
|
|
2 |
962d |
969d
|
22/28 |
635d |
03252259e18e
scsi: sd: Clean up gendisk if device_add_disk() failed
|
general protection fault in udpv6_sendmsg
net
|
C |
error |
|
69 |
731d |
741d
|
22/28 |
635d |
6423ac2eb31e
rxrpc: Fix oops from calling udpv6_sendmsg() on AF_INET socket
|
general protection fault in erofs_bread
erofs
|
C |
error |
|
3 |
752d |
762d
|
22/28 |
635d |
e5126de138ca
erofs: fix general protection fault when reading fragment
|
kernel panic: corrupted stack end in handle_mm_fault
riscv
|
|
|
|
1 |
896d |
896d
|
22/28 |
635d |
b81d591386c3
riscv: Increase stack size under KASAN
|
WARNING in ieee80211_ibss_csa_beacon
wireless
|
C |
error |
|
4997 |
635d |
1504d
|
22/28 |
635d |
15bc8966b6d3
wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
|
INFO: task hung in synchronize_rcu (3)
|
C |
done |
done |
374 |
645d |
1582d
|
22/28 |
635d |
2d08935682ac
KVM: x86: Don't re-acquire SRCU lock in complete_emulated_io()
|
possible deadlock in start_this_handle (3)
ext4
|
|
|
|
8 |
672d |
860d
|
22/28 |
635d |
68aaee147e59
mm: memcontrol: fix potential oom_lock recursion deadlock
|
WARNING in static_key_slow_try_dec (3)
kernel
|
C |
|
|
26 |
647d |
806d
|
22/28 |
635d |
921ebde3c0d2
netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
|
upstream boot error: BUG: unable to handle kernel paging request in __init_work
pm
|
|
|
|
1 |
829d |
829d
|
22/28 |
635d |
9993a4f989c7
virtio: Revert "virtio: find_vqs() add arg sizes"
|
KASAN: slab-out-of-bounds Read in decrypt_internal
net
|
C |
inconclusive |
done |
4 |
958d |
1048d
|
22/28 |
635d |
9381fe8c849c
net/tls: fix slab-out-of-bounds bug in decrypt_internal
|
INFO: task hung in __input_unregister_device (4)
usb
input
|
C |
done |
|
924 |
808d |
873d
|
22/28 |
635d |
98e01215708b
Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
|
possible deadlock in __f2fs_ioctl
f2fs
|
|
|
|
17 |
680d |
712d
|
22/28 |
679d |
5eaac835f27f
f2fs: fix to avoid potential deadlock
|
general protection fault in __ext4_journal_get_write_access
fuse
ext4
|
C |
done |
done |
7 |
1471d |
1520d
|
22/28 |
736d |
384d87ef2c95
block: Do not discard buffers under a mounted filesystem
|
WARNING in sco_sock_sendmsg
mm
|
C |
inconclusive |
|
2 |
1176d |
1176d
|
22/28 |
770d |
0771cbb3b97d
Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
|
WARNING in ipvlan_unregister_nf_hook
net
|
C |
done |
done |
4151 |
1084d |
1720d
|
22/28 |
792d |
f123cffdd8fe
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
|
WARNING: ODEBUG bug in bt_host_release
bluetooth
|
syz |
done |
done |
7 |
1318d |
1571d
|
22/28 |
792d |
e2cb6b891ad2
bluetooth: eliminate the potential race condition when removing the HCI controller
|
WARNING: suspicious RCU usage (5)
|
C |
done |
|
1 |
891d |
887d
|
20/28 |
880d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
general protection fault in sock_close
net
|
syz |
done |
unreliable |
2 |
1545d |
1542d
|
20/28 |
910d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
WARNING in dev_change_net_namespace
net
|
syz |
done |
done |
8 |
1096d |
1744d
|
20/28 |
916d |
f123cffdd8fe
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
|
general protection fault in hci_inquiry_result_with_rssi_evt
bluetooth
|
C |
done |
|
17 |
1049d |
1073d
|
20/28 |
916d |
72279d17df54
Bluetooth: hci_event: Rework hci_inquiry_result_with_rssi_evt
|
general protection fault in __loop_clr_fd
block
|
C |
done |
|
5702 |
1692d |
1720d
|
20/28 |
916d |
87579e9b7d8d
loop: use worker per cgroup instead of kworker
|
WARNING in rtnl_dellink
net
|
C |
done |
done |
94 |
1043d |
1554d
|
20/28 |
922d |
f123cffdd8fe
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
|
INFO: task hung in linkwatch_event (2)
net
|
C |
done |
done |
1033 |
941d |
1666d
|
20/28 |
922d |
563fbefed46a
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
|
BUG: unable to handle kernel paging request in bitfill_aligned (2)
fbdev
|
C |
inconclusive |
done |
26 |
1056d |
1464d
|
20/28 |
922d |
0499f419b76f
video: vga16fb: Only probe for EGA and VGA 16 color graphic cards
|
WARNING in drm_gem_shmem_vm_open
|
syz |
done |
done |
38 |
1055d |
1189d
|
20/28 |
922d |
0499f419b76f
video: vga16fb: Only probe for EGA and VGA 16 color graphic cards
|
INFO: task hung in usb_get_descriptor
|
C |
done |
done |
4149 |
984d |
1506d
|
20/28 |
922d |
363eaa3a450a
usbip: synchronize event handler with sysfs code paths
|
general protection fault in ieee80211_chanctx_num_assigned
wireless
|
C |
inconclusive |
done |
15 |
1072d |
1506d
|
20/28 |
922d |
563fbefed46a
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
|
general protection fault in xfrm_user_rcv_msg_compat
net
|
C |
unreliable |
done |
1543 |
1203d |
1415d
|
20/28 |
922d |
4e9505064f58
net/xfrm/compat: Copy xfrm_spdattr_type_t atributes
|
KASAN: slab-out-of-bounds Read in add_adv_patterns_monitor
bluetooth
|
C |
error |
done |
5 |
1372d |
1392d
|
20/28 |
923d |
b4a221ea8a1f
Bluetooth: advmon offload MSFT add rssi support
|
KASAN: use-after-free Read in ext4_xattr_set_entry (4)
ext4
|
C |
error |
done |
21 |
1003d |
1390d
|
20/28 |
968d |
6e47a3cc68fc
ext4: get rid of super block and sbi from handle_mount_ops()
|
KASAN: out-of-bounds Read in ath9k_hif_usb_rx_cb (3)
wireless
usb
|
C |
unreliable |
done |
7 |
1012d |
1415d
|
20/28 |
980d |
6ce708f54cc8
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
|
KASAN: slab-out-of-bounds Write in betop_probe
input
usb
|
C |
unreliable |
|
9 |
1189d |
1745d
|
20/28 |
980d |
689e453a9b9c
HID: betop: fix slab-out-of-bounds Write in betop_probe
HID: betop: fix slab-out-of-bounds Write in betop_probe
|
possible deadlock in scheduler_tick
kvm
|
C |
error |
|
99 |
1326d |
1337d
|
20/28 |
980d |
a83829f56c7c
KVM: x86: disable interrupts while pvclock_gtod_sync_lock is taken
8228c77d8b56
KVM: x86: switch pvclock_gtod_sync_lock to a raw spinlock
|
WARNING in mptcp_sendmsg_frag
mptcp
|
C |
inconclusive |
|
6 |
1156d |
1163d
|
20/28 |
980d |
efe686ffce01
mptcp: ensure tx skbs always have the MPTCP ext
mptcp: ensure tx skbs always have the MPTCP ext
|
KMSAN: uninit-value in dvb_usb_adapter_dvb_init (2)
usb
media
|
C |
|
|
34 |
1249d |
1464d
|
20/28 |
980d |
c5453769f77c
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
899a61a3305d
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
|
possible deadlock in cgroup_rstat_updated
cgroups
|
|
|
|
1 |
1140d |
1136d
|
20/28 |
980d |
3c08b0931eed
blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu
blk-cgroup: blk_cgroup_bio_start() should use irq-safe operations on blkg->iostat_cpu
|
BUG: sleeping function called from invalid context in __might_resched
serial
|
C |
inconclusive |
|
9 |
1103d |
1106d
|
20/28 |
988d |
1ee33b1ca2b8
tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
|
WARNING in cgroup_finalize_control
|
syz |
done |
done |
9 |
1126d |
1654d
|
20/28 |
988d |
7ee285395b21
cgroup: Make rebind_subsystems() disable v2 controllers all at once
|
KASAN: use-after-free Read in snd_mixer_oss_get_volume1
sound
|
C |
inconclusive |
|
1 |
1131d |
1127d
|
20/28 |
988d |
411cef6adfb3
ALSA: mixer: oss: Fix racy access to slots
|
memory leak in blk_iolatency_init
block
cgroups
|
C |
|
|
833 |
988d |
1164d
|
20/28 |
988d |
6f5ddde41069
blkcg: fix memory leak in blk_iolatency_init
|
possible deadlock in ktime_get_coarse_ts64
kernel
|
|
|
|
1 |
1113d |
1112d
|
20/28 |
988d |
5e0bc3082e2e
bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs
|
memory leak in __mdiobus_register
usb
|
C |
|
|
1 |
1156d |
1152d
|
20/28 |
988d |
ab609f25d198
net: mdiobus: Fix memory leak in __mdiobus_register
ca6e11c337da
phy: mdio: fix memory leak
|
WARNING in dst_release (3)
net
|
|
|
|
3 |
991d |
1072d
|
20/28 |
988d |
e28587cc491e
sit: do not call ipip6_dev_free() from sit_init_net()
|
WARNING in ref_tracker_dir_exit
|
C |
done |
|
16271 |
1044d |
1073d
|
20/28 |
988d |
34ac17ecbf57
ethtool: use ethnl_parse_header_dev_put()
|
WARNING in ovl_create_real
overlayfs
|
C |
unreliable |
|
164 |
1109d |
1177d
|
20/28 |
988d |
1f5573cfe7a7
ovl: fix warning in ovl_create_real()
|
KCSAN: data-race in call_rcu / rcu_gp_kthread
fs
|
|
|
|
1 |
1227d |
1227d
|
20/28 |
988d |
2431774f04d1
rcu: Mark accesses to rcu_state.n_force_qs
|
WARNING: kmalloc bug in hash_ip_create
netfilter
|
C |
done |
|
641 |
1147d |
1174d
|
20/28 |
988d |
7bbc3d385bd8
netfilter: ipset: Fix oversized kvmalloc() calls
|
KCSAN: data-race in __neigh_event_send / ip_finish_output2 (3)
net
|
|
|
|
1 |
1125d |
1122d
|
20/28 |
988d |
d18785e21386
net: annotate data-race in neigh_output()
|
general protection fault in unregister_vlan_dev
net
|
|
|
|
1 |
1087d |
1087d
|
20/28 |
988d |
34ac17ecbf57
ethtool: use ethnl_parse_header_dev_put()
|
possible deadlock in __loop_clr_fd (3)
block
|
|
|
|
2972 |
1043d |
1106d
|
20/28 |
988d |
6050fa4c84cc
loop: don't hold lo_mutex during __loop_clr_fd()
|
WARNING in __i2c_transfer (2)
i2c
|
C |
done |
|
337 |
1053d |
1101d
|
20/28 |
988d |
bb436283e25a
i2c: validate user data in compat ioctl
|
KCSAN: data-race in flush_tlb_batched_pending / try_to_unmap_one
mm
|
|
|
|
2 |
1043d |
1098d
|
20/28 |
988d |
5ee2fa2f0636
mm/rmap: fix potential batched TLB flush race
|
WARNING in sta_info_insert_rcu
|
C |
done |
done |
2533 |
1082d |
1518d
|
20/28 |
988d |
a6555f844549
mac80211: Drop frames from invalid MAC address in ad-hoc mode
|
KASAN: use-after-free Read in __crypto_xor
crypto
|
C |
done |
|
9 |
1144d |
1175d
|
20/28 |
988d |
68b6dea802ce
crypto: pcrypt - Delay write to padata->info
da353fac65fe
net/tls: Fix flipped sign in tls_err_abort() calls
|
KMSAN: uninit-value in legacy_dvb_usb_read_remote_control
media
usb
|
C |
|
|
186 |
1098d |
1439d
|
20/28 |
988d |
afae4ef7d5ad
media: dvb-usb: fix ununit-value in az6027_rc_query
|
KMSAN: kernel-infoleak in move_addr_to_user (6)
tipc
|
C |
|
|
4 |
1028d |
1066d
|
20/28 |
988d |
d6d86830705f
net ticp:fix a kernel-infoleak in __tipc_sendmsg()
|
memory leak in bsg_register_queue
usb
|
C |
|
|
1 |
1171d |
1167d
|
20/28 |
988d |
1a0db7744e45
scsi: bsg: Fix device unregistration
|
KASAN: use-after-free Read in nft_table_lookup (2)
netfilter
|
syz |
done |
|
1 |
1168d |
1164d
|
20/28 |
988d |
a499b03bf36b
netfilter: nf_tables: unlink table before deleting it
|
memory leak in reg_copy_regd
wireless
|
C |
|
|
1 |
1222d |
1218d
|
20/28 |
988d |
e53e9828a8d2
cfg80211: always free wiphy specific regdomain
|
divide error in usbnet_start_xmit
usb
|
C |
|
|
760 |
1112d |
1129d
|
20/28 |
988d |
397430b50a36
usbnet: sanity check for maxpacket
|
KASAN: null-ptr-deref Write in dst_release (3)
net
|
|
|
|
2 |
1070d |
1070d
|
20/28 |
988d |
e28587cc491e
sit: do not call ipip6_dev_free() from sit_init_net()
|
KASAN: use-after-free Read in srcu_invoke_callbacks
block
|
syz |
error |
|
4 |
1032d |
1044d
|
20/28 |
988d |
850fd2abbe02
block: cleanup q->srcu
|
KCSAN: data-race in bond_alb_init_slave / bond_alb_monitor
net
|
|
|
|
1 |
1086d |
1086d
|
20/28 |
988d |
dac8e00fb640
bonding: make tx_rebalance_counter an atomic
|
KMSAN: kernel-infoleak in _copy_to_iter (6)
net
|
C |
|
|
748 |
988d |
1077d
|
20/28 |
988d |
71ddeac8cd1d
inet_diag: fix kernel-infoleak for UDP sockets
|
KMSAN: kernel-infoleak in ucma_init_qp_attr
rdma
|
|
|
|
1 |
1061d |
1051d
|
20/28 |
988d |
b35a0f4dd544
RDMA/core: Don't infoleak GRH fields
|
WARNING: ODEBUG bug in qdisc_create
net
|
C |
done |
|
6 |
1157d |
1184d
|
20/28 |
988d |
a56d447f196f
net/sched: sch_taprio: properly cancel timer from taprio_destroy()
|
WARNING: suspicious RCU usage in xfrm_set_default
net
|
C |
done |
|
20 |
1151d |
1156d
|
20/28 |
988d |
93ec1320b017
xfrm: fix rcu lock in xfrm_notify_userpolicy()
|
WARNING: refcount bug in rx_queue_release
net
|
|
|
|
12 |
1090d |
1104d
|
20/28 |
988d |
34ac17ecbf57
ethtool: use ethnl_parse_header_dev_put()
|
KASAN: slab-out-of-bounds Write in usb_hcd_poll_rh_status (2)
usb
|
C |
inconclusive |
|
116 |
1051d |
1534d
|
20/28 |
988d |
1d7d4c07932e
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
|
general protection fault in io_uring_register
fs
io-uring
|
syz |
done |
|
1 |
1168d |
1164d
|
20/28 |
988d |
41d3a6bd1d37
io_uring: pin SQPOLL data before unlocking ring lock
|
kmsan boot error: KMSAN: uninit-value in tcp_child_process
net
|
|
|
|
48 |
1073d |
1084d
|
20/28 |
988d |
03cfda4fa6ea
tcp: fix another uninit-value (sk_rx_queue_mapping)
|
bpf-next test error: WARNING: refcount bug in ref_tracker_free
mptcp
|
|
|
|
110 |
1056d |
1073d
|
20/28 |
988d |
1d2f3d3c6268
mptcp: adjust to use netns refcount tracker
|
kmsan boot error: KMSAN: uninit-value in tcp_conn_request
net
|
|
|
|
27 |
1086d |
1086d
|
20/28 |
988d |
a37a0ee4d25c
net: avoid uninit-value from tcp_conn_request
|
bpf-next boot error: KASAN: global-out-of-bounds Read in task_iter_init
bpf
|
|
|
|
42 |
1104d |
1108d
|
20/28 |
988d |
9e2ad638ae36
bpf: Extend BTF_ID_LIST_GLOBAL with parameter for number of IDs
|
KCSAN: data-race in netlink_insert / netlink_sendmsg (4)
net
|
|
|
|
88 |
1140d |
1221d
|
20/28 |
988d |
7707a4d01a64
netlink: annotate data races around nlk->bound
|
INFO: trying to register non-static key in mxl111sf_ctrl_msg
usb
media
|
C |
|
|
73 |
1943d |
2047d
|
20/28 |
988d |
44870a9e7a3c
media: mxl111sf: change mutex_init() location
|
KMSAN: uninit-value in __mpol_equal (3)
mm
|
|
|
|
13 |
1126d |
1150d
|
20/28 |
988d |
6d2aec9e123b
mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind()
|
KASAN: use-after-free Write in io_queue_worker_create
fs
io-uring
|
C |
unreliable |
|
132 |
1071d |
1080d
|
20/28 |
988d |
71a85387546e
io-wq: check for wq exit after adding new worker task_work
e47498afeca9
io-wq: remove spurious bit clear on task_work addition
|
BUG: sleeping function called from invalid context in ref_tracker_alloc
net
|
|
|
|
1 |
1072d |
1072d
|
20/28 |
988d |
8b40a9d53d4f
ipv6: use GFP_ATOMIC in rt6_probe()
|
general protection fault in gro_cells_destroy (2)
net
|
|
|
|
2 |
1041d |
1058d
|
20/28 |
988d |
e28587cc491e
sit: do not call ipip6_dev_free() from sit_init_net()
|
KASAN: null-ptr-deref Write in sock_setsockopt
net
|
C |
|
|
45 |
1006d |
1113d
|
20/28 |
988d |
d00c8ee31729
net: fix possible NULL deref in sock_reserve_memory
|
possible deadlock in io_flush_timeouts
fs
|
|
|
|
5 |
1089d |
1090d
|
20/28 |
988d |
6af3f48bf615
io_uring: fix link traversal locking
|
general protection fault in rcu_segcblist_enqueue
kvm
|
C |
done |
done |
368 |
1171d |
1235d
|
20/28 |
988d |
eb7511bf9182
KVM: x86: Handle SRCU initialization failure during page track init
|
WARNING in atp_close (3)
input
|
C |
|
|
125 |
1052d |
1145d
|
20/28 |
988d |
9f3ccdc3f6ef
Input: appletouch - initialize work before device registration
|
WARNING: refcount bug in ip6gre_exit_batch_net
net
|
|
|
|
2 |
1099d |
1101d
|
20/28 |
988d |
34ac17ecbf57
ethtool: use ethnl_parse_header_dev_put()
|
KASAN: use-after-free Read in netlbl_catmap_walk
net
lsm
|
C |
inconclusive |
|
1 |
1183d |
1183d
|
20/28 |
988d |
0817534ff9ea
smackfs: Fix use-after-free in netlbl_catmap_walk()
|
WARNING in page_counter_cancel (3)
mm
|
C |
done |
|
22 |
1045d |
1095d
|
20/28 |
988d |
269bda9e7da4
mptcp: Check reclaim amount before reducing allocation
|
KCSAN: data-race in __nf_conntrack_alloc / __nf_conntrack_find_get (3)
netfilter
|
|
|
|
2 |
1080d |
1079d
|
20/28 |
988d |
802a7dc5cf1b
netfilter: conntrack: annotate data-races around ct->timeout
|
KMSAN: uninit-value in ppp_send_frame
ppp
|
C |
|
|
5 |
1031d |
1052d
|
20/28 |
988d |
44073187990d
ppp: ensure minimum packet size in ppp_write()
|
KASAN: out-of-bounds Write in virtio_gpu_cmd_set_scanout
dri
virt
|
|
|
|
1 |
1114d |
1114d
|
20/28 |
988d |
5bd4f20de8ac
virtio-gpu: fix possible memory allocation failure
|
general protection fault in bpf_skb_cgroup_id
bpf
net
|
C |
inconclusive |
|
107 |
1145d |
1160d
|
20/28 |
988d |
435b08ec0094
bpf, test, cgroup: Use sk_{alloc,free} for test cases
|
general protection fault in inet_csk_accept
net
|
C |
done |
|
8 |
1077d |
1076d
|
20/28 |
988d |
b0cdc5dbcf2b
mptcp: never allow the PM to close a listener subflow
|
KCSAN: data-race in sbitmap_queue_clear / sbitmap_queue_clear (3)
block
|
|
|
|
5 |
1116d |
1122d
|
20/28 |
988d |
9f8b93a7df4d
sbitmap: silence data race warning
|
KASAN: null-ptr-deref Write in rhashtable_free_and_destroy (2)
wireless
|
C |
unreliable |
|
38 |
1052d |
1318d
|
20/28 |
988d |
8b5cb7e41d9d
mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
|
KASAN: use-after-free Read in tcp_v4_early_demux
net
|
|
|
|
1 |
1070d |
1070d
|
20/28 |
988d |
8f905c0e7354
inet: fully convert sk->sk_rx_dst to RCU rules
|
WARNING: kmalloc bug in snd_pcm_plugin_alloc
sound
|
|
|
|
4 |
1009d |
1091d
|
20/28 |
988d |
9d2479c96087
ALSA: pcm: oss: Fix negative period/buffer sizes
8839c8c0f77a
ALSA: pcm: oss: Limit the period size to 16MB
|
general protection fault in set_task_ioprio
block
|
C |
done |
|
19 |
1065d |
1066d
|
20/28 |
988d |
a957b61254a7
block: fix error in handling dead task for ioprio setting
|
INFO: task hung in disconnect_work
wireless
|
C |
inconclusive |
done |
3 |
1099d |
1373d
|
20/28 |
988d |
563fbefed46a
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
|
INFO: trying to register non-static key in ath9k_htc_rxep
wireless
|
C |
unreliable |
|
9896 |
1042d |
1616d
|
20/28 |
988d |
b0ec7e55fce6
ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
|
WARNING in nested_vmx_vmexit
kvm
|
C |
done |
|
101 |
1064d |
1081d
|
20/28 |
988d |
a80dfc025924
KVM: VMX: Always clear vmx->fail on emulation_required
|
WARNING in __get_free_pages
mm
|
|
|
|
21 |
1044d |
1103d
|
20/28 |
988d |
545a32498c53
floppy: Add max size check for user space request
|
KASAN: invalid-free in security_tun_dev_free_security
selinux
|
syz |
error |
error |
346 |
1064d |
1406d
|
20/28 |
988d |
158b515f703e
tun: avoid double free in tun_free_netdev
|
KCSAN: data-race in unix_inflight / wait_for_unix_gc (3)
net
|
|
|
|
1 |
1055d |
1041d
|
20/28 |
988d |
9d6d7f1cb67c
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
|
INFO: task hung in io_uring_del_tctx_node
io-uring
fs
|
C |
unreliable |
|
37 |
990d |
1154d
|
20/28 |
988d |
8bab4c09f24e
io_uring: allow conditional reschedule for intensive iterators
|
KASAN: use-after-free Read in __isofs_iget
isofs
|
C |
inconclusive |
|
2 |
1136d |
1132d
|
20/28 |
988d |
e96a1866b405
isofs: Fix out of bound access for corrupted isofs image
|
linux-next boot error: general protection fault in blk_mq_free_request
block
|
|
|
|
6 |
1128d |
1128d
|
20/28 |
988d |
e0d78afeb8d1
block: fix too broad elevator check in blk_mq_free_request()
|
WARNING: ODEBUG bug in really_probe
kernel
|
|
|
|
1 |
1058d |
1052d
|
20/28 |
988d |
33812fc7c8d7
HID: magicmouse: Fix an error handling path in magicmouse_probe()
|
INFO: trying to register non-static key in l2cap_sock_teardown_cb
bluetooth
|
C |
done |
done |
88 |
1116d |
1419d
|
20/28 |
988d |
1bff51ea59a9
Bluetooth: fix use-after-free error in lock_sock_nested()
|
KASAN: use-after-free Read in cipso_v4_doi_add
lsm
net
|
|
|
|
1 |
1133d |
1128d
|
20/28 |
988d |
0934ad42bb2c
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
|
KASAN: invalid-free in packet_set_ring
net
|
C |
inconclusive |
|
4 |
1074d |
1074d
|
20/28 |
988d |
ec6af094ea28
net/packet: rx_owner_map depends on pg_vec
|
KASAN: use-after-free Read in disk_release_events
block
fuse
|
syz |
inconclusive |
|
1 |
1076d |
1072d
|
20/28 |
988d |
99d8690aae4b
block: fix error unwinding in device_add_disk
|
WARNING: ODEBUG bug in corrupted (2)
usb
input
|
C |
error |
|
2 |
1058d |
1269d
|
20/28 |
988d |
33812fc7c8d7
HID: magicmouse: Fix an error handling path in magicmouse_probe()
|
KASAN: use-after-free Read in rtl8712_dl_fw
usb
staging
|
C |
|
|
6961 |
1104d |
1128d
|
20/28 |
988d |
c052cc1a069c
staging: rtl8712: fix use-after-free in rtl8712_dl_fw
|
general protection fault in cgroup_sk_free
cgroups
|
C |
error |
|
2727 |
1146d |
1160d
|
20/28 |
988d |
78cc316e9583
bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt
|
general protection fault in bpf_skb_ancestor_cgroup_id
bpf
net
|
C |
unreliable |
|
232 |
1144d |
1160d
|
20/28 |
988d |
435b08ec0094
bpf, test, cgroup: Use sk_{alloc,free} for test cases
|
WARNING in loop_add
|
C |
done |
error |
64 |
1103d |
1917d
|
20/28 |
988d |
278167fd2f8f
block: add __must_check for *add_disk*() callers
|
kernel BUG in kvm_read_guest_offset_cached
kvm
|
|
|
|
11 |
1087d |
1094d
|
20/28 |
988d |
8503fea6761d
KVM: VMX: do not use uninitialized gfn_to_hva_cache
|
linux-next test error: WARNING: refcount bug in ref_tracker_free
mptcp
|
|
|
|
12 |
1071d |
1072d
|
20/28 |
988d |
1d2f3d3c6268
mptcp: adjust to use netns refcount tracker
|
INFO: rcu detected stall in fq_pie_timer
net
|
C |
error |
|
35 |
1029d |
1246d
|
20/28 |
988d |
61c2402665f1
net/sched: fq_pie: prevent dismantle issue
|
INFO: rcu detected stall in sys_recvmmsg
mptcp
|
C |
done |
|
52 |
1024d |
1156d
|
20/28 |
988d |
612f71d7328c
mptcp: fix possible stall on recvmsg()
|
general protection fault in nldev_stat_set_doit (2)
rdma
|
|
|
|
12 |
1094d |
1102d
|
20/28 |
988d |
d821f7c13ca0
RDMA/nldev: Check stat attribute before accessing it
|
WARNING in vmx_queue_exception
kvm
|
|
|
|
8 |
999d |
1061d
|
20/28 |
988d |
fc4fad79fc3d
KVM: VMX: Reject KVM_RUN if emulation is required with pending exception
|
WARNING: refcount bug in netdev_run_todo
net
|
|
|
|
5 |
1090d |
1100d
|
20/28 |
988d |
34ac17ecbf57
ethtool: use ethnl_parse_header_dev_put()
|
KASAN: use-after-free Write in io_submit_one
fs
|
C |
done |
|
11 |
1075d |
1113d
|
20/28 |
988d |
75feae73a280
block: fix single bio async DIO error handling
|
general protection fault in free_percpu
net
|
syz |
unreliable |
done |
80 |
1056d |
1323d
|
20/28 |
988d |
158b515f703e
tun: avoid double free in tun_free_netdev
|
WARNING: kmalloc bug in hash_net_create
netfilter
|
C |
done |
|
283 |
1147d |
1174d
|
20/28 |
988d |
7bbc3d385bd8
netfilter: ipset: Fix oversized kvmalloc() calls
|
possible deadlock in snd_mixer_oss_ioctl1
sound
|
C |
done |
|
149 |
1120d |
1124d
|
20/28 |
988d |
3ab799201845
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
|
WARNING in kvm_mmu_notifier_invalidate_range_start
kvm
|
C |
done |
|
19 |
997d |
1058d
|
20/28 |
988d |
d6aba4c8e20d
hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()
|
KCSAN: data-race in call_rcu / rcu_gp_fqs_loop
fs
|
|
|
|
1 |
1124d |
1122d
|
20/28 |
988d |
2431774f04d1
rcu: Mark accesses to rcu_state.n_force_qs
|
inconsistent lock state in io_poll_remove_all
fs
|
|
|
|
63 |
1088d |
1090d
|
20/28 |
988d |
6af3f48bf615
io_uring: fix link traversal locking
|
WARNING: lock held when returning to user space in tcp_setsockopt (2)
net
|
C |
done |
done |
6 |
1062d |
1067d
|
20/28 |
988d |
b29fcfb54cd7
mptcp: full disconnect implementation
|
general protection fault in sctp_rcv
sctp
|
|
|
|
2 |
1154d |
1157d
|
20/28 |
988d |
f7e745f8e944
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
|
possible deadlock in dquot_commit
ext4
|
C |
unreliable |
|
41 |
1079d |
1379d
|
20/28 |
988d |
4013d47a5307
ext4: make sure to reset inode lockdep class when quota enabling fails
|
WARNING in tcf_chain0_head_change_cb_del (3)
net
|
C |
inconclusive |
|
107 |
1072d |
1207d
|
20/28 |
988d |
ab443c539167
sch_cake: do not call cake_destroy() from cake_init()
|
WARNING in inc_nlink (2)
fs
|
C |
inconclusive |
done |
21 |
988d |
1325d
|
20/28 |
988d |
97f044f690ba
fuse: don't increment nlink in link()
|
WARNING in rtl92cu_hw_init
wireless
|
|
|
|
1 |
1088d |
1084d
|
20/28 |
988d |
8b144dedb928
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
|
possible deadlock in io_worker_cancel_cb
fs
io-uring
|
C |
done |
|
9 |
1069d |
1074d
|
20/28 |
988d |
d800c65c2d4e
io-wq: drop wqe lock before creating new worker
|
WARNING: ODEBUG bug in batadv_v_ogm_free
batman
|
C |
done |
done |
6 |
1122d |
1140d
|
20/28 |
988d |
6f68cd634856
net: batman-adv: fix error handling
|
general protection fault in sock_release (2)
net
|
|
|
|
1 |
1076d |
1076d
|
20/28 |
988d |
34ac17ecbf57
ethtool: use ethnl_parse_header_dev_put()
|
WARNING in ieee80211_parse_tx_radiotap
wireless
|
|
|
|
2 |
1165d |
1163d
|
20/28 |
988d |
13cb6d826e0a
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
|
WARNING in nbd_dev_add (2)
block
|
|
|
|
4 |
1105d |
1102d
|
20/28 |
988d |
278167fd2f8f
block: add __must_check for *add_disk*() callers
|
KMSAN: kernel-usb-infoleak in usbnet_write_cmd (3)
usb
|
C |
|
|
256 |
1006d |
1050d
|
20/28 |
988d |
d668769eb9c5
net: mcs7830: handle usb read errors properly
|
KMSAN: uninit-value in ppp_async_push (2)
ppp
|
C |
|
|
323 |
1008d |
1079d
|
20/28 |
988d |
44073187990d
ppp: ensure minimum packet size in ppp_write()
|
BUG: unable to handle kernel paging request in dev_fetch_sw_netstats
net
|
|
|
|
1 |
1068d |
1068d
|
20/28 |
988d |
158b515f703e
tun: avoid double free in tun_free_netdev
|
WARNING in free_netdev
net
|
|
|
|
4080 |
1002d |
1044d
|
20/28 |
988d |
fcfb894d5952
net: bridge: fix net device refcount tracking issue in error path
|
WARNING: suspicious RCU usage in __dev_queue_xmit
batman
|
C |
done |
|
635 |
1045d |
1045d
|
20/28 |
988d |
6316136ec6e3
netfilter: egress: avoid a lockdep splat
|
WARNING in nsim_dev_reload_destroy
net
|
C |
done |
|
2895 |
1119d |
1124d
|
20/28 |
988d |
fb9d19c2d844
Revert "devlink: Remove not-executed trap group notifications"
|
KASAN: use-after-free Read in blk_mq_sched_tags_teardown
block
usb
|
C |
done |
|
6 |
1125d |
1123d
|
20/28 |
988d |
8bdf7b3fe1f4
blk-mq-sched: Don't reference queue tagset in blk_mq_sched_tags_teardown()
|
net-next test error: WARNING: refcount bug in ref_tracker_free
mptcp
|
|
|
|
12 |
1072d |
1072d
|
20/28 |
988d |
1d2f3d3c6268
mptcp: adjust to use netns refcount tracker
|
KASAN: null-ptr-deref Write in l2cap_chan_put
bluetooth
|
syz |
done |
done |
7 |
1120d |
1565d
|
20/28 |
988d |
1bff51ea59a9
Bluetooth: fix use-after-free error in lock_sock_nested()
|
INFO: trying to register non-static key in ath9k_wmi_event_tasklet
wireless
usb
|
C |
unreliable |
|
7 |
1079d |
1255d
|
20/28 |
988d |
8b3046abc99e
ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()
|
KASAN: use-after-free Read in free_netdev (2)
net
|
C |
done |
done |
1715 |
1086d |
1720d
|
20/28 |
988d |
f123cffdd8fe
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
|
INFO: task hung in set_current_rng
crypto
usb
|
C |
unreliable |
done |
1 |
1115d |
1233d
|
20/28 |
988d |
2bb31abdbe55
hwrng: virtio - don't wait on cleanup
|
general protection fault in fuse_test_super
fuse
|
C |
error |
|
32 |
995d |
1163d
|
20/28 |
988d |
80019f113832
fuse: always initialize sb->s_fs_info
|
memory leak in mgmt_cmd_complete
bluetooth
|
C |
|
|
3 |
1184d |
1283d
|
20/28 |
988d |
709fca500067
Bluetooth: hci_sock: purge socket queues in the destruct() callback
|
WARNING: refcount bug in linkwatch_do_dev
net
|
|
|
|
74 |
1082d |
1108d
|
20/28 |
988d |
123e495ecc25
net: linkwatch: be more careful about dev->linkwatch_dev_tracker
|
general protection fault in tls_init
net
|
|
|
|
1 |
1088d |
1082d
|
20/28 |
988d |
404cd9a22150
mptcp: remove tcp ulp setsockopt support
|
KMSAN: uninit-value in ieee80211_sta_tx_notify (2)
wireless
|
|
|
|
283 |
1006d |
1096d
|
20/28 |
988d |
d5e568c3a4ec
mac80211: track only QoS data frames for admission control
|
kernel BUG at net/core/dev.c:LINE! (4)
|
C |
done |
done |
432 |
1072d |
1459d
|
20/28 |
988d |
f123cffdd8fe
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
|
WARNING: refcount bug in sys_memfd_secret
mm
|
C |
done |
done |
4217 |
1122d |
1125d
|
20/28 |
988d |
87066fdd2e30
Revert "mm/secretmem: use refcount_t instead of atomic_t"
|
WARNING: refcount bug in in_dev_finish_destroy (2)
net
|
|
|
|
42 |
1090d |
1104d
|
20/28 |
988d |
34ac17ecbf57
ethtool: use ethnl_parse_header_dev_put()
|
KMSAN: uninit-value in ax88772a_hw_reset
usb
|
C |
|
|
94 |
1006d |
1094d
|
20/28 |
988d |
8035b1a2a37a
asix: fix uninit-value in asix_mdio_read()
|
general protection fault in smc_pnet_add
net
s390
|
|
|
|
578 |
988d |
1044d
|
20/28 |
988d |
7b9b1d449a7c
net/smc: fix possible NULL deref in smc_pnet_add_eth()
|
WARNING in __put_net
net
|
|
|
|
5215 |
1031d |
1044d
|
20/28 |
988d |
cb963a19d99f
net: sched: do not allocate a tracker in tcf_exts_init()
|
WARNING: kmalloc bug in nf_tables_newset
netfilter
|
C |
done |
|
95 |
1146d |
1174d
|
20/28 |
988d |
45928afe94a0
netfilter: nf_tables: Fix oversized kvmalloc() calls
|
WARNING in kvm_mmu_uninit_tdp_mmu
kvm
|
|
|
|
3 |
1024d |
1107d
|
20/28 |
988d |
3a0f64de479c
KVM: x86/mmu: Don't advance iterator after restart due to yielding
|
KCSAN: data-race in skb_queue_tail / unix_dgram_poll (4)
net
|
|
|
|
2 |
1166d |
1171d
|
20/28 |
988d |
04f08eb44b50
net/af_unix: fix a data-race in unix_dgram_poll
|
WARNING in static_key_slow_try_dec (2)
kernel
|
C |
unreliable |
|
5417 |
1127d |
1195d
|
20/28 |
988d |
f7d8a19f9a05
Revert "KVM: x86: Open code necessary bits of kvm_lapic_set_base() at vCPU RESET"
|
UBSAN: shift-out-of-bounds in __qdisc_calculate_pkt_len
net
|
C |
unreliable |
|
5660 |
1147d |
1444d
|
20/28 |
988d |
b193e15ac69d
net: prevent user from passing illegal stab size
|
WARNING in emulate_vsyscall
kernel
|
C |
done |
done |
3890 |
1151d |
1332d
|
20/28 |
988d |
d4ffd5df9d18
x86/fault: Fix wrong signal when vsyscall fails with pkey
|
WARNING: kmalloc bug in hash_mac_create
netfilter
|
C |
done |
|
11 |
1167d |
1172d
|
20/28 |
988d |
7bbc3d385bd8
netfilter: ipset: Fix oversized kvmalloc() calls
|
KASAN: use-after-free Read in nft_set_destroy
netfilter
|
|
|
|
1 |
1073d |
1073d
|
20/28 |
988d |
0f7d9b31ce7a
netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()
|
BUG: unable to handle kernel paging request in __blk_mq_alloc_requests
io-uring
block
|
C |
unreliable |
|
107 |
1107d |
1115d
|
20/28 |
988d |
a22c00be90de
block: assign correct tag before doing prefetch of request
|
WARNING in ieee80211_vif_release_channel (2)
wireless
|
C |
done |
|
5 |
1063d |
1066d
|
20/28 |
988d |
87a270625a89
mac80211: fix locking in ieee80211_start_ap error path
|
KASAN: use-after-free Read in unmap_page_range (2)
mm
|
C |
unreliable |
|
4 |
1098d |
1116d
|
20/28 |
988d |
337546e83fc7
mm/oom_kill.c: prevent a race between process_mrelease and exit_mmap
|
general protection fault in dev_get_by_index_rcu (2)
bpf
net
|
C |
error |
|
18 |
1048d |
1048d
|
20/28 |
988d |
382778edc826
xdp: check prog type before updating BPF link
|
possible deadlock in fuse_reverse_inval_entry
fuse
|
C |
error |
|
1 |
1170d |
1196d
|
20/28 |
988d |
bda9a71980e0
fuse: annotate lock in fuse_reverse_inval_entry()
|
BUG: sleeping function called from invalid context in copy_huge_page
mm
|
|
|
|
1 |
1139d |
1135d
|
20/28 |
988d |
a4aeaa06d45e
mm: khugepaged: skip huge page collapse for special files
|
INFO: rcu detected stall in snd_seq_write (2)
sound
|
syz |
done |
|
21 |
1104d |
1116d
|
20/28 |
988d |
6fadb494a638
ALSA: seq: Set upper limit of processed events
|
possible deadlock in md_open
raid
|
C |
unreliable |
|
2844 |
1151d |
1184d
|
20/28 |
988d |
7df835a32a8b
md: fix a lock order reversal in md_alloc
|
INFO: task hung in io_uring_try_cancel_requests
fs
io-uring
|
C |
error |
|
41 |
1077d |
1119d
|
20/28 |
988d |
f75d118349be
io_uring: harder fdinfo sq/cq ring iterating
|
WARNING in io_try_cancel_userdata (2)
fs
|
|
|
|
1 |
1095d |
1091d
|
20/28 |
988d |
617a89484deb
io_uring: fail cancellation for EXITING tasks
|
possible deadlock in blkdev_put (2)
block
|
C |
done |
|
502 |
988d |
1089d
|
20/28 |
988d |
322c4293ecc5
loop: make autoclear operation asynchronous
|
INFO: rcu detected stall in dummy_timer (3)
usb
|
C |
error |
|
132 |
1002d |
1590d
|
20/28 |
988d |
476db72e5219
media: mceusb: return without resubmitting URB in case of -EPROTO error.
|
WARNING in page_counter_uncharge
mm
|
C |
done |
done |
2 |
1057d |
1057d
|
20/28 |
988d |
269bda9e7da4
mptcp: Check reclaim amount before reducing allocation
|
KMSAN: uninit-value in asix_mdio_read (2)
usb
|
C |
|
|
1075 |
988d |
1068d
|
20/28 |
988d |
8035b1a2a37a
asix: fix uninit-value in asix_mdio_read()
|
WARNING in __dev_set_promiscuity
net
|
C |
done |
|
11 |
1150d |
1153d
|
20/28 |
988d |
a5b8fd657881
net: dev_addr_list: handle first address in __hw_addr_add_ex
|
WARNING in signalfd_cleanup
fs
io-uring
|
C |
done |
|
201 |
1035d |
1050d
|
20/28 |
988d |
791f3465c4af
io_uring: fix UAF due to missing POLLFREE handling
|
inconsistent lock state in kmem_cache_alloc_trace
kernel
|
|
|
|
36 |
1071d |
1073d
|
20/28 |
988d |
8b40a9d53d4f
ipv6: use GFP_ATOMIC in rt6_probe()
|
INFO: task can't die in blk_mq_freeze_queue_wait
block
|
|
|
|
221 |
1094d |
1102d
|
20/28 |
988d |
95febeb61bf8
block: fix missing queue put in error path
|
BUG: sleeping function called from invalid context in hci_cmd_sync_cancel
usb
net
|
C |
done |
|
28 |
1064d |
1078d
|
20/28 |
988d |
744451c162a5
Bluetooth: hci_sync: Push sync command cancellation to workqueue
|
general protection fault in percpu_ref_put
cgroups
|
C |
done |
|
412 |
1147d |
1157d
|
20/28 |
988d |
78cc316e9583
bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt
|
UBSAN: array-index-out-of-bounds in llc_sap_add_socket
net
|
|
|
|
1 |
1114d |
1114d
|
20/28 |
988d |
8ac9dfd58b13
llc: fix out-of-bound array index in llc_sk_dev_hash()
|
KMSAN: uninit-value in fat_subdirs
exfat
|
|
|
|
1 |
1065d |
1048d
|
20/28 |
988d |
3ee859e384d4
block: Fix wrong offset in bio_truncate()
|
WARNING: refcount bug in j1939_netdev_start (2)
can
|
syz |
error |
error |
51 |
1127d |
1773d
|
20/28 |
988d |
d9d52a3ebd28
can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
|
net-next test error: WARNING in devlink_nl_region_notify
net
|
|
|
|
24 |
1148d |
1146d
|
20/28 |
988d |
ef91abfb20c7
devlink: Add missed notifications iterators
|
INFO: rcu detected stall in newstat
fs
usb
|
C |
unreliable |
done |
4 |
1082d |
1205d
|
20/28 |
988d |
476db72e5219
media: mceusb: return without resubmitting URB in case of -EPROTO error.
|
KCSAN: data-race in fib_create_info / free_fib_info
net
|
|
|
|
1 |
1061d |
1041d
|
20/28 |
988d |
0a6e6b3c7db6
ipv4: update fib_info_cnt under spinlock protection
|
BUG: spinlock bad magic in synchronize_srcu
kvm
|
C |
done |
done |
3254 |
1150d |
1520d
|
20/28 |
988d |
eb7511bf9182
KVM: x86: Handle SRCU initialization failure during page track init
|
INFO: task hung in do_proc_bulk
usb
|
syz |
inconclusive |
|
8 |
1115d |
1180d
|
20/28 |
988d |
ae8709b296d8
USB: core: Make do_proc_control() and do_proc_bulk() killable
|
BUG: sleeping function called from invalid context in tipc_crypto_start
net
|
C |
done |
done |
6 |
1066d |
1073d
|
20/28 |
988d |
f845fe5819ef
Revert "tipc: use consistent GFP flags"
|
INFO: task can't die in __bio_queue_enter
block
|
|
|
|
185 |
1094d |
1101d
|
20/28 |
988d |
10f7335e3627
blk-mq: don't grab ->q_usage_counter in blk_mq_sched_bio_merge
|
general protection fault in ref_tracker_alloc
net
|
C |
done |
|
679 |
1044d |
1073d
|
20/28 |
988d |
0976b888a150
ethtool: fix null-ptr-deref on ref tracker
|
WARNING: suspicious RCU usage in ref_tracker_alloc
net
|
|
|
|
17 |
1071d |
1073d
|
20/28 |
988d |
8b40a9d53d4f
ipv6: use GFP_ATOMIC in rt6_probe()
|
INFO: task hung in io_uring_cancel_generic (2)
io-uring
fs
|
C |
done |
|
97 |
1072d |
1099d
|
20/28 |
988d |
78a780602075
io_uring: ensure task_work gets run as part of cancelations
|
WARNING in perf_pending_event
perf
|
C |
error |
|
3 |
1112d |
1107d
|
20/28 |
988d |
73743c3b0922
perf: Ignore sigtrap for tracepoints destined for other tasks
|
INFO: rcu detected stall in io_wqe_worker (2)
fs
io-uring
|
C |
done |
|
2 |
1121d |
1121d
|
20/28 |
988d |
c5e0321e43de
Revert "devlink: Remove not-executed trap policer notifications"
|
WARNING: kmalloc bug in bpf_check
bpf
|
C |
done |
|
34 |
1162d |
1174d
|
20/28 |
988d |
0e6491b55970
bpf: Add oversize check before call kvcalloc()
|
INFO: task can't die in nf_ct_iterate_cleanup (2)
netfilter
|
|
|
|
1 |
1161d |
1161d
|
20/28 |
988d |
e9edc188fc76
netfilter: conntrack: serialize hash resizes and cleanups
|
general protection fault in cgroup_file_write
cgroups
|
|
|
|
15 |
1057d |
1111d
|
20/28 |
988d |
e57457641613
cgroup: Use open-time cgroup namespace for process migration perm checks
|
WARNING in hrtimer_forward
kernel
|
C |
done |
done |
217 |
1033d |
1517d
|
20/28 |
988d |
313bbd1990b6
mac80211-hwsim: fix late beacon hrtimer handling
|
KMSAN: uninit-value in kvm_cpuid
kvm
|
C |
|
|
22 |
1122d |
1146d
|
20/28 |
988d |
e8a747d0884e
KVM: x86: Swap order of CPUID entry "index" vs. "significant flag" checks
|
kernel panic: smack: Failed to initialize cipso DOI.
lsm
|
C |
done |
error |
128 |
1115d |
1696d
|
20/28 |
988d |
f91488ee15bd
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
|
KMSAN: uninit-value in p9pdu_readf
v9fs
|
|
|
|
14 |
1023d |
1138d
|
20/28 |
988d |
27eb4c3144f7
9p/net: fix missing error check in p9_check_errors
|
UBSAN: shift-out-of-bounds in qfq_init_qdisc
net
|
|
|
|
1 |
1054d |
1054d
|
20/28 |
988d |
7d18a07897d0
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
|
KMSAN: uninit-value in pneigh_fill_info
net
|
C |
|
|
14 |
1076d |
1080d
|
20/28 |
988d |
e195e9b5dee6
net, neigh: clear whole pneigh_entry at alloc time
|
KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit (5)
net
|
|
|
|
1 |
1095d |
1093d
|
20/28 |
988d |
7a10d8c810cf
net: annotate data-races on txq->xmit_lock_owner
|
WARNING in z_erofs_lz4_decompress
erofs
|
C |
|
|
2 |
1122d |
1124d
|
20/28 |
988d |
a0961f351d82
erofs: don't trigger WARN() when decompression fails
|
KASAN: use-after-free Read in sixpack_close
hams
|
C |
done |
|
879 |
1097d |
1102d
|
20/28 |
988d |
81b1d548d00b
hamradio: remove needs_free_netdev to avoid UAF
|
KMSAN: uninit-value in from_kuid
kernel
|
|
|
|
10 |
1012d |
1089d
|
20/28 |
988d |
3cb6ee991496
9p: only copy valid iattrs in 9P2000.L setattr implementation
|
WARNING in chnl_net_uninit (2)
net
|
|
|
|
1 |
1166d |
1166d
|
20/28 |
988d |
550ac9c1aaaa
net-caif: avoid user-triggerable WARN_ON(1)
|
INFO: rcu detected stall in ieee80211_tasklet_handler
wireless
|
C |
error |
done |
74 |
1152d |
1432d
|
20/28 |
988d |
313bbd1990b6
mac80211-hwsim: fix late beacon hrtimer handling
|
UBSAN: shift-out-of-bounds in nl802154_new_interface
wpan
|
C |
inconclusive |
done |
879 |
1090d |
1367d
|
20/28 |
988d |
451dc48c806a
net: ieee802154: handle iftypes as u32
|
WARNING in batadv_v_ogm_free
batman
|
|
|
|
1 |
1126d |
1126d
|
20/28 |
988d |
6f68cd634856
net: batman-adv: fix error handling
|
possible deadlock in wake_up_all_idle_cpus
perf
|
C |
done |
|
14 |
1125d |
1132d
|
20/28 |
988d |
96611c26dc35
sched: Improve wake_up_all_idle_cpus() take #2
|
KMSAN: uninit-value in snd_rawmidi_ioctl
sound
|
C |
|
|
1506 |
1006d |
1068d
|
20/28 |
988d |
39a8fc4971a0
ALSA: rawmidi - fix the uninitalized user_pversion
|
KASAN: slab-out-of-bounds Read in hci_le_meta_evt (2)
bluetooth
|
C |
inconclusive |
|
2 |
1116d |
1116d
|
20/28 |
988d |
3a56ef719f0b
Bluetooth: stop proccessing malicious adv data
|
general protection fault in nfc_alloc_send_skb
net
nfc
|
C |
done |
|
2 |
1056d |
1050d
|
20/28 |
988d |
dded08927ca3
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
|
BUG: corrupted list in em28xx_init_extension
usb
media
|
C |
error |
|
18 |
1219d |
1763d
|
20/28 |
988d |
2c98b8a3458d
media: em28xx: add missing em28xx_close_extension
|
possible deadlock in mptcp_close
mptcp
|
C |
done |
|
931 |
1146d |
1157d
|
20/28 |
988d |
49054556289e
net: introduce and use lock_sock_fast_nested()
|
INFO: rcu detected stall in syscall_exit_to_user_mode
cgroups
mm
|
|
|
|
78 |
1000d |
1181d
|
20/28 |
988d |
313bbd1990b6
mac80211-hwsim: fix late beacon hrtimer handling
|
BUG: unable to handle kernel NULL pointer dereference in fifo_set_limit
net
|
C |
error |
|
1 |
1147d |
1147d
|
20/28 |
988d |
560ee196fe9e
net_sched: fix NULL deref in fifo_set_limit()
|
possible deadlock in smc_switch_to_fallback
net
s390
|
|
|
|
43575 |
1077d |
1097d
|
20/28 |
988d |
7a61432dc813
net/smc: Avoid warning of possible recursive locking
|
general protection fault in ieee80211_assign_vif_chanctx
wireless
|
C |
inconclusive |
|
4 |
1126d |
1384d
|
20/28 |
988d |
563fbefed46a
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
|
WARNING in rtnl_stats_get
net
|
C |
unreliable |
|
31 |
1115d |
1304d
|
20/28 |
988d |
0854a0513321
net: bridge: fix under estimation in br_get_linkxstats_size()
|
KASAN: use-after-free Read in rxe_queue_cleanup
rdma
|
|
|
|
65 |
1070d |
1097d
|
20/28 |
988d |
84b01721e804
RDMA: Fix use-after-free in rxe_queue_cleanup
|
kernel BUG at net/phonet/socket.c:LINE!
net
|
C |
inconclusive |
|
168 |
1065d |
1685d
|
20/28 |
988d |
75a2f3152009
phonet/pep: refuse to enable an unbound pipe
|
possible deadlock in io_poll_double_wake (3)
io-uring
fs
|
C |
error |
done |
703 |
1044d |
1317d
|
20/28 |
988d |
aa43477b0402
io_uring: poll rework
|
KASAN: use-after-free Read in nf_tables_dump_sets
netfilter
|
syz |
done |
done |
1 |
1170d |
1199d
|
20/28 |
988d |
a499b03bf36b
netfilter: nf_tables: unlink table before deleting it
|
KASAN: use-after-free Read in __lock_sock
sctp
|
syz |
done |
error |
26 |
1380d |
2195d
|
20/28 |
988d |
5ec7d18d1813
sctp: use call_rcu to free endpoint
|
KCSAN: data-race in __inet_hash_connect / inet_getname
net
|
|
|
|
1 |
1147d |
1121d
|
20/28 |
988d |
9dfc685e0262
inet: remove races in inet{6}_getname()
|
UBSAN: array-index-out-of-bounds in ktime_mono_to_any
kernel
|
|
|
|
4 |
1107d |
1109d
|
20/28 |
988d |
6dc25401cba4
net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any
|
KMSAN: uninit-value in fib_get_nhs
net
|
C |
|
|
14 |
1006d |
1077d
|
20/28 |
988d |
7a3429bace0e
ipv4: Check attribute length for RTA_GATEWAY in multipath route
|
WARNING in sk_stream_kill_queues (7)
net
|
C |
|
|
6689 |
989d |
1107d
|
20/28 |
988d |
c4777efa751d
net: add and use skb_unclone_keeptruesize() helper
|
WARNING in batadv_nc_mesh_free
batman
|
C |
inconclusive |
|
1 |
1126d |
1126d
|
20/28 |
988d |
6f68cd634856
net: batman-adv: fix error handling
|
KASAN: use-after-free Read in vlan_dev_real_dev (2)
net
|
C |
error |
|
7 |
1125d |
1136d
|
20/28 |
988d |
563bcbae3ba2
net: vlan: fix a UAF in vlan_dev_real_dev()
|
WARNING in cache_grow_begin
net
|
|
|
|
2 |
1035d |
1036d
|
20/28 |
988d |
c12837d1bb31
ref_tracker: use __GFP_NOFAIL more carefully
|
KASAN: null-ptr-deref Write in __pm_runtime_resume
pm
|
C |
done |
|
108 |
1002d |
1181d
|
20/28 |
988d |
2fc7acb69fa3
Bluetooth: hci_uart: fix GPF in h5_recv
|
UBSAN: shift-out-of-bounds in xfrm_get_default
net
|
C |
done |
|
104 |
1140d |
1178d
|
20/28 |
988d |
3c10ffddc61f
net: xfrm: fix shift-out-of-bounds in xfrm_get_default
|
WARNING in new_slab
mm
|
C |
inconclusive |
|
2 |
1035d |
1066d
|
20/28 |
988d |
c12837d1bb31
ref_tracker: use __GFP_NOFAIL more carefully
|
INFO: task hung in hwrng_register
crypto
usb
|
syz |
unreliable |
done |
1 |
1135d |
1191d
|
20/28 |
988d |
2bb31abdbe55
hwrng: virtio - don't wait on cleanup
|
WARNING in ref_tracker_free
net
|
C |
done |
|
14831 |
1045d |
1073d
|
20/28 |
988d |
123e495ecc25
net: linkwatch: be more careful about dev->linkwatch_dev_tracker
|
WARNING in bpf_warn_invalid_xdp_action
|
C |
done |
done |
8941 |
1045d |
1764d
|
20/28 |
988d |
2cbad989033b
bpf: Do not WARN in bpf_warn_invalid_xdp_action()
|
INFO: rcu detected stall in br_multicast_query_expired
kernel
|
C |
inconclusive |
|
2 |
1065d |
1065d
|
20/28 |
988d |
f83a112bd91a
net: bridge: mcast: add and enforce startup query interval minimum
|
unregister_netdevice: waiting for DEV to become free (6)
|
C |
error |
|
13128 |
988d |
1107d
|
20/28 |
988d |
34ac17ecbf57
ethtool: use ethnl_parse_header_dev_put()
|
KMSAN: uninit-value in udf_evict_inode (2)
udf
|
|
|
|
13 |
1020d |
1073d
|
20/28 |
988d |
f05f2429eec6
udf: Fix error handling in udf_new_inode()
|
KMSAN: uninit-value in _ieee802_11_parse_elems_crc
wireless
|
|
|
|
1 |
1083d |
1076d
|
20/28 |
988d |
768c0b19b506
mac80211: validate extended element ID is present
|
WARNING in trc_read_check_handler
kernel
|
C |
unreliable |
done |
40 |
1115d |
1203d
|
20/28 |
988d |
96017bf90397
rcu-tasks: Simplify trc_read_check_handler() atomic operations
|
WARNING: held lock freed in spi_unregister_controller
spi
usb
|
C |
inconclusive |
|
251 |
1088d |
1128d
|
20/28 |
988d |
6c53b45c71b4
spi: fix use-after-free of the add_lock mutex
|
kernel BUG in find_lock_entries
mm
|
C |
done |
|
10 |
1036d |
1199d
|
20/28 |
988d |
d417b49fff3e
mm/filemap.c: remove bogus VM_BUG_ON
|
inconsistent lock state in netlink_broadcast_filtered
net
|
|
|
|
1 |
1121d |
1121d
|
20/28 |
988d |
f941eadd8d6d
bpf: Avoid races in __bpf_prog_run() for 32bit arches
|
WARNING in __nf_unregister_net_hook (4)
netfilter
|
C |
error |
|
66 |
990d |
1320d
|
20/28 |
988d |
68a3765c659f
netfilter: nf_tables: skip netdev events generated on netns removal
|
WARNING in gnet_stats_add_basic
net
|
C |
done |
|
14 |
1129d |
1129d
|
20/28 |
988d |
e22db7bd552f
net: sched: Allow statistics reads from softirq.
|
WARNING in isotp_tx_timer_handler
can
|
C |
error |
|
1553 |
988d |
1431d
|
20/28 |
988d |
9acf636215a6
can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()
|
general protection fault in hrtimer_active (3)
kernel
|
syz |
done |
error |
34 |
1023d |
1328d
|
20/28 |
988d |
e28587cc491e
sit: do not call ipip6_dev_free() from sit_init_net()
|
INFO: task hung in io_wqe_worker
fs
io-uring
|
C |
unreliable |
|
3 |
1130d |
1126d
|
20/28 |
988d |
1d5f5ea7cb7d
io-wq: remove worker to owner tw dependency
|
BUG: corrupted list in netif_napi_add
net
|
syz |
unreliable |
done |
17 |
1103d |
1134d
|
20/28 |
988d |
0315a075f134
net: fix premature exit from NAPI state polling in napi_disable()
|
WARNING in fuse_evict_inode
fuse
|
C |
done |
|
43 |
1125d |
1130d
|
20/28 |
988d |
5c791fe1e2a4
fuse: make sure reclaim doesn't write the inode
|
KASAN: use-after-free Read in bdev_free_inode
block
|
syz |
error |
|
7 |
1139d |
1158d
|
20/28 |
988d |
06cc978d3ff2
block: genhd: fix double kfree() in __alloc_disk_node()
|
general protection fault in scsi_queue_rq
fuse
scsi
|
C |
done |
done |
4000 |
1105d |
1500d
|
20/28 |
988d |
20aaef52eb08
scsi: scsi_ioctl: Validate command size
|
INFO: task can't die in __cond_resched
net
|
C |
error |
|
66 |
1103d |
1157d
|
20/28 |
988d |
e9edc188fc76
netfilter: conntrack: serialize hash resizes and cleanups
|
BUG: unable to handle kernel NULL pointer dereference in bpf
|
C |
done |
|
753 |
1045d |
1117d
|
20/28 |
988d |
ad10c381d133
bpf: Add missing map_delete_elem method to bloom filter map
|
general protection fault in ref_tracker_free
net
|
|
|
|
21 |
1047d |
1071d
|
20/28 |
988d |
123e495ecc25
net: linkwatch: be more careful about dev->linkwatch_dev_tracker
|
KASAN: vmalloc-out-of-bounds Read in bpf_prog_put
bpf
|
C |
done |
|
2 |
1068d |
1066d
|
20/28 |
988d |
218d747a4142
bpf, sockmap: Fix double bpf_prog_put on error case in map_link
|
general protection fault in nf_tables_dump_tables
netfilter
|
syz |
done |
done |
4 |
1153d |
1153d
|
20/28 |
988d |
a499b03bf36b
netfilter: nf_tables: unlink table before deleting it
|
BUG: unable to handle kernel NULL pointer dereference in unix_shutdown
net
|
C |
unreliable |
|
413 |
1184d |
1187d
|
20/28 |
1031d |
d359902d5c35
af_unix: Fix NULL pointer bug in unix_shutdown
|
kernel BUG at mm/vmalloc.c:LINE! (2)
mm
|
C |
done |
done |
6605 |
1183d |
1594d
|
20/28 |
1031d |
537cf4e3cc2f
xsk: Fix umem cleanup bug at socket destruct
|
memory leak in __pskb_copy_fclone
wpan
|
C |
|
|
21 |
1225d |
1367d
|
20/28 |
1048d |
1090340f7ee5
net: Fix memory leak in ieee802154_raw_deliver
|
WARNING in rtl28xxu_ctrl_msg/usb_submit_urb
usb
|
C |
|
|
50 |
1228d |
1276d
|
20/28 |
1106d |
76f22c93b209
media: rtl28xxu: fix zero-length control request
media: rtl28xxu: fix zero-length control request
|
WARNING in hso_free_net_device
usb
|
C |
error |
|
528 |
1224d |
1905d
|
20/28 |
1106d |
788e67f18d79
usb: hso: fix error handling code of hso_create_net_device
usb: hso: fix error handling code of hso_create_net_device
|
KASAN: null-ptr-deref Read in filp_close (2)
fs
|
C |
|
|
3 |
1227d |
1335d
|
20/28 |
1106d |
3b0462726e7e
cgroup: verify that source is a string
9b5b872215fe
file: fix close_range() for unshare+cloexec
|
BUG: sleeping function called from invalid context in lock_sock_nested (2)
bluetooth
|
C |
done |
error |
19391 |
1197d |
1733d
|
20/28 |
1106d |
e04480920d1e
Bluetooth: defer cleanup of resources in hci_unregister_dev()
Bluetooth: defer cleanup of resources in hci_unregister_dev()
|
KASAN: use-after-free Write in dec_rlimit_ucounts
kernel
|
C |
|
|
4 |
1189d |
1223d
|
20/28 |
1106d |
345daff2e994
ucounts: Fix race condition between alloc_ucounts and put_ucounts
bbb6d0f3e1fe
ucounts: Increase ucounts reference counter before the security hook
|
KMSAN: kernel-infoleak in compat_drm_wait_vblank
dri
|
|
|
|
37 |
1323d |
1367d
|
20/28 |
1107d |
de066e116306
drm/compat: Clear bounce structures
drm/compat: Clear bounce structures
|
KASAN: use-after-free Read in cipso_v4_genopt
lsm
net
|
C |
inconclusive |
|
5 |
1358d |
1359d
|
20/28 |
1107d |
ad5d07f4a9cd
cipso,calipso: resolve a number of problems with the DOI refcounts
1165affd4848
net: mac802154: Fix general protection fault
|
net-next build error (4)
kernel
|
|
|
|
4 |
1174d |
1175d
|
20/28 |
1107d |
ea7b4244b365
x86/setup: Explicitly include acpi.h
|
memory leak in kobject_set_name_vargs (4)
kernel
|
C |
|
|
171 |
1174d |
1461d
|
20/28 |
1107d |
8fd0c1b0647a
nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
|
WARNING in io_sq_thread_park
fs
|
|
|
|
1 |
1339d |
1339d
|
20/28 |
1107d |
a185f1db59f1
io_uring: do ctx sqd ejection in a clear context
|
WARNING in destroy_conntrack
netfilter
|
C |
done |
|
1 |
1201d |
1199d
|
20/28 |
1107d |
e3245a7b7b34
netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex
|
upstream boot error: WARNING in kvm_wait
kvm
|
|
|
|
233 |
1342d |
1356d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
general protection fault in hwsim_del_edge_nl
wpan
|
C |
done |
|
3 |
1252d |
1252d
|
20/28 |
1107d |
0303b30375df
ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
|
KMSAN: uninit-value in number (3)
media
|
C |
|
|
8575 |
1107d |
1350d
|
20/28 |
1107d |
eaaea4681984
media: gspca/sq905.c: fix uninitialized variable
|
WARNING: suspicious RCU usage in kernfs_fop_read_iter
kernfs
|
|
|
|
1 |
1329d |
1329d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING in idr_get_next
arm-msm
net
|
C |
error |
done |
21 |
1298d |
1542d
|
20/28 |
1107d |
3cbf7530a163
qrtr: Convert qrtr_ports from IDR to XArray
|
KASAN: null-ptr-deref Read in phy_disconnect
net
usb
|
C |
|
|
255 |
1173d |
1177d
|
20/28 |
1107d |
1406e8cb4b05
net: usb: asix: do not call phy_disconnect() for ax88178
|
WARNING in ex_handler_fprestore
kernel
|
C |
done |
|
5 |
1269d |
1276d
|
20/28 |
1107d |
484cea4f362e
x86/fpu: Prevent state corruption in __fpu__restore_sig()
|
KMSAN: uninit-value in hsr_fill_frame_info
net
|
C |
|
|
249 |
1224d |
1522d
|
20/28 |
1107d |
2e9f60932a2c
net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info
|
possible deadlock in snd_timer_interrupt
sound
|
C |
done |
|
41 |
1114d |
1214d
|
20/28 |
1107d |
f671a691e299
fcntl: fix potential deadlocks for &fown_struct.lock
|
WARNING: refcount bug in ip6_tnl_dev_uninit
net
|
C |
done |
|
16 |
1329d |
1334d
|
20/28 |
1107d |
0d7a7b2014b1
ipv6: remove extra dev_hold() for fallback tunnels
|
WARNING in bpf_bprintf_prepare
bpf
|
C |
unreliable |
|
96 |
1252d |
1290d
|
20/28 |
1107d |
e2d5b2bb769f
bpf: Fix nested bpf_bprintf_prepare with more per-cpu buffers
|
KASAN: use-after-free Read in snd_seq_timer_interrupt (2)
sound
|
C |
inconclusive |
|
2 |
1264d |
1262d
|
20/28 |
1107d |
83e197a8414c
ALSA: seq: Fix race of snd_seq_timer_open()
|
bpf-next build error (3)
kernel
|
|
|
|
10 |
1163d |
1333d
|
20/28 |
1107d |
7e32a09fdcb3
bpf: tcp: Remove comma which is causing build error
|
WARNING: suspicious RCU usage in tomoyo_encode2
rcu
|
|
|
|
1 |
1293d |
1293d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KASAN: use-after-free Read in sctp_do_8_2_transport_strike
sctp
|
|
|
|
1 |
1311d |
1311d
|
20/28 |
1107d |
35b4f24415c8
sctp: do asoc update earlier in sctp_sf_do_dupcook_a
|
KASAN: use-after-free Read in gfs2_glock_shrink_scan
gfs2
|
|
|
|
1 |
1287d |
1283d
|
20/28 |
1107d |
1ab19c5de4c5
gfs2: Fix use-after-free in gfs2_glock_shrink_scan
|
possible deadlock in hfs_find_init
hfs
|
C |
done |
error |
1 |
1413d |
2404d
|
20/28 |
1107d |
b3b2177a2d79
hfs: add lock nesting notation to hfs_find_init
|
KASAN: slab-out-of-bounds Read in add_del_if
bridge
|
C |
unreliable |
|
970 |
1198d |
1174d
|
20/28 |
1107d |
9384eacd80f3
net: core: don't call SIOCBRADD/DELIF for non-bridge devices
|
memory leak in zr364xx_start_readpipe
media
usb
|
C |
|
|
2 |
1256d |
1283d
|
20/28 |
1107d |
0a045eac8d04
media: zr364xx: fix memory leak in zr364xx_start_readpipe
|
KASAN: use-after-free Write in alloc_ucounts
kernel
|
syz |
|
|
7 |
1205d |
1223d
|
20/28 |
1107d |
345daff2e994
ucounts: Fix race condition between alloc_ucounts and put_ucounts
|
UBSAN: shift-out-of-bounds in ___bpf_prog_run
bpf
|
C |
unreliable |
|
38 |
1241d |
1351d
|
20/28 |
1107d |
28131e9d9333
bpf: Fix up register-based shifts in interpreter to silence KUBSAN
|
KASAN: slab-out-of-bounds Read in fq_pie_qdisc_enqueue
net
|
|
|
|
1 |
1246d |
1246d
|
20/28 |
1107d |
e70f7a11876a
net/sched: fq_pie: fix OOB access in the traffic path
|
KMSAN: uninit-value in video_usercopy (2)
media
|
|
|
|
13058 |
1153d |
1345d
|
20/28 |
1107d |
c344f07aa1b4
media: v4l2-core: ignore native time32 ioctls on 64-bit
|
WARNING: suspicious RCU usage in do_ipv6_setsockopt
net
|
|
|
|
1 |
1333d |
1333d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
memory leak in garp_request_join
net
|
C |
|
|
414 |
1236d |
1759d
|
20/28 |
1107d |
42ca63f98084
net/802/garp: fix memleak in garp_request_join()
|
memory leak in pcan_usb_fd_init
usb
can
|
C |
|
|
19 |
1371d |
1440d
|
20/28 |
1107d |
a0b96b4a6274
drivers: net: fix memory leak in peak_usb_create_dev
|
unregister_netdevice: waiting for DEV to become free (5)
|
C |
done |
|
40035 |
1107d |
1352d
|
20/28 |
1107d |
0d7a7b2014b1
ipv6: remove extra dev_hold() for fallback tunnels
|
possible deadlock in snd_timer_notify
fs
|
|
|
|
119 |
1108d |
1215d
|
20/28 |
1107d |
f671a691e299
fcntl: fix potential deadlocks for &fown_struct.lock
|
WARNING in dtv5100_probe/usb_submit_urb
usb
|
C |
|
|
51 |
1228d |
1274d
|
20/28 |
1107d |
8c8b9a9be2af
media: dtv5100: fix control-request directions
|
memory leak in io_sqe_buffers_register
fs
|
C |
|
|
2 |
1300d |
1300d
|
20/28 |
1107d |
bb6659cc0ad3
io_uring: Fix memory leak in io_sqe_buffers_register()
|
BUG: using smp_processor_id() in preemptible code in clock_was_set
kernel
|
C |
done |
|
231 |
1195d |
1196d
|
20/28 |
1107d |
9482fd71dbb8
hrtimer: Use raw_cpu_ptr() in clock_was_set()
|
possible deadlock in __queue_work
serial
|
|
|
|
2 |
1245d |
1303d
|
20/28 |
1107d |
3f804f6d201c
KVM: x86: Prevent deadlock against tk_core.seq
|
KMSAN: uninit-value in virtio_net_hdr_to_skb
net
|
C |
|
|
325 |
1224d |
1283d
|
20/28 |
1107d |
61431a5907fc
net: ensure mac header is set in virtio_net_hdr_to_skb()
|
memory leak in kvm_dev_ioctl
kvm
|
C |
|
|
37 |
1224d |
1237d
|
20/28 |
1107d |
004d62eb4e57
kvm: debugfs: fix memory leak in kvm_create_vm_debugfs
|
WARNING in blk_rq_append_bio
block
usb
|
C |
done |
|
6 |
1318d |
1283d
|
20/28 |
1107d |
cbb749cf377a
block: remove an incorrect check from blk_rq_append_bio
|
WARNING: suspicious RCU usage in validate_mm
mm
|
|
|
|
1 |
1262d |
1262d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
INFO: task hung in ext4_put_super
ext4
|
C |
inconclusive |
done |
1 |
1254d |
1283d
|
20/28 |
1107d |
618f003199c6
ext4: fix memory leak in ext4_fill_super
|
WARNING in io_link_timeout_fn
fs
io-uring
|
C |
done |
|
2 |
1288d |
1288d
|
20/28 |
1107d |
447c19f3b507
io_uring: fix ltout double free on completion race
|
kernel BUG in put_ucounts
kernel
|
|
|
|
3 |
1133d |
1219d
|
20/28 |
1107d |
345daff2e994
ucounts: Fix race condition between alloc_ucounts and put_ucounts
|
KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
ext4
|
C |
done |
|
1 |
1190d |
1189d
|
20/28 |
1107d |
a54c4613dac1
ext4: fix race writing to an inline_data file while its xattrs are changing
|
KASAN: use-after-free Write in put_ucounts
kernel
|
|
|
|
3 |
1220d |
1223d
|
20/28 |
1107d |
345daff2e994
ucounts: Fix race condition between alloc_ucounts and put_ucounts
|
general protection fault in nl802154_del_llsec_devkey
wpan
|
C |
inconclusive |
|
229 |
1320d |
1372d
|
20/28 |
1107d |
27c746869e1a
net: ieee802154: fix nl802154 del llsec devkey
|
WARNING in exception_type
kvm
|
C |
error |
|
1 |
1179d |
1178d
|
20/28 |
1107d |
e7177339d7b5
Revert "KVM: x86: mmu: Add guest physical address check in translate_gpa()"
|
WARNING in e2i_init/usb_submit_urb
usb
|
|
|
|
4 |
1247d |
1276d
|
20/28 |
1107d |
41e81022a04a
Input: usbtouchscreen - fix control-request directions
|
WARNING in ethnl_default_doit
net
|
|
|
|
202 |
1250d |
1258d
|
20/28 |
1107d |
e175aef90269
ethtool: strset: fix message length calculation
|
memory leak in hwsim_add_one
wpan
|
C |
|
|
1 |
1264d |
1262d
|
20/28 |
1107d |
28a5501c3383
ieee802154: hwsim: Fix memory leak in hwsim_add_one
|
WARNING in taprio_change
|
C |
done |
|
746 |
1292d |
1528d
|
20/28 |
1107d |
ed8157f1ebf1
net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule
|
KASAN: out-of-bounds Read in leaf_paste_entries
reiserfs
|
C |
inconclusive |
|
8 |
1138d |
1370d
|
20/28 |
1107d |
13d257503c09
reiserfs: check directory items on read from disk
|
upstream boot error: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
kernel
|
|
|
|
235 |
1229d |
1236d
|
20/28 |
1107d |
c43ddbf97f46
scsi: virtio_scsi: Do not overwrite SCSI status
|
KASAN: use-after-free Write in qdisc_class_hash_insert (2)
net
|
|
|
|
1 |
1250d |
1250d
|
20/28 |
1107d |
0cd58e5c53ba
pkt_sched: sch_qfq: fix qfq_change_class() error path
|
WARNING: suspicious RCU usage in count (2)
fs
mm
|
|
|
|
1 |
1279d |
1279d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KCSAN: data-race in igmp_ifc_event / igmp_ifc_timer_expire
net
|
|
|
|
1 |
1200d |
1199d
|
20/28 |
1107d |
4a2b285e7e10
net: igmp: fix data-race in igmp_ifc_timer_expire()
|
kernel BUG in llc_sap_action_send_xid_c
net
|
C |
error |
|
61 |
1107d |
1321d
|
20/28 |
1107d |
c7c9d2102c9c
net: llc: fix skb_over_panic
|
BUG: unable to handle kernel NULL pointer dereference in htb_select_queue
net
|
syz |
done |
|
8 |
1337d |
1352d
|
20/28 |
1107d |
fb3a3e37de33
sch_htb: Fix offload cleanup in htb_destroy on htb_init failure
93bde210c434
sch_htb: Fix select_queue for non-offload mode
|
usb-testing boot error: WARNING in kvm_wait
kvm
|
|
|
|
3 |
1350d |
1353d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
WARNING in netlbl_cipsov4_add
|
C |
inconclusive |
|
4433 |
1170d |
1369d
|
20/28 |
1107d |
8ca34a13f7f9
net: cipso: fix warnings in netlbl_cipsov4_add_std
|
general protection fault in io_commit_cqring (2)
fs
io-uring
|
C |
done |
|
82 |
1319d |
1332d
|
20/28 |
1107d |
51520426f4bc
io_uring: handle setup-failed ctx in kill_timeouts
|
KCSAN: data-race in packet_do_bind / packet_sendmsg (3)
net
|
|
|
|
1 |
1266d |
1262d
|
20/28 |
1107d |
c7d2ef5dd4b0
net/packet: annotate accesses to po->bind
|
WARNING: suspicious RCU usage in do_recvmmsg
net
|
|
|
|
8 |
1259d |
1285d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
memory leak in __ieee80211_beacon_get
wireless
|
syz |
|
|
14 |
1261d |
1382d
|
20/28 |
1107d |
bd18de517923
mac80211_hwsim: drop pending frames on stop
|
KASAN: use-after-free Write in sk_psock_stop
bpf
net
|
syz |
done |
|
74 |
1305d |
1325d
|
20/28 |
1107d |
aadb2bb83ff7
sock_map: Fix a potential use-after-free in sock_map_close()
|
INFO: task hung in io_sq_thread_park (2)
fs
io-uring
|
syz |
done |
|
2 |
1229d |
1225d
|
20/28 |
1107d |
46fee9ab02cb
io_uring: remove double poll entry on arm failure
|
KCSAN: data-race in unix_dgram_sendmsg / unix_release_sock
net
|
|
|
|
1 |
1256d |
1255d
|
20/28 |
1107d |
a494bd642d91
net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
|
INFO: rcu detected stall in wg_packet_tx_worker (3)
net
|
C |
inconclusive |
|
5 |
1193d |
1175d
|
20/28 |
1107d |
c7c5e6ff533f
fq_codel: reject silly quantum parameters
|
KCSAN: data-race in inet_dgram_connect / udp_lib_get_port (5)
net
|
|
|
|
6 |
1272d |
1259d
|
20/28 |
1107d |
dcd01eeac144
inet: annotate data race in inet_send_prepare() and inet_dgram_connect()
|
WARNING: refcount bug in vti6_dev_uninit
net
|
C |
|
|
26 |
1330d |
1334d
|
20/28 |
1107d |
0d7a7b2014b1
ipv6: remove extra dev_hold() for fallback tunnels
|
KCSAN: data-race in __io_uring_cancel / io_uring_try_cancel_requests
fs
|
|
|
|
3 |
1272d |
1274d
|
20/28 |
1107d |
b16ef427adf3
io_uring: fix data race to avoid potential NULL-deref
|
memory leak in smsc75xx_bind
usb
|
syz |
|
|
2 |
1275d |
1276d
|
20/28 |
1107d |
46a8b29c6306
net: usb: fix memory leak in smsc75xx_bind
|
memory leak in mcba_usb_probe
usb
|
C |
|
|
34 |
1254d |
1430d
|
20/28 |
1107d |
91c02557174b
can: mcba_usb: fix memory leak in mcba_usb
|
KMSAN: kernel-infoleak in i2cdev_read
i2c
|
C |
|
|
592 |
1224d |
1349d
|
20/28 |
1107d |
86ff25ed6cd8
i2c: dev: zero out array used for i2c reads from userspace
|
WARNING: suspicious RCU usage in get_counters (2)
netfilter
|
|
|
|
1 |
1242d |
1242d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
general protection fault in unix_dgram_connect
net
|
C |
done |
|
2 |
1181d |
1181d
|
20/28 |
1107d |
dc56ad7028c5
af_unix: fix potential NULL deref in unix_dgram_connect()
|
WARNING in __percpu_ref_exit (2)
fs
|
C |
error |
done |
31 |
1108d |
1346d
|
20/28 |
1107d |
a298232ee6b9
io_uring: fix link timeout refs
|
WARNING in cfg80211_connect
|
C |
done |
|
2320 |
1320d |
1511d
|
20/28 |
1107d |
1b5ab825d9ac
cfg80211: remove WARN_ON() in cfg80211_sme_connect
|
WARNING: suspicious RCU usage in gc_worker
netfilter
|
|
|
|
3 |
1261d |
1288d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
BUG: unable to handle kernel paging request in vga16fb_fillrect
fbdev
|
C |
inconclusive |
|
14 |
1109d |
1226d
|
20/28 |
1107d |
8c28051cdcbe
fbmem: don't allow too huge resolutions
|
BUG: unable to handle kernel paging request in csum_partial (3)
kernel
|
C |
done |
|
1 |
1194d |
1225d
|
20/28 |
1107d |
9cf448c200ba
ip6_gre: add validation for csum_start
1d011c4803c7
ip_gre: add validation for csum_start
|
WARNING in hid_submit_ctrl/usb_submit_urb
input
usb
|
C |
done |
|
38 |
1172d |
1221d
|
20/28 |
1107d |
0a824efdb724
HID: usbhid: Fix warning caused by 0-length input reports
|
WARNING in ext4_xattr_set_entry
ext4
|
C |
unreliable |
|
7 |
1356d |
1439d
|
20/28 |
1107d |
6b22489911b7
ext4: do not try to set xattr into ea_inode if value is empty
|
WARNING: suspicious RCU usage in wg_ratelimiter_gc_entries
wireguard
|
|
|
|
5 |
1257d |
1333d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
net build error (3)
kernel
|
|
|
|
29 |
1170d |
1175d
|
20/28 |
1107d |
ea7b4244b365
x86/setup: Explicitly include acpi.h
|
memory leak in nfcmrvl_nci_register_dev
usb
|
C |
|
|
9 |
1373d |
1418d
|
20/28 |
1107d |
e0652f8bb44d
NFC: nci: fix memory leak in nci_allocate_device
|
WARNING in kvm_wait
kvm
|
C |
error |
|
119882 |
1335d |
1353d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
general protection fault in ieee802154_llsec_parse_key_id
wpan
|
C |
inconclusive |
|
92 |
1267d |
1367d
|
20/28 |
1107d |
6f7f657f2440
net: ieee802154: nl-mac: fix check on panid
|
WARNING: suspicious RCU usage in rmap_walk_file
mm
|
|
|
|
1 |
1287d |
1287d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
memory leak in xfrm_user_rcv_msg
net
|
C |
|
|
1 |
1251d |
1247d
|
20/28 |
1107d |
7c1a80e80cde
net: xfrm: fix memory leak in xfrm_user_rcv_msg
|
KMSAN: uninit-value in INET_ECN_decapsulate (2)
net
|
|
|
|
2 |
1261d |
1331d
|
20/28 |
1107d |
6628ddfec758
net: geneve: check skb is large enough for IPv4/IPv6 header
|
memory leak in bpf (2)
bpf
|
C |
|
|
3 |
1261d |
1330d
|
20/28 |
1107d |
ccff81e1d028
bpf: Fix false positive kmemleak report in bpf_ringbuf_area_alloc()
|
WARNING: refcount bug in rxe_qp_do_cleanup
rdma
|
|
|
|
1 |
1292d |
1290d
|
20/28 |
1107d |
67f29896fdc8
RDMA/rxe: Clear all QP fields if creation failed
|
KCSAN: data-race in sock_alloc_send_pskb / unix_release_sock (5)
net
|
|
|
|
47 |
1108d |
1259d
|
20/28 |
1107d |
f13ef10059cc
net: annotate data race in sock_error()
|
possible deadlock in __fs_reclaim_acquire
kernel
|
syz |
unreliable |
|
672 |
1224d |
1235d
|
20/28 |
1107d |
187ad460b841
mm/page_alloc: avoid page allocator recursion with pagesets.lock held
|
general protection fault in btf_type_id_size
bpf
|
C |
unreliable |
|
6 |
1357d |
1354d
|
20/28 |
1107d |
350a5c4dd245
bpf: Dont allow vmlinux BTF to be used in map_create and prog_load.
|
WARNING: suspicious RCU usage in __get_free_pages
mm
|
|
|
|
1 |
1296d |
1296d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
memory leak in tty_init_dev
serial
|
C |
|
|
9 |
1266d |
1910d
|
20/28 |
1107d |
58af3d3d54e8
net: caif: fix memory leak in ldisc_open
|
INFO: task hung in __io_uring_cancel
fs
io-uring
|
C |
done |
|
5 |
1245d |
1311d
|
20/28 |
1107d |
28090c133869
io_uring: fix work_exit sqpoll cancellations
|
divide error in __tcp_select_window (2)
net
|
C |
done |
|
4 |
1321d |
1322d
|
20/28 |
1107d |
a7150e382267
Revert "tcp: Reset tcp connections in SYN-SENT state"
|
KASAN: out-of-bounds Read in i801_isr
i2c
|
|
|
|
16 |
1249d |
1289d
|
20/28 |
1107d |
e4d8716c3dce
i2c: i801: Don't generate an interrupt on bus reset
|
riscv/fixes boot error: WARNING in vkms_vblank_simulate
dri
|
|
|
|
13 |
1307d |
1331d
|
20/28 |
1107d |
b4142fc4d52d
drm/vkms: fix misuse of WARN_ON
|
WARNING: suspicious RCU usage in __ext4_mark_inode_dirty
kernel
|
|
|
|
1 |
1265d |
1264d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KCSAN: data-race in start_this_handle / start_this_handle
ext4
|
|
|
|
54 |
1349d |
1350d
|
20/28 |
1107d |
3b1833e92bab
ext4: annotate data race in start_this_handle()
|
WARNING: suspicious RCU usage in shrink_page_list
mm
|
|
|
|
1 |
1290d |
1290d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KASAN: use-after-free Read in tipc_recvmsg
tipc
|
C |
done |
|
2198 |
1213d |
1221d
|
20/28 |
1107d |
cc19862ffe45
tipc: fix an use-after-free issue in tipc_recvmsg
|
possible deadlock in _snd_pcm_stream_lock_irqsave (2)
fs
|
|
|
|
120 |
1108d |
1215d
|
20/28 |
1107d |
f671a691e299
fcntl: fix potential deadlocks for &fown_struct.lock
|
general protection fault in br_switchdev_fdb_notify
bridge
|
C |
error |
|
82 |
1202d |
1207d
|
20/28 |
1107d |
0541a6293298
net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry
|
memory leak in create_io_worker
io-uring
fs
|
C |
|
|
5 |
1130d |
1169d
|
20/28 |
1107d |
66e70be72288
io-wq: fix memory leak in create_io_worker()
|
INFO: trying to register non-static key in l2cap_chan_del
bluetooth
|
syz |
inconclusive |
|
73 |
1350d |
1568d
|
20/28 |
1107d |
3af70b39fa2d
Bluetooth: check for zapped sk before connecting
|
KMSAN: uninit-value in ip_rcv_core
net
|
C |
|
|
141 |
1223d |
2257d
|
20/28 |
1107d |
6628ddfec758
net: geneve: check skb is large enough for IPv4/IPv6 header
|
memory leak in hdcs_probe_1020
media
usb
|
C |
|
|
1 |
1334d |
1330d
|
20/28 |
1107d |
4f4e6644cd87
media: gscpa/stv06xx: fix memory leak
|
WARNING in ieee802154_get_llsec_params
wpan
|
C |
done |
|
36 |
1320d |
1366d
|
20/28 |
1107d |
1534efc7bbc1
net: ieee802154: stop dump llsec params for monitors
|
WARNING in slave_kobj_release
net
|
C |
done |
|
3 |
1285d |
1373d
|
20/28 |
1107d |
35d96e631860
bonding: init notify_work earlier to avoid uninitialized use
|
WARNING in io_wqe_enqueue
io-uring
fs
|
C |
done |
|
13 |
1265d |
1265d
|
20/28 |
1107d |
e6ab8991c5d0
io_uring: fix false WARN_ONCE
|
KASAN: use-after-free Write in get_ucounts
kernel
|
syz |
unreliable |
done |
7 |
1204d |
1231d
|
20/28 |
1107d |
345daff2e994
ucounts: Fix race condition between alloc_ucounts and put_ucounts
|
usb-testing boot error: kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)
kernel
|
|
|
|
27 |
1228d |
1232d
|
20/28 |
1107d |
c43ddbf97f46
scsi: virtio_scsi: Do not overwrite SCSI status
|
divide error in nft_limit_init
netfilter
|
C |
done |
|
4 |
1320d |
1321d
|
20/28 |
1107d |
b895bdf5d643
netfilter: nft_limit: avoid possible divide error in nft_limit_init
|
WARNING: suspicious RCU usage in exit_mmap
mm
|
|
|
|
1 |
1286d |
1286d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
BUG: unable to handle kernel paging request in cap_capable
lsm
|
C |
unreliable |
|
4 |
1204d |
1204d
|
20/28 |
1107d |
9384eacd80f3
net: core: don't call SIOCBRADD/DELIF for non-bridge devices
|
KASAN: slab-out-of-bounds Write in xt_compat_target_from_user
netfilter
|
C |
error |
error |
1 |
1557d |
1556d
|
20/28 |
1107d |
b29c457a6511
netfilter: x_tables: fix compat match/target pad out-of-bound write
|
linux-next boot error: KASAN: use-after-free Read in page_to_skb
net
virt
|
|
|
|
7 |
1309d |
1311d
|
20/28 |
1107d |
af39c8f72301
virtio-net: fix use-after-free in page_to_skb()
|
KASAN: use-after-free Read in eth_header_parse_protocol
net
|
C |
done |
|
1453 |
1305d |
1351d
|
20/28 |
1107d |
61431a5907fc
net: ensure mac header is set in virtio_net_hdr_to_skb()
|
possible deadlock in snd_pcm_period_elapsed (2)
fs
|
|
|
|
52 |
1108d |
1215d
|
20/28 |
1107d |
f671a691e299
fcntl: fix potential deadlocks for &fown_struct.lock
|
KMSAN: uninit-value in pegasus_probe
usb
|
C |
|
|
258 |
1205d |
1875d
|
20/28 |
1107d |
af35fc37354c
net: pegasus: fix uninit-value in get_interrupt_interval
|
general protection fault in magicmouse_remove
usb
input
|
C |
|
|
47 |
1257d |
1283d
|
20/28 |
1107d |
4b4f6cecca44
HID: magicmouse: fix NULL-deref on disconnect
|
KASAN: use-after-free Read in nbd_genl_connect (2)
nbd
|
C |
unreliable |
|
6 |
1183d |
1183d
|
20/28 |
1107d |
7ee656c3ac3d
nbd: remove nbd->destroy_complete
|
KCSAN: data-race in udp_lib_setsockopt / udpv6_sendmsg
net
|
|
|
|
1 |
1241d |
1240d
|
20/28 |
1107d |
18a419bad63b
udp: annotate data races around unix_sk(sk)->gso_size
|
KASAN: use-after-free Read in ntfs_iget (2)
ntfs3
|
C |
inconclusive |
|
2 |
1266d |
1262d
|
20/28 |
1107d |
d98e4d95411b
ntfs: fix validity check for file name attribute
|
UBSAN: shift-out-of-bounds in ext4_mb_init
ext4
|
C |
done |
|
5 |
1378d |
1388d
|
20/28 |
1107d |
f91436d55a27
fs/ext4: fix integer overflow in s_log_groups_per_flex
|
memory leak in __send_signal
kernel
|
syz |
|
|
3 |
1249d |
1263d
|
20/28 |
1107d |
399f8dd9a866
signal: Prevent sigqueue caching after task got released
|
WARNING: suspicious RCU usage in nf_ct_iterate_cleanup (2)
net
|
|
|
|
4 |
1237d |
1295d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING in ieee80211_free_ack_frame
wireless
|
syz |
done |
|
117 |
1111d |
1505d
|
20/28 |
1107d |
bd18de517923
mac80211_hwsim: drop pending frames on stop
|
BUG: unable to handle kernel access to user memory in schedule_tail
kernel
|
|
|
|
21843 |
1329d |
1351d
|
20/28 |
1107d |
285a76bb2cf5
riscv: evaluate put_user() arg before enabling user access
|
WARNING in batadv_iv_send_outstanding_bat_ogm_packet
batman
|
C |
done |
|
12568 |
1239d |
1865d
|
20/28 |
1107d |
9f460ae31c44
batman-adv: Avoid WARN_ON timing related checks
|
WARNING in io_poll_double_wake
fs
io-uring
|
C |
done |
done |
1124 |
1208d |
1310d
|
20/28 |
1107d |
a890d01e4ee0
io_uring: fix poll requests leaking second poll entries
|
KMSAN: kernel-infoleak in move_addr_to_user (5)
tipc
|
|
|
|
3 |
1208d |
1349d
|
20/28 |
1107d |
50535249f624
net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
|
WARNING: suspicious RCU usage in console_conditional_schedule
serial
|
|
|
|
1 |
1285d |
1285d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING: refcount bug in ip6gre_tunnel_uninit
net
|
C |
error |
|
10 |
1331d |
1334d
|
20/28 |
1107d |
7f700334be9a
ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
|
memory leak in dvb_create_media_graph
usb
media
|
C |
|
|
26 |
1312d |
1470d
|
20/28 |
1107d |
bf9a40ae8d72
media: dvbdev: Fix memory leak in dvb_media_device_free()
|
WARNING in vkms_vblank_simulate (2)
dri
|
C |
error |
|
77748 |
1107d |
1482d
|
20/28 |
1107d |
b4142fc4d52d
drm/vkms: fix misuse of WARN_ON
|
memory leak in hdcs_probe_1x00
usb
media
|
C |
|
|
1 |
1363d |
1363d
|
20/28 |
1107d |
4f4e6644cd87
media: gscpa/stv06xx: fix memory leak
|
WARNING in osif_probe/usb_submit_urb
usb
|
C |
|
|
45 |
1232d |
1276d
|
20/28 |
1107d |
4ca070ef0dd8
i2c: robotfuzz-osif: fix control-request directions
|
KCSAN: data-race in inet_send_prepare / udp_lib_get_port (3)
net
|
|
|
|
4 |
1259d |
1262d
|
20/28 |
1107d |
dcd01eeac144
inet: annotate data race in inet_send_prepare() and inet_dgram_connect()
|
general protection fault in cdev_del (2)
fs
|
C |
error |
|
45 |
1240d |
1518d
|
20/28 |
1107d |
8a12f8836145
net: hso: fix null-ptr-deref during tty device unregistration
0a360e8b65d6
tty: n_gsm: check error while registering tty devices
|
WARNING: suspicious RCU usage in shmem_alloc_page
mm
|
|
|
|
1 |
1300d |
1300d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
general protection fault in nl802154_del_llsec_dev
wpan
|
C |
inconclusive |
|
166 |
1320d |
1371d
|
20/28 |
1107d |
3d1eac2f4558
net: ieee802154: fix nl802154 del llsec dev
|
KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
net
|
|
|
|
2 |
1284d |
1304d
|
20/28 |
1107d |
821bbf79fe46
ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions
|
WARNING: ODEBUG bug in __sk_destruct (2)
can
|
C |
done |
done |
62 |
1116d |
1314d
|
20/28 |
1107d |
14a4696bc311
can: isotp: isotp_release(): omit unintended hrtimer restart on socket release
|
INFO: task hung in io_wq_put_and_exit
io-uring
fs
|
C |
unreliable |
|
628 |
1108d |
1169d
|
20/28 |
1107d |
3b33e3f4a6c0
io-wq: fix silly logic error in io_task_work_match()
|
upstream build error (16)
mm
|
|
|
|
243 |
1115d |
1238d
|
20/28 |
1107d |
498cc50b3fa9
clk: hisilicon: hi3559a: Drop __init markings everywhere
|
KASAN: use-after-free Read in bcm_rx_handler
can
|
syz |
done |
|
2 |
1258d |
1288d
|
20/28 |
1107d |
d5f9023fa61e
can: bcm: delay release of struct bcm_op after synchronize_rcu()
|
possible deadlock in do_fcntl
usb
fs
|
C |
done |
|
245 |
1183d |
1514d
|
20/28 |
1107d |
f671a691e299
fcntl: fix potential deadlocks for &fown_struct.lock
|
WARNING in qt2_attach/usb_submit_urb
usb
|
C |
|
|
171 |
1256d |
1276d
|
20/28 |
1107d |
eb8dbe80326c
USB: serial: quatech2: fix control-request directions
|
BUG: sleeping function called from invalid context in stack_depot_save
mm
|
C |
unreliable |
|
8490 |
1206d |
1235d
|
20/28 |
1107d |
187ad460b841
mm/page_alloc: avoid page allocator recursion with pagesets.lock held
|
memory leak in hub_event (2)
usb
|
C |
|
|
2 |
1344d |
1347d
|
20/28 |
1107d |
dcb4b8ad6a44
misc/uss720: fix memory leak in uss720_probe
|
WARNING: suspicious RCU usage in vfree
netfilter
|
|
|
|
1 |
1282d |
1282d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
memory leak in usb_set_configuration (2)
usb
|
C |
|
|
2 |
1201d |
1309d
|
20/28 |
1107d |
be8656e62e9e
media: cpia2: fix memory leak in cpia2_usb_probe
|
WARNING in usb_new_device/usb_submit_urb
usb
|
C |
|
|
2 |
1271d |
1267d
|
20/28 |
1107d |
60dfe484cef4
USB: core: Avoid WARNings for 0-length descriptor requests
|
WARNING in rtl8152_probe
usb
|
C |
|
|
23 |
1265d |
1288d
|
20/28 |
1107d |
1a44fb38cc65
r8152: check the informaton of the device
|
inconsistent lock state in sco_sock_timeout
bluetooth
|
C |
done |
|
16 |
1212d |
1556d
|
20/28 |
1107d |
ba316be1b6a0
Bluetooth: schedule SCO timeouts with delayed_work
|
WARNING in ieee80211_get_sband
wireless
|
C |
done |
|
7 |
1275d |
1500d
|
20/28 |
1107d |
0ee4d55534f8
mac80211: remove warning in ieee80211_get_sband()
|
KASAN: use-after-free Write in j1939_can_recv
can
|
|
|
|
2 |
1336d |
1369d
|
20/28 |
1107d |
22c696fed25c
can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after RCU is done
|
general protection fault in hci_release_dev
bluetooth
|
C |
done |
|
41 |
1186d |
1207d
|
20/28 |
1107d |
e04480920d1e
Bluetooth: defer cleanup of resources in hci_unregister_dev()
|
WARNING in do_proc_control/usb_submit_urb
usb
|
C |
error |
|
456 |
1216d |
1229d
|
20/28 |
1107d |
b0863f192732
USB: core: Fix incorrect pipe calculation in do_proc_control()
|
memory leak in skb_clone
wpan
|
C |
|
|
2 |
1216d |
1320d
|
20/28 |
1107d |
1090340f7ee5
net: Fix memory leak in ieee802154_raw_deliver
|
general protection fault in gadget_setup
usb
|
|
|
|
1 |
1333d |
1317d
|
20/28 |
1107d |
4a5d797a9f9c
usb: gadget: dummy_hcd: fix gpf in gadget_setup
|
general protection fault in try_grab_compound_head
mm
io-uring
|
C |
done |
|
5 |
1208d |
1236d
|
20/28 |
1107d |
d08af0a59684
mm/hugetlb: fix refs calculation from unaligned @vaddr
|
BUG: using smp_processor_id() in preemptible code in radix_tree_node_alloc
arm-msm
net
|
C |
done |
done |
544 |
1293d |
1630d
|
20/28 |
1107d |
3cbf7530a163
qrtr: Convert qrtr_ports from IDR to XArray
|
general protection fault in reiserfs_security_init
reiserfs
|
C |
done |
|
26311 |
1329d |
1521d
|
20/28 |
1107d |
5e46d1b78a03
reiserfs: update reiserfs_xattrs_initialized() condition
|
KASAN: slab-out-of-bounds Read in do_wait_for_common
staging
usb
|
C |
error |
|
5 |
1201d |
1220d
|
20/28 |
1107d |
e9e6aa51b273
staging: rtl8712: error handling refactoring
|
BUG: sleeping function called from invalid context in __alloc_skb
netfilter
|
C |
done |
|
33 |
1154d |
1296d
|
20/28 |
1107d |
7072a355ba19
netfilter: nfnetlink: add a missing rcu_read_unlock()
|
WARNING: suspicious RCU usage in kernel_execve
fs
mm
|
|
|
|
1 |
1243d |
1243d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING: suspicious RCU usage in do_nanosleep
kernel
|
|
|
|
1 |
1294d |
1294d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING: refcount bug in __io_queue_sqe
fs
|
|
|
|
1 |
1309d |
1300d
|
20/28 |
1107d |
a298232ee6b9
io_uring: fix link timeout refs
|
bpf-next test error: WARNING in kvm_wait
kvm
|
|
|
|
1 |
1346d |
1346d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
WARNING in do_proc_bulk
mm
|
C |
inconclusive |
|
3 |
1297d |
1298d
|
20/28 |
1107d |
4f2629ea67e7
USB: usbfs: Don't WARN about excessively large memory allocations
|
BUG: unable to handle kernel paging request in corrupted (3)
|
C |
done |
|
45 |
1115d |
1283d
|
20/28 |
1107d |
7a274727702c
io_uring: don't modify req->poll for rw
|
BUG: unable to handle kernel NULL pointer dereference in kiocb_done
fs
io-uring
|
C |
unreliable |
done |
3 |
1175d |
1174d
|
20/28 |
1107d |
b8ce1b9d25cc
io_uring: don't submit half-prepared drain request
|
general protection fault in smc_tx_sendmsg
net
s390
|
C |
done |
|
6369 |
1241d |
1249d
|
20/28 |
1107d |
17081633e22d
net/smc: Ensure correct state of the socket in send path
|
KCSAN: data-race in __se_sys_perf_event_open / find_get_context
perf
|
|
|
|
7 |
1262d |
1273d
|
20/28 |
1107d |
6c605f837115
perf: Fix data race between pin_count increment/decrement
|
WARNING: suspicious RCU usage in kernfs_iop_getattr
kernfs
|
|
|
|
1 |
1302d |
1298d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING: suspicious RCU usage in dup_mmap
kernel
|
|
|
|
1 |
1273d |
1273d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
UBSAN: array-index-out-of-bounds in ima_inode_setxattr
integrity
lsm
|
C |
unreliable |
|
6 |
1188d |
1189d
|
20/28 |
1107d |
cb181da16196
IMA: reject unknown hash algorithms in ima_get_hash_algo
|
possible deadlock in io_uring_register
fs
|
|
|
|
16 |
1167d |
1169d
|
20/28 |
1107d |
009ad9f0c6ee
io_uring: drop ctx->uring_lock before acquiring sqd->lock
|
KCSAN: data-race in packet_do_bind / packet_getname (5)
net
|
|
|
|
4 |
1254d |
1254d
|
20/28 |
1107d |
e032f7c9c7ce
net/packet: annotate accesses to po->ifindex
|
memory leak in em28xx_dvb_init
media
usb
|
C |
|
|
1 |
1345d |
1345d
|
20/28 |
1107d |
0ae10a7dc899
media: em28xx: fix memory leak
|
memory leak in qrtr_create
arm-msm
net
|
C |
|
|
3 |
1210d |
1381d
|
20/28 |
1107d |
52f3456a96c0
net: qrtr: fix memory leaks
|
memory leak in virtio_transport_send_pkt_info
net
|
C |
|
|
2 |
1318d |
1381d
|
20/28 |
1107d |
8432b8114957
vsock/virtio: free queued packets when closing socket
|
possible deadlock in loop_probe
|
C |
done |
|
20656 |
1228d |
1253d
|
20/28 |
1107d |
962bf783ef65
mtd: break circular locks in register_mtd_blktrans
|
possible deadlock in ieee80211_tx_frags
net
|
|
|
|
1 |
1308d |
1300d
|
20/28 |
1107d |
1d482e666b8e
netlink: disable IRQs for netlink_lock_table()
|
linux-next test error: KASAN: null-ptr-deref Read in fuse_conn_put
fuse
|
|
|
|
18 |
1171d |
1171d
|
20/28 |
1107d |
660585b56e63
fuse: wait for writepages in syncfs
|
possible deadlock in __loop_clr_fd (2)
block
ext4
|
C |
unreliable |
|
6977 |
1107d |
1232d
|
20/28 |
1107d |
1c500ad70638
loop: reduce the loop_ctl_mutex scope
|
memory leak in __usbhid_submit_report
input
usb
|
C |
|
|
129 |
1177d |
1470d
|
20/28 |
1107d |
f7744fa16b96
HID: usbhid: free raw_report buffers in usbhid_stop
|
WARNING in io_try_cancel_userdata
fs
io-uring
|
syz |
unreliable |
|
4 |
1181d |
1185d
|
20/28 |
1107d |
dadebc350da2
io_uring: fix io_try_cancel_userdata race for iowq
|
WARNING in x86_emulate_instruction
kvm
|
C |
done |
|
4 |
1282d |
1279d
|
20/28 |
1107d |
da6393cdd8aa
KVM: X86: Fix warning caused by stale emulation context
|
KCSAN: data-race in __inet_hash_connect / inet_send_prepare (4)
net
|
|
|
|
7 |
1256d |
1259d
|
20/28 |
1107d |
dcd01eeac144
inet: annotate data race in inet_send_prepare() and inet_dgram_connect()
|
UBSAN: shift-out-of-bounds in choke_change (2)
net
|
C |
done |
|
7 |
1322d |
1337d
|
20/28 |
1107d |
3a87571f0ffc
sch_red: fix off-by-one checks in red_check_params()
|
KMSAN: kernel-infoleak in copy_page_to_iter (2)
fs
mm
|
C |
|
|
2099 |
1202d |
2260d
|
20/28 |
1107d |
ce3aba43599f
ext4: fix kernel infoleak via ext4_extent_header
|
UBSAN: shift-out-of-bounds in snd_timer_user_ccallback
sound
|
|
|
|
1 |
1272d |
1268d
|
20/28 |
1107d |
9c1fe96bded9
ALSA: timer: Fix master timer notification
|
BUG: scheduling while atomic: syz-executor/ADDR
kernel
|
C |
done |
|
5 |
1182d |
1239d
|
20/28 |
1107d |
72ff2bf04db2
crypto: aesni - xts_crypt() return if walk.nbytes is 0
|
UBSAN: shift-out-of-bounds in xprt_calc_majortimeo
net
nfs
|
C |
unreliable |
|
149 |
1308d |
1436d
|
20/28 |
1107d |
c09f11ef3595
NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
|
INFO: rcu detected stall in tx
net
|
C |
error |
unreliable |
3 |
1173d |
1311d
|
20/28 |
1107d |
30fad76ce4e9
USB: usbtmc: Fix RCU stall warning
|
KASAN: use-after-free Read in r871xu_dev_remove
usb
staging
|
C |
unreliable |
|
152 |
1200d |
1227d
|
20/28 |
1107d |
e9e6aa51b273
staging: rtl8712: error handling refactoring
|
KASAN: use-after-free Read in io_worker_handle_work
fs
|
|
|
|
2 |
1251d |
1282d
|
20/28 |
1107d |
3743c1723bfc
io-wq: Fix UAF when wakeup wqe in hash waitqueue
|
WARNING: suspicious RCU usage in proc_alloc_inode
fs
|
|
|
|
1 |
1249d |
1249d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
net test error: WARNING in kvm_wait
kvm
|
|
|
|
1 |
1349d |
1349d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
KMSAN: kernel-infoleak in fb_cmap_to_user
fbdev
|
C |
|
|
439 |
1223d |
1374d
|
20/28 |
1107d |
19ab233989d0
fbdev: zero-fill colormap in fbcmap.c
|
KASAN: slab-out-of-bounds Read in snd_usbmidi_get_ms_info
alsa
usb
|
C |
|
|
10 |
1286d |
1290d
|
20/28 |
1107d |
e84749a78dc8
ALSA: usb-audio: Validate MS endpoint descriptors
|
WARNING: lock held when returning to user space in sock_setsockopt
net
|
|
|
|
1 |
1234d |
1234d
|
20/28 |
1107d |
271dbc318432
sock: unlock on error in sock_setsockopt()
|
WARNING in mntput_no_expire (2)
fs
|
C |
done |
|
68 |
1115d |
1329d
|
20/28 |
1107d |
7d01ef7585c0
Make sure nd->path.mnt and nd->path.dentry are always valid pointers
|
WARNING: suspicious RCU usage in __fput
fs
|
|
|
|
1 |
1275d |
1275d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING in ieee802154_del_seclevel
wpan
|
C |
done |
|
7 |
1331d |
1367d
|
20/28 |
1107d |
9dde130937e9
net: ieee802154: forbid monitor for del llsec seclevel
|
memory leak in snd_ctl_led_register
usb
|
C |
|
|
1 |
1293d |
1283d
|
20/28 |
1107d |
3ae72f6ab9c1
ALSA: control led: fix memory leak in snd_ctl_led_register
|
KMSAN: kernel-usb-infoleak in hid_submit_ctrl
input
usb
|
C |
|
|
839 |
1281d |
1889d
|
20/28 |
1107d |
6be388f4a35d
HID: usbhid: fix info leak in hid_submit_ctrl
|
linux-next build error (12)
|
|
|
|
63 |
1234d |
1332d
|
20/28 |
1107d |
7aae231ac93b
bpf: tcp: Limit calling some tcp cc functions to CONFIG_DYNAMIC_FTRACE
|
BUG: unable to handle kernel paging request in diFree
jfs
|
C |
done |
|
13 |
1243d |
1514d
|
20/28 |
1107d |
9d574f985fe3
jfs: fix GPF in diFree
|
WARNING: suspicious RCU usage in inet_twsk_purge
net
|
|
|
|
10 |
1230d |
1332d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
net-next test error: WARNING in __nf_unregister_net_hook
netfilter
|
|
|
|
42 |
1293d |
1304d
|
20/28 |
1107d |
43016d02cf6e
netfilter: arptables: use pernet ops struct during unregister
|
KMSAN: uninit-value in asix_mdio_read
usb
|
C |
|
|
915 |
1208d |
1871d
|
20/28 |
1107d |
a786e3195d6a
net: asix: fix uninit value bugs
|
WARNING: suspicious RCU usage in populate_vma_page_range
mm
|
|
|
|
1 |
1270d |
1270d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
general protection fault in kcm_sendmsg
net
|
C |
done |
|
7957 |
1241d |
1262d
|
20/28 |
1107d |
a47c397bb29f
revert "net: kcm: fix memory leak in kcm_sendmsg"
|
WARNING in sk_stream_kill_queues (6)
net
|
C |
|
|
11376 |
1107d |
1321d
|
20/28 |
1107d |
144748eb0c44
bpf, sockmap: Fix incorrect fwd_alloc accounting
|
linux-next boot error: KASAN: slab-out-of-bounds Read in page_to_skb
net
virt
|
|
|
|
5 |
1309d |
1311d
|
20/28 |
1107d |
af39c8f72301
virtio-net: fix use-after-free in page_to_skb()
|
WARNING: suspicious RCU usage in schedule_debug
mm
|
|
|
|
1 |
1300d |
1300d
|
20/28 |
1107d |
7072a355ba19
netfilter: nfnetlink: add a missing rcu_read_unlock()
|
BUG: MAX_LOCKDEP_CHAINS too low! (2)
net
|
C |
error |
|
84838 |
1107d |
1583d
|
20/28 |
1107d |
5dc33592e955
lockdep: Allow tuning tracing capacity constants.
|
WARNING in input_register_device
input
usb
|
C |
error |
done |
11 |
1324d |
1475d
|
20/28 |
1107d |
b4104180a2ef
kobject_uevent: remove warning in init_uevent_argv()
|
KASAN: use-after-free Read in disk_part_iter_next (2)
block
|
C |
done |
|
327 |
1329d |
1347d
|
20/28 |
1107d |
e82fc7855749
block: don't create too many partitions
|
memory leak in cfserl_create
net
|
C |
|
|
13 |
1826d |
1995d
|
20/28 |
1107d |
b53558a950a8
net: caif: fix memory leak in caif_device_notify
|
memory leak in cinergyt2_fe_attach
usb
media
|
C |
|
|
3 |
1411d |
1469d
|
20/28 |
1107d |
9ad1efee086e
media: dvd_usb: memory leak in cinergyt2_fe_attach
|
UBSAN: shift-out-of-bounds in red_adaptative_timer (2)
net
|
|
|
|
28 |
1336d |
1352d
|
20/28 |
1107d |
e323d865b361
net: sched: validate stab values
|
upstream test error: WARNING in corrupted
netfilter
|
|
|
|
1 |
1293d |
1293d
|
20/28 |
1107d |
43016d02cf6e
netfilter: arptables: use pernet ops struct during unregister
|
memory leak in radix_tree_insert
arm-msm
net
|
C |
|
|
1 |
1331d |
1331d
|
20/28 |
1107d |
8a03dd925786
net: qrtr: Fix memory leak on qrtr_tx_wait failure
|
KASAN: use-after-free Read in nfc_llcp_put_ssap
net
nfc
|
syz |
done |
|
4 |
1292d |
1300d
|
20/28 |
1107d |
c61760e6940d
net/nfc: fix use-after-free llcp_sock_bind/connect
|
BUG: unable to handle kernel paging request in vga16fb_imageblit (2)
fbdev
|
C |
done |
|
27 |
1289d |
1657d
|
20/28 |
1107d |
ffb324e6f874
tty: vt: always invoke vc->vc_sw->con_resize callback
|
WARNING: suspicious RCU usage in kernfs_iop_get_link
kernfs
|
|
|
|
1 |
1262d |
1258d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING: suspicious RCU usage in tcp_bpf_update_proto
bpf
net
|
C |
done |
|
539 |
1305d |
1325d
|
20/28 |
1107d |
51e0158a5432
skmsg: Pass psock pointer to ->psock_update_sk_prot()
|
UBSAN: array-index-out-of-bounds in udf_statfs
udf
|
C |
error |
error |
3 |
1214d |
1300d
|
20/28 |
1107d |
781d2a9a2fc7
udf: Check LVID earlier
|
linux-next boot error: WARNING in kvm_wait
kvm
|
|
|
|
9 |
1341d |
1352d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
WARNING: suspicious RCU usage in bpf_get_current_cgroup_id
bpf
|
C |
done |
|
764 |
1177d |
1215d
|
20/28 |
1107d |
2d3a1e3615c5
bpf: Add rcu_read_lock in bpf_get_current_[ancestor_]cgroup_id() helpers
|
general protection fault in __io_file_supports_nowait
fs
io-uring
|
C |
done |
done |
13 |
1172d |
1177d
|
20/28 |
1107d |
c6d3d9cbd659
io_uring: fix queueing half-created requests
|
possible deadlock in pipe_lock (5)
overlayfs
|
C |
done |
|
5 |
1215d |
1215d
|
20/28 |
1107d |
9b91b6b019fd
ovl: fix deadlock in splice write
|
upstream test error: WARNING in kvm_wait
kvm
|
|
|
|
2 |
1348d |
1349d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
upstream boot error: KASAN: invalid-access Read in tomoyo_memory_ok
tomoyo
|
|
|
|
3 |
1338d |
1352d
|
20/28 |
1107d |
cf10bd4c4aff
kasan: fix per-page tags for non-page_alloc pages
|
INFO: task hung in usb_remote_wakeup (2)
usb
|
syz |
inconclusive |
done |
9 |
1188d |
1387d
|
20/28 |
1107d |
363eaa3a450a
usbip: synchronize event handler with sysfs code paths
|
WARNING: suspicious RCU usage in bond_ipsec_add_sa (2)
|
C |
done |
|
540 |
1235d |
1521d
|
20/28 |
1107d |
b648eba4c69e
bonding: fix suspicious RCU usage in bond_ipsec_add_sa()
|
KCSAN: data-race in __ip4_datagram_connect / skb_set_owner_w (2)
net
|
|
|
|
1 |
1272d |
1259d
|
20/28 |
1107d |
b71eaed8c04f
inet: annotate date races around sk->sk_txhash
|
WARNING: suspicious RCU usage in __copy_msghdr_from_user
net
|
|
|
|
1 |
1273d |
1273d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KASAN: use-after-free Read in bdev_evict_inode
fs
|
C |
unreliable |
|
1305 |
1191d |
1194d
|
20/28 |
1107d |
889c05cc5834
block: ensure the bdi is freed after inode_detach_wb
|
WARNING in pvr2_i2c_core_done
usb
fs
|
C |
error |
|
5780 |
1228d |
1883d
|
20/28 |
1107d |
f8194e5e63fd
media: pvrusb2: fix warning in pvr2_i2c_core_done
|
BUG: sleeping function called from invalid context in __fdget_pos
kernel
|
|
|
|
4 |
1179d |
1241d
|
20/28 |
1107d |
821720b9f34e
crypto: x86/aes-ni - add missing error checks in XTS code
|
linux-next test error: unregister_netdevice: waiting for DEV to become free
|
|
|
|
2 |
1330d |
1330d
|
20/28 |
1107d |
0d7a7b2014b1
ipv6: remove extra dev_hold() for fallback tunnels
|
upstream test error: BUG: sleeping function called from invalid context in stack_depot_save
mm
|
|
|
|
4 |
1226d |
1238d
|
20/28 |
1107d |
187ad460b841
mm/page_alloc: avoid page allocator recursion with pagesets.lock held
|
general protection fault in nl802154_add_llsec_key
wpan
|
C |
inconclusive |
|
340 |
1320d |
1374d
|
20/28 |
1107d |
20d5fe2d7103
net: ieee802154: fix nl802154 add llsec key
|
INFO: task hung in io_uring_cancel_generic
io-uring
fs
|
C |
unreliable |
|
151 |
1107d |
1228d
|
20/28 |
1107d |
1b48773f9fd0
io_uring: fix io_drain_req()
|
BUG: MAX_STACK_TRACE_ENTRIES too low! (3)
net
|
|
|
|
2 |
1309d |
1311d
|
20/28 |
1107d |
5dc33592e955
lockdep: Allow tuning tracing capacity constants.
|
divide error in fill_meta_index
squashfs
|
C |
inconclusive |
|
1 |
1296d |
1295d
|
20/28 |
1107d |
d6e621de1fce
squashfs: fix divide error in calculate_skip()
|
memory leak in copy_process (2)
kernel
|
C |
|
|
2 |
1347d |
1347d
|
20/28 |
1107d |
f60a85cad677
bpf: Fix umd memory leak in copy_process()
|
WARNING in handle_mm_fault
kernel
|
|
|
|
5 |
1346d |
1350d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
WARNING in __i2c_transfer
i2c
|
C |
done |
|
2847 |
1107d |
1349d
|
20/28 |
1107d |
71581562ee36
i2c: bail out early when RDWR parameters are wrong
|
KASAN: slab-out-of-bounds Read in qrtr_endpoint_post (2)
|
C |
done |
|
41 |
1209d |
1573d
|
20/28 |
1107d |
ad9d24c9429e
net: qrtr: fix OOB Read in qrtr_endpoint_post
|
BUG: sleeping function called from invalid context in __ipv6_dev_mc_dec
net
|
C |
done |
|
21 |
1240d |
1297d
|
20/28 |
1107d |
a100243d95a6
rtnetlink: avoid RCU read lock when holding RTNL
|
INFO: task hung in del_gendisk
block
|
C |
done |
|
5 |
1195d |
1228d
|
20/28 |
1107d |
68c9417b193d
nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT
|
INFO: trying to register non-static key in skb_dequeue
bluetooth
|
C |
error |
|
28951 |
1292d |
1573d
|
20/28 |
1107d |
be8597239379
Bluetooth: initialize skb_queue_head at l2cap_chan_create()
|
net-next test error: unregister_netdevice: waiting for DEV to become free
|
|
|
|
18 |
1330d |
1331d
|
20/28 |
1107d |
0d7a7b2014b1
ipv6: remove extra dev_hold() for fallback tunnels
|
WARNING: suspicious RCU usage in getname_flags
fs
|
|
|
|
2 |
1236d |
1327d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING: refcount bug in in_dev_finish_destroy
net
|
C |
unreliable |
|
463 |
1107d |
1334d
|
20/28 |
1107d |
0d7a7b2014b1
ipv6: remove extra dev_hold() for fallback tunnels
|
KASAN: use-after-free Read in j1939_xtp_rx_dat_one (2)
can
|
|
|
|
3 |
1221d |
1283d
|
20/28 |
1107d |
2030043e616c
can: j1939: fix Use-after-Free, hold skb ref while in use
|
WARNING: suspicious RCU usage in vm_mmap_pgoff
mm
|
|
|
|
1 |
1272d |
1272d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KASAN: use-after-free Read in __d_alloc (2)
fs
|
C |
unreliable |
|
6774 |
1149d |
1192d
|
20/28 |
1107d |
0766ec82e5fb
namei: Fix use after free in kern_path_locked
|
WARNING: suspicious RCU usage in get_timespec64
kernel
|
|
|
|
3 |
1277d |
1326d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KMSAN: uninit-value in validate_beacon_head
wireless
|
C |
|
|
284 |
1226d |
1453d
|
20/28 |
1107d |
9a6847ba1747
nl80211: fix beacon head validation
|
WARNING in macvlan_process_broadcast
net
|
|
|
|
32053 |
1107d |
1352d
|
20/28 |
1107d |
dd4fa1dae9f4
macvlan: macvlan_count_rx() needs to be aware of preemption
|
WARNING: suspicious RCU usage in vxlan_xmit
net
|
C |
error |
|
1 |
1249d |
1249d
|
20/28 |
1107d |
85e8b032d6eb
vxlan: add missing rcu_read_lock() in neigh_reduce()
|
general protection fault in udmabuf_create
dri
media
|
C |
done |
|
2 |
1201d |
1198d
|
20/28 |
1107d |
b9770b0b6eac
udmabuf: fix general protection fault in udmabuf_create
|
memory leak in new_inode
ext4
|
C |
|
|
5 |
1153d |
1461d
|
20/28 |
1107d |
a8867f4e3809
ext4: fix memory leak in ext4_mb_init_backend on error path.
|
linux-next boot error: WARNING: refcount bug in fib_create_info
net
|
|
|
|
3 |
1206d |
1206d
|
20/28 |
1107d |
28814cd18cd7
ipv4: Fix refcount warning for new fib_info
|
WARNING: zero-size vmalloc in dvb_dmx_init
usb
media
|
C |
|
|
62 |
1229d |
1293d
|
20/28 |
1107d |
c680ed46e418
media: dvb-usb: fix wrong definition
|
memory leak in ext4_multi_mount_protect
ext4
|
C |
|
|
12 |
1250d |
1427d
|
20/28 |
1107d |
618f003199c6
ext4: fix memory leak in ext4_fill_super
|
WARNING in tracepoint_add_func
bpf
trace
|
C |
done |
|
20635 |
1223d |
1606d
|
20/28 |
1107d |
9913d5745bd7
tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
|
UBSAN: shift-out-of-bounds in nft_hash_estimate
netfilter
|
C |
done |
|
3 |
1295d |
1295d
|
20/28 |
1107d |
a54754ec9891
netfilter: nftables: avoid overflows in nft_hash_buckets()
|
BUG: sleeping function called from invalid context in munlock_vma_pages_range
mm
|
|
|
|
1 |
1228d |
1224d
|
20/28 |
1107d |
023e1a8dd502
mm/rmap: fix new bug: premature return from page_mlock_one()
|
KASAN: use-after-free Read in blk_mq_exit_sched
block
usb
|
C |
done |
|
9 |
1246d |
1261d
|
20/28 |
1107d |
f0c1c4d2864e
blk-mq: fix use-after-free in blk_mq_exit_sched
|
divide error in do_journal_end (2)
reiserfs
|
C |
inconclusive |
|
2 |
1289d |
1288d
|
20/28 |
1107d |
a149127be52f
reiserfs: add check for invalid 1st journal block
|
BUG: MAX_LOCKDEP_ENTRIES too low!
|
C |
done |
|
179076 |
1292d |
1983d
|
20/28 |
1107d |
5dc33592e955
lockdep: Allow tuning tracing capacity constants.
|
BUG: corrupted list in kobject_add_internal (3)
bluetooth
|
C |
inconclusive |
|
3 |
1143d |
1247d
|
20/28 |
1107d |
92fe24a7db75
Bluetooth: skip invalid hci_sync_conn_complete_evt
|
WARNING in nbd_dev_add
block
|
C |
inconclusive |
|
131 |
1108d |
1367d
|
20/28 |
1107d |
b1a811633f73
block: nbd: add sanity check for first_minor
|
possible deadlock in del_gendisk
|
C |
done |
|
158215 |
1170d |
1317d
|
20/28 |
1107d |
990e78116d38
block: loop: fix deadlock between open and remove
|
possible deadlock in br_ioctl_call
net
|
C |
unreliable |
|
4161 |
1197d |
1207d
|
20/28 |
1107d |
893b19587534
net: bridge: fix ioctl locking
|
WARNING in __vmalloc_node_range
media
usb
|
C |
|
|
7 |
1293d |
1294d
|
20/28 |
1107d |
c680ed46e418
media: dvb-usb: fix wrong definition
|
WARNING: ODEBUG bug in ext4_fill_super (3)
ext4
|
C |
done |
|
392 |
1109d |
1348d
|
20/28 |
1107d |
0ce160c5bdb6
ext4: fix timer use-after-free on failed mount
|
linux-next test error: WARNING in __nf_unregister_net_hook
netfilter
|
|
|
|
21 |
1297d |
1299d
|
20/28 |
1107d |
43016d02cf6e
netfilter: arptables: use pernet ops struct during unregister
|
BUG: sleeping function called from invalid context in _copy_to_iter
net
|
C |
done |
|
60 |
1193d |
1200d
|
20/28 |
1107d |
876c14ad014d
af_unix: fix holding spinlock in oob handling
|
possible deadlock in f_getown
fs
|
C |
done |
done |
164 |
1185d |
1514d
|
20/28 |
1107d |
f671a691e299
fcntl: fix potential deadlocks for &fown_struct.lock
|
UBSAN: array-index-out-of-bounds in taprio_change
net
|
|
|
|
2 |
1190d |
1198d
|
20/28 |
1107d |
efe487fce306
fix array-index-out-of-bounds in taprio_change
|
memory leak in rds_send_probe
|
C |
done |
|
27 |
1405d |
1947d
|
20/28 |
1107d |
49bfcbfd989a
net: rds: fix memory leak in rds_recvmsg
|
general protection fault in blk_mq_run_hw_queues
block
|
C |
unreliable |
|
305 |
1187d |
1235d
|
20/28 |
1107d |
16ad3db3b24c
nbd: fix order of cleaning up the queue and freeing the tagset
|
INFO: task hung in fuse_launder_page
fuse
|
C |
unreliable |
|
1 |
1199d |
1195d
|
20/28 |
1107d |
76224355db75
fuse: truncate pagecache on atomic_o_trunc
|
INFO: task hung in register_netdevice_notifier (2)
can
wireless
|
syz |
done |
|
10555 |
1251d |
1855d
|
20/28 |
1107d |
8d0caedb7596
can: bcm/raw/isotp: use per module netdevice notifier
|
general protection fault in hwsim_set_edge_lqi
wpan
|
C |
done |
|
4 |
1196d |
1249d
|
20/28 |
1107d |
0303b30375df
ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
|
KCSAN: data-race in expire_timers / try_to_del_timer_sync
mm
|
|
|
|
1029 |
1200d |
1605d
|
20/28 |
1107d |
bb7262b29547
timers: Move clearing of base::timer_running under base:: Lock
|
WARNING: suspicious RCU usage in kernfs_find_and_get_ns
block
|
|
|
|
1 |
1255d |
1255d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING: still has locks held in io_sq_thread
|
C |
done |
|
8689 |
1319d |
1332d
|
20/28 |
1107d |
82734c5b1b24
io_uring: drop sqd lock before handling signals for SQPOLL
|
KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
netfilter
|
C |
done |
|
3 |
1201d |
1201d
|
20/28 |
1107d |
e3245a7b7b34
netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex
|
memory leak in tcindex_set_parms
net
|
C |
|
|
94 |
1266d |
1751d
|
20/28 |
1107d |
f5051bcece50
net: sched: fix memory leak in tcindex_partial_destroy_work
|
general protection fault in sock_from_file
net
io-uring
|
C |
inconclusive |
|
78 |
1171d |
1178d
|
20/28 |
1107d |
c6d3d9cbd659
io_uring: fix queueing half-created requests
|
memory leak in h4_recv_buf
|
C |
done |
|
21 |
1216d |
1976d
|
20/28 |
1107d |
bb2853a6a421
tty: Fix data race between tiocsti() and flush_to_ldisc()
|
KCSAN: data-race in __skb_try_recv_datagram / sock_setsockopt
net
|
|
|
|
1 |
1241d |
1241d
|
20/28 |
1107d |
0dbffbb5335a
net: annotate data race around sk_ll_usec
|
WARNING in sta_info_alloc
|
C |
done |
done |
145 |
1253d |
1506d
|
20/28 |
1107d |
0ee4d55534f8
mac80211: remove warning in ieee80211_get_sband()
|
possible deadlock in snd_hrtimer_callback
fs
|
C |
done |
|
571 |
1108d |
1215d
|
20/28 |
1107d |
f671a691e299
fcntl: fix potential deadlocks for &fown_struct.lock
|
general protection fault in gfn_to_rmap (2)
kvm
|
C |
done |
|
1 |
1262d |
1261d
|
20/28 |
1107d |
78fcb2c91adf
KVM: x86: Immediately reset the MMU context when the SMM flag is cleared
|
UBSAN: shift-out-of-bounds in profile_init
kernel
|
C |
unreliable |
|
23 |
1175d |
1225d
|
20/28 |
1107d |
2d186afd04d6
profiling: fix shift-out-of-bounds bugs
|
KASAN: use-after-free Read in hci_send_acl
bluetooth
|
C |
done |
|
2 |
1360d |
1571d
|
20/28 |
1107d |
5c4c8c954409
Bluetooth: verify AMP hci_chan before amp_destroy
|
WARNING: ODEBUG bug in cancel_delayed_work
|
C |
done |
|
3384 |
1123d |
1574d
|
20/28 |
1107d |
3a9d54b1947e
Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
|
KFENCE: use-after-free in kmem_cache_destroy
f2fs
|
|
|
|
1 |
1299d |
1297d
|
20/28 |
1107d |
cad83c968c2e
f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances
|
bpf build error (3)
kernel
|
|
|
|
15 |
1164d |
1175d
|
20/28 |
1107d |
ea7b4244b365
x86/setup: Explicitly include acpi.h
|
memory leak in usb_urb_init
media
usb
|
C |
|
|
1 |
1420d |
1416d
|
20/28 |
1107d |
b7cd0da982e3
media: dvb-usb: fix memory leak in dvb_usb_adapter_init
|
general protection fault in crypto_destroy_tfm
crypto
|
syz |
unreliable |
|
57 |
1321d |
1362d
|
20/28 |
1107d |
83681f2bebb3
crypto: api - check for ERR pointers in crypto_destroy_tfm()
|
possible deadlock in console_lock_spinning_enable
|
C |
done |
|
1693 |
1107d |
1980d
|
20/28 |
1107d |
c0070e1e6027
ttyprintk: Add TTY hangup callback.
|
memory leak in ip_vs_add_service
lvs
|
C |
|
|
1 |
1280d |
1276d
|
20/28 |
1107d |
56e4ee82e850
ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
|
possible deadlock in io_sq_thread_finish
fs
|
C |
unreliable |
done |
4 |
1352d |
1354d
|
20/28 |
1107d |
f4e61f0c9add
x86/kvm: Fix broken irq restoration in kvm_wait
|
BUG: unable to handle kernel NULL pointer dereference in fbcon_cursor
fbdev
|
C |
done |
|
21 |
1333d |
1465d
|
20/28 |
1107d |
01faae5193d6
drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
|
memory leak in nr_create
hams
|
C |
|
|
250 |
1219d |
2004d
|
20/28 |
1107d |
517a16b1a88b
netrom: Decrease sock refcount when sock timers expire
|
general protection fault in ieee802154_llsec_parse_dev_addr
wpan
|
C |
inconclusive |
|
80 |
1234d |
1364d
|
20/28 |
1107d |
88c17855ac42
net: ieee802154: forbid monitor for set llsec params
|
WARNING in smk_set_cipso (2)
lsm
|
C |
inconclusive |
|
24 |
1241d |
1318d
|
20/28 |
1107d |
49ec114a6e62
smackfs: restrict bytes count in smk_set_cipso()
|
memory leak in atusb_probe
usb
wpan
|
C |
|
|
71 |
1323d |
1468d
|
20/28 |
1107d |
6b9fbe169551
drivers: net: fix memory leak in atusb_probe
|
WARNING: ODEBUG bug in net_dm_cmd_trace
net
|
syz |
unreliable |
|
2 |
1358d |
1354d
|
20/28 |
1107d |
9398e9c0b1d4
drop_monitor: Perform cleanup upon probe registration failure
|
WARNING: suspicious RCU usage in __alloc_file
fs
|
|
|
|
1 |
1294d |
1294d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
general protection fault in nft_set_elem_expr_alloc
netfilter
|
C |
done |
|
3 |
1270d |
1267d
|
20/28 |
1107d |
ad9f151e560b
netfilter: nf_tables: initialize set before expression setup
|
net-next boot error: WARNING: refcount bug in fib_create_info
net
|
|
|
|
39 |
1206d |
1205d
|
20/28 |
1107d |
28814cd18cd7
ipv4: Fix refcount warning for new fib_info
|
general protection fault in do_blk_trace_setup
block
trace
|
C |
done |
|
25 |
1182d |
1184d
|
20/28 |
1107d |
1d1cf156dc17
sg: pass the device name to blk_trace_setup
|
UBSAN: shift-out-of-bounds in gred_enqueue
net
|
|
|
|
1 |
1345d |
1345d
|
20/28 |
1107d |
e323d865b361
net: sched: validate stab values
|
WARNING in xfrm_alloc_compat (2)
net
|
C |
done |
|
47 |
1322d |
1332d
|
20/28 |
1107d |
ef19e111337f
xfrm/compat: Cleanup WARN()s that can be user-triggered
|
possible deadlock in bd_register_pending_holders
block
|
|
|
|
3 |
1113d |
1167d
|
20/28 |
1107d |
dfbb3409b27f
block: genhd: don't call blkdev_show() with major_names_lock held
|
KASAN: use-after-free Write in sctp_auth_shkey_hold
sctp
|
C |
done |
|
4 |
1219d |
1228d
|
20/28 |
1107d |
58acd1009226
sctp: update active_key for asoc when old key is being replaced
|
KMSAN: uninit-value in tipc_nl_node_set_key
tipc
|
|
|
|
1 |
1347d |
1347d
|
20/28 |
1107d |
0217ed2848e8
tipc: better validate user input in tipc_nl_retrieve_key()
|
UBSAN: shift-out-of-bounds in load_balance
kernel
|
syz |
|
|
2167 |
1292d |
1396d
|
20/28 |
1107d |
39a2a6eb5c9b
sched/fair: Fix shift-out-of-bounds in load_balance()
|
WARNING in io_rsrc_node_switch
io-uring
fs
|
C |
done |
|
174 |
1292d |
1301d
|
20/28 |
1107d |
47b228ce6f66
io_uring: fix unchecked error in switch_start()
|
KASAN: use-after-free Read in firmware_fallback_sysfs
kernel
|
C |
error |
|
16514 |
1189d |
1389d
|
20/28 |
1107d |
75d95e2e39b2
firmware_loader: fix use-after-free in firmware_fallback_sysfs
|
WARNING in tcindex_alloc_perfect_hash
mm
|
C |
inconclusive |
|
349 |
1236d |
1411d
|
20/28 |
1107d |
3f2db250099f
net: sched: fix warning in tcindex_alloc_perfect_hash
|
KMSAN: uninit-value in caif_seqpkt_sendmsg
net
|
C |
|
|
2365 |
1153d |
1570d
|
20/28 |
1107d |
991e634360f2
net: fix uninit-value in caif_seqpkt_sendmsg
|
KASAN: invalid-free in ieee80211_ibss_leave
wireless
|
C |
inconclusive |
|
1 |
1351d |
1379d
|
20/28 |
1107d |
3bd801b14e0c
mac80211: fix double free in ibss_leave
|
WARNING in io_wq_submit_work (2)
io-uring
fs
|
C |
done |
done |
52 |
1166d |
1169d
|
20/28 |
1107d |
713b9825a4c4
io-wq: fix cancellation on create-worker failure
|
memory leak in prepare_creds (2)
kernel
|
C |
|
|
2 |
1245d |
1341d
|
20/28 |
1107d |
f60a85cad677
bpf: Fix umd memory leak in copy_process()
|
WARNING: suspicious RCU usage in __clear_user
netfilter
|
|
|
|
1 |
1275d |
1275d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KASAN: null-ptr-deref Write in io_uring_cancel_sqpoll
fs
|
|
|
|
170 |
1108d |
1363d
|
20/28 |
1107d |
6d042ffb598e
io_uring: Check current->io_uring in io_uring_cancel_sqpoll
|
WARNING in cfg80211_inform_single_bss_frame_data
wireless
|
C |
done |
|
1 |
1296d |
1388d
|
20/28 |
1107d |
e298aa358f0c
mac80211: fix skb length check in ieee80211_scan_rx()
|
memory leak in mrp_request_join
net
|
C |
|
|
215 |
1247d |
1765d
|
20/28 |
1107d |
996af62167d0
net/802/mrp: fix memleak in mrp_request_join()
|
INFO: task hung in unregister_netdevice_notifier (3)
can
|
syz |
error |
error |
184 |
1919d |
2103d
|
20/28 |
1107d |
8d0caedb7596
can: bcm/raw/isotp: use per module netdevice notifier
|
KASAN: slab-out-of-bounds Write in decode_data
hams
|
C |
done |
error |
7 |
1657d |
1813d
|
20/28 |
1107d |
19d1532a1876
net: 6pack: fix slab-out-of-bounds in decode_data
|
net-next boot error: KASAN: slab-out-of-bounds Read in page_to_skb
net
virt
|
|
|
|
15 |
1310d |
1313d
|
20/28 |
1107d |
af39c8f72301
virtio-net: fix use-after-free in page_to_skb()
|
general protection fault in bond_ipsec_add_sa (2)
net
|
|
|
|
1 |
1234d |
1234d
|
20/28 |
1107d |
105cd17a8660
bonding: fix null dereference in bond_ipsec_add_sa()
|
memory leak in tcp_cdg_init
net
|
syz |
|
|
6 |
1271d |
1411d
|
20/28 |
1107d |
be5d1b61a2ad
tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized
|
WARNING: suspicious RCU usage in get_signal
kernel
|
|
|
|
1 |
1298d |
1294d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
KASAN: use-after-free Read in drm_getunique
dri
|
syz |
inconclusive |
|
2 |
1268d |
1267d
|
20/28 |
1107d |
b436acd1cf7f
drm: Fix use-after-free read in drm_getunique()
|
WARNING in hsr_forward_skb
|
C |
done |
done |
1310 |
1321d |
2149d
|
20/28 |
1107d |
9d6803921a16
net: hsr: Reset MAC header for Tx path
|
WARNING: refcount bug in sk_psock_get
net
|
C |
done |
|
8 |
1294d |
1321d
|
20/28 |
1107d |
8621436671f3
smc: disallow TCP_ULP in smc_setsockopt()
|
WARNING in close_fs_devices (3)
btrfs
|
C |
done |
|
98 |
1209d |
1453d
|
20/28 |
1107d |
b2a616676839
btrfs: fix rw device counting in __btrfs_free_extra_devids
|
KASAN: use-after-free Read in check_all_holdout_tasks_trace
kernel
|
syz |
done |
|
4 |
1209d |
1279d
|
20/28 |
1107d |
1d10bf55d85d
rcu-tasks: Don't delete holdouts within trc_inspect_reader()
|
kernel BUG in assertfail
btrfs
|
|
|
|
1 |
1275d |
1269d
|
20/28 |
1107d |
aefd7f706556
btrfs: promote debugging asserts to full-fledged checks in validate_super
|
net-next boot error: KASAN: use-after-free Read in page_to_skb
net
virt
|
|
|
|
11 |
1310d |
1313d
|
20/28 |
1107d |
af39c8f72301
virtio-net: fix use-after-free in page_to_skb()
|
BUG: unable to handle kernel paging request in nl802154_del_llsec_key
wpan
|
C |
inconclusive |
|
235 |
1320d |
1371d
|
20/28 |
1107d |
37feaaf5ceb2
net: ieee802154: fix nl802154 del llsec key
|
WARNING: refcount bug in ipip6_tunnel_uninit
net
|
C |
done |
|
199 |
1329d |
1334d
|
20/28 |
1107d |
6289a98f0817
sit: proper dev_{hold|put} in ndo_[un]init methods
|
WARNING: suspicious RCU usage in tomoyo_update_domain
tomoyo
|
|
|
|
1 |
1248d |
1248d
|
20/28 |
1107d |
3066820034b5
rcu: Reject RCU_LOCKDEP_WARN() false positives
|
WARNING: refcount bug in register_netdevice
net
|
C |
unreliable |
|
97 |
1328d |
1334d
|
20/28 |
1107d |
7f700334be9a
ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
|
possible deadlock in sctp_addr_wq_timeout_handler
sctp
|
C |
done |
|
8 |
1300d |
1300d
|
20/28 |
1107d |
01bfe5e8e428
Revert "net/sctp: fix race condition in sctp_destroy_sock"
|
INFO: task hung in hci_req_sync
bluetooth
|
C |
inconclusive |
|
1 |
1201d |
1197d
|
20/28 |
1107d |
f41a4b2b5eb7
Bluetooth: add timeout sanity check to hci_inquiry
|
WARNING: refcount bug in ip6erspan_tunnel_uninit
net
|
C |
error |
|
11 |
1331d |
1334d
|
20/28 |
1107d |
7f700334be9a
ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
|
UBSAN: shift-out-of-bounds in xfrm_set_default
net
|
C |
unreliable |
|
79 |
1202d |
1212d
|
20/28 |
1107d |
5d8dbb7fb82b
net: xfrm: fix shift-out-of-bounce
|
possible deadlock in cfg80211_netdev_notifier_call (2)
wireless
|
|
|
|
2 |
1279d |
1290d
|
20/28 |
1107d |
d5befb224edb
mac80211: fix deadlock in AP/VLAN handling
|
WARNING in fuse_get_tree
fuse
|
C |
unreliable |
|
22 |
1202d |
1209d
|
20/28 |
1107d |
5d5b74aa9c76
fuse: allow sharing existing sb
|
INFO: task hung in hub_port_init
|
C |
done |
|
15888 |
1107d |
1506d
|
20/28 |
1107d |
258c81b341c8
usbip: give back URBs for unsent unlink requests during cleanup
|
general protection fault in wb_timer_fn
block
|
C |
done |
|
60 |
1184d |
1194d
|
20/28 |
1107d |
d152c682f03c
block: add an explicit ->disk backpointer to the request_queue
|
memory leak in con_do_clear_unimap
serial
|
C |
|
|
13 |
1309d |
1367d
|
20/28 |
1107d |
211b4d42b70f
tty: fix memory leak in vc_deallocate
|
KMSAN: kernel-infoleak in _copy_to_iter (5)
net
|
C |
|
|
23883 |
1216d |
1652d
|
20/28 |
1107d |
08c27f3322fe
batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
|
WARNING: locking bug in l2tp_xmit_skb
net
|
|
|
|
1 |
1296d |
1296d
|
20/28 |
1107d |
69e16d01d1de
net: fix a concurrency bug in l2tp_tunnel_register()
|
KMSAN: uninit-value in __dev_mc_add
net
|
C |
|
|
213 |
2051d |
2247d
|
20/28 |
1107d |
cca8ea3b05c9
net: tun: set tun->dev->addr_len during TUNSETLINK processing
|
KASAN: vmalloc-out-of-bounds Write in imageblit
fbdev
|
C |
|
|
104 |
1121d |
1414d
|
20/28 |
1107d |
3b0c40612471
tty: Fix out-of-bound vmalloc access in imageblit
|
WARNING in init_timer_key
wireless
|
C |
done |
|
2 |
1277d |
1384d
|
20/28 |
1107d |
a64b6a25dd9f
cfg80211: call cfg80211_leave_ocb when switching away from OCB
|
KASAN: stack-out-of-bounds Read in iov_iter_revert
fs
io-uring
|
C |
error |
|
14 |
1179d |
1196d
|
20/28 |
1107d |
89c2b3b74918
io_uring: reexpand under-reexpanded iters
|
WARNING in futex_requeue
kernel
|
syz |
|
|
4 |
1172d |
1176d
|
20/28 |
1107d |
4f07ec0d76f2
futex: Prevent inconsistent state and exit race
|
WARNING in internal_create_group
fs
|
C |
inconclusive |
|
20 |
1172d |
1225d
|
20/28 |
1107d |
b1a811633f73
block: nbd: add sanity check for first_minor
|
UBSAN: shift-out-of-bounds in vhci_hub_control (2)
usb
|
C |
unreliable |
|
5 |
1328d |
1337d
|
20/28 |
1107d |
1cc5ed25bdad
usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
|
WARNING in __static_key_slow_dec
kernel
|
C |
unreliable |
|
19 |
1170d |
1174d
|
20/28 |
1107d |
6d5f1ef83868
bonding: Fix negative jump label count on nested bonding
|
memory leak in kcm_sendmsg
net
|
C |
|
|
2 |
1602d |
1742d
|
20/28 |
1107d |
c47cc304990a
net: kcm: fix memory leak in kcm_sendmsg
|
kernel BUG in remove_inode_hugepages
fs
mm
|
C |
unreliable |
|
3 |
1192d |
1192d
|
20/28 |
1107d |
c7b1850dfb41
hugetlb: don't pass page cache pages to restore_reserve_on_error
|
WARNING in io_wq_put
fs
io-uring
|
C |
unreliable |
|
3 |
1341d |
1352d
|
20/28 |
1107d |
f5d2d23bf0d9
io-wq: fix race around pending work on teardown
|
memory leak in v4l2_ctrl_handler_init_class
usb
media
|
C |
|
|
12 |
1312d |
1364d
|
20/28 |
1107d |
9c39be40c015
media: drivers/media/usb: fix memory leak in zr364xx_probe
|
KMSAN: uninit-value in ax88179_get_mac_addr
usb
|
C |
|
|
149 |
1225d |
1489d
|
20/28 |
1107d |
bd78980be1a6
net: usb: ax88179_178a: initialize local variables before use
|
WARNING in io_uring_setup (2)
fs
io-uring
|
C |
done |
|
40 |
1292d |
1301d
|
20/28 |
1107d |
47b228ce6f66
io_uring: fix unchecked error in switch_start()
|
general protection fault in drm_atomic_set_crtc_for_connector
dri
|
C |
unreliable |
|
586 |
1464d |
1461d
|
20/28 |
1132d |
0003b687ee6d
drm: fix oops in drm_atomic_set_crtc_for_connector
|
UBSAN: shift-out-of-bounds in qdisc_get_rtab
net
|
C |
unreliable |
done |
521 |
1400d |
1444d
|
20/28 |
1254d |
e4bedf48aaa5
net_sched: reject silly cell_log in qdisc_get_rtab()
|
KASAN: out-of-bounds Read in kfence_guarded_free
kasan
mm
|
C |
error |
|
20 |
1417d |
1428d
|
20/28 |
1258d |
2b8305260fb3
kfence, kasan: make KFENCE compatible with KASAN
|
INFO: task can't die in d_alloc_parallel
fs
|
|
|
|
2 |
1416d |
1432d
|
20/28 |
1269d |
0ce20dd84089
mm: add Kernel Electric-Fence infrastructure
|
KASAN: global-out-of-bounds Read in netlink_policy_dump_add_policy (2)
kernel
|
C |
done |
|
2 |
1381d |
1381d
|
20/28 |
1274d |
33b347503f01
vdpa: Define vdpa mgmt device, ops and a netlink interface
|
KASAN: use-after-free Read in __cpuhp_state_remove_instance
kernel
|
C |
unreliable |
done |
2726 |
1342d |
1363d
|
20/28 |
1311d |
470ec4ed8c91
io-wq: fix double put of 'wq' in error path
|
KASAN: use-after-free Read in idr_for_each (2)
io-uring
fs
|
C |
error |
done |
86 |
1345d |
1507d
|
20/28 |
1311d |
61cf93700fe6
io_uring: Convert personality_idr to XArray
|
KASAN: vmalloc-out-of-bounds Read in bpf_trace_run2
trace
bpf
|
C |
done |
done |
5 |
1363d |
1521d
|
20/28 |
1317d |
befe6d946551
tracepoint: Do not fail unregistering a probe due to memory failure
|
general protection fault in drm_client_buffer_vunmap
usb
dri
|
C |
unreliable |
done |
247 |
1350d |
1451d
|
20/28 |
1317d |
874a52f9b693
drm/fb-helper: only unmap if buffer not null
|
BUG: unable to handle kernel paging request in bpf_trace_run2
bpf
trace
|
C |
done |
done |
10 |
1361d |
1521d
|
20/28 |
1317d |
befe6d946551
tracepoint: Do not fail unregistering a probe due to memory failure
|
INFO: rcu detected stall in smp_call_function
perf
|
C |
|
|
107 |
1320d |
1575d
|
20/28 |
1318d |
c583bcb8f5ed
rcu: Don't invoke try_invoke_on_locked_down_task() with irqs disabled
1b7af295541d
sched/core: Allow try_invoke_on_locked_down_task() with irqs disabled
|
INFO: task hung in io_uring_cancel_task_requests
fs
io-uring
|
C |
|
|
305 |
1345d |
1380d
|
20/28 |
1321d |
34343786ecc5
io_uring: unpark SQPOLL thread for cancelation
|
general protection fault in usb_audio_probe
usb
sound
|
C |
done |
|
360 |
1351d |
1353d
|
20/28 |
1321d |
30dea07180de
ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe
|
UBSAN: shift-out-of-bounds in erofs_fc_fill_super
erofs
|
C |
unreliable |
|
11 |
1371d |
1401d
|
20/28 |
1321d |
bde545295b71
erofs: fix shift-out-of-bounds of blkszbits
|
net-next build error (3)
|
|
|
|
7 |
1385d |
1382d
|
20/28 |
1321d |
9c97921a51a0
net: fix building errors on powerpc when CONFIG_RETPOLINE is not set
|
KASAN: use-after-free Read in tctx_task_work
fs
|
|
|
|
2 |
1364d |
1361d
|
20/28 |
1321d |
2c32395d8111
io_uring: fix __tctx_task_work() ctx race
|
INFO: task hung in addrconf_verify_work (4)
|
C |
done |
|
132 |
1370d |
1457d
|
20/28 |
1321d |
d349f9976868
net_sched: fix RTNL deadlock again caused by request_module()
|
possible deadlock in cfg80211_netdev_notifier_call
wireless
|
syz |
done |
|
13 |
1322d |
1388d
|
20/28 |
1321d |
40c575d1ec71
cfg80211: fix netdev registration deadlock
|
memory leak in qrtr_tun_open
net
arm-msm
|
C |
|
|
4 |
1412d |
1457d
|
20/28 |
1321d |
fc0494ead639
net: qrtr: Fix memory leak in qrtr_tun_open
|
UBSAN: shift-out-of-bounds in mceusb_dev_printdata
media
usb
|
C |
error |
|
331 |
1368d |
1435d
|
20/28 |
1321d |
9dec0f48a75e
media: mceusb: sanity check for prescaler value
|
KMSAN: uninit-value in bpf_iter_prog_supported
bpf
|
|
|
|
4479 |
1321d |
1382d
|
20/28 |
1321d |
17d8beda277a
bpf: Fix an unitialized value in bpf_iter
|
KASAN: invalid-free in io_req_caches_free
fs
|
|
|
|
5 |
1365d |
1367d
|
20/28 |
1321d |
8e5c66c485a8
io_uring: clear request count when freeing caches
|
memory leak in v2_read_file_info
ext4
|
C |
|
|
71 |
1370d |
1429d
|
20/28 |
1321d |
a4db1072e1a3
quota: Fix memory leak when handling corrupted quota file
|
KASAN: null-ptr-deref Read in tcf_idrinfo_destroy
net
|
C |
|
|
115 |
1324d |
1514d
|
20/28 |
1321d |
396d7f23adf9
net: sched: fix police ext initialization
|
general protection fault in j1939_netdev_notify (2)
can
|
C |
done |
|
19 |
1373d |
1432d
|
20/28 |
1321d |
4e096a18867a
net: introduce CAN specific pointer in the struct net_device
|
INFO: task hung in tcf_action_init_1
net
|
C |
done |
|
30 |
1380d |
1514d
|
20/28 |
1321d |
d349f9976868
net_sched: fix RTNL deadlock again caused by request_module()
|
general protection fault in kobject_cleanup
gpio
usb
|
C |
unreliable |
|
72 |
1351d |
1364d
|
20/28 |
1321d |
a6112998ee45
gpio: fix NULL-deref-on-deregistration regression
|
KASAN: slab-out-of-bounds Read in skb_segment
net
|
C |
error |
|
311 |
1400d |
1403d
|
20/28 |
1321d |
00b229f762b0
net: fix GSO for SG-enabled devices
|
upstream test error: INFO: trying to register non-static key in nsim_get_stats64
net
|
|
|
|
381 |
1352d |
1394d
|
20/28 |
1321d |
863a42b289c2
netdevsim: init u64 stats for 32bit hardware
|
UBSAN: shift-out-of-bounds in snto32
input
usb
|
C |
error |
|
58 |
1365d |
1438d
|
20/28 |
1321d |
a0312af1f94d
HID: core: detect and skip invalid inputs to snto32()
|
UBSAN: shift-out-of-bounds in exfat_fill_super
exfat
|
C |
error |
|
3 |
1378d |
1395d
|
20/28 |
1321d |
78c276f5495a
exfat: fix shift-out-of-bounds in exfat_fill_super()
|
INFO: task hung in io_sq_thread_park
fs
io-uring
|
C |
unreliable |
|
263 |
1356d |
1361d
|
20/28 |
1321d |
3ebba796fa25
io_uring: ensure that SQPOLL thread is started for exit
|
KCSAN: data-race in tomoyo_domain_quota_is_ok / tomoyo_merge_path_acl (4)
tomoyo
|
|
|
|
12 |
1378d |
1444d
|
20/28 |
1321d |
5797e861e402
tomoyo: ignore data race while checking quota
|
INFO: task hung in walk_component (2)
fuse
|
|
|
|
31 |
1349d |
1349d
|
20/28 |
1321d |
775c5033a0d1
fuse: fix live lock in fuse_iget()
|
KCSAN: data-race in bpf_lru_pop_free / bpf_lru_push_free
bpf
|
|
|
|
237 |
1369d |
1556d
|
20/28 |
1321d |
6df8fb83301d
bpf_lru_list: Read double-checked variable once without lock
|
KASAN: use-after-free Read in ntfs_iget
ntfs3
|
C |
error |
error |
1 |
1458d |
1454d
|
20/28 |
1321d |
4dfe6bd94959
ntfs: check for valid standard information attribute
|
general protection fault in kvm_hv_irq_routing_update
kvm
|
C |
done |
|
33 |
1357d |
1363d
|
20/28 |
1321d |
919f4ebc5987
KVM: x86: hyper-v: Fix Hyper-V context null-ptr-deref
|
WARNING in memdup_user_nul
lsm
|
C |
inconclusive |
|
2 |
1406d |
1406d
|
20/28 |
1321d |
7ef4c19d245f
smackfs: restrict bytes count in smackfs write functions
|
memory leak in io_submit_sqes (2)
fs
io-uring
|
C |
|
|
1 |
1359d |
1358d
|
20/28 |
1321d |
f01272541d2c
io-wq: ensure all pending work is canceled on exit
|
INFO: task can't die in connmark_exit_net
net
|
syz |
error |
|
1 |
1443d |
1439d
|
20/28 |
1321d |
d349f9976868
net_sched: fix RTNL deadlock again caused by request_module()
|
memory leak in dlfb_usb_probe
usb
fbdev
|
C |
|
|
3 |
1435d |
1437d
|
20/28 |
1321d |
5c0e4110f751
udlfb: Fix memory leak in dlfb_usb_probe
|
INFO: task can't die in iget5_locked
fuse
|
|
|
|
7 |
1365d |
1389d
|
20/28 |
1321d |
775c5033a0d1
fuse: fix live lock in fuse_iget()
|
UBSAN: shift-out-of-bounds in std_validate
media
|
C |
unreliable |
|
2 |
1401d |
1401d
|
20/28 |
1321d |
048c96e28674
media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate
|
memory leak in zr364xx_probe
usb
media
|
C |
|
|
6 |
1375d |
1428d
|
20/28 |
1321d |
ea354b6ddd6f
media: zr364xx: fix memory leaks in probe()
|
linux-next test error: possible deadlock in cfg80211_netdev_notifier_call
wireless
|
|
|
|
6 |
1393d |
1393d
|
20/28 |
1321d |
38ec7c6b6bd6
virt_wifi: fix deadlock on RTNL
|
KASAN: use-after-free Read in usb_audio_disconnect
sound
usb
|
C |
done |
|
15 |
1351d |
1352d
|
20/28 |
1321d |
c5aa956eaeb0
ALSA: usb-audio: fix use after free in usb_audio_disconnect
|
WARNING in pstore_kill_sb
arm
|
|
|
|
1 |
1380d |
1376d
|
20/28 |
1321d |
9c7d83ae6ba6
pstore: Fix warning in pstore_kill_sb()
|
UBSAN: shift-out-of-bounds in chkSuper
jfs
|
C |
unreliable |
|
28 |
1369d |
1435d
|
20/28 |
1321d |
3bef198f1b17
JFS: more checks for invalid superblock
|
KCSAN: data-race in __bpf_lru_list_rotate / bpf_lru_push_free (2)
bpf
|
|
|
|
32 |
1375d |
1444d
|
20/28 |
1321d |
6df8fb83301d
bpf_lru_list: Read double-checked variable once without lock
|
KASAN: vmalloc-out-of-bounds Read in bpf_trace_run3
bpf
trace
|
C |
done |
|
6 |
1377d |
1479d
|
20/28 |
1321d |
befe6d946551
tracepoint: Do not fail unregistering a probe due to memory failure
|
UBSAN: shift-out-of-bounds in mceusb_dev_recv
media
usb
|
C |
|
|
13 |
1368d |
1432d
|
20/28 |
1321d |
1b43bad31fb0
media: mceusb: Fix potential out-of-bounds shift
|
memory leak in video_usercopy
media
|
C |
|
|
19 |
1369d |
1432d
|
20/28 |
1321d |
fb18802a338b
media: v4l: ioctl: Fix memory leak in video_usercopy
|
BUG: sleeping function called from invalid context in rxe_alloc_nl
rdma
|
C |
done |
|
475 |
1387d |
1401d
|
20/28 |
1321d |
c4369575b2bc
RDMA/rxe: Fix bug in rxe_alloc()
|
WARNING in __alloc_skb
arm-msm
net
|
C |
error |
|
24 |
1352d |
1364d
|
20/28 |
1321d |
093b036aa94e
net/qrtr: fix __netdev_alloc_skb call
|
WARNING in iov_iter_revert (2)
serial
|
C |
done |
|
9 |
1372d |
1373d
|
20/28 |
1321d |
3342ff2698e9
tty: protect tty_write from odd low-level tty disciplines
|
WARNING in cfg80211_change_iface
wireless
|
C |
inconclusive |
|
4 |
1387d |
1392d
|
20/28 |
1321d |
bae173563cbf
wext: call cfg80211_change_iface() with wiphy lock held
|
general protection fault in tomoyo_socket_sendmsg_permission
usb
|
|
|
|
17 |
1378d |
1468d
|
20/28 |
1321d |
9380afd6df70
usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
718ad9693e36
usbip: fix vhci_hcd attach_store() races leading to gpf
46613c9dfa96
usbip: fix vudc usbip_sockfd_store races leading to gpf
|
memory leak in edge_startup
usb
|
C |
|
|
1 |
1364d |
1360d
|
20/28 |
1321d |
cfdc67acc785
USB: serial: io_edgeport: fix memory leak in edge_startup
|
unexpected kernel reboot (3)
input
usb
|
C |
error |
error |
21132 |
1321d |
2322d
|
20/28 |
1321d |
c8e2fe13d1d1
x86/perf: Use RET0 as default for guest_get_msrs to handle "no PMU" case
|
WARNING in qp_broker_alloc
kernel
|
C |
inconclusive |
|
24 |
1366d |
1402d
|
20/28 |
1321d |
2fd10bcf0310
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
|
WARNING in sk_stream_kill_queues (5)
net
|
C |
done |
|
4684 |
1321d |
1451d
|
20/28 |
1321d |
097b9146c0e2
net: fix up truesize of cloned skb in skb_prepare_for_shift()
|
BUG: unable to handle kernel paging request in bpf_trace_run3
bpf
trace
|
C |
done |
|
40 |
1368d |
1490d
|
20/28 |
1321d |
befe6d946551
tracepoint: Do not fail unregistering a probe due to memory failure
|
KASAN: null-ptr-deref Write in event_handler
usb
|
C |
done |
|
2869 |
1360d |
1507d
|
20/28 |
1321d |
9380afd6df70
usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
718ad9693e36
usbip: fix vhci_hcd attach_store() races leading to gpf
46613c9dfa96
usbip: fix vudc usbip_sockfd_store races leading to gpf
|
KASAN: use-after-free Read in nbd_genl_connect
nbd
|
C |
inconclusive |
|
16 |
1352d |
1367d
|
20/28 |
1321d |
c9a2f90f4d6b
nbd: handle device refs for DESTROY_ON_DISCONNECT properly
|
WARNING in cfg80211_dev_rename
wireless
|
C |
inconclusive |
|
22 |
1386d |
1392d
|
20/28 |
1321d |
0391a45c8007
nl80211: call cfg80211_dev_rename() under RTNL
|
general protection fault in gfs2_withdraw
gfs2
|
C |
done |
|
81 |
1369d |
1517d
|
20/28 |
1321d |
d5bf630f355d
gfs2: bypass signal_our_withdraw if no journal
|
KASAN: null-ptr-deref Write in amp_read_loc_assoc_final_data
bluetooth
|
C |
done |
|
185 |
1372d |
1573d
|
20/28 |
1321d |
e8bd76ede155
Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
|
possible deadlock in io_poll_double_wake (2)
io-uring
fs
|
C |
error |
error |
431 |
1321d |
1514d
|
20/28 |
1321d |
1c3b3e6527e5
io_uring: ignore double poll add on the same waitqueue head
|
WARNING in _cfg80211_unregister_wdev
wireless
|
C |
inconclusive |
|
48 |
1386d |
1392d
|
20/28 |
1321d |
776a39b8196d
cfg80211: call cfg80211_destroy_ifaces() with wiphy lock held
|
INFO: task can't die in io_sq_thread_finish
ext4
|
syz |
|
|
137 |
1332d |
1364d
|
20/28 |
1321d |
eb85890b29e4
io_uring: ensure SQPOLL startup is triggered before error shutdown
|
WARNING in dst_release
net
|
syz |
done |
|
2 |
1373d |
1372d
|
20/28 |
1321d |
e0be4931f3fe
mptcp: reset last_snd on subflow close
|
BUG: sleeping function called from invalid context in mm_access
mm
|
C |
done |
|
684 |
1405d |
1409d
|
20/28 |
1321d |
38e891849003
kbuild: lto: fix module versioning
|
KASAN: use-after-free Read in skb_segment
net
|
C |
error |
|
55 |
1400d |
1403d
|
20/28 |
1321d |
00b229f762b0
net: fix GSO for SG-enabled devices
|
inconsistent lock state in io_dismantle_req
fs
io-uring
|
C |
|
|
2 |
1388d |
1388d
|
20/28 |
1321d |
9ae1f8dd372e
io_uring: fix inconsistent lock state
|
BUG: unable to handle kernel paging request in __kvm_mmu_prepare_zap_page
kvm
|
syz |
error |
|
2 |
2084d |
2095d
|
20/28 |
1342d |
47c42e6b4192
KVM: x86: fix handling of role.cr4_pae and rename it to 'gpte_size'
|
kernel BUG in memory_bm_free
pm
|
|
|
|
72 |
1386d |
1387d
|
20/28 |
1346d |
91cb2c8b072e
arm64: Do not pass tagged addresses to __is_lm_address()
|
KASAN: slab-out-of-bounds Read in squashfs_get_id
squashfs
|
C |
error |
done |
77 |
1381d |
1517d
|
20/28 |
1350d |
e812cbbbbbb1
squashfs: avoid out of bounds writes in decompressors
|
UBSAN: shift-out-of-bounds in tcf_police_init
net
|
C |
unreliable |
|
8 |
1401d |
1438d
|
20/28 |
1350d |
e4bedf48aaa5
net_sched: reject silly cell_log in qdisc_get_rtab()
|
UBSAN: shift-out-of-bounds in est_timer
net
|
C |
unreliable |
|
73 |
1360d |
1434d
|
20/28 |
1350d |
dd5e073381f2
net_sched: gen_estimator: support large ewma log
|
memory leak in xskq_create
bpf
net
|
C |
|
|
7 |
1418d |
1438d
|
19/28 |
1352d |
8bee68338408
xsk: Fix memory leak for failed bind
|
BUG: sleeping function called from invalid context in corrupted
wireless
|
syz |
done |
|
18 |
1448d |
1472d
|
19/28 |
1352d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
WARNING in md_ioctl
raid
|
C |
done |
error |
684 |
1436d |
2397d
|
19/28 |
1352d |
c731b84b51bf
md: fix a warning caused by a race between concurrent md_ioctl()s
|
BUG: unable to handle kernel paging request in htab_map_alloc (2)
bpf
|
C |
unreliable |
|
8 |
1438d |
1447d
|
19/28 |
1352d |
e1868b9e36d0
bpf: Avoid overflows involving hash elem_size
|
general protection fault in io_sqe_files_unregister
fs
|
|
|
|
2 |
1413d |
1411d
|
19/28 |
1352d |
3e2224c5867f
io_uring: Fix return value from alloc_fixed_file_ref_node
|
UBSAN: shift-out-of-bounds in __detect_linklayer
net
|
C |
unreliable |
done |
31 |
1400d |
1406d
|
19/28 |
1352d |
e4bedf48aaa5
net_sched: reject silly cell_log in qdisc_get_rtab()
|
BUG: receive list entry not found for dev vxcan1, id 003, mask C00007FF
can
|
C |
unreliable |
|
2 |
1456d |
1456d
|
19/28 |
1352d |
d73ff9b7c4ea
can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check
|
UBSAN: shift-out-of-bounds in tcindex_set_parms
net
|
C |
unreliable |
done |
45 |
1400d |
1435d
|
19/28 |
1352d |
bcd0cf19ef82
net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
|
kernel BUG at mm/page-writeback.c:LINE!
fs
mm
|
|
|
|
1 |
1421d |
1417d
|
19/28 |
1352d |
c2407cf7d22d
mm: make wait_on_page_writeback() wait for multiple pending writebacks
|
WARNING in io_uring_flush
fs
io-uring
|
C |
unreliable |
|
10 |
1396d |
1405d
|
19/28 |
1352d |
4325cb498cb7
io_uring: fix uring_flush in exit_files() warning
|
general protection fault in rose_send_frame
|
C |
done |
done |
664 |
1462d |
2141d
|
19/28 |
1352d |
3b3fd068c56e
rose: Fix Null pointer dereference in rose_send_frame()
|
general protection fault in taprio_dequeue_soft
net
|
C |
done |
|
2 |
1436d |
1436d
|
19/28 |
1352d |
44d4775ca518
net/sched: sch_taprio: reset child qdiscs before freeing them
|
BUG: unable to handle kernel paging request in bpf_lru_populate
bpf
|
C |
done |
|
12 |
1438d |
1444d
|
19/28 |
1352d |
e1868b9e36d0
bpf: Avoid overflows involving hash elem_size
|
bpf test error: BUG: sleeping function called from invalid context in sta_info_move_state
wireless
|
|
|
|
6 |
1461d |
1467d
|
19/28 |
1352d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
KASAN: slab-out-of-bounds Read in hci_le_meta_evt
bluetooth
|
C |
error |
error |
45 |
1449d |
1570d
|
19/28 |
1352d |
f7e0e8b2f1b0
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
|
KASAN: null-ptr-deref Write in rhashtable_free_and_destroy
wireless
|
|
|
|
11 |
1371d |
1448d
|
19/28 |
1352d |
905b2032fa42
mac80211: mesh: fix mesh_pathtbl_init() error path
|
KASAN: use-after-free Read in disk_part_iter_next
block
|
C |
unreliable |
|
243 |
1352d |
1440d
|
19/28 |
1352d |
aebf5db91705
block: fix use-after-free in disk_part_iter_next
|
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected (2)
|
C |
done |
|
640 |
1416d |
1533d
|
19/28 |
1352d |
8d1ddb5e7937
fcntl: Fix potential deadlock in send_sig{io, urg}()
|
kernel BUG at net/core/dev.c:NUM!
net
|
C |
done |
|
35 |
1406d |
1407d
|
19/28 |
1352d |
47e4bb147a96
net: sit: unregister_netdevice on newlink's error path
|
KASAN: use-after-free Read in search_by_entry_key
reiserfs
|
C |
done |
|
3 |
1500d |
1504d
|
19/28 |
1352d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
KCSAN: data-race in snd_rawmidi_transmit / snd_rawmidi_write
sound
|
|
|
|
232 |
1385d |
1561d
|
19/28 |
1352d |
88a06d6fd6b3
ALSA: rawmidi: Access runtime->avail always in spinlock
|
UBSAN: shift-out-of-bounds in f2fs_fill_super
f2fs
|
C |
|
|
4 |
1444d |
1442d
|
19/28 |
1352d |
e584bbe82122
f2fs: fix shift-out-of-bounds in sanity_check_raw_super()
|
KASAN: global-out-of-bounds Read in smc_nl_get_sys_info
net
s390
|
C |
error |
|
27 |
1404d |
1431d
|
19/28 |
1352d |
25fe2c9c4cd2
smc: fix out of bound access in smc_nl_get_sys_info()
|
KASAN: use-after-free Read in btrfs_scan_one_device
btrfs
|
C |
error |
|
70 |
1456d |
1522d
|
19/28 |
1352d |
0697d9a61099
btrfs: don't access possibly stale fs_info data for printing duplicate device
|
memory leak in prepare_creds
kernel
|
C |
|
|
10 |
1372d |
1546d
|
19/28 |
1352d |
f26c08b444df
io_uring: fix file leak on error path of io ctx creation
|
WARNING in percpu_ref_kill_and_confirm (2)
fs
|
C |
done |
|
71 |
1427d |
1435d
|
19/28 |
1352d |
9faadcc8abe4
io_uring: fix double io_uring free
|
WARNING: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anywa
bfs
|
C |
unreliable |
|
1 |
1448d |
1444d
|
19/28 |
1352d |
dc889b8d4a81
bfs: don't use WARNING: string when it's just info.
|
general protection fault in ieee80211_subif_start_xmit
wireless
|
C |
unreliable |
|
29 |
1392d |
1458d
|
19/28 |
1352d |
054c9939b480
mac80211: pause TX while changing interface type
|
WARNING in rds_rdma_extra_size
mm
|
C |
done |
|
165 |
1387d |
1411d
|
19/28 |
1352d |
a11148e6fcce
net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS
|
KASAN: use-after-free Read in decode_session6
net
|
C |
done |
|
152 |
1398d |
1606d
|
19/28 |
1352d |
0356010d825e
sctp: bring inet(6)_skb_parm back to sctp_input_cb
|
WARNING: filesystem loop2 was created with 512 inodes, the real maximum is 511, mounting anyway
|
|
|
|
2 |
1465d |
1460d
|
19/28 |
1352d |
dc889b8d4a81
bfs: don't use WARNING: string when it's just info.
|
divide error in __tcp_select_window
net
|
C |
done |
|
1119 |
1455d |
1461d
|
19/28 |
1352d |
fd8976790a6c
mptcp: be careful on MPTCP-level ack.
|
WARNING: suspicious RCU usage in kernfs_iop_permission
kernfs
|
C |
done |
|
1 |
1389d |
1388d
|
19/28 |
1352d |
b854cc659dcb
ovl: avoid deadlock on directory ioctl
|
KMSAN: uninit-value in INET_ECN_decapsulate
net
|
|
|
|
3 |
1419d |
1451d
|
19/28 |
1352d |
4179b00c04d1
geneve: pull IP header before ECN decapsulation
|
WARNING in io_ring_ctx_wait_and_kill
fs
|
C |
done |
|
9 |
1406d |
1407d
|
19/28 |
1352d |
06585c497b55
io_uring: do sqo disable on install_fd error
|
WARNING in mc1NUM_get_time
rtc
|
|
|
|
13 |
1383d |
1384d
|
19/28 |
1352d |
ebb22a059436
rtc: mc146818: Dont test for bit 0-5 in Register D
|
INFO: task hung in lock_sock_nested (4)
mptcp
|
C |
done |
|
6 |
1403d |
1450d
|
19/28 |
1352d |
05e3ecea4a63
mptcp: avoid potential infinite loop in mptcp_recvmsg()
|
UBSAN: shift-out-of-bounds in choke_enqueue
net
|
C |
inconclusive |
|
3853 |
1352d |
1444d
|
19/28 |
1352d |
bd1248f1ddbc
net: sched: prevent invalid Scell_log shift count
|
WARNING: suspicious RCU usage in get_wiphy_regdom
wireless
|
C |
done |
|
5031 |
1403d |
1435d
|
19/28 |
1352d |
51d62f2f2c50
cfg80211: Save the regulatory domain with a lock
|
WARNING: suspicious RCU usage in tcp_disconnect
net
|
C |
done |
|
25 |
1406d |
1407d
|
19/28 |
1352d |
13a9499e8333
mptcp: fix locking in mptcp_disconnect()
|
WARNING in spi_register_controller
usb
spi
|
C |
|
|
1848 |
1435d |
2049d
|
19/28 |
1352d |
9c60cc797cf7
media: msi2500: assign SPI bus number dynamically
|
KMSAN: uninit-value in __nla_validate_parse (2)
net
|
C |
|
|
2 |
1413d |
1409d
|
19/28 |
1352d |
c96adff95619
cls_flower: call nla_ok() before nla_next()
|
INFO: task hung in __io_uring_files_cancel
io-uring
fs
|
C |
done |
|
30 |
1393d |
1460d
|
19/28 |
1352d |
bee749b187ac
io_uring: fix files cancellation
|
general protection fault in xsk_recvmsg
bpf
net
|
C |
done |
unreliable |
1800 |
1437d |
1406d
|
19/28 |
1352d |
3546b9b8eced
xsk: Validate socket state in xsk_recvmsg, prior touching socket members
|
KASAN: use-after-free Write in rtl_fw_do_work (2)
wireless
|
|
|
|
4 |
1437d |
1442d
|
19/28 |
1352d |
4dfde294b979
rtlwifi: rise completion at the last step of firmware callback
|
UBSAN: shift-out-of-bounds in sfq_init
net
|
C |
unreliable |
|
8 |
1415d |
1429d
|
19/28 |
1352d |
bd1248f1ddbc
net: sched: prevent invalid Scell_log shift count
|
memory leak in h5_rx_pkt_start
bluetooth
|
C |
|
|
5 |
1549d |
1892d
|
19/28 |
1352d |
70f259a3f427
Bluetooth: hci_h5: close serdev device and free hu in h5_close
855af2d74c87
Bluetooth: hci_h5: fix memory leak in h5_close
|
kernel BUG at lib/string.c:LINE! (6)
netfilter
|
C |
done |
|
2 |
1433d |
1429d
|
19/28 |
1352d |
6cb56218ad9e
netfilter: xt_RATEEST: reject non-null terminated string from userspace
|
kernel BUG at include/linux/highmem.h:LINE!
fs
mm
|
C |
error |
|
32 |
1455d |
1460d
|
19/28 |
1352d |
0060ef3b4e6d
mm: support THPs in zero_user_segments
|
UBSAN: shift-out-of-bounds in dummy_hub_control
usb
|
C |
done |
|
5 |
1428d |
1426d
|
19/28 |
1352d |
c318840fb2a4
USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
|
KASAN: use-after-free Read in reiserfs_fill_super
reiserfs
|
C |
error |
done |
2 |
1446d |
1444d
|
19/28 |
1352d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
KASAN: vmalloc-out-of-bounds Write in pcpu_freelist_populate
bpf
|
|
|
|
6 |
1440d |
1444d
|
19/28 |
1352d |
e1868b9e36d0
bpf: Avoid overflows involving hash elem_size
|
BUG: unable to handle kernel NULL pointer dereference in kcsan_setup_watchpoint
kasan
|
|
|
|
128 |
1482d |
1491d
|
19/28 |
1352d |
55a2346c7ac4
kcsan: Never set up watchpoints on NULL pointers
|
BUG: unable to handle kernel paging request in percpu_ref_exit
fs
|
C |
done |
|
3 |
1413d |
1411d
|
19/28 |
1352d |
3e2224c5867f
io_uring: Fix return value from alloc_fixed_file_ref_node
|
KMSAN: uninit-value in gre_parse_header
net
|
C |
|
|
9283 |
1380d |
1977d
|
19/28 |
1352d |
085c7c4e1c0e
erspan: fix version 1 check in gre_parse_header()
|
UBSAN: shift-out-of-bounds in red_adaptative_timer
net
|
C |
unreliable |
|
260 |
1352d |
1444d
|
19/28 |
1352d |
bd1248f1ddbc
net: sched: prevent invalid Scell_log shift count
|
KASAN: slab-out-of-bounds Write in xfrm_attr_cpy32
net
|
C |
done |
|
106 |
1441d |
1489d
|
19/28 |
1352d |
d1949d045fd6
xfrm/compat: memset(0) 64-bit padding at right place
|
WARNING in squashfs_read_table
mm
squashfs
|
C |
inconclusive |
|
50 |
1382d |
1411d
|
19/28 |
1352d |
506220d2ba21
squashfs: add more sanity checks in xattr id lookup
|
BUG: receive list entry not found for dev vcan0, id 002, mask C00007FF
can
|
C |
unreliable |
|
5 |
1456d |
1456d
|
19/28 |
1352d |
d73ff9b7c4ea
can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check
|
UBSAN: shift-out-of-bounds in parse_audio_format_i
sound
usb
|
C |
error |
|
19 |
1437d |
1442d
|
19/28 |
1352d |
175b8d89fe29
ALSA: pcm: oss: Fix potential out-of-bounds shift
43d5ca88dfcd
ALSA: usb-audio: Fix potential out-of-bounds shift
|
INFO: task can't die in io_sq_thread_stop
fs
|
|
|
|
1 |
1471d |
1466d
|
19/28 |
1352d |
65b2b213484a
io_uring: check kthread stopped flag when sq thread is unparked
|
UBSAN: array-index-out-of-bounds in dquot_resume
ext4
|
C |
done |
|
1 |
1446d |
1444d
|
19/28 |
1352d |
e51d68e76d60
fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode()
|
WARNING: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway
bfs
|
C |
done |
|
11 |
1446d |
1514d
|
19/28 |
1352d |
dc889b8d4a81
bfs: don't use WARNING: string when it's just info.
|
KASAN: use-after-free Read in htab_map_alloc
bpf
|
C |
done |
|
38 |
1479d |
1482d
|
19/28 |
1352d |
8aaeed81fcb9
bpf: Fix error path in htab_map_alloc()
|
general protection fault in io_disable_sqo_submit
fs
io-uring
|
C |
done |
|
124 |
1403d |
1407d
|
19/28 |
1352d |
b4411616c26f
io_uring: fix null-deref in io_disable_sqo_submit
|
BUG: unable to handle kernel paging request in htab_free_elems
bpf
|
|
|
|
1 |
1445d |
1445d
|
19/28 |
1352d |
e1868b9e36d0
bpf: Avoid overflows involving hash elem_size
|
KASAN: null-ptr-deref Write in bdi_put
|
C |
done |
done |
601 |
1409d |
1442d
|
19/28 |
1352d |
2d2f6f1b4799
block: pre-initialize struct block_device in bdev_alloc_inode
|
general protection fault in rose_transmit_clear_request
kernel
|
C |
done |
|
5 |
1480d |
1946d
|
19/28 |
1352d |
3b3fd068c56e
rose: Fix Null pointer dereference in rose_send_frame()
|
kernel BUG at net/core/skbuff.c:LINE! (3)
|
C |
done |
|
4399 |
1367d |
2484d
|
19/28 |
1352d |
afbc293add64
af_key: relax availability checks for skb size calculation
|
UBSAN: shift-out-of-bounds in __red_change
net
|
C |
unreliable |
|
24 |
1355d |
1443d
|
19/28 |
1352d |
bd1248f1ddbc
net: sched: prevent invalid Scell_log shift count
|
KASAN: vmalloc-out-of-bounds Write in htab_map_alloc
bpf
|
|
|
|
6 |
1439d |
1448d
|
19/28 |
1352d |
e1868b9e36d0
bpf: Avoid overflows involving hash elem_size
|
KASAN: use-after-free Read in rxrpc_get_skb
afs
net
|
|
|
|
1 |
1400d |
1395d
|
19/28 |
1352d |
7b5eab57cac4
rxrpc: Fix clearance of Tx/Rx ring when releasing a call
|
WARNING in io_uring_cancel_task_requests
io-uring
fs
|
syz |
done |
|
69 |
1388d |
1392d
|
19/28 |
1352d |
70b2c60d3797
io_uring: fix sqo ownership false positive warning
|
upstream test error: BUG: sleeping function called from invalid context in sta_info_move_state
wireless
|
|
|
|
53 |
1462d |
1471d
|
19/28 |
1352d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
kernel BUG at fs/notify/dnotify/dnotify.c:LINE! (2)
fuse
|
C |
inconclusive |
|
2 |
1453d |
1458d
|
19/28 |
1352d |
5d069dbe8aaf
fuse: fix bad inode
|
BUG: receive list entry not found for dev vcan0, id 001, mask C00007FF
can
|
C |
unreliable |
|
5 |
1459d |
1458d
|
19/28 |
1352d |
d73ff9b7c4ea
can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check
|
inconsistent lock state in io_file_data_ref_zero
fs
|
C |
done |
|
7152 |
1434d |
1458d
|
19/28 |
1352d |
ac0648a56c1f
io_uring: use bottom half safe lock for fixed file data
|
unregister_netdevice: waiting for DEV to become free (4)
|
C |
done |
|
50394 |
1352d |
1554d
|
19/28 |
1352d |
5399d52233c4
rxrpc: Fix deadlock around release of dst cached on udp tunnel
|
WARNING in bpf_prog_test_run_raw_tp
mm
|
C |
done |
|
36 |
1400d |
1411d
|
19/28 |
1352d |
7ac6ad051150
bpf: Reject too big ctx_size_in for raw_tp test run
|
UBSAN: shift-out-of-bounds in gred_change
net
|
C |
unreliable |
|
5 |
1365d |
1420d
|
19/28 |
1352d |
bd1248f1ddbc
net: sched: prevent invalid Scell_log shift count
|
BUG: corrupted list in io_file_get
fs
io-uring
|
C |
done |
|
3 |
1392d |
1392d
|
19/28 |
1352d |
f609cbb8911e
io_uring: fix list corruption for splice file_get
|
linux-next test error: BUG: sleeping function called from invalid context in sta_info_move_state
wireless
|
|
|
|
3 |
1472d |
1476d
|
19/28 |
1352d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
WARNING in io_wq_submit_work
fs
|
|
|
|
4 |
1399d |
1403d
|
19/28 |
1352d |
ca70f00bed6c
io_uring: fix cancellation taking mutex while TASK_UNINTERRUPTIBLE
|
UBSAN: shift-out-of-bounds in option_probe
usb
|
C |
error |
|
22 |
1442d |
1442d
|
19/28 |
1352d |
a251963f76fa
USB: serial: option: add interface-number sanity check to flag handling
|
KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl
kernel
|
C |
|
|
22 |
1380d |
1464d
|
19/28 |
1352d |
31dcb6c30a26
misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells()
|
general protection fault in jffs2_parse_param
jffs2
|
C |
error |
done |
1632 |
1433d |
1521d
|
19/28 |
1352d |
a61df3c413e4
jffs2: Fix NULL pointer dereference in rp_size fs option parsing
|
KMSAN: uninit-value in number (2)
can
|
C |
|
|
168 |
1352d |
1731d
|
19/28 |
1352d |
c8c958a58fc6
can: af_can: prevent potential access of uninitialized member in can_rcv()
9aa9379d8f86
can: af_can: prevent potential access of uninitialized member in canfd_rcv()
|
net test error: BUG: sleeping function called from invalid context in sta_info_move_state
wireless
|
|
|
|
4 |
1469d |
1476d
|
19/28 |
1352d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
possible deadlock in send_sigio (2)
fs
|
C |
done |
done |
40 |
1421d |
1533d
|
19/28 |
1352d |
8d1ddb5e7937
fcntl: Fix potential deadlock in send_sig{io, urg}()
|
kernel BUG at fs/reiserfs/prints.c:LINE!
reiserfs
|
C |
done |
done |
5 |
1442d |
1521d
|
19/28 |
1352d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
KASAN: vmalloc-out-of-bounds Write in lzo_uncompress
squashfs
|
C |
done |
|
8 |
1383d |
1407d
|
19/28 |
1352d |
e812cbbbbbb1
squashfs: avoid out of bounds writes in decompressors
|
KASAN: slab-out-of-bounds Read in smc_nl_handle_smcr_dev
s390
net
|
|
|
|
1 |
1434d |
1430d
|
19/28 |
1352d |
995433b795ce
net/smc: fix access to parent of an ib device
|
BUG: unable to handle kernel paging request in pcpu_freelist_populate
bpf
|
C |
unreliable |
|
42 |
1437d |
1448d
|
19/28 |
1352d |
e1868b9e36d0
bpf: Avoid overflows involving hash elem_size
|
UBSAN: array-index-out-of-bounds in alg_bind
crypto
|
C |
error |
|
700 |
1437d |
1496d
|
19/28 |
1352d |
92eb6c3060eb
crypto: af_alg - avoid undefined behavior accessing salg_name
|
net-next test error: BUG: sleeping function called from invalid context in sta_info_move_state
wireless
|
|
|
|
12 |
1462d |
1471d
|
19/28 |
1352d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
general protection fault in gfs2_ri_update
gfs2
|
|
|
|
1 |
1466d |
1461d
|
19/28 |
1352d |
778721510e84
gfs2: check for empty rgrp tree in gfs2_ri_update
|
memory leak in rxrpc_lookup_local
afs
net
|
C |
|
|
1415 |
1391d |
1856d
|
19/28 |
1352d |
b8323f7288ab
rxrpc: Fix memory leak in rxrpc_lookup_local
|
WARNING: suspicious RCU usage in wiphy_apply_custom_regulatory
wireless
|
C |
done |
|
28 |
1435d |
1432d
|
19/28 |
1352d |
51d62f2f2c50
cfg80211: Save the regulatory domain with a lock
|
memory leak in generic_parse_monolithic
fs
|
C |
|
|
11 |
1442d |
1468d
|
19/28 |
1352d |
4cb682964706
afs: Fix memory leak when mounting with multiple source parameters
|
WARNING in mptcp_reset_timer
mptcp
|
C |
unreliable |
|
1307 |
1369d |
1463d
|
19/28 |
1352d |
b680a214ec28
mptcp: update rtx timeout only if required.
|
KASAN: slab-out-of-bounds Write in record_print_text
fs
|
C |
done |
unreliable |
17 |
1392d |
1395d
|
19/28 |
1352d |
08d60e599954
printk: fix string termination for record_print_text()
|
WARNING in xfrm_alloc_compat
net
|
C |
done |
|
130 |
1364d |
1486d
|
19/28 |
1352d |
dbd7ae5154d5
xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
|
UBSAN: shift-out-of-bounds in red_enqueue
net
|
C |
unreliable |
|
4906 |
1352d |
1444d
|
19/28 |
1352d |
bd1248f1ddbc
net: sched: prevent invalid Scell_log shift count
|
KMSAN: kernel-infoleak in move_addr_to_user (4)
net
|
C |
|
|
59 |
1358d |
1410d
|
19/28 |
1352d |
b42b3a2744b3
can: isotp: isotp_getname(): fix kernel information leak
|
general protection fault in ext4_commit_super
ext4
|
C |
done |
|
4 |
1430d |
1429d
|
19/28 |
1352d |
c92dc856848f
ext4: defer saving error info from atomic context
|
UBSAN: array-index-out-of-bounds in arch_uprobe_analyze_insn
kernel
|
C |
done |
|
604 |
1445d |
1522d
|
19/28 |
1352d |
12cb908a11b2
x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes
84da009f06e6
x86/sev-es: Use new for_each_insn_prefix() macro to loop over prefixes bytes
4e9a5ae8df5b
x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
|
BUG: unable to handle kernel NULL pointer dereference in call_rcu
kernel
|
C |
done |
|
85 |
1422d |
1425d
|
19/28 |
1352d |
13384f6125ad
kasan: fix null pointer dereference in kasan_record_aux_stack
|
KASAN: vmalloc-out-of-bounds Read in htab_free_elems
bpf
|
C |
unreliable |
|
7 |
1445d |
1446d
|
19/28 |
1352d |
e1868b9e36d0
bpf: Avoid overflows involving hash elem_size
|
BUG: receive list entry not found for dev vxcan1, id 002, mask C00007FF
can
|
C |
unreliable |
|
3 |
1456d |
1458d
|
19/28 |
1352d |
d73ff9b7c4ea
can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check
|
WARNING in rhashtable_free_and_destroy
wireless
|
C |
error |
|
3 |
1448d |
1540d
|
19/28 |
1352d |
905b2032fa42
mac80211: mesh: fix mesh_pathtbl_init() error path
|
BUG: unable to handle kernel NULL pointer dereference in __lookup_slow
reiserfs
|
C |
inconclusive |
done |
3 |
1374d |
1514d
|
19/28 |
1352d |
d24396c5290b
reiserfs: add check for an invalid ih_entry_count
|
BUG: sleeping function called from invalid context in sta_info_move_state
wireless
|
C |
done |
|
39248 |
1446d |
1478d
|
19/28 |
1352d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
UBSAN: shift-out-of-bounds in strset_parse_request
net
|
C |
done |
|
16 |
1415d |
1438d
|
19/28 |
1352d |
efb796f5571f
ethtool: fix string set id check
|
KASAN: slab-out-of-bounds Read in btrfs_scan_one_device
btrfs
|
C |
done |
done |
1 |
1475d |
1471d
|
19/28 |
1352d |
0697d9a61099
btrfs: don't access possibly stale fs_info data for printing duplicate device
|
WARNING in qrtr_tun_write_iter
mm
|
C |
error |
|
57 |
1379d |
1411d
|
19/28 |
1352d |
2a80c1581237
net/qrtr: restrict user-controlled length in qrtr_tun_write_iter()
|
memory leak in hub_event
usb
|
C |
|
|
7 |
1372d |
1461d
|
19/28 |
1352d |
e469d0b09a19
media: gspca: Fix memory leak in probe
|
KASAN: invalid-access Read in kmem_cache_destroy
f2fs
|
|
|
|
2 |
1389d |
1393d
|
19/28 |
1352d |
757fed1d0898
Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
|
possible deadlock in send_sigurg (2)
fs
|
C |
done |
|
25 |
1439d |
1489d
|
19/28 |
1352d |
8d1ddb5e7937
fcntl: Fix potential deadlock in send_sig{io, urg}()
|
possible deadlock in ovl_dir_real_file
overlayfs
|
|
|
|
1 |
1389d |
1388d
|
19/28 |
1352d |
b854cc659dcb
ovl: avoid deadlock on directory ioctl
|
WARNING in yurex_write/usb_submit_urb
usb
|
C |
error |
|
78 |
1411d |
1439d
|
19/28 |
1352d |
372c93131998
USB: yurex: fix control-URB timeout handling
|
kernel BUG at fs/ext4/inode.c:LINE!
ext4
|
C |
done |
|
9 |
1422d |
1547d
|
19/28 |
1352d |
073861ed77b6
mm: fix VM_BUG_ON(PageTail) and BUG_ON(PageWriteback)
|
KCSAN: data-race in snd_rawmidi_poll / snd_rawmidi_proceed
sound
|
|
|
|
378 |
1436d |
1562d
|
19/28 |
1352d |
88a06d6fd6b3
ALSA: rawmidi: Access runtime->avail always in spinlock
|
UBSAN: shift-out-of-bounds in cbq_dequeue
net
|
C |
unreliable |
|
27 |
1400d |
1444d
|
19/28 |
1352d |
e4bedf48aaa5
net_sched: reject silly cell_log in qdisc_get_rtab()
|
bpf-next test error: BUG: sleeping function called from invalid context in sta_info_move_state
wireless
|
|
|
|
13 |
1447d |
1467d
|
19/28 |
1352d |
7bc40aedf24d
mac80211: free sta in sta_info_insert_finish() on errors
|
KASAN: use-after-free Write in __sco_sock_close
bluetooth
|
C |
done |
done |
10 |
1473d |
1571d
|
19/28 |
1352d |
6dfccd13db2f
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
BUG: unable to handle kernel paging request in dqput
ext4
|
C |
done |
|
7 |
1446d |
1516d
|
19/28 |
1352d |
11c514a99bb9
quota: Sanity-check quota file headers on load
|
KMSAN: uninit-value in snd_seq_oss_synth_make_info (2)
sound
|
|
|
|
1 |
1410d |
1405d
|
19/28 |
1352d |
217bfbb8b0bf
ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
|
UBSAN: shift-out-of-bounds in intel_pmu_refresh
kvm
|
C |
unreliable |
|
1237 |
1393d |
1442d
|
19/28 |
1352d |
e61ab2a320c3
KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh()
|
UBSAN: shift-out-of-bounds in snd_usbmidi_get_ms_info
alsa
usb
|
C |
error |
|
9 |
1409d |
1429d
|
19/28 |
1352d |
c06ccf3ebb75
ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
|
UBSAN: shift-out-of-bounds in snd_pcm_oss_change_params_locked
sound
|
C |
unreliable |
|
225 |
1428d |
1442d
|
19/28 |
1352d |
11cb881bf075
ALSA: pcm: oss: Fix a few more UBSAN fixes
|
UBSAN: shift-out-of-bounds in ext4_fill_super
ext4
|
C |
unreliable |
|
88 |
1427d |
1442d
|
19/28 |
1352d |
c9200760da8a
ext4: check for invalid block size early when mounting a file system
|
INFO: rcu detected stall in tipc_release
tipc
|
C |
done |
done |
4 |
1462d |
1598d
|
19/28 |
1352d |
cc00bcaa5899
netfilter: x_tables: Switch synchronization to RCU
|
UBSAN: shift-out-of-bounds in vhci_hub_control
usb
|
C |
unreliable |
|
4 |
1392d |
1429d
|
19/28 |
1352d |
718bf42b119d
usb: usbip: vhci_hcd: protect shift size
|
WARNING: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway
|
|
|
|
2 |
1458d |
1454d
|
19/28 |
1352d |
dc889b8d4a81
bfs: don't use WARNING: string when it's just info.
|
general protection fault in tower_disconnect
usb
|
C |
|
|
53 |
1435d |
1443d
|
19/28 |
1352d |
b175d273d4e4
USB: legotower: fix logical error in recent commit
|
kernel BUG at drivers/dma-buf/dma-buf.c:LINE!
dri
media
|
syz |
error |
done |
11 |
1469d |
1719d
|
19/28 |
1352d |
e722a295cf49
staging: ion: remove from the tree
|
WARNING: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
|
|
|
|
4 |
1465d |
1514d
|
19/28 |
1352d |
dc889b8d4a81
bfs: don't use WARNING: string when it's just info.
|
KCSAN: data-race in snd_seq_check_queue / snd_seq_control_queue (3)
sound
|
|
|
|
111 |
1437d |
1582d
|
19/28 |
1352d |
4ebd47037027
ALSA: seq: Use bool for snd_seq_queue internal flags
|
KMSAN: uninit-value in x25_bind
x25
|
|
|
|
2 |
1414d |
1436d
|
19/28 |
1352d |
6ee50c8e262a
net/x25: prevent a couple of overflows
|
memory leak in wacom_probe
input
usb
|
C |
|
|
26 |
1415d |
1469d
|
19/28 |
1352d |
37309f47e2f5
HID: wacom: Fix memory leakage caused by kfifo_alloc
|
KASAN: use-after-free Read in service_outstanding_interrupt
usb
|
C |
|
|
28 |
1411d |
1566d
|
19/28 |
1352d |
5e5ff0b4b6bc
USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
|
general protection fault in call_commit_handler
|
C |
done |
|
428 |
1408d |
1489d
|
19/28 |
1352d |
5122565188ba
wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
|
BUG: unable to handle kernel paging request in smc_nl_handle_smcr_dev
net
s390
|
C |
|
|
16 |
1421d |
1443d
|
19/28 |
1352d |
995433b795ce
net/smc: fix access to parent of an ib device
|
KASAN: vmalloc-out-of-bounds Write in bpf_lru_populate
bpf
|
C |
unreliable |
|
19 |
1438d |
1448d
|
19/28 |
1352d |
e1868b9e36d0
bpf: Avoid overflows involving hash elem_size
|
memory leak in copy_process
kernel
|
C |
|
|
23 |
1369d |
1466d
|
19/28 |
1352d |
450677dcb0cc
mm/madvise: fix memory leak from process_madvise
|
UBSAN: shift-out-of-bounds in kvm_vcpu_after_set_cpuid
kvm
|
|
|
|
2 |
1435d |
1429d
|
19/28 |
1352d |
2f80d502d627
KVM: x86: fix shift out of bounds reported by UBSAN
|
KASAN: stack-out-of-bounds Write in bitmap_from_arr32
net
|
C |
done |
|
2 |
1455d |
1451d
|
19/28 |
1352d |
a770bf515613
ethtool: fix stack overflow in ethnl_parse_bitset()
|
WARNING: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
|
|
|
|
3 |
1451d |
1518d
|
19/28 |
1352d |
dc889b8d4a81
bfs: don't use WARNING: string when it's just info.
|
possible deadlock in hugetlb_cow
mm
|
C |
unreliable |
|
341 |
1422d |
1445d
|
19/28 |
1352d |
e7dd91c456a8
mm/hugetlb: fix deadlock in hugetlb_cow error path
|
KASAN: null-ptr-deref Write in start_transaction
btrfs
|
C |
done |
done |
1 |
1444d |
1471d
|
19/28 |
1352d |
ecfdc08b8cc6
btrfs: remove dio iomap DSYNC workaround
|
possible deadlock in proc_pid_syscall (2)
fs
|
|
|
|
2 |
1536d |
1546d
|
19/28 |
1352d |
f7cfd871ae0c
exec: Transform exec_update_mutex into a rw_semaphore
78af4dc949da
perf: Break deadlock involving exec_update_mutex
|
KASAN: slab-out-of-bounds Read in squashfs_export_iget
squashfs
|
C |
done |
error |
3 |
1423d |
1441d
|
19/28 |
1352d |
eabac19e40c0
squashfs: add more sanity checks in inode lookup
|
WARNING in io_disable_sqo_submit
fs
|
C |
done |
|
9 |
1397d |
1405d
|
19/28 |
1352d |
6b393a1ff174
io_uring: fix false positive sqo warning on flush
|
KASAN: null-ptr-deref Read in filp_close
fs
|
C |
done |
|
9 |
1432d |
1434d
|
19/28 |
1352d |
fec8a6a69103
close_range: unshare all fds for CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC
6abc20f8f879
selftests/core: add regression test for CLOSE_RANGE_UNSHARE | CLOSE_RANGE_CLOEXEC
|
possible deadlock in _destroy_id
rdma
|
C |
unreliable |
|
28 |
1455d |
1463d
|
19/28 |
1352d |
dd37d2f59eb8
RDMA/cma: Fix deadlock on &lock in rdma_cma_listen_on_all() error unwind
|
UBSAN: array-index-out-of-bounds in ieee80211_del_key (2)
wireless
|
C |
error |
|
3 |
1442d |
1451d
|
19/28 |
1352d |
2d9463083ce9
nl80211: validate key indexes for cfg80211_registered_device
|
KASAN: use-after-free Read in rxrpc_send_data_packet
afs
net
|
|
|
|
1 |
1394d |
1388d
|
19/28 |
1352d |
7b5eab57cac4
rxrpc: Fix clearance of Tx/Rx ring when releasing a call
|
general protection fault in hci_event_packet
bluetooth
|
C |
done |
|
25 |
1518d |
1571d
|
19/28 |
1352d |
6dfccd13db2f
Bluetooth: Fix null pointer dereference in hci_event_packet()
|
KASAN: use-after-free Read in dump_schedule
net
|
C |
done |
done |
7 |
1428d |
1539d
|
19/28 |
1352d |
cc00bcaa5899
netfilter: x_tables: Switch synchronization to RCU
|
KASAN: invalid-free in p9_client_create (2)
v9fs
|
C |
done |
|
3 |
1393d |
1393d
|
19/28 |
1352d |
757fed1d0898
Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
|
possible deadlock in io_timeout_fn (2)
fs
|
|
|
|
4 |
1413d |
1420d
|
19/28 |
1352d |
4aa84f2ffa81
io_uring: dont kill fasync under completion_lock
|
WARNING: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
|
|
|
|
3 |
1465d |
1460d
|
19/28 |
1352d |
dc889b8d4a81
bfs: don't use WARNING: string when it's just info.
|
general protection fault in wext_handle_ioctl
wireless
|
C |
inconclusive |
|
9 |
1395d |
1484d
|
19/28 |
1352d |
5122565188ba
wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
|
INFO: rcu detected stall in sys_exit_group (6)
mm
|
C |
|
|
4 |
1512d |
1518d
|
19/28 |
1352d |
c583bcb8f5ed
rcu: Don't invoke try_invoke_on_locked_down_task() with irqs disabled
|
WARNING in cm109_input_ev/usb_submit_urb
input
usb
|
C |
unreliable |
|
8 |
1440d |
1461d
|
19/28 |
1352d |
82e060904732
Input: cm109 - do not stomp on control URB
|
UBSAN: shift-out-of-bounds in hash_mac_create
netfilter
|
C |
unreliable |
|
29 |
1418d |
1438d
|
19/28 |
1352d |
5c8193f568ae
netfilter: ipset: fix shift-out-of-bounds in htable_bits()
|
upstream build error (11)
|
|
|
|
25 |
1408d |
1484d
|
15/28 |
1408d |
f78f63da916e
mm/process_vm_access: Add missing #include <linux/compat.h>
|
possible deadlock in process_measurement (2)
integrity
lsm
|
C |
done |
done |
56 |
1448d |
1815d
|
15/28 |
1415d |
15a8d68e9dc2
mm/hugetlb: a page from buddy is not on any list
|
INFO: rcu detected stall in sys_open (2)
crypto
|
C |
done |
done |
42 |
1471d |
1822d
|
15/28 |
1428d |
1d0e850a49a5
afs: Fix cell removal
|
BUG: unable to handle kernel paging request in cfb_imageblit
fbdev
|
C |
done |
done |
30 |
1463d |
1506d
|
15/28 |
1428d |
a49145acfb97
fbmem: add margin check to fb_check_caps()
|
KASAN: use-after-free Read in eth_type_trans
net
|
C |
done |
error |
3 |
1652d |
1794d
|
15/28 |
1428d |
96aa1b22bd6b
tun: correct header offsets in napi frags mode
|
BUG: MAX_LOCKDEP_KEYS too low!
net
|
C |
done |
error |
3496 |
1608d |
1852d
|
15/28 |
1442d |
1a33e10e4a95
net: partially revert dynamic lockdep key changes
|
BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!
|
C |
done |
error |
25236 |
1646d |
2086d
|
15/28 |
1442d |
1a33e10e4a95
net: partially revert dynamic lockdep key changes
|
INFO: rcu detected stall in __se_sys_mount
afs
|
C |
done |
done |
2 |
1474d |
1598d
|
15/28 |
1443d |
1d0e850a49a5
afs: Fix cell removal
|
BUG: sleeping function called from invalid context in ext4_superblock_csum_set
ext4
|
|
|
|
2 |
1474d |
1480d
|
15/28 |
1446d |
d196e229a80c
Revert "ext4: fix superblock checksum calculation race"
|
KASAN: null-ptr-deref Write in kthread_use_mm
fs
io-uring
|
C |
done |
|
2 |
1480d |
1479d
|
15/28 |
1461d |
4b70cf9dea4c
io_uring: ensure consistent view of original task ->mm from SQPOLL
|
WARNING in close_fs_devices (2)
btrfs
|
C |
|
|
23 |
1463d |
1524d
|
15/28 |
1461d |
cf89af146b7e
btrfs: dev-replace: fail mount if we don't have replace item with target device
|
memory leak in gadget_setup
usb
|
C |
|
|
49 |
1472d |
1489d
|
15/28 |
1461d |
129aa9734559
usb: raw-gadget: fix memory leak in gadget_setup
|
memory leak in gadget_bind
usb
|
C |
|
|
62 |
1472d |
1489d
|
15/28 |
1461d |
129aa9734559
usb: raw-gadget: fix memory leak in gadget_setup
|
general protection fault in io_uring_show_cred
fs
|
C |
done |
|
4 |
1477d |
1476d
|
15/28 |
1461d |
6b47ab81c9a9
io_uring: use correct pointer for io_uring_show_cred()
|
KASAN: use-after-free Write in io_submit_sqes
fs
io-uring
|
C |
error |
|
2 |
1479d |
1478d
|
15/28 |
1461d |
cb8a8ae31074
io_uring: drop req/tctx io_identity separately
|
KASAN: use-after-free Read in __proc_create
afs
|
|
|
|
1 |
1516d |
1514d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
INFO: rcu detected stall in process_one_work (3)
kernel
|
C |
done |
done |
1 |
1506d |
1547d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
INFO: task can't die in corrupted
fs
|
C |
done |
|
4 |
1479d |
1505d
|
15/28 |
1465d |
86f33603f8c5
f2fs: handle errors of f2fs_get_meta_page_nofail
|
BUG: corrupted list in kobject_add_internal
bluetooth
|
C |
done |
done |
9 |
1503d |
1566d
|
15/28 |
1465d |
a46b7ed4d52d
Bluetooth: Fix auto-creation of hci_conn at Conn Complete event
|
WARNING in dma_map_page_attrs
iommu
|
C |
unreliable |
|
304 |
1474d |
1491d
|
15/28 |
1465d |
683a9c7ed817
RDMA: Fix software RDMA drivers for dma mapping error
|
WARNING in unlock_new_inode
reiserfs
|
C |
done |
|
76 |
1502d |
2407d
|
15/28 |
1465d |
8859bf2b1278
reiserfs: only call unlock_new_inode() if I_NEW
|
memory leak in ieee80211_check_fast_xmit
wireless
|
C |
|
|
983 |
1475d |
1518d
|
15/28 |
1465d |
dcd479e10a05
mac80211: always wind down STA state
|
WARNING: suspicious RCU usage in ovs_flow_tbl_masks_cache_resize
openvswitch
|
C |
error |
|
1 |
1485d |
1484d
|
15/28 |
1465d |
fea07a487c6d
net: openvswitch: silence suspicious RCU usage warning
|
general protection fault in xsk_release
bpf
net
|
C |
done |
|
2 |
1517d |
1517d
|
15/28 |
1465d |
1fd17c8cd0aa
xsk: Fix possible crash in socket_release when out-of-memory
|
memory leak in reiserfs_parse_options
reiserfs
|
C |
|
|
4 |
1530d |
1725d
|
15/28 |
1465d |
e9d4709fcc26
reiserfs: Fix memory leak in reiserfs_parse_options()
|
KMSAN: kernel-infoleak in scsi_cmd_ioctl
block
|
|
|
|
131 |
1469d |
1542d
|
15/28 |
1465d |
6d53a9fe5a19
block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg()
|
WARNING in binder_transaction_buffer_release (2)
kernel
|
C |
done |
done |
442 |
1598d |
1638d
|
15/28 |
1465d |
e8b8ae7ce32e
binder: Remove bogus warning on failed same-process transaction
|
BUG: using __this_cpu_read() in preemptible code in trace_hardirqs_on
|
C |
done |
|
502745 |
1467d |
1499d
|
15/28 |
1465d |
f8e48a3dca06
lockdep: Fix preemption WARN for spurious IRQ-enable
|
INFO: task hung in wdm_flush
usb
|
C |
|
|
38294 |
1543d |
1927d
|
15/28 |
1465d |
37d2a36394d9
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
|
INFO: trying to register non-static key in uhid_char_release
|
C |
done |
done |
26 |
1542d |
1720d
|
15/28 |
1465d |
bce1305c0ece
HID: core: Correctly handle ReportSize being zero
|
WARNING in ieee80211_s1g_channel_width
wireless
|
C |
done |
|
3 |
1508d |
1507d
|
15/28 |
1465d |
c1cd35c60601
cfg80211: only allow S1G channels on S1G band
|
KMSAN: uninit-value in ieee80211_skb_resize
wireless
|
C |
|
|
5 |
1494d |
1518d
|
15/28 |
1465d |
14f46c1e5108
mac80211: fix use of skb payload instead of header
|
KASAN: global-out-of-bounds Read in precalculate_color
media
|
C |
done |
done |
170 |
1526d |
1819d
|
15/28 |
1465d |
e3158a5e7e66
media: vivid: Fix global-out-of-bounds read in precalculate_color()
|
general protection fault in percpu_ref_exit
fs
|
C |
done |
|
3 |
1500d |
1504d
|
15/28 |
1465d |
7ea6bf2e6c40
percpu_ref: don't refer to ref->data if it isn't allocated
|
KASAN: use-after-free Write in tcindex_change
net
|
C |
done |
done |
4 |
1708d |
1709d
|
15/28 |
1465d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
general protection fault in gfs2_rgrp_dump
gfs2
|
|
|
|
1 |
1506d |
1506d
|
15/28 |
1465d |
0e539ca1bbbe
gfs2: Fix NULL pointer dereference in gfs2_rgrp_dump
|
WARNING: refcount bug in do_enable_set
bluetooth
|
C |
inconclusive |
done |
8 |
1567d |
1677d
|
15/28 |
1465d |
b83764f9220a
Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear()
|
possible deadlock in cleanup_net
net
|
C |
done |
|
281 |
1534d |
1542d
|
15/28 |
1465d |
d966ddcc3821
tipc: fix a deadlock when flushing scheduled work
|
general protection fault in utf8_casefold
f2fs
|
C |
done |
|
1 |
1504d |
1504d
|
15/28 |
1465d |
f6322f3f1212
f2fs: reject CASEFOLD inode flag without casefold feature
|
KASAN: use-after-free Read in sctp_auth_free
sctp
|
C |
done |
|
4 |
1504d |
1505d
|
15/28 |
1465d |
d42ee76ecb6c
net-backports: sctp: fix sctp_auth_init_hmacs() error path
|
kernel panic: Fatal exception (3)
|
C |
done |
|
2 |
1499d |
1498d
|
15/28 |
1465d |
eadd1befdd77
netem: fix zero division in tabledist
|
KASAN: use-after-free Read in ath9k_hif_usb_rx_cb
wireless
|
C |
|
|
2849 |
1465d |
1700d
|
15/28 |
1465d |
03fb92a432ea
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
|
memory leak in udf_process_sequence
udf
|
C |
|
|
4 |
1517d |
1521d
|
15/28 |
1465d |
a7be300de800
udf: Fix memory leak when mounting
|
general protection fault in unlink_file_vma
mm
|
C |
done |
|
1 |
1538d |
1534d
|
15/28 |
1465d |
bc4fe4cdd602
mm: mmap: Fix general protection fault in unlink_file_vma()
|
KASAN: use-after-free Read in fscache_alloc_cookie
fs
|
syz |
done |
|
1 |
1518d |
1517d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
KASAN: unknown-crash Read in do_exit
kernel
|
C |
inconclusive |
done |
2 |
1523d |
1528d
|
15/28 |
1465d |
a49145acfb97
fbmem: add margin check to fb_check_caps()
|
WARNING in handle_exception_nmi
kvm
|
C |
error |
done |
2653 |
1506d |
1511d
|
15/28 |
1465d |
f8e48a3dca06
lockdep: Fix preemption WARN for spurious IRQ-enable
|
KASAN: use-after-free Read in tipc_named_reinit
tipc
|
|
|
|
6 |
1570d |
1625d
|
15/28 |
1465d |
fdeba99b1e58
tipc: fix use-after-free in tipc_bcast_get_mode
|
kernel BUG at fs/f2fs/segment.h:LINE!
f2fs
|
|
|
|
9 |
1511d |
1522d
|
15/28 |
1465d |
6a257471fa42
f2fs: fix to check segment boundary during SIT page readahead
|
KMSAN: uninit-value in ip_tunnel_xmit (2)
net
|
C |
|
|
11778 |
1469d |
2294d
|
15/28 |
1465d |
fdafed459998
ip_gre: set dev->hard_header_len and dev->needed_headroom properly
|
WARNING: refcount bug in p9_req_put
v9fs
|
syz |
inconclusive |
done |
6 |
1644d |
2197d
|
15/28 |
1465d |
a39c46067c84
net/9p: validate fds in p9_fd_open
|
INFO: rcu detected stall in ip_list_rcv
net
|
C |
error |
done |
3 |
1513d |
1539d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
UBSAN: array-index-out-of-bounds in precalculate_color
media
|
C |
|
|
153 |
1500d |
1525d
|
15/28 |
1465d |
e3158a5e7e66
media: vivid: Fix global-out-of-bounds read in precalculate_color()
|
KMSAN: uninit-value in can_receive (2)
can
|
C |
|
|
2060 |
1469d |
1564d
|
15/28 |
1465d |
e009f95b1543
can: j1935: j1939_tp_tx_dat_new(): fix missing initialization of skbcnt
|
WARNING in syscall_exit_to_user_mode
kernel
|
C |
done |
done |
1 |
1503d |
1531d
|
15/28 |
1465d |
a49145acfb97
fbmem: add margin check to fb_check_caps()
|
general protection fault in tcf_generic_walker
net
|
syz |
|
|
9 |
1512d |
1514d
|
15/28 |
1465d |
580e4273d7a8
net_sched: check error pointer in tcf_dump_walker()
|
WARNING in print_bfs_bug
|
C |
done |
|
14759 |
1497d |
1849d
|
15/28 |
1465d |
6d1823ccc480
lockdep: Optimize the memory usage of circular queue
|
KASAN: use-after-free Read in io_wqe_worker
fs
io-uring
|
C |
error |
|
2 |
1515d |
1516d
|
15/28 |
1465d |
c4068bf898dd
io-wq: fix use-after-free in io_wq_worker_running
|
INFO: task hung in io_uring_setup
|
C |
done |
|
51 |
1534d |
1539d
|
15/28 |
1465d |
7e84e1c7566a
io_uring: allow disabling rings during the creation
|
KMSAN: uninit-value in unix_find_other
net
|
C |
|
|
57 |
1510d |
2327d
|
15/28 |
1465d |
7ca1db21ef8e
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
|
KASAN: use-after-free Read in delete_partition
block
|
C |
done |
done |
3 |
1541d |
1538d
|
15/28 |
1465d |
08fc1ab6d748
block: fix locking in bdev_del_partition
|
WARNING in get_signal
kernel
|
C |
done |
|
2 |
1508d |
1510d
|
15/28 |
1465d |
7b3c36fc4c23
ptrace: fix task_join_group_stop() for the case when current is traced
|
KASAN: use-after-free Write in refcount_warn_saturate
bluetooth
|
C |
inconclusive |
done |
2 |
1569d |
1727d
|
15/28 |
1465d |
b83764f9220a
Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear()
|
INFO: task hung in addrconf_verify_work (3)
|
C |
done |
|
75 |
1478d |
1513d
|
15/28 |
1465d |
0fedc63fadf0
net_sched: commit action insertions together
|
kernel panic: stack is corrupted in get_kernel_gp_address
kernel
|
syz |
done |
done |
1 |
1499d |
1531d
|
15/28 |
1465d |
a49145acfb97
fbmem: add margin check to fb_check_caps()
|
WARNING: ODEBUG bug in exit_to_user_mode_prepare
|
C |
done |
done |
27 |
1539d |
1545d
|
15/28 |
1465d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
KMSAN: uninit-value in batadv_hard_if_event (2)
batman
usb
|
C |
|
|
162 |
1481d |
1564d
|
15/28 |
1465d |
f45a4248ea4c
net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
|
INFO: task hung in ctrl_getfamily
net
|
syz |
done |
done |
22 |
1559d |
2171d
|
15/28 |
1465d |
47733f9daf4f
tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
|
WARNING: suspicious RCU usage in io_init_identity
fs
|
|
|
|
1536 |
1492d |
1496d
|
15/28 |
1465d |
1e6fa5216a0e
io_uring: COW io_identity on mismatch
|
KASAN: out-of-bounds Read in __switch_to (2)
kernel
|
syz |
done |
done |
1 |
1513d |
1509d
|
15/28 |
1465d |
a49145acfb97
fbmem: add margin check to fb_check_caps()
|
WARNING: suspicious RCU usage in qrtr_ns_worker
arm-msm
net
|
C |
done |
|
1 |
1546d |
1609d
|
15/28 |
1465d |
a7809ff90ce6
net: qrtr: ns: Protect radix_tree_deref_slot() using rcu read locks
|
inconsistent lock state in xa_destroy
io-uring
fs
|
C |
|
|
755 |
1503d |
1504d
|
15/28 |
1465d |
ca6484cd308a
io_uring: no need to call xa_destroy() on empty xarray
|
KASAN: use-after-free Write in afs_manage_cell
afs
|
C |
done |
done |
20 |
1497d |
1566d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
possible deadlock in _snd_pcm_stream_lock_irqsave
|
C |
done |
|
997 |
1497d |
1533d
|
15/28 |
1465d |
6564d0ad67ef
ALSA: ctl: Workaround for lockdep warning wrt card->ctl_files_rwlock
|
INFO: task hung in io_uring_flush
io-uring
fs
|
C |
done |
done |
11 |
1556d |
1563d
|
15/28 |
1465d |
b7ddce3cbf01
io_uring: fix cancel of deferred reqs with ->files
|
memory leak in kobject_set_name_vargs (3)
nilfs
|
C |
|
|
19 |
1466d |
1521d
|
15/28 |
1465d |
cb8d53d2c973
ext4: fix leaking sysfs kobject after failed mount
|
WARNING in percpu_ref_exit (2)
|
C |
done |
done |
272 |
1501d |
1796d
|
15/28 |
1465d |
c1e2148f8ecb
io_uring: free fixed_file_data after RCU grace period
|
KASAN: slab-out-of-bounds Write in gfs2_fill_super
gfs2
|
C |
done |
|
1 |
1513d |
1512d
|
15/28 |
1465d |
0ddc5154b24c
gfs2: add validation checks for size of superblock
|
WARNING in rxrpc_recvmsg
afs
net
|
C |
error |
done |
5 |
1600d |
1601d
|
15/28 |
1465d |
65550098c1c4
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
|
general protection fault in open_xa_dir
reiserfs
|
C |
done |
|
3 |
1501d |
1512d
|
15/28 |
1465d |
c2bb80b8bdd0
reiserfs: Fix oops during mount
|
KASAN: use-after-free Read in tcf_action_init
net
|
C |
done |
|
1 |
1517d |
1514d
|
15/28 |
1465d |
0fedc63fadf0
net_sched: commit action insertions together
|
KMSAN: uninit-value in search_by_key
reiserfs
|
|
|
|
1549 |
1470d |
1521d
|
15/28 |
1465d |
4443390e08d3
reiserfs: Initialize inode keys properly
|
INFO: task hung in ubi_detach_mtd_dev
mtd
|
syz |
error |
error |
4 |
1645d |
1731d
|
15/28 |
1465d |
d005f8c6588e
ubi: check kthread_should_stop() after the setting of task state
|
bpf-next test error: BUG: program execution failed: executor 0: exit status 67
|
|
|
|
12 |
1497d |
1497d
|
15/28 |
1465d |
d25e2e9388ed
netfilter: restore NF_INET_NUMHOOKS
|
KMSAN: uninit-value in f2fs_lookup
f2fs
|
|
|
|
17 |
1477d |
1518d
|
15/28 |
1465d |
6d7ab88a98c1
f2fs: fix uninit-value in f2fs_lookup
|
INFO: rcu detected stall in exit_group
mm
|
C |
done |
done |
1 |
1502d |
1532d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
KASAN: slab-out-of-bounds Read in ntfs_attr_find
ntfs3
|
C |
done |
|
9 |
1498d |
2424d
|
15/28 |
1465d |
4f8c94022f0b
ntfs: add check for mft record size in superblock
|
KASAN: slab-out-of-bounds Read in strset_parse_request
net
|
C |
error |
|
141 |
1504d |
1504d
|
15/28 |
1465d |
db972e532518
ethtool: strset: allow ETHTOOL_A_STRSET_COUNTS_ONLY attr
|
WARNING in arch_install_hw_breakpoint
kernel
|
C |
inconclusive |
done |
8 |
1952d |
2069d
|
15/28 |
1465d |
e898e69d6b94
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
|
KASAN: stack-out-of-bounds Read in xfrm_selector_match (2)
net
|
|
|
|
1 |
1523d |
1521d
|
15/28 |
1465d |
e94ee171349d
xfrm: Use correct address family in xfrm_state_find
|
KASAN: use-after-free Read in tipc_mcast_xmit (2)
tipc
|
C |
done |
|
37 |
1496d |
1510d
|
15/28 |
1465d |
ed42989eab57
tipc: fix the skb_unshare() in tipc_buf_append()
|
KASAN: use-after-free Read in tipc_bcast_get_mode
tipc
|
|
|
|
1 |
1571d |
1570d
|
15/28 |
1465d |
fdeba99b1e58
tipc: fix use-after-free in tipc_bcast_get_mode
|
INFO: task hung in flush_to_ldisc
serial
|
C |
inconclusive |
done |
15 |
1741d |
1811d
|
15/28 |
1465d |
e8c75a30a23c
vt: selection, push sel_lock up
|
KASAN: use-after-free Write in io_wq_worker_running
io-uring
fs
|
C |
error |
|
14 |
1508d |
1535d
|
15/28 |
1465d |
c4068bf898dd
io-wq: fix use-after-free in io_wq_worker_running
|
KASAN: slab-out-of-bounds Read in soft_cursor
fbdev
|
C |
done |
|
218 |
1504d |
1813d
|
15/28 |
1465d |
988d0763361b
vt_ioctl: make VT_RESIZEX behave like VT_RESIZE
|
BUG: unable to handle kernel paging request in tcf_action_dump_terse
net
|
C |
done |
|
15 |
1508d |
1514d
|
15/28 |
1465d |
580e4273d7a8
net_sched: check error pointer in tcf_dump_walker()
|
INFO: rcu detected stall in sys_mount (5)
afs
|
C |
done |
done |
10 |
1512d |
1533d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
general protection fault in qp_release_pages
kernel
|
C |
done |
|
2 |
1501d |
1501d
|
15/28 |
1465d |
90ca6333fd65
VMCI: check return value of get_user_pages_fast() for errors
|
INFO: task hung in lock_sock_nested (3)
net
|
C |
done |
|
5 |
1509d |
1510d
|
15/28 |
1465d |
d9fb8c507d42
mptcp: fix infinite loop on recvmsg()/worker() race.
|
KMSAN: uninit-value in __fget_light (2)
fs
|
C |
|
|
18 |
1482d |
1491d
|
15/28 |
1465d |
d5e4d0a5e692
inet_diag: validate INET_DIAG_REQ_PROTOCOL attribute
|
WARNING in ati_remote_sendpacket/usb_submit_urb
usb
media
|
C |
|
|
22 |
1636d |
1947d
|
15/28 |
1465d |
a8be80053ea7
media: ati_remote: sanity check for both endpoints
|
KASAN: stack-out-of-bounds Read in csd_lock_record
kernel
|
C |
|
|
226 |
1596d |
1601d
|
15/28 |
1465d |
35feb60474bf
kernel/smp: Provide CSD lock timeout diagnostics
|
KASAN: use-after-free Read in afs_deactivate_cell (2)
afs
|
C |
done |
|
11 |
1503d |
1521d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
possible deadlock in mnt_want_write
fs
|
C |
done |
done |
662 |
1504d |
2312d
|
15/28 |
1465d |
146d62e5a586
ovl: detect overlapping layers
|
general protection fault in ieee80211_key_free
wireless
|
C |
done |
|
3 |
1501d |
1505d
|
15/28 |
1465d |
3dc289f8f139
net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
|
general protection fault in __do_sys_io_uring_register
fs
|
|
|
|
80 |
1492d |
1498d
|
15/28 |
1465d |
55cbc2564ab2
io_uring: fix error path cleanup in io_sqe_files_register()
|
KASAN: use-after-free Write in vcs_read
serial
|
C |
done |
|
11 |
1547d |
1553d
|
15/28 |
1465d |
52c3c3a59234
Revert "vc_screen: extract vcs_read_buf_header"
|
WARNING in irqentry_exit
kernel
|
C |
error |
done |
2080 |
1500d |
1567d
|
15/28 |
1465d |
4d004099a668
lockdep: Fix lockdep recursion
|
INFO: rcu detected stall in sys_newlstat
afs
|
C |
error |
done |
1 |
1520d |
1518d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
kernel BUG at net/rxrpc/conn_object.c:LINE!
afs
net
|
C |
done |
|
855 |
1468d |
1532d
|
15/28 |
1465d |
546a42410bf7
rxrpc: Fix conn bundle leak in net-namespace exit
|
possible deadlock in dev_uc_sync
net
|
C |
done |
|
3 |
1500d |
1598d
|
15/28 |
1465d |
0e8b8d6a2d85
net: core: use list_del_init() instead of list_del() in netdev_run_todo()
|
WARNING in wp_page_copy
mm
|
syz |
done |
done |
9 |
1738d |
1815d
|
15/28 |
1465d |
c3e5ea6ee574
mm: avoid data corruption on CoW fault into PFN-mapped VMA
|
general protection fault in vmk80xx_write_packet
usb
staging
|
C |
|
|
82 |
1505d |
1961d
|
15/28 |
1465d |
e1f13c879a7c
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
|
general protection fault in rt6_fill_node
net
|
C |
done |
done |
3 |
1550d |
1547d
|
15/28 |
1465d |
eeaac3634ee0
net: nexthop: don't allow empty NHA_GROUP
|
KASAN: use-after-free Read in afs_manage_cell
afs
|
|
|
|
5 |
1507d |
1521d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
KMSAN: uninit-value in do_ip_vs_set_ctl
lvs
|
C |
|
|
365 |
1470d |
2259d
|
15/28 |
1465d |
c5a8a8498eed
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
|
memory leak in __team_options_register
net
|
C |
|
|
1 |
1535d |
1535d
|
15/28 |
1465d |
9a9e77495958
net: team: fix memory leak in __team_options_register
|
general protection fault in nexthop_is_blackhole
net
|
C |
done |
done |
1 |
1550d |
1547d
|
15/28 |
1465d |
eeaac3634ee0
net: nexthop: don't allow empty NHA_GROUP
|
KASAN: use-after-free Read in ucma_close (2)
rdma
|
syz |
done |
|
1 |
1532d |
1532d
|
15/28 |
1465d |
f5449e74802c
RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
|
UBSAN: array-index-out-of-bounds in ieee80211_del_key
wireless
|
C |
done |
|
685 |
1474d |
1518d
|
15/28 |
1465d |
3dc289f8f139
net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
|
INFO: task hung in htable_put
|
C |
done |
done |
29 |
1738d |
1791d
|
15/28 |
1465d |
99b79c3900d4
netfilter: xt_hashlimit: unregister proc file before releasing mutex
|
KASAN: use-after-free Write in xp_put_pool
bpf
net
|
C |
done |
|
50 |
1518d |
1540d
|
15/28 |
1465d |
83cf5c68d663
xsk: Fix use-after-free in failed shared_umem bind
|
KASAN: use-after-free Read in __cfg8NUM_wpan_dev_from_attrs (2)
wpan
|
C |
error |
done |
5 |
1599d |
1599d
|
15/28 |
1465d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
kernel panic: System is deadlocked on memory
mm
|
C |
done |
|
43 |
1592d |
1590d
|
15/28 |
1465d |
9066e5cfb73c
mm, oom: make the calculation of oom badness more accurate
|
general protection fault in strncasecmp
afs
|
C |
done |
|
1 |
1520d |
1518d
|
15/28 |
1465d |
92e3cc91d8f5
afs: Fix rapid cell addition/removal by not using RCU on cells tree
|
KASAN: slab-out-of-bounds Read in f2fs_build_segment_manager
f2fs
|
C |
error |
|
2 |
1517d |
1517d
|
15/28 |
1465d |
3a22e9ac7158
f2fs: fix to do sanity check on segment/section count
|
KMSAN: uninit-value in udf_get_pblock_spar15
udf
|
|
|
|
1 |
1521d |
1518d
|
15/28 |
1465d |
44ac6b829c4e
udf: Limit sparing table size
|
WARNING: refcount bug in l2cap_chan_put
|
C |
inconclusive |
done |
13 |
1568d |
1731d
|
15/28 |
1465d |
b83764f9220a
Bluetooth: Fix kernel oops triggered by hci_adv_monitors_clear()
|
KASAN: use-after-free Write in afs_deactivate_cell
afs
|
|
|
|
4 |
1499d |
1518d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
WARNING: proc registration bug in afs_manage_cell
afs
|
C |
done |
|
1 |
1518d |
1514d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
INFO: trying to register non-static key in exfat_cache_inval_inode
exfat
|
C |
done |
|
4 |
1508d |
1514d
|
15/28 |
1465d |
8ff006e57ad3
exfat: fix use of uninitialized spinlock on error path
|
WARNING in nla_get_range_unsigned
net
|
C |
done |
|
63 |
1540d |
1542d
|
15/28 |
1465d |
c30a3c957c88
netlink: policy: correct validation type check
|
KASAN: use-after-free Read in bit_putcs
fbdev
|
C |
|
|
12 |
1512d |
1732d
|
15/28 |
1465d |
988d0763361b
vt_ioctl: make VT_RESIZEX behave like VT_RESIZE
|
BUG: using smp_processor_id() in preemptible code in tipc_crypto_xmit
tipc
|
C |
done |
done |
468 |
1538d |
1608d
|
15/28 |
1465d |
bb8872a1e6bc
tipc: fix using smp_processor_id() in preemptible
|
general protection fault in xsk_is_setup_for_bpf_map
bpf
net
|
C |
error |
|
294 |
1518d |
1540d
|
15/28 |
1465d |
968be23ceaca
xsk: Fix possible segfault at xskmap entry insertion
|
KMSAN: uninit-value in udf_evict_inode
udf
|
|
|
|
159 |
1470d |
1518d
|
15/28 |
1465d |
044e2e26f214
udf: Avoid accessing uninitialized data on failed inode read
|
inconsistent lock state in io_uring_add_task_file
fs
|
|
|
|
1 |
1504d |
1503d
|
15/28 |
1465d |
ce765372bc44
io_uring: Fix use of XArray in __io_uring_files_cancel
|
memory leak in read_adv_mon_features
bluetooth
|
C |
|
|
2 |
1535d |
1558d
|
15/28 |
1465d |
cafd472a10ff
Bluetooth: Fix memory leak in read_adv_mon_features()
|
INFO: trying to register non-static key in del_timer_sync (2)
wireless
usb
|
C |
|
|
1206 |
1997d |
2049d
|
15/28 |
1465d |
621a3a8b1c0e
mwifiex: don't call del_timer_sync() on uninitialized timer
|
inconsistent lock state in icmp_send
net
|
syz |
done |
done |
1 |
1673d |
2170d
|
15/28 |
1465d |
1378817486d6
tipc: block BH before using dst_cache
|
INFO: task can't die in rtnetlink_rcv_msg
net
|
|
|
|
5 |
1505d |
1514d
|
15/28 |
1465d |
0fedc63fadf0
net_sched: commit action insertions together
|
BUG: unable to handle kernel paging request in pvclock_gtod_notify
kvm
|
C |
done |
done |
8 |
1511d |
1530d
|
15/28 |
1465d |
a49145acfb97
fbmem: add margin check to fb_check_caps()
|
INFO: trying to register non-static key in uhid_dev_destroy
input
|
C |
unreliable |
done |
40 |
1548d |
1720d
|
15/28 |
1465d |
bce1305c0ece
HID: core: Correctly handle ReportSize being zero
|
WARNING in bpf_raw_tp_link_fill_link_info
bpf
|
C |
error |
|
56 |
1518d |
1532d
|
15/28 |
1465d |
b474959d5afd
bpf: Fix a buffer out-of-bound access when filling raw_tp link_info
|
KMSAN: uninit-value in qtree_entry_unused
fs
|
|
|
|
396 |
1470d |
1521d
|
15/28 |
1465d |
3d3dc274ce73
quota: clear padding in v2r1_mem2diskdqb()
|
KASAN: use-after-free Write in rxrpc_put_bundle
afs
net
|
C |
done |
|
229 |
1503d |
1526d
|
15/28 |
1465d |
f3af4ad1e08a
rxrpc: Fix bundle counting for exclusive connections
|
KASAN: use-after-free Read in tcf_action_destroy
net
|
C |
done |
|
8 |
1507d |
1522d
|
15/28 |
1465d |
0fedc63fadf0
net_sched: commit action insertions together
|
memory leak in xdp_umem_create
net
bpf
|
C |
|
|
17 |
1469d |
1489d
|
15/28 |
1465d |
e5e1a4bc916d
xsk: Fix possible memory leak at socket close
|
general protection fault in xsk_diag_dump (2)
bpf
net
|
C |
|
|
354 |
1522d |
1540d
|
15/28 |
1465d |
53ea2076d851
xsk: Fix possible segfault in xsk umem diagnostics
|
INFO: rcu detected stall in security_file_open (3)
afs
|
C |
done |
done |
2 |
1513d |
1512d
|
15/28 |
1465d |
1d0e850a49a5
afs: Fix cell removal
|
general protection fault in tcf_action_destroy (2)
net
|
C |
done |
done |
29 |
1503d |
1716d
|
15/28 |
1465d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
KASAN: global-out-of-bounds Read in fbcon_get_font
fbdev
|
C |
inconclusive |
inconclusive |
41 |
1511d |
1808d
|
15/28 |
1465d |
5af08640795b
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
|
WARNING: suspicious RCU usage in ctrl_cmd_new_lookup
arm-msm
net
|
C |
done |
done |
10 |
1520d |
1609d
|
15/28 |
1465d |
a7809ff90ce6
net: qrtr: ns: Protect radix_tree_deref_slot() using rcu read locks
|
general protection fault in io_poll_double_wake (2)
fs
io-uring
|
C |
error |
|
2 |
1515d |
1514d
|
15/28 |
1491d |
8706e04ed7d6
io_uring: always delete double poll wait entry on match
|
possible deadlock in io_write
fs
|
|
|
|
2 |
1512d |
1514d
|
15/28 |
1491d |
fad8e0de4426
io_uring: fix potential ABBA deadlock in ->show_fdinfo()
|
kernel BUG at lib/string.c:LINE! (5)
btrfs
|
C |
done |
|
558 |
1519d |
1527d
|
15/28 |
1497d |
35be8851d172
btrfs: fix overflow when copying corrupt csums for a message
|
general protection fault in madvise_cold_or_pageout_pte_range
mm
|
C |
done |
|
3 |
1518d |
1528d
|
15/28 |
1499d |
ce2684254bd4
mm: validate pmd after splitting
|
KASAN: global-out-of-bounds Read in fbcon_resize
fbdev
|
C |
error |
|
673 |
1522d |
1554d
|
15/28 |
1503d |
ec0972adecb3
fbcon: Fix user font detection test at fbcon_resize().
|
WARNING: suspicious RCU usage in fib6_del (2)
net
|
|
|
|
1 |
1535d |
1535d
|
15/28 |
1503d |
843d926b003e
ipv6: avoid lockdep issue in fib6_del()
|
KASAN: use-after-free Read in ieee8NUM_tx
wpan
|
|
|
|
1 |
1536d |
1536d
|
15/28 |
1503d |
0ff4628f4c6c
mac802154: tx: fix use-after-free
|
general protection fault in wg_index_hashtable_replace
wireguard
|
|
|
|
2 |
1524d |
1535d
|
15/28 |
1503d |
9179ba31367b
wireguard: noise: take lock when removing handshake entry from table
|
memory leak in do_seccomp
kernel
|
C |
|
|
6 |
1535d |
1562d
|
15/28 |
1503d |
a566a9012acd
seccomp: don't leak memory when filter install races
|
inconsistent lock state in padata_do_parallel
crypto
|
|
|
|
9 |
1521d |
1541d
|
15/28 |
1503d |
1b0df11fde0f
padata: fix possible padata_works_lock deadlock
|
KASAN: use-after-free Write in skb_queue_tail
net
arm-msm
|
|
|
|
1 |
1534d |
1534d
|
15/28 |
1503d |
3ca1a42a52ca
net: qrtr: check skb_put_padto() return value
|
possible deadlock in peernet2id_alloc
net
|
|
|
|
12 |
1534d |
1705d
|
15/28 |
1503d |
e1f469cd5866
Revert "netns: don't disable BHs when locking "nsid_lock""
|
KMSAN: uninit-value in __inet_diag_dump
net
|
C |
|
|
37 |
1504d |
1522d
|
15/28 |
1503d |
d5e4d0a5e692
inet_diag: validate INET_DIAG_REQ_PROTOCOL attribute
|
memory leak in do_eventfd
fs
|
C |
|
|
2 |
1549d |
1645d
|
15/28 |
1503d |
f65886606c2d
KVM: fix memory leak in kvm_io_bus_unregister_dev()
|
KASAN: slab-out-of-bounds Read in read_descriptors (2)
usb
|
|
|
|
1 |
1553d |
1549d
|
15/28 |
1503d |
a18cd6c9b6bc
usb: core: fix slab-out-of-bounds Read in read_descriptors
|
INFO: rcu detected stall in cleanup_net (4)
kernel
|
C |
done |
|
5 |
1538d |
1534d
|
15/28 |
1503d |
b5b73b26b3ca
taprio: Fix allowing too small intervals
|
KASAN: slab-out-of-bounds Read in fbcon_scrolldelta
fbdev
|
|
|
|
1 |
1529d |
1528d
|
15/28 |
1503d |
50145474f6ef
fbcon: remove soft scrollback code
|
INFO: task hung in tcf_ife_init
net
|
C |
done |
|
4 |
1535d |
1539d
|
15/28 |
1503d |
cc8e58f8325c
act_ife: load meta modules before tcf_idr_check_alloc()
|
KASAN: slab-out-of-bounds Read in prism2sta_probe_usb
staging
usb
|
C |
|
|
8 |
1543d |
1574d
|
15/28 |
1503d |
fea22e159d51
staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
|
KMSAN: uninit-value in inet_diag_cmd_exact
net
|
C |
|
|
31 |
1504d |
1516d
|
15/28 |
1503d |
d5e4d0a5e692
inet_diag: validate INET_DIAG_REQ_PROTOCOL attribute
|
KASAN: global-out-of-bounds Read in vga16fb_imageblit
|
C |
done |
|
1071 |
1530d |
1814d
|
15/28 |
1503d |
bd018a6a75ce
video: fbdev: fix OOB read in vga_8planes_imageblit()
|
memory leak in tipc_group_create_member
tipc
|
C |
|
|
32 |
1530d |
1938d
|
15/28 |
1503d |
bb3a420d47ab
tipc: Fix memory leak in tipc_group_create_member()
|
general protection fault in free_netdev
net
|
C |
error |
done |
3605 |
1578d |
1613d
|
15/28 |
1511d |
46ef5b89ec0e
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
|
KASAN: use-after-free Write in page_counter_uncharge
mm
|
|
|
|
2 |
1550d |
1555d
|
15/28 |
1511d |
f1796544a0ca
memcg: fix use-after-free in uncharge_batch
|
KASAN: use-after-free Write in page_counter_cancel
mm
|
|
|
|
1 |
1559d |
1555d
|
15/28 |
1511d |
f1796544a0ca
memcg: fix use-after-free in uncharge_batch
|
KASAN: use-after-free Read in do_madvise
io-uring
mm
|
syz |
error |
|
4 |
1551d |
1552d
|
15/28 |
1511d |
7867fd7cc44e
mm: madvise: fix vma user-after-free
|
KMSAN: kernel-infoleak in move_addr_to_user (3)
net
|
C |
|
|
79 |
1526d |
1560d
|
15/28 |
1514d |
38ba8b9241f5
can: j1939: fix kernel-infoleak in j1939_sk_sock2sockaddr_can()
|
KASAN: slab-out-of-bounds Write in hiddev_ioctl_usage
input
usb
|
C |
|
|
279 |
1545d |
1888d
|
15/28 |
1518d |
25a097f52046
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
|
WARNING: refcount bug in red_destroy
net
|
C |
done |
|
1 |
1548d |
1547d
|
15/28 |
1518d |
5438dd45831e
net_sched: fix error path in red_init()
|
WARNING in slab_pre_alloc_hook
usb
|
C |
|
|
210 |
1543d |
1563d
|
15/28 |
1518d |
f176ede3a3bd
USB: yurex: Fix bad gfp argument
|
WARNING: refcount bug in smc_release (3)
net
s390
|
|
|
|
1 |
1545d |
1534d
|
15/28 |
1518d |
5fb8642a17aa
net/smc: fix sock refcounting in case of termination
|
INFO: rcu detected stall in ext4_file_write_iter
|
C |
inconclusive |
done |
93 |
1562d |
2094d
|
15/28 |
1518d |
7e24969022cb
block: allow for_each_bvec to support zero len bvec
|
WARNING: refcount bug in qdisc_put (2)
net
|
C |
done |
|
7 |
1548d |
1547d
|
15/28 |
1518d |
5438dd45831e
net_sched: fix error path in red_init()
|
BUG: corrupted list in mousedev_release
input
|
syz |
done |
|
5 |
1541d |
1543d
|
15/28 |
1518d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
KASAN: use-after-free Read in snd_pcm_oss_release
sound
|
|
|
|
1 |
1547d |
1546d
|
15/28 |
1518d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
possible deadlock in __lock_task_sighand
io-uring
|
C |
done |
|
12 |
1542d |
1544d
|
15/28 |
1518d |
fd7d6de22414
io_uring: don't recurse on tsk->sighand->siglock with signalfd
|
WARNING in snd_pcm_plugin_build_mulaw
sound
|
C |
done |
|
4 |
1544d |
1541d
|
15/28 |
1518d |
949a1ebe8cea
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
|
general protection fault in snd_ctl_release
sound
|
syz |
done |
|
4 |
1540d |
1540d
|
15/28 |
1518d |
77f4689de17c
fix regression in "epoll: Keep a reference on files added to the check list"
|
KMSAN: uninit-value in batadv_tt_hash_find
batman
|
|
|
|
11 |
1533d |
1590d
|
15/28 |
1518d |
303216e76dca
batman-adv: Avoid uninitialized chaddr when handling DHCP
|
KASAN: global-out-of-bounds Read in bit_putcs
fbdev
|
C |
done |
|
262 |
1519d |
1812d
|
15/28 |
1518d |
39b3cffb8cf3
fbcon: prevent user font height or width change from causing potential out-of-bounds access
bc5269ca7650
vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
|
KASAN: use-after-free Read in fbcon_cursor
fbdev
|
syz |
done |
error |
10 |
1558d |
1802d
|
15/28 |
1518d |
f8d1653daec0
vt: defer kfree() of vc_screenbuf in vc_do_resize()
|
KASAN: use-after-free Read in rc_dev_uevent
media
|
|
|
|
1 |
1567d |
1566d
|
15/28 |
1518d |
4f0835d6677d
media: rc: uevent sysfs file races with rc_unregister_device()
|
upstream boot error: KASAN: global-out-of-bounds Read in internal_create_group
fs
|
|
|
|
273 |
1549d |
1561d
|
15/28 |
1518d |
62c789270c0b
libnvdimm: KASAN: global-out-of-bounds Read in internal_create_group
|
KMSAN: uninit-value in video_usercopy
media
|
C |
|
|
28 |
1583d |
1583d
|
15/28 |
1518d |
4ffb879ea648
media: media/v4l2-core: Fix kernel-infoleak in video_put_user()
|
INFO: task hung in nbd_ioctl (2)
nbd
|
|
|
|
37 |
1545d |
1598d
|
15/28 |
1518d |
2a63866c8b51
tipc: fix shutdown() of connectionless socket
|
WARNING in restore_regulatory_settings
|
C |
done |
|
10414 |
1536d |
1780d
|
15/28 |
1518d |
47caf685a685
cfg80211: regulatory: reject invalid hints
|
INFO: task hung in pipe_release (2)
ext4
|
syz |
done |
|
3 |
1540d |
1571d
|
15/28 |
1518d |
7e24969022cb
block: allow for_each_bvec to support zero len bvec
|
KMSAN: kernel-infoleak in raw_ioctl
usb
|
C |
|
|
22 |
1540d |
1564d
|
15/28 |
1518d |
a092b7233f0e
net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
|
KASAN: use-after-free Read in bdev_del_partition
block
|
C |
done |
|
1 |
1542d |
1542d
|
15/28 |
1518d |
08fc1ab6d748
block: fix locking in bdev_del_partition
|
KASAN: vmalloc-out-of-bounds Write in bitfill_aligned
fbdev
|
C |
|
|
475 |
1578d |
1813d
|
15/28 |
1521d |
033724d68642
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
|
BUG: unable to handle kernel paging request in vmx_vcpu_run
kvm
|
C |
error |
error |
194 |
2301d |
2415d
|
15/28 |
1522d |
0447378a4a79
kvm: vmx: Nested VM-entry prereqs for event inj.
|
possible deadlock in __io_queue_deferred
fs
io-uring
|
C |
error |
|
1 |
1565d |
1563d
|
15/28 |
1526d |
7271ef3a93a8
io_uring: fix recursive completion locking on oveflow flush
|
kernel BUG at mm/hugetlb.c:LINE!
|
C |
done |
error |
10 |
1577d |
1690d
|
15/28 |
1526d |
15568299b7d9
hugetlbfs: prevent filesystem stacking of hugetlbfs
|
WARNING in r871xu_dev_remove
usb
staging
|
C |
|
|
47375 |
1565d |
1917d
|
15/28 |
1526d |
b4383c971bc5
staging: rtl8712: handle firmware load failure
|
WARNING in ptrace_stop
|
C |
done |
|
1413 |
1577d |
1581d
|
15/28 |
1526d |
d136122f5845
sched: Fix race against ptrace_freeze_trace()
|
general protection fault in do_con_write
|
C |
done |
|
10703 |
1578d |
1813d
|
15/28 |
1526d |
ce684552a266
vt: Reject zero-sized screen buffer size.
|
general protection fault in __btf_resolve_helper_id
bpf
|
C |
|
|
17 |
1590d |
1599d
|
15/28 |
1526d |
5b801dfb7feb
bpf: Fix NULL pointer dereference in __btf_resolve_helper_id()
|
KASAN: use-after-free Read in line6_submit_audio_in_all_urbs
sound
|
|
|
|
2 |
1594d |
1608d
|
15/28 |
1526d |
68359a1ad844
ALSA: line6: Sync the pending work cancel at disconnection
|
INFO: task hung in ovs_exit_net
openvswitch
|
|
|
|
65 |
1578d |
1582d
|
15/28 |
1526d |
a65878d6f00b
net: openvswitch: fixes potential deadlock in dp cleanup code
|
memory leak in erase_aeb (2)
mtd
|
syz |
|
|
25 |
1585d |
1654d
|
15/28 |
1526d |
3b185255bb2f
ubi: fastmap: Don't produce the initial next anchor PEB when fastmap is disabled
|
KASAN: use-after-free Write in __linkwatch_run_queue
net
|
C |
error |
|
24 |
1581d |
1582d
|
15/28 |
1526d |
c75d1d5248c0
bonding: check return value of register_netdevice() in bond_newlink()
|
WARNING in fat12_ent_blocknr
exfat
|
|
|
|
2 |
1570d |
1594d
|
15/28 |
1526d |
a090a5a7d73f
fat: fix fat_ra_init() for data clusters == 0
|
general protection fault in x86_fsgsbase_read_task
kernel
|
C |
done |
|
2 |
1560d |
1560d
|
15/28 |
1526d |
8ab49526b53d
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
|
WARNING in __kernel_read
fs
|
C |
done |
|
60 |
1533d |
1591d
|
15/28 |
1526d |
a39c46067c84
net/9p: validate fds in p9_fd_open
|
WARNING in inc_nlink
|
C |
done |
|
26 |
1592d |
1695d
|
15/28 |
1526d |
facb03dddec0
fs/minix: don't allow getting deleted inodes
|
KASAN: use-after-free Read in delete_and_unsubscribe_port (2)
sound
|
syz |
done |
|
4 |
1570d |
1595d
|
15/28 |
1526d |
80982c7e834e
ALSA: seq: oss: Serialize ioctls
|
KASAN: use-after-free Write in addr_resolve
rdma
|
|
|
|
1 |
1627d |
1624d
|
15/28 |
1526d |
f6a9d47ae685
RDMA/cma: Execute rdma_cm destruction from a handler properly
|
general protection fault in cdev_del
usb
fs
|
C |
|
|
315 |
1535d |
2003d
|
15/28 |
1526d |
e911e99a0770
usb: hso: check for return value in hso_serial_common_create()
|
general protection fault in afs_dynroot_depopulate
afs
|
|
|
|
1 |
1554d |
1553d
|
15/28 |
1526d |
5e0b17b026eb
afs: Fix NULL deref in afs_dynroot_depopulate()
|
KASAN: use-after-free Read in sock_def_write_space (2)
arm-msm
net
|
C |
error |
|
29 |
1526d |
1584d
|
15/28 |
1526d |
af9f691f0f5b
qrtr: orphan socket in qrtr_release()
|
kernel BUG at mm/khugepaged.c:LINE!
mm
|
C |
done |
|
30 |
1553d |
1564d
|
15/28 |
1526d |
f3f99d63a815
khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
|
possible deadlock in shmem_fallocate (4)
mm
|
C |
done |
|
81 |
1576d |
1791d
|
15/28 |
1526d |
3e338d3c95c7
staging: android: ashmem: Fix lockdep warning for write operation
|
BUG: unable to handle kernel NULL pointer dereference in loop_rw_iter
io-uring
fs
|
C |
done |
|
24 |
1552d |
1563d
|
15/28 |
1526d |
2dd2111d0d38
io_uring: Fix NULL pointer dereference in loop_rw_iter()
|
kernel BUG at net/rxrpc/recvmsg.c:LINE!
afs
net
|
C |
error |
|
10 |
1572d |
1601d
|
15/28 |
1526d |
65550098c1c4
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
|
KASAN: use-after-free Read in addr_handler (2)
rdma
|
|
|
|
2 |
1581d |
1624d
|
15/28 |
1526d |
f6a9d47ae685
RDMA/cma: Execute rdma_cm destruction from a handler properly
|
KASAN: use-after-free Read in io_async_task_func
fs
io-uring
|
syz |
error |
|
1 |
1563d |
1562d
|
15/28 |
1526d |
6d816e088c35
io_uring: hold 'ctx' reference around task_work queue + execute
|
WARNING in idr_alloc
arm-msm
net
|
C |
done |
|
65 |
1535d |
1609d
|
15/28 |
1526d |
8dfddfb79653
net: qrtr: fix usage of idr in port assignment to socket
|
WARNING in drop_nlink
fs
|
C |
done |
error |
1 |
1673d |
1669d
|
15/28 |
1526d |
facb03dddec0
fs/minix: don't allow getting deleted inodes
|
KASAN: slab-out-of-bounds Read in vc_do_resize
serial
|
C |
done |
|
55 |
1563d |
1798d
|
15/28 |
1526d |
d88ca7e1a27e
fbmem: pull fbcon_update_vcs() out of fb_set_var()
|
general protection fault in fib_dump_info (2)
net
|
C |
done |
|
16 |
1550d |
1552d
|
15/28 |
1526d |
eeaac3634ee0
net: nexthop: don't allow empty NHA_GROUP
|
KASAN: slab-out-of-bounds Read in vsscanf (2)
lsm
|
C |
error |
|
5 |
1569d |
1582d
|
15/28 |
1526d |
a6bd4f6d9b07
Smack: fix another vsscanf out of bounds
|
KMSAN: uninit-value in netlink_policy_dump_start
net
|
C |
|
|
31 |
1531d |
1534d
|
15/28 |
1526d |
d1fb55592909
netlink: fix state reallocation in policy export
|
possible deadlock in uprobe_clear_state (2)
perf
|
|
|
|
1 |
1593d |
1589d
|
15/28 |
1526d |
f867c771f988
binder: Don't use mmput() from shrinker function.
|
KASAN: null-ptr-deref Write in media_request_close
media
|
C |
done |
|
17 |
1568d |
1617d
|
15/28 |
1526d |
e30cc79cc80f
media: media-request: Fix crash if memory allocation fails
|
KASAN: use-after-free Read in devlink_health_reporter_destroy
net
|
C |
error |
|
1188 |
1590d |
1591d
|
15/28 |
1526d |
5d037b4d3df7
devlink: Fix use-after-free when destroying health reporters
|
kernel BUG at net/core/dev.c:LINE! (3)
net
|
C |
done |
|
979 |
1540d |
1685d
|
15/28 |
1526d |
832707021666
bonding: fix a potential double-unregister
|
KASAN: use-after-free Read in ceph_mdsc_destroy
ceph
fs
|
|
|
|
4 |
1566d |
1582d
|
15/28 |
1526d |
a7caa88f8b72
ceph: fix use-after-free for fsc->mdsc
|
KASAN: use-after-free Read in path_init (2)
fs
|
C |
done |
|
29 |
1560d |
1562d
|
15/28 |
1526d |
24fb33d40d60
fix breakage in do_rmdir()
|
WARNING in __kernel_write
fs
|
C |
done |
|
522 |
1575d |
1595d
|
15/28 |
1526d |
a39c46067c84
net/9p: validate fds in p9_fd_open
|
KMSAN: uninit-value in get_block
fs
|
C |
|
|
13 |
1642d |
1645d
|
15/28 |
1526d |
270ef41094e9
fs/minix: reject too-large maximum file size
|
WARNING: suspicious RCU usage in ovs_flow_tbl_masks_cache_size
openvswitch
|
C |
done |
|
4093 |
1567d |
1569d
|
15/28 |
1526d |
fea07a487c6d
net: openvswitch: silence suspicious RCU usage warning
|
WARNING in submit_rx_urb/usb_submit_urb
usb
staging
|
C |
|
|
397 |
1578d |
2002d
|
15/28 |
1526d |
faaff9765664
staging: wlan-ng: properly check endpoint types
|
WARNING in ib_unregister_device_queued
rdma
|
|
|
|
2 |
1658d |
1669d
|
15/28 |
1526d |
0cb42c026583
RDMA/core: Fix bogus WARN_ON during ib_unregister_device_queued()
|
KASAN: use-after-free Read in get_block
|
C |
done |
|
23 |
1592d |
1669d
|
15/28 |
1526d |
270ef41094e9
fs/minix: reject too-large maximum file size
|
WARNING in idtentry_exit_cond_rcu
kernel
|
syz |
|
|
6 |
1600d |
1596d
|
15/28 |
1526d |
bce9b042ec73
x86/traps: Disable interrupts in exc_aligment_check()
|
INFO: task hung in ovs_dp_masks_rebalance
openvswitch
|
|
|
|
771 |
1539d |
1582d
|
15/28 |
1526d |
a65878d6f00b
net: openvswitch: fixes potential deadlock in dp cleanup code
|
memory leak in nf_tables_addchain
netfilter
|
C |
|
|
1 |
1565d |
1562d
|
15/28 |
1526d |
59136aa3b264
netfilter: nf_tables: free chain context when BINDING flag is missing
|
KASAN: null-ptr-deref Write in get_block
fs
|
C |
done |
|
101 |
1592d |
1705d
|
15/28 |
1526d |
da27e0a0e5f6
fs/minix: check return value of sb_getblk()
|
WARNING: suspicious RCU usage in tipc_l2_send_msg
tipc
|
syz |
done |
|
60 |
1550d |
1608d
|
15/28 |
1526d |
f6db90964162
tipc: call rcu_read_lock() in tipc_aead_encrypt_done()
|
WARNING in compat_do_ebt_get_ctl
bridge
netfilter
|
C |
done |
|
15 |
1556d |
1567d
|
15/28 |
1526d |
5c04da55c754
netfilter: ebtables: reject bogus getopt len value
|
memory leak in io_submit_sqes
fs
io-uring
|
C |
|
|
2 |
1543d |
1562d
|
15/28 |
1526d |
a36da65c4656
io_uring: fail poll arm on queue proc failure
|
WARNING in __nf_unregister_net_hook (2)
netfilter
|
C |
done |
|
9 |
1592d |
1591d
|
15/28 |
1526d |
1e9451cbda45
netfilter: nf_tables: fix nat hook table deletion
|
KCSAN: data-race in page_counter_try_charge / page_counter_try_charge (2)
mm
|
|
|
|
148 |
1561d |
1805d
|
15/28 |
1526d |
6e4bd50f3888
mm/page_counter: fix various data races at memsw
|
KASAN: use-after-free Read in j1939_tp_txtimer
can
|
C |
done |
error |
5 |
1593d |
1791d
|
15/28 |
1526d |
cd3b3636c99f
can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer()
|
KASAN: use-after-free Write in get_block
fs
|
C |
inconclusive |
inconclusive |
12 |
1608d |
1658d
|
15/28 |
1526d |
270ef41094e9
fs/minix: reject too-large maximum file size
|
KASAN: use-after-free Read in l2cap_chan_close
|
C |
done |
|
37 |
1568d |
1748d
|
15/28 |
1526d |
f9c70bdc279b
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
|
KASAN: use-after-free Read in ax88172a_unbind
usb
|
C |
done |
|
2723 |
1578d |
1818d
|
15/28 |
1526d |
c28d9a285668
ax88172a: fix ax88172a_unbind() failures
|
linux-next boot error: WARNING in mem_cgroup_css_alloc
kernel
|
|
|
|
6 |
1560d |
1560d
|
15/28 |
1526d |
9f457179244a
mm: memcontrol: fix warning when allocating the root cgroup
|
KCSAN: data-race in vm_area_dup / vma_interval_tree_remove (2)
mm
|
|
|
|
70 |
1620d |
1734d
|
15/28 |
1526d |
cda099b37d71
fork: Annotate a data race in vm_area_dup()
|
general protection fault in vsock_poll
net
virt
|
syz |
done |
|
15 |
1570d |
1583d
|
15/28 |
1526d |
1980c0584483
vsock: fix potential null pointer dereference in vsock_poll()
|
BUG: corrupted list in p9_read_work (2)
v9fs
|
syz |
done |
error |
38 |
1828d |
2190d
|
15/28 |
1526d |
74d6a5d56629
9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
|
general protection fault in io_poll_double_wake
io-uring
fs
|
C |
done |
|
8 |
1530d |
1558d
|
15/28 |
1526d |
d4e7cd36a90e
io_uring: sanitize double poll handling
|
KMSAN: uninit-value in geneve_xmit
net
|
C |
|
|
163 |
1530d |
1583d
|
15/28 |
1526d |
32818c075c54
geneve: fix an uninitialized value in geneve_changelink()
|
general protection fault in syscall_return_slowpath
kernel
|
syz |
inconclusive |
done |
1 |
1632d |
1718d
|
15/28 |
1526d |
033724d68642
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
|
KMSAN: uninit-value in ax25_connect
hams
|
C |
|
|
15 |
1534d |
1667d
|
15/28 |
1526d |
2f2a7ffad5c6
AX.25: Fix out-of-bounds read in ax25_connect()
|
general protection fault in j1939_netdev_start
can
|
C |
done |
|
8 |
1578d |
1730d
|
15/28 |
1526d |
af804b782635
can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated
|
KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt
bluetooth
|
C |
|
|
16 |
1569d |
1597d
|
15/28 |
1526d |
51c19bf3d5cf
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
|
KASAN: wild-memory-access Read in rawv6_setsockopt
net
|
|
|
|
2 |
1567d |
1567d
|
15/28 |
1526d |
519a8a6cf91d
net: Revert "net: optimize the sockptr_t for unified kernel/user address spaces"
|
KASAN: out-of-bounds Read in pebs_update_state
perf
|
syz |
inconclusive |
done |
1 |
1603d |
1651d
|
15/28 |
1526d |
033724d68642
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
|
WARNING in submit_audio_out_urb/usb_submit_urb
sound
usb
|
syz |
|
|
2 |
1596d |
1595d
|
15/28 |
1526d |
6e8a914ad619
ALSA: line6: Perform sanity check for each URB creation
|
KASAN: use-after-free Read in lockref_get
fs
|
|
|
|
7 |
1630d |
1729d
|
15/28 |
1526d |
bad8e64fb19d
blktrace: fix debugfs use after free
|
KASAN: use-after-free Read in io_uring_setup (2)
fs
|
|
|
|
1 |
1574d |
1574d
|
15/28 |
1526d |
d1719f70d0a5
io_uring: don't touch 'ctx' after installing file descriptor
|
KASAN: use-after-free Read in __xfrm6_tunnel_spi_lookup
net
|
C |
error |
|
12 |
1584d |
1589d
|
15/28 |
1526d |
8b404f46dd6a
xfrm: interface: not xfrmi_ipv6/ipip_handler twice
|
general protection fault in khugepaged
mm
|
C |
done |
|
3 |
1583d |
1595d
|
15/28 |
1526d |
594cced14ad3
khugepaged: fix null-pointer dereference due to race
|
KASAN: invalid-free in snd_seq_port_disconnect
sound
|
syz |
done |
|
9 |
1570d |
1575d
|
15/28 |
1526d |
80982c7e834e
ALSA: seq: oss: Serialize ioctls
|
KASAN: slab-out-of-bounds Write in sctp_setsockopt
sctp
|
C |
error |
|
590 |
1577d |
1582d
|
15/28 |
1526d |
dfd3d5266dc1
sctp: fix slab-out-of-bounds in SCTP_DELAYED_SACK processing
|
possible deadlock in io_timeout_fn
io-uring
fs
|
C |
done |
|
4 |
1561d |
1563d
|
15/28 |
1526d |
51a4cc112c7a
io_uring: defer file table grabbing request cleanup for locked requests
|
KMSAN: uninit-value in ucma_connect
rdma
|
C |
|
|
138 |
1531d |
1583d
|
15/28 |
1526d |
31142a4ba617
RDMA/cm: Add min length checks to user structure copies
|
WARNING in snd_usbmidi_submit_urb/usb_submit_urb
usb
alsa
|
C |
done |
|
42 |
1609d |
1634d
|
15/28 |
1526d |
9b7e5208a941
ALSA: usb-audio: Fix race against the error recovery URB submission
|
WARNING in snd_info_get_line
sound
|
C |
done |
|
36 |
1582d |
1587d
|
15/28 |
1526d |
60379ba08532
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
|
WARNING: suspicious RCU usage in ovs_flow_tbl_destroy
openvswitch
|
C |
done |
|
658 |
1567d |
1569d
|
15/28 |
1526d |
fea07a487c6d
net: openvswitch: silence suspicious RCU usage warning
|
INFO: task hung in __do_sys_reboot
kernel
|
|
|
|
1554 |
1543d |
1598d
|
15/28 |
1526d |
b292b50b0efc
driver core: Fix probe_count imbalance in really_probe()
|
INFO: trying to register non-static key in red_destroy
net
|
C |
error |
|
318 |
1577d |
1599d
|
15/28 |
1526d |
608b4adab178
net_sched: initialize timer earlier in red_init()
|
general protection fault in go7007_usb_probe
usb
media
|
C |
|
|
2103 |
1565d |
1674d
|
15/28 |
1526d |
137641287eb4
go7007: add sanity checking for endpoints
|
KASAN: slab-out-of-bounds Read in hci_inquiry_result_with_rssi_evt
bluetooth
|
C |
error |
|
9 |
1571d |
1591d
|
15/28 |
1526d |
629b49c848ee
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
|
KMSAN: uninit-value in __tipc_nl_compat_dumpit (3)
tipc
|
C |
|
|
6181 |
1527d |
1591d
|
15/28 |
1526d |
47733f9daf4f
tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
|
KASAN: wild-memory-access Read in ip_setsockopt
net
|
C |
|
|
2 |
1560d |
1560d
|
15/28 |
1526d |
519a8a6cf91d
net: Revert "net: optimize the sockptr_t for unified kernel/user address spaces"
|
WARNING: suspicious RCU usage in bond_ipsec_add_sa
net
|
|
|
|
214 |
1527d |
1598d
|
15/28 |
1526d |
f548a476268d
bonding: don't need RTNL for ipsec helpers
|
KASAN: wild-memory-access Read in sctp_setsockopt
sctp
|
C |
|
|
2 |
1560d |
1560d
|
15/28 |
1526d |
519a8a6cf91d
net: Revert "net: optimize the sockptr_t for unified kernel/user address spaces"
|
KMSAN: uninit-value in xa_load
rdma
|
C |
|
|
208 |
1527d |
1583d
|
15/28 |
1526d |
31142a4ba617
RDMA/cm: Add min length checks to user structure copies
|
WARNING in vkms_vblank_simulate
|
C |
done |
|
12903 |
1532d |
2109d
|
15/28 |
1526d |
51f644b40b4b
drm/atomic-helper: reset vblank on crtc reset
|
WARNING in snd_usbmidi_input_start/usb_submit_urb
usb
alsa
|
C |
done |
|
231 |
1586d |
1629d
|
15/28 |
1526d |
9b7e5208a941
ALSA: usb-audio: Fix race against the error recovery URB submission
|
KASAN: use-after-free Read in smk_write_relabel_self
lsm
|
C |
done |
|
2 |
1630d |
1626d
|
15/28 |
1526d |
beb4ee6770a8
Smack: fix use-after-free in smk_write_relabel_self()
|
possible deadlock in pipe_lock (3)
overlayfs
|
C |
inconclusive |
done |
4 |
1754d |
1791d
|
15/28 |
1555d |
1a980b8cbf00
ovl: add splice file read write helper
|
possible deadlock in dev_mc_unsync
net
|
C |
error |
done |
78 |
1593d |
1608d
|
15/28 |
1555d |
be74294ffa24
net: get rid of lockdep_set_class_and_subclass()
|
possible deadlock in lock_trace (3)
fs
|
syz |
inconclusive |
done |
69 |
1694d |
1828d
|
15/28 |
1555d |
2db9dbf71bf9
proc: Use new infrastructure to fix deadlocks in execve
|
possible deadlock in do_io_accounting (3)
fs
|
C |
inconclusive |
done |
39 |
1701d |
1791d
|
15/28 |
1555d |
76518d379885
proc: io_accounting: Use new infrastructure to fix deadlocks in execve
|
possible deadlock in proc_pid_personality
fs
|
syz |
inconclusive |
done |
3 |
1710d |
1720d
|
15/28 |
1555d |
2db9dbf71bf9
proc: Use new infrastructure to fix deadlocks in execve
|
WARNING: bad unlock balance in rcu_lock_release
fs
|
C |
inconclusive |
done |
1433 |
1696d |
1977d
|
15/28 |
1555d |
10476e630422
locking/lockdep: Fix bad recursion pattern
|
WARNING in hsr_addr_subst_dest
|
C |
done |
done |
8639 |
1692d |
2149d
|
15/28 |
1555d |
4b793acdca00
hsr: use netdev_err() instead of WARN_ONCE()
|
WARNING: locking bug in try_to_grab_pending
net
|
syz |
error |
done |
1 |
1644d |
2107d
|
15/28 |
1555d |
1378817486d6
tipc: block BH before using dst_cache
|
KASAN: stack-out-of-bounds Read in update_stack_state
kernel
|
C |
unreliable |
done |
388 |
1770d |
2464d
|
15/28 |
1555d |
4ee7c60de83a
init, tracing: Add initcall trace events
|
WARNING: bad unlock balance in rcu_core
fs
|
C |
inconclusive |
done |
3578 |
1692d |
2047d
|
15/28 |
1555d |
10476e630422
locking/lockdep: Fix bad recursion pattern
|
general protection fault in qrtr_endpoint_post
arm-msm
net
|
C |
done |
done |
54 |
1593d |
1611d
|
15/28 |
1562d |
8ff41cc21714
net: qrtr: Fix an out of bounds read qrtr_endpoint_post()
|
invalid opcode in __phys_addr (2)
netfilter
|
|
|
|
1 |
1606d |
1606d
|
15/28 |
1569d |
c4e8fa9074ad
netfilter: ipset: call ip_set_free() instead of kfree()
|
PANIC: double fault in fixup_bad_iret
kernel
|
C |
error |
|
11753 |
1596d |
1636d
|
15/28 |
1573d |
5144f8a8dfd7
compiler_types.h: Add __no_sanitize_{address,undefined} to noinstr
|
general protection fault in __apic_accept_irq (2)
kvm
|
C |
done |
|
9 |
1609d |
1605d
|
15/28 |
1573d |
9d3c447c72fb
KVM: X86: Fix async pf caused null-ptr-deref
|
KCSAN: data-race in copy_process / release_task
kernel
|
|
|
|
154 |
1602d |
1731d
|
15/28 |
1573d |
c17d1a3a8ee4
fork: annotate data race in copy_process()
|
KASAN: use-after-free Read in dmabuffs_dname
dri
media
|
|
|
|
1 |
1724d |
1720d
|
15/28 |
1573d |
4ab59c3c638c
dma-buf: Move dma_buf_release() from fops to dentry_ops
|
WARNING in enqueue_task_dl
kernel
|
C |
done |
|
13 |
1617d |
2194d
|
15/28 |
1573d |
740797ce3a12
sched/core: Fix PI boosting between RT and DEADLINE tasks
|
KCSAN: data-race in copy_process / copy_process (2)
kernel
|
|
|
|
294 |
1602d |
1780d
|
15/28 |
1573d |
c17d1a3a8ee4
fork: annotate data race in copy_process()
|
PANIC: double fault in check_preemption_disabled
kernel
|
C |
|
|
2181 |
1604d |
1609d
|
15/28 |
1573d |
c7aadc09321d
x86/entry: Increase entry_stack size to a full page
|
memory leak in nbd_add_socket
nbd
|
C |
|
|
1 |
1695d |
1695d
|
15/28 |
1573d |
579dd91ab3a5
nbd: Fix memory leak in nbd_add_socket
|
WARNING in xfrm_policy_insert
net
|
C |
inconclusive |
done |
6 |
1618d |
2471d
|
15/28 |
1576d |
ed17b8d377ea
xfrm: fix a warning in xfrm_policy_insert_list
|
BUG: unable to handle kernel paging request in netif_receive_generic_xdp
|
C |
done |
done |
160 |
1631d |
1767d
|
15/28 |
1577d |
96aa1b22bd6b
tun: correct header offsets in napi frags mode
|
WARNING in iomap_apply
iomap
|
C |
done |
|
25 |
1644d |
1684d
|
15/28 |
1584d |
175efa81feb8
ext4: fix EXT4_MAX_LOGICAL_BLOCK macro
ext4: fix EXT4_MAX_LOGICAL_BLOCK macro
|
KASAN: use-after-free Read in sock_def_write_space
arm-msm
net
|
C |
done |
|
67 |
1585d |
1950d
|
15/28 |
1584d |
a9b111016235
llc: make sure applications use ARPHRD_ETHER
|
KASAN: slab-out-of-bounds Read in qrtr_endpoint_post
arm-msm
net
|
C |
|
|
8 |
1607d |
1607d
|
15/28 |
1584d |
8ff41cc21714
net: qrtr: Fix an out of bounds read qrtr_endpoint_post()
|
memory leak in qdisc_create_dflt
net
|
C |
|
|
1 |
1603d |
1599d
|
15/28 |
1584d |
306381aec7c2
net_sched: fix a memory leak in atm_tc_init()
|
KASAN: vmalloc-out-of-bounds Read in netdev_name_node_lookup_rcu
wireguard
|
|
|
|
1 |
1605d |
1605d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
WARNING in hsr_dev_finalize
net
|
C |
error |
|
1546 |
1593d |
1608d
|
15/28 |
1584d |
ccfc9df1352b
hsr: fix interface leak in error path of hsr_dev_finalize()
|
kernel BUG at net/l2tp/l2tp_core.c:LINE!
net
|
C |
|
|
10 |
1609d |
1605d
|
15/28 |
1584d |
c9a368f1c0fb
bpf: net: Avoid incorrect bpf_sk_reuseport_detach call
|
KASAN: vmalloc-out-of-bounds Read in tipc_nl_publ_dump
tipc
|
C |
|
|
22 |
1590d |
1608d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: use-after-free Read in netdev_name_node_lookup_rcu
wireguard
|
C |
error |
|
17 |
1594d |
1605d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: use-after-free Read in nl8NUM_dump_wpan_phy (2)
wpan
|
C |
|
|
18 |
1595d |
1608d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
possible deadlock in dev_uc_sync_multiple (2)
net
|
|
|
|
26 |
1595d |
1605d
|
15/28 |
1584d |
be74294ffa24
net: get rid of lockdep_set_class_and_subclass()
|
KASAN: vmalloc-out-of-bounds Read in __nla_validate_parse
tipc
|
|
|
|
7 |
1591d |
1607d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: use-after-free Read in tipc_nl_publ_dump (2)
tipc
|
C |
|
|
14 |
1594d |
1605d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: use-after-free Read in tipc_nl_node_dump_monitor_peer (2)
tipc
|
C |
|
|
54 |
1593d |
1608d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: use-after-free Read in tipc_udp_nl_dump_remoteip (2)
tipc
|
C |
|
|
9 |
1593d |
1612d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: use-after-free Read in devlink_get_from_attrs
net
|
C |
|
|
25 |
1593d |
1605d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
WARNING in warn_bad_map
mptcp
|
|
|
|
1 |
1616d |
1612d
|
15/28 |
1584d |
9c29e3615274
mptcp: fix DSS map generation on fin retransmission
|
KASAN: vmalloc-out-of-bounds Read in nl8NUM_dump_wpan_phy
wpan
|
C |
|
|
145 |
1590d |
1611d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: vmalloc-out-of-bounds Read in __cfg8NUM_wpan_dev_from_attrs
wpan
|
|
|
|
4 |
1593d |
1607d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: use-after-free Read in tipc_nl_node_dump_link
tipc
|
C |
error |
|
10 |
1599d |
1608d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: use-after-free Read in dev_get_by_name
wireguard
|
C |
|
|
4 |
1599d |
1605d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
KASAN: vmalloc-out-of-bounds Read in tipc_nl_node_dump_monitor_peer
tipc
|
C |
error |
|
9 |
1593d |
1611d
|
15/28 |
1584d |
bf64ff4c2aac
genetlink: get rid of family->attrbuf
|
BUG: unable to handle kernel NULL pointer dereference in tomoyo_domain_quota_is_ok (2)
tomoyo
|
|
|
|
7 |
1609d |
1623d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
general protection fault in unpin_user_pages
mm
|
C |
done |
|
13 |
1645d |
1645d
|
15/28 |
1587d |
f78cdbd75a57
rds: fix crash in rds_info_getsockopt()
|
KASAN: use-after-free Write in bpf_link_put
bpf
|
|
|
|
2 |
1664d |
1665d
|
15/28 |
1587d |
138c67677ff5
bpf: Fix use-after-free of bpf_link when priming half-fails
|
KASAN: use-after-free Write in fsnotify_detach_connector_from_object
fs
|
C |
done |
|
4 |
1618d |
1622d
|
15/28 |
1587d |
ef1548adada5
proc: Use new_inode not new_inode_pseudo
|
KASAN: use-after-free Read in ip_icmp_error
net
|
C |
done |
|
14 |
1639d |
1639d
|
15/28 |
1587d |
239174945dac
tcp: tcp_v4_err() icmp skb is named icmp_skb
|
BUG: unable to handle kernel NULL pointer dereference in schedule_timeout
usb
|
|
|
|
1 |
1608d |
1608d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
KASAN: use-after-free Write in ath9k_htc_rx_msg
wireless
|
C |
|
|
93 |
1623d |
1700d
|
15/28 |
1587d |
e4ff08a4d727
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
|
BUG: using smp_processor_id() in preemptible [ADDR] code: syz-executor
|
C |
done |
|
22297 |
1633d |
1971d
|
15/28 |
1587d |
1378817486d6
tipc: block BH before using dst_cache
|
KASAN: slab-out-of-bounds Read in vsscanf
lsm
|
C |
done |
|
61 |
1597d |
1700d
|
15/28 |
1587d |
84e99e58e8d1
Smack: slab-out-of-bounds in vsscanf
|
KASAN: slab-out-of-bounds Read in ip_icmp_error
net
|
C |
done |
|
13 |
1639d |
1639d
|
15/28 |
1587d |
239174945dac
tcp: tcp_v4_err() icmp skb is named icmp_skb
|
WARNING: proc registration bug in snmp6_register_dev
net
|
C |
done |
|
14 |
1615d |
1680d
|
15/28 |
1587d |
de0083c7ed7d
hsr: avoid to create proc file after unregister
|
KASAN: null-ptr-deref Write in choke_reset
|
C |
done |
|
1441 |
1643d |
1676d
|
15/28 |
1587d |
8738c85c72b3
sch_choke: avoid potential panic in choke_reset()
|
KASAN: slab-out-of-bounds Write in snd_usb_mixer_notify_id
usb
sound
|
C |
done |
|
39 |
1606d |
1611d
|
15/28 |
1587d |
220345e98f1c
ALSA: usb-audio: Fix OOB access of mixer element list
|
BUG: unable to handle kernel NULL pointer dereference in number
fs
|
|
|
|
1 |
1617d |
1613d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
KASAN: slab-out-of-bounds Write in snd_usb_mixer_interrupt
sound
usb
|
C |
done |
|
5 |
1609d |
1611d
|
15/28 |
1587d |
220345e98f1c
ALSA: usb-audio: Fix OOB access of mixer element list
|
KASAN: use-after-free Read in vkms_dumb_create
dri
|
syz |
done |
|
2 |
1673d |
1669d
|
15/28 |
1587d |
0ea2ea42b31a
drm/vkms: Hold gem object while still in-use
|
BUG: unable to handle kernel NULL pointer dereference in check_preemption_disabled (3)
ext4
|
|
|
|
3 |
1617d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
KASAN: use-after-free Read in inet_diag_bc_sk
net
|
C |
done |
|
30 |
1662d |
1664d
|
15/28 |
1587d |
ee1bd483cc06
inet_diag: bc: read cgroup id only for full sockets
|
memory leak in ctnetlink_del_conntrack
netfilter
|
C |
|
|
1 |
1627d |
1625d
|
15/28 |
1587d |
6c2d2176a85e
netfilter: ctnetlink: memleak in filter initialization error path
|
INFO: rcu detected stall in inet_sendmsg (2)
perf
|
|
|
|
13 |
1588d |
1672d
|
15/28 |
1587d |
df4953e4e997
sch_sfq: validate silly quantum values
|
linux-next boot error: WARNING: suspicious RCU usage in ipmr_get_table
net
|
|
|
|
60 |
1659d |
1667d
|
15/28 |
1587d |
7013908c2db2
ipmr: Add lockdep expression to ipmr_for_each_table macro
|
BUG: unable to handle kernel NULL pointer dereference in dev_ifconf
net
|
|
|
|
1 |
1617d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
BUG: using smp_processor_id() in preemptible [ADDR] code: /NUM
net
|
|
|
|
1 |
1644d |
1644d
|
15/28 |
1587d |
1378817486d6
tipc: block BH before using dst_cache
|
BUG: MAX_LOCKDEP_CHAINS too low!
kernel
|
C |
done |
|
17240 |
1587d |
2246d
|
15/28 |
1587d |
e7511f560f54
bonding: remove useless stats_lock_key
1a33e10e4a95
net: partially revert dynamic lockdep key changes
|
INFO: task hung in locks_remove_posix
fs
input
usb
|
syz |
|
|
2231 |
1622d |
1645d
|
15/28 |
1587d |
187b96db5ca7
x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
|
WARNING: refcount bug in crypto_mod_get
crypto
|
C |
done |
|
2 |
1653d |
1664d
|
15/28 |
1587d |
6603523bf5e4
crypto: api - Fix use-after-free and race in crypto_spawn_alg
|
BUG: unable to handle kernel NULL pointer dereference in mpihelp_addmul_1
crypto
|
|
|
|
1 |
1617d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock (3)
net
|
|
|
|
1 |
1637d |
1637d
|
15/28 |
1587d |
d9a81a225277
l2tp: add sk_family checks to l2tp_validate_socket
|
linux-next test error: BUG: using smp_processor_id() in preemptible [ADDR] code: syz-fuzzer/6792
ext4
|
|
|
|
1 |
1632d |
1632d
|
15/28 |
1587d |
811985365378
ext4: mballoc: Use this_cpu_read instead of this_cpu_ptr
|
KCSAN: data-race in __fat_write_inode / fat12_ent_get
exfat
|
|
|
|
2 |
1699d |
1692d
|
15/28 |
1587d |
b1b65750b8db
fat: don't allow to mount if the FAT length == 0
|
KASAN: stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
wireless
|
C |
|
|
57 |
1623d |
1696d
|
15/28 |
1587d |
19d6c375d671
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
|
KASAN: slab-out-of-bounds Read in ovl_check_fb_len
overlayfs
|
syz |
done |
|
3 |
1644d |
1643d
|
15/28 |
1587d |
522f6e6cba68
ovl: fix out of bounds access warning in ovl_check_fb_len()
|
KASAN: use-after-free Read in usblp_bulk_read
usb
|
|
|
|
7 |
1596d |
1674d
|
15/28 |
1587d |
296a193b0612
usblp: poison URBs upon disconnect
|
BUG: unable to handle kernel NULL pointer dereference in alloc_pages_vma
mm
|
|
|
|
1 |
1617d |
1613d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
linux-next boot error: general protection fault in tomoyo_get_local_path
fs
|
|
|
|
18 |
1644d |
1650d
|
15/28 |
1587d |
9d78edeaec75
proc: proc_pid_ns takes super_block as an argument
|
KASAN: use-after-free Read in htc_connect_service
wireless
|
C |
|
|
41041 |
1622d |
1700d
|
15/28 |
1587d |
ced21a4c726b
ath9k: Fix use-after-free Read in htc_connect_service
|
KMSAN: uninit-value in tbf_enqueue
net
|
|
|
|
21 |
1587d |
1674d
|
15/28 |
1587d |
9274124f023b
net: stricter validation of untrusted gso packets
|
general protection fault in ima_free_template_entry
integrity
lsm
|
C |
done |
|
3 |
1610d |
1630d
|
15/28 |
1587d |
42413b49804b
ima: Directly free *entry in ima_alloc_init_template() if digests is NULL
|
WARNING in kvm_inject_emulated_page_fault
kvm
|
C |
done |
|
20 |
1611d |
1630d
|
15/28 |
1587d |
7a35e515a705
KVM: VMX: Properly handle kvm_read/write_guest_virt*() result
|
general protection fault in kobject_get (2)
kernel
|
|
|
|
2 |
1616d |
1646d
|
15/28 |
1587d |
11a0ae4c4bff
RDMA: Allow ib_client's to fail when add() is called
|
general protection fault in fq_codel_enqueue
net
|
C |
done |
|
25 |
1592d |
1676d
|
15/28 |
1587d |
9274124f023b
net: stricter validation of untrusted gso packets
|
BUG: unable to handle kernel NULL pointer dereference in create_empty_buffers
ext4
|
|
|
|
1 |
1629d |
1625d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
memory leak in crypto_create_tfm
crypto
|
C |
|
|
14 |
1615d |
1632d
|
15/28 |
1587d |
819966c06b75
crypto: drbg - always try to free Jitter RNG instance
|
WARNING in memtype_reserve
|
C |
done |
|
600 |
1648d |
1656d
|
15/28 |
1587d |
a0e710a7def4
USB: usbfs: fix mmap dma mismatch
|
general protection fault in put_cmsg
net
|
C |
done |
|
3 |
1652d |
1653d
|
15/28 |
1587d |
1b2f08df0a88
ipv6: set msg_control_is_user in do_ipv6_getsockopt
|
WARNING in usbhid_raw_request/usb_submit_urb (3)
usb
|
syz |
|
|
18 |
1666d |
1772d
|
15/28 |
1587d |
ac854131d984
USB: core: Fix misleading driver bug report
|
memory leak in nf_tables_parse_netdev_hooks (3)
netfilter
|
C |
|
|
1 |
1627d |
1625d
|
15/28 |
1587d |
3003055f5066
netfilter: nf_tables: hook list memleak in flowtable deletion
|
general protection fault in proc_kill_sb
fs
|
|
|
|
8 |
1613d |
1624d
|
15/28 |
1587d |
058f2e4da79b
proc: s_fs_info may be NULL when proc_kill_sb is called
|
INFO: trying to register non-static key in io_cqring_ev_posted (3)
fs
|
C |
done |
|
3 |
1646d |
1649d
|
15/28 |
1587d |
583863ed9181
io_uring: initialize ctx->sqo_wait earlier
|
BUG: unable to handle kernel paging request in do_xdp_generic
|
C |
done |
done |
7444 |
1661d |
1767d
|
15/28 |
1587d |
96aa1b22bd6b
tun: correct header offsets in napi frags mode
|
KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
net
|
C |
done |
|
45 |
1662d |
1664d
|
15/28 |
1587d |
ee1bd483cc06
inet_diag: bc: read cgroup id only for full sockets
|
BUG: stack guard page was hit in deref_stack_reg
kernel
|
|
|
|
2 |
1652d |
1712d
|
15/28 |
1587d |
dd912306ff00
net: fix a potential recursive NETDEV_FEAT_CHANGE
|
INFO: task syz-executor can't die for more than 143 seconds. (2)
|
C |
done |
|
2512 |
1588d |
1855d
|
15/28 |
1587d |
566d136289dc
pipe: Fix pipe_full() test in opipe_prep().
|
BUG: unable to handle kernel NULL pointer dereference in debug_smp_processor_id (2)
net
|
|
|
|
3 |
1609d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
net-next test error: KASAN: use-after-free Write in afs_wake_up_async_call
afs
|
|
|
|
60 |
1609d |
1617d
|
15/28 |
1587d |
0041cd5a5044
rxrpc: Fix notification call on completion of discarded calls
|
BUG: unable to handle kernel NULL pointer dereference in net_rx_queue_update_kobjects
net
|
|
|
|
1 |
1617d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
general protection fault in erspan_validate
net
|
C |
done |
|
520 |
1653d |
1660d
|
15/28 |
1587d |
51fa960d3b51
erspan: Check IFLA_GRE_ERSPAN_VER is set.
|
bpf test error: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks
ext4
|
|
|
|
48 |
1616d |
1619d
|
15/28 |
1587d |
811985365378
ext4: mballoc: Use this_cpu_read instead of this_cpu_ptr
|
kernel BUG at arch/x86/mm/physaddr.c:LINE! (5)
serial
|
C |
done |
|
241 |
1591d |
1664d
|
15/28 |
1587d |
57d38f26d81e
vt: fix unicode console freeing with a common interface
|
WARNING: refcount bug in crypto_destroy_tfm
crypto
|
C |
done |
|
4 |
1667d |
1689d
|
15/28 |
1587d |
6603523bf5e4
crypto: api - Fix use-after-free and race in crypto_spawn_alg
|
general protection fault in inet_unhash
net
|
C |
done |
|
40 |
1608d |
1637d
|
15/28 |
1587d |
02c71b144c81
l2tp: do not use inet_hash()/inet_unhash()
|
BUG: unable to handle kernel NULL pointer dereference in direct_page_fault
kvm
|
|
|
|
1 |
1617d |
1613d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
linux-next boot error: WARNING: suspicious RCU usage in bpq_device_event
net
|
|
|
|
6 |
1650d |
1651d
|
15/28 |
1587d |
95f59bf88bb7
drivers: net: hamradio: Fix suspicious RCU usage warning in bpqether.c
|
BUG: unable to handle kernel NULL pointer dereference in try_async_pf
kvm
|
|
|
|
1 |
1617d |
1613d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
BUG: unable to handle kernel NULL pointer dereference in unlock_page
mm
fs
|
|
|
|
1 |
1619d |
1619d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
KASAN: use-after-free Read in rpc_net_ns
nfs
net
|
syz |
done |
|
10 |
1652d |
1658d
|
15/28 |
1587d |
31e9a7f35352
SUNRPC: fix use-after-free in rpc_free_client_work()
|
WARNING in tipc_msg_append
tipc
|
C |
done |
|
107 |
1614d |
1628d
|
15/28 |
1587d |
c9aa81faf191
tipc: fix kernel WARNING in tipc_msg_append()
|
BUG: unable to handle kernel NULL pointer dereference in __es_insert_extent
ext4
|
|
|
|
1 |
1620d |
1620d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
bpf-next test error: BUG: using smp_processor_id() in preemptible code in ext4_mb_new_blocks
ext4
|
|
|
|
90 |
1618d |
1624d
|
15/28 |
1587d |
811985365378
ext4: mballoc: Use this_cpu_read instead of this_cpu_ptr
|
general protection fault in cfg80211_dev_rename
wireless
|
|
|
|
1 |
1657d |
1652d
|
15/28 |
1587d |
0bbab5f03015
cfg80211: fix debugfs rename crash
|
KASAN: slab-out-of-bounds Read in garmin_read_process
usb
|
C |
|
|
1 |
1705d |
1705d
|
15/28 |
1587d |
e9b3c610a05c
USB: serial: garmin_gps: add sanity checking for data length
|
net-next test error: BUG: using smp_processor_id() in preemptible code in corrupted
|
|
|
|
4 |
1620d |
1622d
|
15/28 |
1587d |
811985365378
ext4: mballoc: Use this_cpu_read instead of this_cpu_ptr
|
KASAN: use-after-free Read in usbhid_close (3)
input
usb
|
C |
|
|
6 |
1661d |
1688d
|
15/28 |
1587d |
0ed08faded1d
HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
|
BUG: unable to handle kernel NULL pointer dereference in kvm_vm_ioctl
kvm
|
|
|
|
1 |
1617d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
general protection fault in skb_clone (3)
net
|
|
|
|
44 |
1637d |
1640d
|
15/28 |
1587d |
239174945dac
tcp: tcp_v4_err() icmp skb is named icmp_skb
|
kernel BUG at arch/x86/kvm/mmu/mmu.c:LINE! (2)
kvm
|
C |
done |
|
46328 |
1608d |
1639d
|
15/28 |
1587d |
7d2e8748af62
KVM: x86: Initialize tdp_level during vCPU creation
|
KMSAN: uninit-value in do_tcp_getsockopt
net
|
|
|
|
5 |
1600d |
1652d
|
15/28 |
1587d |
e776af608f69
net-backports: tcp: fix error recovery in tcp_zerocopy_receive()
|
linux-next test error: WARNING: suspicious RCU usage in ipmr_device_event
net
|
|
|
|
24 |
1669d |
1674d
|
15/28 |
1587d |
a14fbcd4f157
ipmr: Fix RCU list debugging warning
|
net test error: KASAN: null-ptr-deref Write in x25_disconnect
x25
|
|
|
|
12 |
1667d |
1668d
|
15/28 |
1587d |
8999dc89497a
net/x25: Fix null-ptr-deref in x25_disconnect
|
BUG: unable to handle kernel NULL pointer dereference in kvm_vcpu_gfn_to_memslot
kvm
|
|
|
|
1 |
1617d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
memory leak in genl_rcv_msg
net
|
C |
|
|
116 |
1623d |
1812d
|
15/28 |
1587d |
c36f05559104
genetlink: fix memory leaks in genl_family_rcv_msg_dumpit()
|
KMSAN: uninit-value in __dev_get_by_name
hams
|
C |
|
|
2 |
1649d |
1649d
|
15/28 |
1587d |
687775cec056
ax25: fix setsockopt(SO_BINDTODEVICE)
|
general protection fault in start_creating
fs
|
C |
done |
|
106 |
1609d |
1639d
|
15/28 |
1587d |
d56f5136b010
KVM: let kvm_destroy_vm_debugfs clean up vCPU debugfs directories
|
BUG: unable to handle kernel NULL pointer dereference in udc_bind_to_driver
usb
|
|
|
|
1 |
1615d |
1615d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
KCSAN: data-race in __rcu_read_unlock / sync_rcu_exp_select_node_cpus (2)
fs
mm
|
|
|
|
9 |
1655d |
1822d
|
15/28 |
1587d |
314eeb43e5f2
rcu: Add *_ONCE() and data_race() to rcu_node ->exp_tasks plus locking
|
bpf test error: KASAN: null-ptr-deref Write in x25_disconnect
x25
|
|
|
|
78 |
1654d |
1668d
|
15/28 |
1587d |
8999dc89497a
net/x25: Fix null-ptr-deref in x25_disconnect
|
KASAN: slab-out-of-bounds Read in fl6_update_dst
net
|
C |
done |
|
43 |
1608d |
1654d
|
15/28 |
1587d |
bb986a50421a
seg6: fix seg6_validate_srh() to avoid slab-out-of-bounds
|
general protection fault in __tipc_sendstream
tipc
|
C |
done |
|
444 |
1608d |
1638d
|
15/28 |
1587d |
4c21daae3dbc
tipc: Fix NULL pointer dereference in __tipc_sendstream()
5e9eeccc58f3
tipc: fix NULL pointer dereference in streaming
|
net test error: BUG: using smp_processor_id() in preemptible code in corrupted
|
|
|
|
3 |
1618d |
1620d
|
15/28 |
1587d |
811985365378
ext4: mballoc: Use this_cpu_read instead of this_cpu_ptr
|
KASAN: use-after-free Read in ath9k_wmi_ctrl_rx
wireless
|
C |
|
|
1 |
1700d |
1699d
|
15/28 |
1587d |
abeaa85054ff
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
|
upstream test error: BUG: using smp_processor_id() in preemptible code in ext4_map_blocks
ext4
|
|
|
|
1 |
1621d |
1621d
|
15/28 |
1587d |
811985365378
ext4: mballoc: Use this_cpu_read instead of this_cpu_ptr
|
general protection fault in sock_hash_free
net
bpf
|
|
|
|
1 |
1632d |
1632d
|
15/28 |
1587d |
75e68e5bf2c7
bpf, sockhash: Synchronize delete from bucket list on map free
|
KASAN: slab-out-of-bounds Read in skb_gso_transport_seglen
net
|
C |
done |
|
4 |
1657d |
1676d
|
15/28 |
1587d |
9274124f023b
net: stricter validation of untrusted gso packets
|
BUG: unable to handle kernel NULL pointer dereference in local_bh_disable
netfilter
|
|
|
|
1 |
1617d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
BUG: unable to handle kernel NULL pointer dereference in generic_perform_write (2)
ext4
|
C |
done |
|
3 |
1684d |
1682d
|
15/28 |
1587d |
829b37b8cddb
ext4: avoid race conditions when remounting with options that change dax
|
BUG: stack guard page was hit in update_stack_state
kernel
|
|
|
|
5 |
1737d |
1752d
|
15/28 |
1587d |
dd912306ff00
net: fix a potential recursive NETDEV_FEAT_CHANGE
|
WARNING: locking bug in dev_mc_seq_show
net
|
C |
done |
|
3 |
1628d |
1639d
|
15/28 |
1587d |
845e0ebb4408
net: change addr_list_lock back to static key
|
general protection fault in inet_diag_bc_sk
net
|
|
|
|
12 |
1662d |
1665d
|
15/28 |
1587d |
ee1bd483cc06
inet_diag: bc: read cgroup id only for full sockets
|
general protection fault in selinux_socket_recvmsg
selinux
|
C |
done |
|
4 |
1642d |
1642d
|
15/28 |
1587d |
0a82e230c688
mptcp: avoid NULL-ptr derefence on fallback
|
KMSAN: uninit-value in skbprio_enqueue
net
|
syz |
|
|
11 |
1602d |
1665d
|
15/28 |
1587d |
2761121af87d
net_sched: sch_skbprio: add message validation to skbprio_change()
|
general protection fault in ath9k_hif_usb_rx_cb
wireless
|
C |
|
|
913 |
1587d |
1700d
|
15/28 |
1587d |
2bbcaaee1fcb
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
|
BUG: soft lockup in wg_packet_tx_worker
kvm
|
|
|
|
1 |
1659d |
1659d
|
15/28 |
1587d |
df4953e4e997
sch_sfq: validate silly quantum values
|
INFO: rcu detected stall in wg_packet_tx_worker
net
|
C |
done |
|
24 |
1616d |
1669d
|
15/28 |
1587d |
df4953e4e997
sch_sfq: validate silly quantum values
|
linux-next test error: KASAN: use-after-free Write in afs_wake_up_async_call
afs
|
|
|
|
111 |
1613d |
1621d
|
15/28 |
1587d |
0041cd5a5044
rxrpc: Fix notification call on completion of discarded calls
|
BUG: unable to handle kernel NULL pointer dereference in smp_call_function_many_cond (2)
bpf
|
|
|
|
1 |
1611d |
1611d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
KASAN: slab-out-of-bounds Read in br_mrp_parse
bridge
|
C |
done |
|
5 |
1644d |
1645d
|
15/28 |
1587d |
617504c67e01
bridge: mrp: Fix out-of-bounds read in br_mrp_parse
|
BUG: unable to handle kernel NULL pointer dereference in __ext4_journal_start_sb
ext4
|
|
|
|
1 |
1617d |
1617d
|
15/28 |
1587d |
3021e69219e2
kcov: check kcov_softirq in kcov_remote_stop()
|
INFO: task hung in blkdev_issue_flush (2)
block
|
C |
done |
error |
3 |
1810d |
1968d
|
15/28 |
1604d |
2b5c8f0063e4
nbd: replace kill_bdev() with __invalidate_device() again
|
KASAN: use-after-free Read in blkdev_direct_IO
fs
|
C |
done |
error |
8 |
1932d |
1937d
|
15/28 |
1604d |
0eb6ddfb865c
block: Fix __blkdev_direct_IO() for bio fragments
|
KASAN: use-after-free Read in blkdev_bio_end_io
fs
|
C |
done |
error |
13 |
1922d |
1934d
|
15/28 |
1604d |
7b6620d7db56
block: remove REQ_NOWAIT_INLINE
|
KCSAN: data-race in tcp_add_backlog / tcp_try_rmem_schedule
net
|
|
|
|
3 |
1866d |
1871d
|
15/28 |
1604d |
ebb3b78db7bf
tcp: annotate sk->sk_rcvbuf lockless reads
|
memory leak in bio_clone_fast
block
|
C |
|
|
1 |
1926d |
1926d
|
15/28 |
1604d |
7b6620d7db56
block: remove REQ_NOWAIT_INLINE
|
WARNING: refcount bug in blk_mq_free_request (2)
block
|
C |
done |
error |
5 |
1934d |
1934d
|
15/28 |
1604d |
de6346ecbc8f
nbd: protect cmd->status with cmd->lock
|
memory leak in bio_copy_user_iov
|
C |
done |
|
34 |
1797d |
1982d
|
15/28 |
1604d |
3b7995a98ad7
block: fix memleak when __blk_rq_map_user_iov() is failed
|
WARNING in sk_stream_kill_queues (4)
net
|
C |
done |
done |
6 |
1727d |
1730d
|
15/28 |
1604d |
b6f6118901d1
ipv6: restrict IPV6_ADDRFORM operation
|
WARNING: bad unlock balance in get_user_pages_unlocked
mm
|
|
|
|
1 |
1692d |
1687d
|
15/28 |
1606d |
c7b6a566b985
mm/gup: Mark lock taken only after a successful retake
|
WARNING in __mmdrop
kernel
|
syz |
done |
|
14 |
1942d |
1952d
|
15/28 |
1606d |
3d2c7d370475
Revert "vhost: access vq metadata through kernel virtual address"
|
WARNING in wa_nep_create/usb_submit_urb
usb
staging
|
C |
|
|
114 |
1676d |
1960d
|
15/28 |
1606d |
caa6772db4c1
Staging: remove wusbcore and UWB from the kernel tree.
|
upstream boot error: KASAN: slab-out-of-bounds Write in virtio_gpu_object_create
dri
virt
|
|
|
|
6 |
1681d |
1689d
|
15/28 |
1606d |
b513b0d4563a
drm/virtio: fix OOB in virtio_gpu_object_create
|
WARNING in kfree (2)
net
|
syz |
done |
done |
1 |
1717d |
1716d
|
15/28 |
1606d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
WARNING in hwarc_neep_init/usb_submit_urb
staging
usb
|
C |
|
|
1 |
1710d |
1710d
|
15/28 |
1606d |
caa6772db4c1
Staging: remove wusbcore and UWB from the kernel tree.
|
BUG: corrupted list in __uwb_rc_neh_rm
staging
usb
|
C |
|
|
9 |
1682d |
1717d
|
15/28 |
1606d |
caa6772db4c1
Staging: remove wusbcore and UWB from the kernel tree.
|
KASAN: null-ptr-deref Write in blk_mq_map_swqueue
block
|
C |
done |
|
3 |
1700d |
1700d
|
15/28 |
1609d |
d0930bb8f46b
blk-mq: Fix a recently introduced regression in blk_mq_realloc_hw_ctxs()
|
KASAN: use-after-free Read in chaoskey_disconnect
crypto
usb
|
C |
|
|
44 |
1820d |
1848d
|
15/28 |
1616d |
93ddb1f56ae1
USB: chaoskey: fix use-after-free on release
|
KMSAN: uninit-value in etf_enqueue_timesortedlist
net
|
|
|
|
3 |
1657d |
1665d
|
15/28 |
1616d |
a1211bf9a777
sched: etf: do not assume all sockets are full blown
|
KMSAN: uninit-value in audit_log_vformat (2)
audit
|
C |
|
|
104 |
1656d |
1676d
|
15/28 |
1616d |
763dafc520ad
audit: check the length of userspace generated audit records
|
general protection fault in macvlan_device_event
net
|
|
|
|
86 |
1665d |
1679d
|
15/28 |
1616d |
4dee15b4fd0d
macvlan: fix null dereference in macvlan_device_event()
|
WARNING in __vm_enough_memory (2)
kernel
|
syz |
done |
|
6 |
1677d |
1680d
|
15/28 |
1616d |
dadbd85f2afc
mm: Fix MREMAP_DONTUNMAP accounting on VMA merge
|
WARNING in hwsim_new_radio_nl
wireless
|
C |
done |
|
3 |
1683d |
1685d
|
15/28 |
1616d |
7ea862048317
mac80211_hwsim: Use kstrndup() in place of kasprintf()
|
KASAN: invalid-free in nf_tables_newset
netfilter
|
C |
done |
|
21 |
1679d |
1694d
|
15/28 |
1616d |
7fb6f78df700
netfilter: nf_tables: do not leave dangling pointer in nf_tables_set_alloc_name
|
WARNING: bad unlock balance in mptcp_poll
mptcp
|
C |
done |
|
10 |
1681d |
1684d
|
15/28 |
1616d |
e154659ba39a
mptcp: fix double-unlock in mptcp_poll
|
KASAN: use-after-free Read in dput (2)
fs
|
syz |
done |
|
4 |
1680d |
1680d
|
15/28 |
1616d |
4fa3b1c41737
proc: Handle umounts cleanly
|
possible deadlock in user_shm_lock
mm
|
|
|
|
12 |
1644d |
1682d
|
15/28 |
1616d |
ea0dfeb4209b
shmem: fix possible deadlocks on shmlock_user_lock
|
possible deadlock in shmem_mfill_atomic_pte
mm
|
C |
done |
|
82 |
1644d |
1695d
|
15/28 |
1616d |
94b7cc01da5a
mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path
|
KASAN: slab-out-of-bounds Read in __kvm_gfn_to_hva_cache_init
kvm
|
C |
done |
|
1537 |
1643d |
1688d
|
15/28 |
1616d |
b6467ab142b7
KVM: Check validity of resolved slot when searching memslots
|
WARNING in set_precision (2)
wireless
|
C |
done |
|
117 |
1678d |
1776d
|
15/28 |
1616d |
7ea862048317
mac80211_hwsim: Use kstrndup() in place of kasprintf()
|
INFO: rcu detected stall in io_uring_release
fs
|
syz |
|
|
15 |
1636d |
1677d
|
15/28 |
1616d |
3fd44c86711f
io_uring: use cond_resched() in io_ring_ctx_wait_and_kill()
|
KASAN: use-after-free Read in report_sock_error
net
|
|
|
|
2 |
1670d |
1674d
|
15/28 |
1616d |
a1211bf9a777
sched: etf: do not assume all sockets are full blown
|
linux-next test error: WARNING: suspicious RCU usage in ovs_ct_exit
openvswitch
|
|
|
|
132 |
1675d |
1712d
|
15/28 |
1616d |
27de77cec985
net: openvswitch: ovs_ct_exit to be done under ovs_lock
|
WARNING in nf_nat_unregister_fn
netfilter
|
|
|
|
1 |
1679d |
1679d
|
15/28 |
1616d |
b4faef1739dd
netfilter: nat: fix error handling upon registering inet hook
|
possible deadlock in shmem_uncharge
mm
|
C |
done |
|
101 |
1645d |
1683d
|
15/28 |
1616d |
ea0dfeb4209b
shmem: fix possible deadlocks on shmlock_user_lock
|
possible deadlock in ext4_evict_inode
ext4
|
syz |
error |
error |
38 |
2228d |
2267d
|
15/28 |
1643d |
e5bfad3d7acc
smack: use GFP_NOFS while holding inode_smack::smk_lock
|
general protection fault in kobject_get
kernel
|
|
|
|
4 |
1659d |
1725d
|
15/28 |
1655d |
5bdfa854013c
RDMA/mad: Do not crash if the rdma device does not have a umad interface
|
KASAN: use-after-free Write in tcindex_set_parms
net
|
C |
done |
|
13 |
1696d |
1716d
|
15/28 |
1655d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
WARNING: kobject bug in add_one_compat_dev
kernel
|
|
|
|
2 |
1726d |
1729d
|
15/28 |
1655d |
f2f2b3bbf0d9
RDMA/core: Fix missing error check on dev_set_name()
|
possible deadlock in io_submit_one (3)
fs
|
syz |
done |
|
45 |
1685d |
1693d
|
15/28 |
1655d |
63f818f46af9
proc: Use a dedicated lock in struct pid
|
INFO: task hung in io_queue_file_removal
fs
|
C |
done |
|
16 |
1698d |
1706d
|
15/28 |
1655d |
4afdb733b160
io-uring: drop completion when removing file
|
KASAN: slab-out-of-bounds Write in tcindex_set_parms
|
C |
done |
|
10 |
1697d |
1718d
|
15/28 |
1655d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
KASAN: use-after-free Read in tcindex_dump
net
|
syz |
|
|
1 |
1718d |
1716d
|
15/28 |
1655d |
b1be2e8cd290
net_sched: hold rtnl lock in tcindex_partial_destroy_work()
|
KMSAN: uninit-value in simple_attr_read
fs
|
C |
|
|
6 |
1658d |
1728d
|
15/28 |
1655d |
a65cab7d7f05
libfs: fix infoleak in simple_attr_read()
|
general protection fault in macsec_upd_offload
net
|
C |
done |
|
5 |
1694d |
1693d
|
15/28 |
1655d |
aa81700cf232
macsec: fix NULL dereference in macsec_upd_offload()
|
general protection fault in hfsc_unbind_tcf
net
|
|
|
|
1 |
1707d |
1703d
|
15/28 |
1655d |
ef299cc3fa1a
net_sched: cls_route: remove the right filter from hashtable
|
memory leak in erase_aeb
mtd
|
C |
|
|
109 |
1656d |
1809d
|
15/28 |
1655d |
c16f39d14a7e
ubi: fastmap: Free unused fastmap anchor peb during detach
|
BUG: unable to handle kernel NULL pointer dereference in handle_external_interrupt_irqoff
kvm
|
C |
done |
|
6404 |
1700d |
1704d
|
15/28 |
1655d |
428b8f1d9f92
KVM: VMX: don't allow memory operands for inline asm that modifies SP
|
possible deadlock in send_sigurg
fs
|
C |
done |
|
65 |
1679d |
1693d
|
15/28 |
1655d |
63f818f46af9
proc: Use a dedicated lock in struct pid
|
WARNING: bad unlock balance in ucma_event_handler
|
C |
done |
|
143 |
1688d |
2352d
|
15/28 |
1655d |
7c11910783a1
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
WARNING in geneve_exit_batch_net (2)
net
|
C |
done |
|
9 |
1703d |
1726d
|
15/28 |
1655d |
0fda7600c2e1
geneve: move debug check after netdev unregister
|
general protection fault in fbcon_switch
fbdev
|
|
|
|
1 |
1700d |
1699d
|
15/28 |
1655d |
b139f8b00db4
fbcon: fix null-ptr-deref in fbcon_switch
|
KASAN: invalid-free in tcf_exts_destroy
net
|
C |
done |
|
1 |
1718d |
1718d
|
15/28 |
1655d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
KASAN: use-after-free Read in __hrtimer_run_queues
kernel
|
C |
done |
|
299 |
1688d |
1695d
|
15/28 |
1655d |
73d20564e0dc
hrtimer: Don't dereference the hrtimer pointer after the callback
|
WARNING: bad unlock balance in ucma_destroy_id
|
syz |
done |
|
44 |
1722d |
2276d
|
15/28 |
1655d |
7c11910783a1
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
WARNING: bad unlock balance in __get_user_pages_remote
mm
|
C |
done |
|
15 |
1688d |
1688d
|
15/28 |
1655d |
c7b6a566b985
mm/gup: Mark lock taken only after a successful retake
|
INFO: trying to register non-static key in __io_uring_register
fs
|
C |
done |
|
39 |
1687d |
1688d
|
15/28 |
1655d |
f7fe9346869a
io_uring: initialize fixed_file_data lock
|
KASAN: slab-out-of-bounds Read in selinux_xfrm_alloc_user
selinux
|
C |
done |
|
1 |
1697d |
1696d
|
15/28 |
1655d |
a1a7e3a36e01
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
|
KASAN: stack-out-of-bounds Write in mpol_to_str
mm
|
C |
done |
|
23 |
1697d |
1701d
|
15/28 |
1655d |
aa9f7d5172fa
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
|
general protection fault in do_tcp_getsockopt (2)
net
|
C |
done |
|
1 |
1708d |
1708d
|
15/28 |
1655d |
6cd6cbf593bf
net-backports: tcp: repair: fix TCP_QUEUE_SEQ implementation
|
KASAN: use-after-free Read in addr_handler
rdma
|
syz |
done |
|
12 |
1687d |
2169d
|
15/28 |
1655d |
7c11910783a1
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
INFO: trying to register non-static key in io_cqring_ev_posted (2)
fs
|
C |
done |
|
42 |
1658d |
1695d
|
15/28 |
1655d |
10bea96dcc13
io_uring: add missing finish_wait() in io_sq_thread()
|
KASAN: use-after-free Read in cma_cancel_operation
rdma
|
C |
done |
|
617 |
1743d |
2424d
|
15/28 |
1655d |
7c11910783a1
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
BUG: unable to handle kernel paging request in kernel_get_mempolicy
mm
|
C |
done |
|
1 |
1692d |
1689d
|
15/28 |
1655d |
ba841078cd05
mm/mempolicy: Allow lookup_node() to handle fatal signal
|
WARNING: ODEBUG bug in rfcomm_dev_ioctl
bluetooth
|
|
|
|
1 |
1720d |
1720d
|
15/28 |
1655d |
71811cac8532
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
|
KASAN: slab-out-of-bounds Read in cgroup_file_notify
cgroups
|
C |
done |
|
1 |
1720d |
1716d
|
15/28 |
1655d |
726b7bbeafd4
hugetlb_cgroup: fix illegal access to memory
|
WARNING: refcount bug in __tcf_action_put
net
|
syz |
|
|
1 |
1717d |
1716d
|
15/28 |
1655d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
KASAN: use-after-free Read in rdma_listen (2)
rdma
|
C |
done |
|
354 |
1694d |
2062d
|
15/28 |
1655d |
7c11910783a1
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
WARNING: kobject bug in ib_register_device
kernel
|
C |
done |
|
14 |
1693d |
1731d
|
15/28 |
1655d |
7aefa6237cfe
RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET
|
general protection fault in ethnl_parse_header
net
|
C |
done |
|
9 |
1702d |
1707d
|
15/28 |
1655d |
55b474c41e58
netlink: check for null extack in cookie helpers
|
WARNING in vcpu_enter_guest
kvm
|
syz |
done |
|
19 |
1705d |
1818d
|
15/28 |
1655d |
d33294541889
KVM: x86: remove bogus user-triggerable WARN_ON
|
general protection fault in hsr_addr_is_self (2)
net
|
|
|
|
1 |
1707d |
1706d
|
15/28 |
1655d |
3a303cfdd28d
hsr: fix general protection fault in hsr_addr_is_self()
|
linux-next test error: KASAN: use-after-free Read in l2cap_sock_release
bluetooth
|
|
|
|
12 |
1750d |
1752d
|
15/28 |
1655d |
2a154903cec2
Bluetooth: prefetch channel before killing sock
|
possible deadlock in send_sigio
fs
|
C |
done |
|
7 |
1683d |
1692d
|
15/28 |
1655d |
63f818f46af9
proc: Use a dedicated lock in struct pid
|
WARNING: ODEBUG bug in __init_work
net
|
syz |
done |
|
1 |
1704d |
1703d
|
15/28 |
1655d |
ef299cc3fa1a
net_sched: cls_route: remove the right filter from hashtable
|
WARNING in call_rcu
net
|
C |
done |
|
8 |
1709d |
1716d
|
15/28 |
1655d |
ef299cc3fa1a
net_sched: cls_route: remove the right filter from hashtable
|
WARNING: ODEBUG bug in prism2sta_disconnect_usb
staging
|
|
|
|
1 |
1705d |
1703d
|
15/28 |
1655d |
a1f165a6b738
staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
|
WARNING: ODEBUG bug in tcf_queue_work
net
|
C |
done |
|
30 |
1721d |
1721d
|
15/28 |
1655d |
ef299cc3fa1a
net_sched: cls_route: remove the right filter from hashtable
|
WARNING in __blk_mq_delay_run_hw_queue
block
|
C |
done |
error |
6 |
1768d |
1874d
|
15/28 |
1655d |
6e66b4939241
blk-mq: Keep set->nr_hw_queues and set->map[].nr_queues in sync
|
general protection fault in qdisc_hash_add
net
|
C |
done |
|
47 |
1714d |
1714d
|
15/28 |
1655d |
7c4046b1c53b
Revert "net: sched: make newly activated qdiscs visible"
|
WARNING: refcount bug in tcindex_data_put
net
|
C |
done |
|
27 |
1692d |
1693d
|
15/28 |
1655d |
a8eab6d35e22
net_sched: fix a missing refcnt in tcindex_init()
|
KASAN: use-after-free Read in route4_get
net
|
C |
|
|
8 |
1684d |
1713d
|
15/28 |
1655d |
ef299cc3fa1a
net_sched: cls_route: remove the right filter from hashtable
|
KASAN: use-after-free Read in __list_del_entry_valid (4)
rdma
|
C |
done |
|
16 |
1744d |
2432d
|
15/28 |
1655d |
7c11910783a1
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
general protection fault in erspan_netlink_parms
net
|
C |
done |
|
5 |
1710d |
1711d
|
15/28 |
1655d |
32ca98feab8c
net: ip_gre: Accept IFLA_INFO_DATA-less configuration
|
WARNING in kernfs_create_dir_ns
kernfs
|
C |
done |
done |
3 |
1710d |
1971d
|
15/28 |
1655d |
810507fe6fd5
locking/lockdep: Reuse freed chain_hlocks entries
|
WARNING in af_alg_make_sg
crypto
|
C |
done |
|
13 |
1687d |
1687d
|
15/28 |
1655d |
ae46d2aa6a7f
mm/gup: Let __get_user_pages_locked() return -EINTR for fatal signal
|
general protection fault in rdma_listen (2)
rdma
|
syz |
done |
|
104 |
1694d |
2205d
|
15/28 |
1655d |
7c11910783a1
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
WARNING in kernfs_new_node
kernfs
|
C |
done |
done |
2 |
1710d |
1934d
|
15/28 |
1655d |
810507fe6fd5
locking/lockdep: Reuse freed chain_hlocks entries
|
possible deadlock in cma_netdev_callback
rdma
|
C |
done |
|
1399 |
1688d |
1730d
|
15/28 |
1655d |
33fb27fd5446
RDMA/siw: Fix passive connection establishment
|
WARNING: refcount bug in sctp_wfree
sctp
|
C |
done |
|
20 |
1696d |
1717d
|
15/28 |
1655d |
5c3e82fe1596
sctp: fix refcount bug in sctp_wfree
|
WARNING in ext4_write_inode
ext4
|
|
|
|
13 |
1723d |
1729d
|
15/28 |
1655d |
10a98cb16d80
xfs: clear PF_MEMALLOC before exiting xfsaild thread
|
BUG: corrupted list in rdma_listen
rdma
|
C |
|
|
202 |
1828d |
2407d
|
15/28 |
1655d |
7c11910783a1
RDMA/ucma: Put a lock around every call to the rdma_cm layer
|
possible deadlock in free_ioctx_users (2)
|
C |
done |
|
44 |
1685d |
1693d
|
15/28 |
1655d |
63f818f46af9
proc: Use a dedicated lock in struct pid
|
WARNING: ODEBUG bug in route4_change
|
C |
done |
|
68 |
1692d |
1716d
|
15/28 |
1655d |
ef299cc3fa1a
net_sched: cls_route: remove the right filter from hashtable
|
KASAN: use-after-free Read in tty_open
serial
|
C |
done |
done |
8 |
1702d |
1814d
|
15/28 |
1655d |
ca4463bf8438
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
KASAN: slab-out-of-bounds Read in edge_interrupt_callback
usb
|
C |
|
|
1 |
1704d |
1703d
|
15/28 |
1655d |
57aa9f294b09
USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
|
KMSAN: uninit-value in tcf_exts_change
net
|
C |
|
|
5 |
1706d |
1716d
|
15/28 |
1655d |
0d1c3530e1bd
net_sched: keep alloc_hash updated after hash allocation
|
BUG: sleeping function called from invalid context in kmem_cache_alloc_node_trace
net
|
C |
done |
|
364 |
1717d |
1719d
|
15/28 |
1655d |
138470a9b2cc
net/sched: act_ct: fix lockdep splat in tcf_ct_flow_table_get
|
KASAN: use-after-free Write in release_tty
|
C |
done |
|
591 |
1692d |
1814d
|
15/28 |
1655d |
ca4463bf8438
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
|
WARNING: ODEBUG bug in tcindex_destroy_work (3)
net
|
syz |
done |
|
13 |
1695d |
1731d
|
15/28 |
1655d |
304e024216a8
net_sched: add a temporary refcnt for struct tcindex_data
|
KASAN: slab-out-of-bounds Read in hfa384x_usbin_callback
staging
usb
|
C |
|
|
1 |
1706d |
1706d
|
15/28 |
1655d |
1165dd73e811
staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
|
KMSAN: uninit-value in macsec_handle_frame
net
|
|
|
|
1 |
1705d |
1705d
|
15/28 |
1655d |
b06d072ccc4b
macsec: restrict to ethernet devices
|
WARNING: refcount bug in igmp_start_timer
net
|
syz |
done |
done |
19 |
1920d |
2286d
|
15/28 |
1678d |
323ebb61e32b
net: use listified RX for handling GRO_NORMAL skbs
|
possible deadlock in sch_direct_xmit
net
|
C |
done |
done |
1548 |
1821d |
2500d
|
15/28 |
1678d |
323ebb61e32b
net: use listified RX for handling GRO_NORMAL skbs
|
KASAN: use-after-free Read in alloc_netdev_mqs
net
|
|
|
|
1 |
1742d |
1742d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
KMSAN: uninit-value in __iptunnel_pull_header
net
|
C |
|
|
12 |
1711d |
1720d
|
15/28 |
1680d |
17c25cafd4d3
gre: fix uninit-value in __iptunnel_pull_header
|
KASAN: use-after-free Read in inet_gifconf
net
|
|
|
|
24 |
1734d |
1740d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
INFO: task hung in hashlimit_mt_check_common
|
C |
done |
|
20 |
1736d |
1776d
|
15/28 |
1680d |
8d0015a7ab76
netfilter: xt_hashlimit: limit the max size of hashtable
c4a3922d2d20
netfilter: xt_hashlimit: reduce hashlimit_mutex scope for htable_put()
|
divide error in wg_packet_encrypt_worker
wireguard
|
C |
done |
|
12 |
1734d |
1742d
|
15/28 |
1680d |
175f1ca9a9ed
wireguard: send: account for mtu=0 devices
|
WARNING in idr_destroy
dri
|
C |
done |
|
5 |
1708d |
1723d
|
15/28 |
1680d |
b216a8e7908c
drm/lease: fix WARNING in idr_destroy
|
BUG: soft lockup in sys_exit_group
usb
|
C |
|
|
6 |
1705d |
1728d
|
15/28 |
1680d |
d683469b3c93
ALSA: line6: Fix endless MIDI read loop
|
KASAN: use-after-free Read in ipv6_get_ifaddr
net
|
|
|
|
1 |
1738d |
1738d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
KASAN: use-after-free Read in inet_lookup_ifaddr_rcu
net
|
|
|
|
2 |
1734d |
1736d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
KASAN: use-after-free Write in hiddev_disconnect
input
usb
|
|
|
|
20 |
1708d |
1772d
|
15/28 |
1680d |
5c02c447eaed
HID: hiddev: Fix race in in hiddev_disconnect()
|
KMSAN: use-after-free in netdev_state_change
net
|
|
|
|
2 |
1724d |
1724d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
KMSAN: uninit-value in audit_receive
audit
|
C |
|
|
4 |
1731d |
1731d
|
15/28 |
1680d |
756125289285
audit: always check the netlink payload length in audit_receive_msg()
|
WARNING: lock held when returning to user space in ovl_write_iter
overlayfs
|
C |
done |
|
6 |
1710d |
1725d
|
15/28 |
1680d |
c853680453ac
ovl: fix lockdep warning for async write
|
general protection fault in vt_ioctl
serial
|
|
|
|
1 |
1746d |
1746d
|
15/28 |
1680d |
6cd1ed50efd8
net-backports: vt: vt_ioctl: fix race in VT_RESIZEX
|
KASAN: use-after-free Read in percpu_ref_switch_to_atomic_rcu
block
|
|
|
|
5 |
1726d |
1748d
|
15/28 |
1680d |
c1e2148f8ecb
io_uring: free fixed_file_data after RCU grace period
|
KASAN: use-after-free Read in rtnl_fill_ifinfo (2)
net
|
|
|
|
2 |
1739d |
1740d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
INFO: task hung in hashlimit_net_exit
netfilter
|
syz |
done |
|
53 |
1734d |
1742d
|
15/28 |
1680d |
8d0015a7ab76
netfilter: xt_hashlimit: limit the max size of hashtable
|
kernel BUG at arch/x86/mm/physaddr.c:LINE! (4)
audit
|
C |
|
|
18 |
1699d |
1734d
|
15/28 |
1680d |
2ad3e17ebf94
audit: fix error handling in audit_data_to_entry()
|
KMSAN: uninit-value in slhc_compress
net
|
C |
|
|
3 |
1723d |
1723d
|
15/28 |
1680d |
110a40dfb708
slip: make slhc_compress() more robust against malicious packets
|
WARNING: proc registration bug in hashlimit_mt_check_common
netfilter
|
C |
done |
|
320 |
1720d |
1745d
|
15/28 |
1680d |
99b79c3900d4
netfilter: xt_hashlimit: unregister proc file before releasing mutex
|
linux-next test error: WARNING in snd_pcm_plug_alloc
sound
|
|
|
|
3 |
1714d |
1714d
|
15/28 |
1680d |
5461e0530c22
ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
|
WARNING: ODEBUG bug in smc_ib_remove_dev
net
s390
|
|
|
|
52 |
1711d |
1725d
|
15/28 |
1680d |
ece0d7bd7461
net/smc: cancel event worker during device removal
|
memory leak in dma_buf_ioctl
|
C |
done |
|
129 |
1730d |
1946d
|
15/28 |
1680d |
d1f37226431f
dma-buf: free dmabuf->name in dma_buf_release()
|
KASAN: use-after-free Read in netdev_state_change
net
|
|
|
|
2 |
1739d |
1740d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
KCSAN: data-race in snd_seq_check_queue / snd_seq_control_queue
sound
|
|
|
|
97 |
1681d |
1779d
|
15/28 |
1680d |
bb51e669fa49
ALSA: seq: Avoid concurrent access to queue flags
|
INFO: trying to register non-static key in xa_destroy
rdma
|
C |
done |
|
46 |
1703d |
1731d
|
15/28 |
1680d |
12e5eef0f4d8
RDMA/siw: Fix failure handling during device creation
|
BUG: unable to handle kernel NULL pointer dereference in inet_release
net
|
syz |
|
|
3 |
1730d |
1730d
|
15/28 |
1680d |
b6f6118901d1
ipv6: restrict IPV6_ADDRFORM operation
|
INFO: rcu detected stall in ip_set_uadd
netfilter
|
C |
done |
|
11 |
1725d |
1762d
|
15/28 |
1680d |
f66ee0410b1c
netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports
|
general protection fault in batadv_iv_ogm_schedule
batman
|
|
|
|
2 |
1734d |
1747d
|
15/28 |
1680d |
8e8ce08198de
batman-adv: Don't schedule OGM for disabled interface
|
INFO: task hung in paste_selection
serial
|
C |
inconclusive |
done |
8 |
1747d |
1811d
|
15/28 |
1680d |
e8c75a30a23c
vt: selection, push sel_lock up
|
BUG: unable to handle kernel paging request in ethnl_update_bitset32
net
|
C |
|
|
168 |
1720d |
1731d
|
15/28 |
1680d |
e34f1753eebc
ethtool: limit bitset size
|
KASAN: use-after-free Read in ipv6_chk_addr_and_flags
net
|
|
|
|
1 |
1739d |
1739d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
KMSAN: use-after-free in find_match
net
|
C |
|
|
52 |
1710d |
1739d
|
15/28 |
1680d |
e08ad80551b4
net-backports: net: add strict checks in netdev_name_node_alt_destroy()
|
KASAN: use-after-free Read in vgem_gem_dumb_create
dri
|
C |
done |
|
15 |
1743d |
1755d
|
15/28 |
1680d |
4b848f20eda5
drm/vgem: Close use-after-free race in vgem_gem_create
|
KMSAN: uninit-value in bpf_skb_load_helper_32_no_cache
net
bpf
|
|
|
|
2 |
1750d |
1748d
|
15/28 |
1680d |
457fed775c97
net/smc: fix leak of kernel memory to user space
|
memory leak in nf_tables_parse_netdev_hooks (2)
netfilter
|
C |
|
|
2 |
1720d |
1724d
|
15/28 |
1680d |
2d285f26ecd0
netfilter: nf_tables: free flowtable hooks on hook register error
|
KMSAN: uninit-value in bond_alb_xmit
net
|
syz |
|
|
3 |
1721d |
1723d
|
15/28 |
1680d |
b7469e83d2ad
bonding/alb: make sure arp header is pulled before accessing it
|
divide error in encrypt_packet
wireguard
|
C |
done |
|
89 |
1733d |
1742d
|
15/28 |
1680d |
175f1ca9a9ed
wireguard: send: account for mtu=0 devices
|
general protection fault in smc_ib_remove_dev
s390
net
|
C |
done |
|
98 |
1720d |
1731d
|
15/28 |
1680d |
a2f2ef4a54c0
net/smc: check for valid ib_client_data
|
possible deadlock in htab_lru_map_delete_node
bpf
|
C |
done |
|
264 |
1733d |
1739d
|
15/28 |
1680d |
b9aff38de2cb
bpf: Fix a potential deadlock with bpf_map_do_batch
|
KMSAN: use-after-free in inet_gifconf
net
|
|
|
|
10 |
1711d |
1734d
|
15/28 |
1680d |
e08ad80551b4
net-backports: net: add strict checks in netdev_name_node_alt_destroy()
|
KMSAN: use-after-free in ip6_dst_destroy
net
|
C |
|
|
2 |
1713d |
1725d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
KASAN: use-after-free Read in raw_notifier
can
|
|
|
|
3 |
1739d |
1740d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
memory leak in fasync_helper
fs
|
C |
|
|
14 |
1749d |
1810d
|
15/28 |
1680d |
67f562e3e147
net/smc: transfer fasync_list in case of fallback
|
possible deadlock in tty_unthrottle
serial
|
|
|
|
3 |
1704d |
1728d
|
15/28 |
1680d |
e8c75a30a23c
vt: selection, push sel_lock up
|
possible deadlock in inet_csk_accept
net
|
C |
done |
|
992 |
1714d |
1716d
|
15/28 |
1680d |
06669ea346e4
net: memcg: fix lockdep splat in inet_csk_accept()
|
KASAN: slab-out-of-bounds Read in ethnl_update_bitset32
net
|
syz |
|
|
2 |
1726d |
1731d
|
15/28 |
1680d |
e34f1753eebc
ethtool: limit bitset size
|
KMSAN: uninit-value in audit_log_vformat
audit
|
C |
|
|
220 |
1680d |
1731d
|
15/28 |
1680d |
756125289285
audit: always check the netlink payload length in audit_receive_msg()
|
KASAN: use-after-free Read in dev_get_by_index_rcu
net
|
|
|
|
1 |
1735d |
1735d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
INFO: rcu detected stall in hash_ip4_gc
kernel
|
C |
done |
|
1 |
1761d |
1760d
|
15/28 |
1680d |
f66ee0410b1c
netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports
|
KCSAN: data-race in queue_access_lock / snd_seq_check_queue
sound
|
|
|
|
58 |
1720d |
1762d
|
15/28 |
1680d |
bb51e669fa49
ALSA: seq: Avoid concurrent access to queue flags
|
KMSAN: kernel-infoleak in tty_compat_ioctl
serial
|
C |
|
|
162 |
1702d |
1731d
|
15/28 |
1680d |
17329563a97d
tty: fix compat TIOCGSERIAL leaking uninitialized memory
|
BUG: sleeping function called from invalid context in __kmalloc
ceph
fs
|
C |
done |
|
5 |
1742d |
1748d
|
15/28 |
1680d |
b27a939e8376
ceph: canonicalize server path in place
|
INFO: rcu detected stall in ip_set_udel
netfilter
|
C |
done |
|
12 |
1739d |
1762d
|
15/28 |
1680d |
f66ee0410b1c
netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports
|
general protection fault in ip_set_comment_free
netfilter
|
C |
done |
|
19 |
1723d |
1760d
|
15/28 |
1680d |
8af1c6fbd923
netfilter: ipset: Fix forceadd evaluation path
|
possible deadlock in bond_get_stats (3)
net
|
syz |
done |
|
2 |
1735d |
1735d
|
15/28 |
1680d |
b3e80d44f5b1
bonding: fix lockdep warning in bond_get_stats()
|
general protection fault in batadv_iv_ogm_schedule_buff
batman
|
|
|
|
24 |
1717d |
1739d
|
15/28 |
1680d |
8e8ce08198de
batman-adv: Don't schedule OGM for disabled interface
|
KMSAN: use-after-free in veth_xmit
net
|
|
|
|
8 |
1711d |
1726d
|
15/28 |
1680d |
e08ad80551b4
net-backports: net: add strict checks in netdev_name_node_alt_destroy()
|
KMSAN: uninit-value in kstrdup
net
|
C |
|
|
8 |
1716d |
1743d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
possible deadlock in sidtab_sid2str_put
selinux
|
C |
done |
|
1382 |
1742d |
1759d
|
15/28 |
1680d |
39a706fbcf26
selinux: fix sidtab string cache locking
|
KCSAN: data-race in __snd_rawmidi_transmit_ack / snd_rawmidi_write
sound
|
|
|
|
168 |
1681d |
1807d
|
15/28 |
1680d |
dfa9a5efe8b9
ALSA: rawmidi: Avoid bit fields for state flags
|
KASAN: use-after-free Read in vsscanf
can
|
|
|
|
2 |
1737d |
1739d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
KASAN: use-after-free Read in n_tty_receive_buf_common
|
C |
done |
|
68 |
1735d |
1811d
|
15/28 |
1680d |
07e6124a1a46
vt: selection, close sel_buffer race
|
KASAN: use-after-free Read in ethnl_update_bitset32
net
|
C |
done |
|
6 |
1724d |
1731d
|
15/28 |
1680d |
e34f1753eebc
ethtool: limit bitset size
|
KASAN: use-after-free Read in fib_nexthop_info
net
|
|
|
|
1 |
1739d |
1739d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
general protection fault in nf_flow_table_offload_setup
|
C |
done |
done |
835 |
1734d |
1767d
|
15/28 |
1680d |
a7da92c2c8a1
netfilter: flowtable: skip offload setup if disabled
|
memory leak in nfs_fs_context_parse_monolithic
nfs
|
C |
|
|
18 |
1715d |
1741d
|
15/28 |
1680d |
75a9b9176157
NFS: Fix leak of ctx->nfs_server.hostname
|
KASAN: slab-out-of-bounds Read in inet_gifconf
net
|
|
|
|
2 |
1740d |
1740d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
KASAN: use-after-free Read in find_match
|
C |
done |
|
142 |
1733d |
1740d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
KMSAN: uninit-value in fat_evict_inode
exfat
|
C |
|
|
256 |
1710d |
1734d
|
15/28 |
1680d |
bc87302a093f
fat: fix uninit-memory access for partial initialized inode
|
KASAN: use-after-free Read in br_dev_xmit
bridge
|
|
|
|
1 |
1730d |
1730d
|
15/28 |
1680d |
823d81b0fa2c
net: bridge: fix stale eth hdr pointer in br_dev_xmit
|
KASAN: use-after-free Read in ip6_dst_destroy
net
|
C |
done |
|
1 |
1740d |
1740d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
WARNING: bad unlock balance in ovl_llseek
overlayfs
|
C |
done |
|
4 |
1712d |
1725d
|
15/28 |
1680d |
531d3040bc5c
ovl: fix lock in ovl_llseek()
|
KASAN: use-after-free Read in l3mdev_master_ifindex_rcu
net
|
C |
done |
done |
13 |
1736d |
1742d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
KASAN: slab-out-of-bounds Read in resample_shrink
sound
|
C |
done |
|
5 |
1702d |
1720d
|
15/28 |
1680d |
f2ecf903ef06
ALSA: pcm: oss: Avoid plugin buffer overflow
|
general protection fault in nldev_stat_set_doit
rdma
|
C |
done |
|
8 |
1714d |
1731d
|
15/28 |
1680d |
78f34a16c286
RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing
|
kernel panic: stack is corrupted in vhost_net_ioctl
virt
kvm
net
|
C |
done |
|
2 |
1740d |
1827d
|
15/28 |
1680d |
42d84c8490f9
vhost: Check docket sk_family instead of call getname
|
KASAN: use-after-free Read in __neigh_notify
net
|
|
|
|
2 |
1739d |
1739d
|
15/28 |
1680d |
44bfa9c5e5f0
net: rtnetlink: fix bugs in rtnl_alt_ifname()
|
BUG: unable to handle kernel NULL pointer dereference in cipso_v4_sock_setattr
lsm
net
|
C |
done |
|
8 |
1720d |
1730d
|
15/28 |
1680d |
dc24f8b4ecd3
mptcp: add dummy icsk_sync_mss()
|
INFO: task hung in lock_sock_nested (2)
net
|
C |
done |
|
418 |
1720d |
1733d
|
15/28 |
1680d |
3f74957fcbea
vsock: fix potential deadlock in transport->release()
|
KMSAN: use-after-free in l3mdev_master_ifindex_rcu
net
|
C |
|
|
5 |
1710d |
1734d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
unregister_netdevice: waiting for DEV to become free (3)
|
C |
|
|
1864 |
1680d |
1742d
|
15/28 |
1680d |
e34f1753eebc
ethtool: limit bitset size
|
KMSAN: use-after-free in dev_alloc_name_ns
net
|
|
|
|
3 |
1711d |
1724d
|
15/28 |
1680d |
e08ad80551b4
net: add strict checks in netdev_name_node_alt_destroy()
|
KCSAN: data-race in snd_seq_prioq_cell_out / snd_seq_timer_interrupt
sound
|
|
|
|
118 |
1681d |
1775d
|
15/28 |
1680d |
dc7497795e01
ALSA: seq: Fix concurrent access to queue current tick/time
|
KASAN: use-after-free Read in mld_in_v1_mode
net
|
C |
done |
|
3 |
1739d |
1742d
|
15/28 |
1680d |
e08ad80551b4
net-backports: net: add strict checks in netdev_name_node_alt_destroy()
|
possible deadlock in bpf_lru_push_free
bpf
|
C |
done |
|
609 |
1733d |
1739d
|
15/28 |
1680d |
b9aff38de2cb
bpf: Fix a potential deadlock with bpf_map_do_batch
|
WARNING in switch_fpu_return
kernel
|
syz |
done |
done |
11 |
1751d |
1785d
|
15/28 |
1701d |
2620fe268e80
KVM: x86: Revert "KVM: X86: Fix fpu state crash in kvm guest"
|
KMSAN: use-after-free in rdma_listen
rdma
|
C |
|
|
26 |
1721d |
1867d
|
15/28 |
1701d |
5fc01fb846bc
RDMA/cma: Rollback source IP address if failing to acquire device
|
KMSAN: uninit-value in rdma_listen
rdma
|
C |
|
|
28 |
1878d |
2243d
|
15/28 |
1701d |
5fc01fb846bc
RDMA/cma: Rollback source IP address if failing to acquire device
|
KASAN: slab-out-of-bounds Read in bitmap_ip_add
netfilter
|
syz |
done |
done |
7 |
1756d |
1768d
|
15/28 |
1701d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
general protection fault in __nf_tables_chain_type_lookup
netfilter
|
|
|
|
1 |
1766d |
1765d
|
15/28 |
1707d |
826035498ec1
netfilter: nf_tables: add __nft_chain_type_get()
|
KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup
netfilter
|
C |
done |
done |
8 |
1751d |
1767d
|
15/28 |
1709d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup
netfilter
|
C |
done |
done |
10 |
1759d |
1767d
|
15/28 |
1709d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
BUG: corrupted list in __nf_tables_abort
|
C |
done |
done |
29 |
1761d |
1768d
|
15/28 |
1709d |
eb014de4fd41
netfilter: nf_tables: autoload modules from the abort path
|
KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy
netfilter
|
C |
done |
done |
2 |
1762d |
1762d
|
15/28 |
1709d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
|
C |
done |
done |
70 |
1750d |
1766d
|
15/28 |
1709d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
BUG: unable to handle kernel paging request in ion_heap_sglist_zero
staging
|
|
|
|
1 |
1815d |
1815d
|
15/28 |
1709d |
d98c9e83b5e7
kasan: fix crashes on access to memory mapped by vm_map_ram()
|
KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup
netfilter
|
C |
unreliable |
done |
15 |
1751d |
1766d
|
15/28 |
1709d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
KASAN: slab-out-of-bounds Read in bitmap_port_destroy
netfilter
|
C |
done |
done |
2 |
1763d |
1763d
|
15/28 |
1709d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
general protection fault in gcmaes_crypt_by_sg (2)
crypto
|
C |
error |
done |
28 |
1767d |
1813d
|
15/28 |
1715d |
db885e66d268
net/tls: fix async operation
|
possible deadlock in wg_noise_handshake_create_initiation
wireguard
|
C |
done |
|
11 |
1749d |
1752d
|
15/28 |
1715d |
ec31c2676a10
wireguard: noise: reject peers with low order public keys
|
KASAN: use-after-free Read in slcan_open
can
|
C |
done |
|
2 |
1816d |
1815d
|
15/28 |
1715d |
9ebd796e2400
can: slcan: Fix use-after-free Read in slcan_open
|
kernel BUG at fs/btrfs/volumes.c:LINE!
btrfs
|
|
|
|
130 |
1821d |
2359d
|
15/28 |
1715d |
321f69f86a0f
btrfs: reset device back to allocation state when removing
|
BUG: unable to handle kernel paging request in slhc_free
net
|
C |
done |
done |
177 |
2036d |
2154d
|
15/28 |
1715d |
baf76f0c58ae
slip: make slhc_free() silently accept an error pointer
|
WARNING in _chaoskey_fill/usb_submit_urb
usb
|
C |
|
|
15 |
1832d |
1885d
|
15/28 |
1715d |
92aa5986f4f7
USB: chaoskey: fix error case of a timeout
|
KASAN: slab-out-of-bounds Read in iov_iter_alignment
iomap
|
C |
error |
error |
79 |
1815d |
1812d
|
15/28 |
1715d |
e0ff126ee7ad
pipe: Fix bogus dereference in iov_iter_alignment()
|
possible deadlock in wg_set_device
|
C |
done |
|
33 |
1747d |
1752d
|
15/28 |
1715d |
ec31c2676a10
wireguard: noise: reject peers with low order public keys
|
WARNING: ODEBUG bug in io_sqe_files_unregister
fs
|
C |
done |
|
964 |
1749d |
1796d
|
15/28 |
1715d |
2faf852d1be8
io_uring: cleanup fixed file data table references
|
WARNING in flexcop_usb_probe/usb_submit_urb
usb
media
|
C |
|
|
4 |
1881d |
1918d
|
15/28 |
1715d |
1b976fc6d684
media: b2c2-flexcop-usb: add sanity checking
|
linux-next build error (7)
kernel
|
|
|
|
7 |
1760d |
1764d
|
15/28 |
1715d |
ac6119e7f25b
efi/x86: Disable instrumentation in the EFI runtime handling code
|
BUG: unable to handle kernel paging request in xfs_sb_read_verify
xfs
|
|
|
|
69 |
1798d |
1817d
|
15/28 |
1720d |
d98c9e83b5e7
kasan: fix crashes on access to memory mapped by vm_map_ram()
|
BUG: unable to handle kernel paging request in ion_heap_clear_pages
staging
|
C |
|
|
4378 |
1798d |
1817d
|
15/28 |
1720d |
d98c9e83b5e7
kasan: fix crashes on access to memory mapped by vm_map_ram()
|
KASAN: use-after-free Read in bitmap_ip_ext_cleanup
netfilter
|
C |
done |
done |
2 |
1767d |
1767d
|
15/28 |
1733d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup
netfilter
|
C |
done |
done |
2 |
1767d |
1767d
|
15/28 |
1733d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
KASAN: slab-out-of-bounds Write in bitmap_ip_del
netfilter
|
C |
done |
done |
7 |
1765d |
1766d
|
15/28 |
1733d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
KASAN: use-after-free Read in bitmap_ip_destroy
netfilter
|
C |
done |
done |
1 |
1767d |
1767d
|
15/28 |
1736d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
upstream boot error: KASAN: slab-out-of-bounds Write in hpet_alloc
kernel
|
|
|
|
33 |
1755d |
1756d
|
15/28 |
1737d |
98c49f1746ac
char: hpet: Fix out-of-bounds read bug
|
KMSAN: uninit-value in setup_udp_tunnel_sock
net
|
C |
|
|
1 |
1765d |
1765d
|
15/28 |
1737d |
940ba1498665
net-backports: gtp: make sure only SOCK_DGRAM UDP sockets are accepted
|
WARNING in nft_request_module
netfilter
|
C |
done |
|
7 |
1771d |
1771d
|
15/28 |
1737d |
9332d27d7918
netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
|
memory leak in reiserfs_fill_super
reiserfs
|
C |
|
|
20 |
1756d |
1806d
|
15/28 |
1737d |
5474ca7da6f3
reiserfs: Fix memory leak of journal device string
|
WARNING: lock held when returning to user space in tun_get_user (2)
net
|
|
|
|
7 |
1753d |
1764d
|
15/28 |
1737d |
1efba987c486
net-backports: tun: add mutex_unlock() call and napi.skb clearing in tun_get_user()
|
memory leak in kobject_set_name_vargs (2)
|
C |
done |
|
47 |
1762d |
1947d
|
15/28 |
1737d |
cb626bf566eb
net-sysfs: Fix reference count leak
|
KCSAN: data-race in __rcu_read_unlock / sync_rcu_exp_select_cpus
fs
mm
|
|
|
|
7 |
1749d |
1843d
|
15/28 |
1737d |
c51f83c315c3
rcu: Use READ_ONCE() for ->expmask in rcu_read_unlock_special()
|
KASAN: slab-out-of-bounds Read in bitmap_port_gc
|
C |
done |
|
197 |
1751d |
1768d
|
15/28 |
1737d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
KMSAN: uninit-value in can_receive
can
|
C |
|
|
14 |
1740d |
1829d
|
15/28 |
1737d |
e7153bf70c34
can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs
|
memory leak in _sctp_make_chunk
sctp
|
C |
|
|
1 |
1801d |
1801d
|
15/28 |
1737d |
be7a77292077
sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
|
WARNING in devlink_port_type_warn
net
|
|
|
|
2340 |
1768d |
1839d
|
15/28 |
1737d |
4c582234ab39
devlink: Wait longer before warning about unset port type
|
BUG: unable to handle kernel NULL pointer dereference in x25_connect
x25
|
|
|
|
1 |
1811d |
1810d
|
15/28 |
1737d |
e21dba7a4df4
net/x25: fix nonblocking connect
|
KASAN: user-memory-access Write in video_usercopy
media
|
|
|
|
3 |
1777d |
1778d
|
15/28 |
1737d |
1dc8b65c944e
media: v4l2-core: only zero-out ioctl-read buffers
|
BUG: unable to handle kernel NULL pointer dereference in cfg80211_wext_siwrts
wireless
|
|
|
|
3 |
1767d |
1776d
|
15/28 |
1737d |
24953de0a5e3
cfg80211: check for set_wiphy_params
|
KASAN: null-ptr-deref Write in x25_connect
x25
|
|
|
|
1 |
1816d |
1811d
|
15/28 |
1737d |
e21dba7a4df4
net/x25: fix nonblocking connect
|
KASAN: slab-out-of-bounds Read in bitmap_ip_list
netfilter
|
C |
|
|
85 |
1752d |
1768d
|
15/28 |
1737d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
kernel BUG at fs/namei.c:LINE!
fs
|
|
|
|
3593 |
1772d |
1773d
|
15/28 |
1737d |
c64cd6e34ea3
reimplement path_mountpoint() with less magic
|
KASAN: use-after-free Read in bitmap_port_ext_cleanup
netfilter
|
C |
done |
|
11 |
1767d |
1776d
|
15/28 |
1737d |
c120959387ef
netfilter: fix a use-after-free in mtype_destroy()
|
KMSAN: uninit-value in sd_init (2)
media
usb
|
C |
|
|
94 |
1843d |
1839d
|
15/28 |
1737d |
de89d0864f66
media: gspca: zero usb_buf
|
KMSAN: uninit-value in __request_module (3)
kernel
|
C |
|
|
58 |
1738d |
1766d
|
15/28 |
1737d |
36d79af7fb59
net-backports: net_sched: use validated TCA_KIND attribute in tc_new_tfilter()
|
KMSAN: uninit-value in rsvp_change
net
|
C |
|
|
4 |
1758d |
1758d
|
15/28 |
1737d |
cb3c0e6bdf64
cls_rsvp: fix rsvp_policy
|
BUG: unable to handle kernel paging request in rhashtable_replace_fast
net
|
|
|
|
2 |
1763d |
1770d
|
15/28 |
1737d |
41cdc741048b
netdevsim: fix nsim_fib6_rt_create() error path
|
KASAN: use-after-free Read in __nf_tables_abort
netfilter
|
C |
done |
|
3 |
1764d |
1766d
|
15/28 |
1737d |
eb014de4fd41
netfilter: nf_tables: autoload modules from the abort path
|
KASAN: use-after-free Read in rsi_rx_done_handler
wireless
|
|
|
|
8 |
1776d |
1905d
|
15/28 |
1737d |
e93cd35101b6
rsi: fix use-after-free on failed probe and unbind
|
general protection fault in hsr_addr_is_self
net
|
|
|
|
3 |
1739d |
1754d
|
15/28 |
1737d |
2b5b8251bc9f
net: hsr: fix possible NULL deref in hsr_handle_frame()
|
WARNING: suspicious RCU usage in find_set_and_id
netfilter
|
syz |
done |
|
6 |
1762d |
1765d
|
15/28 |
1737d |
5038517119d5
netfilter: ipset: fix suspicious RCU usage in find_set_and_id
|
BUG: corrupted list in nft_obj_del
netfilter
|
C |
done |
|
7 |
1769d |
1771d
|
15/28 |
1737d |
335178d5429c
netfilter: nf_tables: fix flowtable list del corruption
|
BUG: corrupted list in nf_tables_commit
netfilter
|
C |
done |
|
8 |
1771d |
1771d
|
15/28 |
1737d |
335178d5429c
netfilter: nf_tables: fix flowtable list del corruption
|
kernel panic: stack is corrupted in __lock_acquire (4)
kernel
|
syz |
error |
error |
75 |
1833d |
1990d
|
15/28 |
1737d |
4da6a196f93b
bpf: Sockmap/tls, during free we may call tcp_bpf_unhash() in loop
|
INFO: rcu detected stall in addrconf_rs_timer (3)
net
|
C |
inconclusive |
done |
81 |
1798d |
1794d
|
15/28 |
1737d |
d9e15a273306
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
KASAN: slab-out-of-bounds Read in bitmap_ipmac_list
|
C |
done |
|
108 |
1753d |
1768d
|
15/28 |
1737d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
BUG: corrupted list in __dentry_kill (2)
fs
|
C |
done |
|
4945 |
1805d |
1806d
|
15/28 |
1737d |
a3d1e7eb5abe
simple_recursive_removal(): kernel-side rm -rf for ramfs-style filesystems
|
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock (2)
net
|
C |
done |
|
8 |
1764d |
1766d
|
15/28 |
1737d |
940ba1498665
net-backports: gtp: make sure only SOCK_DGRAM UDP sockets are accepted
|
BUG: sleeping function called from invalid context in lock_sock_nested
bpf
net
|
C |
|
|
1232 |
1737d |
1813d
|
15/28 |
1737d |
37f96694cf73
crypto: af_alg - Use bh_lock_sock in sk_destruct
|
general protection fault in dccp_timeout_nlattr_to_obj
netfilter
|
C |
done |
|
7 |
1777d |
1780d
|
15/28 |
1737d |
1d9a7acd3d1e
netfilter: conntrack: dccp, sctp: handle null timeout argument
|
memory leak in vlan_dev_set_egress_priority
net
|
C |
|
|
1 |
1780d |
1780d
|
15/28 |
1737d |
9bbd917e0bec
vlan: fix memory leak in vlan_dev_set_egress_priority
|
general protection fault in nft_parse_register
netfilter
|
|
|
|
1 |
1769d |
1768d
|
15/28 |
1737d |
7eaecf7963c1
netfilter: nft_osf: add missing check for DREG attribute
|
WARNING in sk_psock_drop
bpf
net
|
|
|
|
157 |
1760d |
1769d
|
15/28 |
1737d |
58c8db929db1
net, sk_msg: Don't check if sock is locked when tearing down psock
|
KCSAN: data-race in __rcu_read_unlock / rcu_report_exp_cpu_mult
cgroups
mm
|
|
|
|
21 |
1753d |
1813d
|
15/28 |
1737d |
c51f83c315c3
rcu: Use READ_ONCE() for ->expmask in rcu_read_unlock_special()
|
KCSAN: data-race in tomoyo_supervisor / tomoyo_supervisor (3)
tomoyo
|
|
|
|
142 |
1742d |
1794d
|
15/28 |
1737d |
a8772fad0172
tomoyo: Use atomic_t for statistics counter
|
KMSAN: uninit-value in macvlan_broadcast
net
|
C |
|
|
2 |
1780d |
1780d
|
15/28 |
1737d |
96cc4b69581d
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
general protection fault in xt_rateest_tg_checkentry
netfilter
|
C |
done |
|
12 |
1780d |
1791d
|
15/28 |
1737d |
1b789577f655
netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
|
general protection fault in hash_netiface6_uadt
netfilter
|
|
|
|
1 |
1777d |
1777d
|
15/28 |
1737d |
22dad713b8a5
netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
|
WARNING in tcp_ack
net
|
C |
done |
|
3 |
1778d |
1778d
|
15/28 |
1737d |
90d72256addf
gtp: fix bad unlock balance in gtp_encap_enable_socket
|
memory leak in em_nbyte_change
net
|
C |
|
|
1 |
1762d |
1762d
|
15/28 |
1737d |
55cd9f67f1e4
net_sched: ematch: reject invalid TCF_EM_SIMPLE
|
KCSAN: data-race in __skb_try_recv_from_queue / unix_dgram_sendmsg
net
|
|
|
|
61 |
1753d |
1771d
|
15/28 |
1737d |
86b18aaa2b5b
skbuff: fix a data race in skb_queue_len()
|
KMSAN: uninit-value in digitv_rc_query
media
usb
|
C |
|
|
4 |
1856d |
1839d
|
15/28 |
1737d |
eecc70d22ae5
media: digitv: don't continue if remote control state can't be read
569bc8d6a6a5
media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0
|
general protection fault in xt_rateest_put
netfilter
|
C |
done |
|
97 |
1768d |
1775d
|
15/28 |
1737d |
212e7f56605e
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
|
KCSAN: data-race in rcu_gp_fqs_check_wake / rcu_preempt_deferred_qs_irqrestore
batman
|
|
|
|
99 |
1749d |
1869d
|
15/28 |
1737d |
6935c3983b24
rcu: Avoid data-race in rcu_gp_fqs_check_wake()
|
BUG: sleeping function called from invalid context in tpk_write
kernel
|
C |
done |
|
12 |
1769d |
1810d
|
15/28 |
1737d |
9a655c77ff8f
ttyprintk: fix a potential deadlock in interrupt context issue
|
KCSAN: data-race in rcu_gp_fqs_check_wake / rcu_note_context_switch
cgroups
|
|
|
|
51 |
1749d |
1862d
|
15/28 |
1737d |
6935c3983b24
rcu: Avoid data-race in rcu_gp_fqs_check_wake()
|
memory leak in snd_pcm_hw_params
sound
|
C |
|
|
25 |
1750d |
1757d
|
15/28 |
1737d |
66f2d19f8116
ALSA: pcm: Fix memory leak at closing a stream without hw_free
|
KASAN: slab-out-of-bounds Read in macvlan_broadcast
net
|
C |
done |
|
10 |
1778d |
1780d
|
15/28 |
1737d |
96cc4b69581d
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
KMSAN: uninit-value in number
media
usb
|
C |
|
|
190 |
1741d |
1839d
|
15/28 |
1737d |
51d0c99b391f
media: af9005: uninitialized variable printked
|
KCSAN: data-race in find_next_bit / rcu_report_exp_cpu_mult
kernel
|
|
|
|
203 |
1749d |
1871d
|
15/28 |
1737d |
15c7c972cd26
rcu: Use *_ONCE() to protect lockless ->expmask accesses
|
KMSAN: uninit-value in __tipc_nl_compat_dumpit
tipc
|
C |
|
|
4428 |
1737d |
1806d
|
15/28 |
1737d |
a7869e5f9174
tipc: eliminate KMSAN: uninit-value in __tipc_nl_compat_dumpit error
|
KASAN: slab-out-of-bounds Read in nla_put_nohdr
net
|
C |
done |
|
1 |
1765d |
1764d
|
15/28 |
1737d |
61678d28d4a4
net_sched: fix datalen for ematch
|
general protection fault in path_openat
ext4
|
C |
done |
|
7 |
1755d |
1755d
|
15/28 |
1737d |
6404674acd59
vfs: fix do_last() regression
|
general protection fault in free_verifier_state (3)
bpf
|
C |
|
|
5 |
1765d |
1772d
|
15/28 |
1737d |
f59bbfc2f609
bpf: Fix error path under memory pressure
|
WARNING: bad unlock balance in release_sock
net
|
|
|
|
1 |
1779d |
1779d
|
15/28 |
1737d |
90d72256addf
gtp: fix bad unlock balance in gtp_encap_enable_socket
|
KASAN: use-after-free Read in tcp_fastretrans_alert
net
|
C |
done |
|
1 |
1768d |
1768d
|
15/28 |
1737d |
2bec445f9bf3
net-backports: tcp: do not leave dangling pointers in tp->highest_sack
|
KASAN: use-after-free Read in root_remove_peer_lists
wireguard
|
C |
done |
|
2 |
1754d |
1754d
|
15/28 |
1737d |
9981159fc3b6
wireguard: allowedips: fix use-after-free in root_remove_peer_lists
|
KASAN: use-after-free Read in snd_timer_resolution
sound
|
C |
|
|
5 |
1753d |
1771d
|
15/28 |
1737d |
60adcfde92fa
ALSA: seq: Fix racy access for queue timer in proc read
|
KMSAN: uninit-value in i2c_w (2)
media
usb
|
C |
|
|
3 |
1850d |
1839d
|
15/28 |
1737d |
de89d0864f66
media: gspca: zero usb_buf
|
KCSAN: data-race in tick_do_update_jiffies64 / tick_do_update_jiffies64 (4)
kernel
|
|
|
|
394 |
1742d |
1813d
|
15/28 |
1737d |
de95a991bb72
net-backports: tick/sched: Annotate lockless access to last_jiffies_update
|
general protection fault in hash_netnet6_uadt
netfilter
|
|
|
|
1 |
1777d |
1777d
|
15/28 |
1737d |
22dad713b8a5
netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
|
BUG: unable to handle kernel paging request in rhashtable_jhash2
net
|
C |
done |
|
6 |
1770d |
1771d
|
15/28 |
1737d |
41cdc741048b
netdevsim: fix nsim_fib6_rt_create() error path
|
memory leak in tcf_ctinfo_init
net
|
C |
|
|
2 |
1767d |
1768d
|
15/28 |
1737d |
09d4f10a5e78
net: sched: act_ctinfo: fix memory leak
|
WARNING in do_dentry_open (2)
fs
|
C |
done |
|
17 |
1757d |
1754d
|
15/28 |
1737d |
a37f4958f7b6
debugfs: Return -EPERM when locked down
|
KASAN: slab-out-of-bounds Read in __nla_put_nohdr
net
|
C |
done |
|
4 |
1765d |
1765d
|
15/28 |
1737d |
61678d28d4a4
net_sched: fix datalen for ematch
|
INFO: rcu detected stall in br_handle_frame (2)
net
|
C |
done |
|
2 |
1797d |
1793d
|
15/28 |
1737d |
d9e15a273306
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
memory leak in nf_tables_parse_netdev_hooks
netfilter
|
C |
|
|
6 |
1741d |
1771d
|
15/28 |
1737d |
cd77e75b5e46
netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()
|
KCSAN: data-race in process_srcu / synchronize_srcu
block
|
|
|
|
112 |
1749d |
1843d
|
15/28 |
1737d |
844a378de337
srcu: Apply *_ONCE() to ->srcu_last_gp_end
|
WARNING in __proc_create (2)
afs
|
C |
done |
|
4 |
1764d |
1765d
|
15/28 |
1737d |
a45ea48e2bcd
afs: Fix characters allowed into cell names
|
INFO: rcu detected stall in netlink_sendmsg (3)
net
|
C |
done |
|
6 |
1744d |
1798d
|
15/28 |
1737d |
d9e15a273306
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
|
general protection fault in timer_is_static_object
input
|
C |
|
|
2 |
1821d |
1818d
|
15/28 |
1737d |
cb222aed03d7
Input: add safety guards to input_set_keycode()
|
KASAN: null-ptr-deref Write in queue_work_on
can
|
C |
done |
error |
5 |
1922d |
1918d
|
15/28 |
1737d |
0ace17d56824
can, slip: Protect tty->disc_data in write_wakeup and close with RCU
|
WARNING in cbq_destroy_class
net
|
C |
done |
|
7 |
1742d |
1765d
|
15/28 |
1737d |
2e24cd755552
net_sched: fix ops->bind_class() implementations
|
WARNING in tracepoint_probe_register_prio (3)
trace
|
syz |
done |
|
979 |
1741d |
2378d
|
15/28 |
1737d |
64ae572bc7d0
tracing: Fix sched switch start/stop refcount racy updates
|
kernel BUG at arch/x86/kvm/mmu/mmu.c:LINE!
kvm
|
C |
done |
|
6 |
1794d |
1801d
|
15/28 |
1737d |
005ba37cb89b
mm: thp: KVM: Explicitly check for THP when populating secondary MMU
|
BUG: spinlock already unlocked in input_set_keycode
input
|
C |
|
|
2 |
1831d |
1829d
|
15/28 |
1737d |
cb222aed03d7
Input: add safety guards to input_set_keycode()
|
WARNING: refcount bug in cdev_get
|
C |
done |
|
105 |
1779d |
1919d
|
15/28 |
1737d |
68faa679b8be
chardev: Avoid potential use-after-free in 'chrdev_open()'
|
KMSAN: uninit-value in read_sensor_register (2)
media
usb
|
C |
|
|
44 |
1844d |
1862d
|
15/28 |
1737d |
de89d0864f66
media: gspca: zero usb_buf
|
inconsistent lock state in rxrpc_put_client_conn
|
C |
done |
|
18198 |
1746d |
1752d
|
15/28 |
1737d |
963485d436cc
rxrpc: Fix call RCU cleanup using non-bh-safe locks
|
general protection fault in hash_ipmark6_uadt
netfilter
|
|
|
|
2 |
1777d |
1777d
|
15/28 |
1737d |
22dad713b8a5
netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
|
WARNING in cbq_destroy
net
|
C |
done |
|
1 |
1765d |
1764d
|
15/28 |
1737d |
2e24cd755552
net_sched: fix ops->bind_class() implementations
|
WARNING in dln2_start_rx_urbs/usb_submit_urb
usb
|
C |
|
|
44 |
1753d |
1841d
|
15/28 |
1737d |
2b8bd606b1e6
mfd: dln2: More sanity checking for endpoints
|
KASAN: use-after-free Read in tcp_check_sack_reordering
net
|
C |
done |
|
2 |
1759d |
1768d
|
15/28 |
1737d |
2bec445f9bf3
net-backports: tcp: do not leave dangling pointers in tp->highest_sack
|
BUG: unable to handle kernel NULL pointer dereference in cfg80211_wext_siwfrag
wireless
|
C |
done |
|
8 |
1767d |
1780d
|
15/28 |
1737d |
24953de0a5e3
cfg80211: check for set_wiphy_params
|
WARNING in cgroup_apply_control_enable
cgroups
|
C |
done |
|
178 |
1774d |
2326d
|
15/28 |
1737d |
3bc0bb36fa30
cgroup: Prevent double killing of css when enabling threaded cgroup
|
KASAN: slab-out-of-bounds Read in hid_field_extract
input
usb
|
C |
|
|
6 |
1778d |
1811d
|
15/28 |
1737d |
8ec321e96e05
HID: Fix slab-out-of-bounds read in hid_field_extract
|
general protection fault in nft_chain_parse_hook
netfilter
|
C |
done |
|
48 |
1756d |
1771d
|
15/28 |
1737d |
826035498ec1
netfilter: nf_tables: add __nft_chain_type_get()
|
WARNING in nf_tables_table_destroy
netfilter
|
C |
done |
done |
1 |
1769d |
1768d
|
15/28 |
1737d |
eb014de4fd41
netfilter: nf_tables: autoload modules from the abort path
|
KASAN: slab-out-of-bounds Write in mpol_parse_str
mm
|
C |
done |
|
3 |
1775d |
1772d
|
15/28 |
1737d |
c7a91bc7c2e1
mm/mempolicy.c: fix out of bounds write in mpol_parse_str()
|
KASAN: slab-out-of-bounds Read in bitmap_ip_gc
netfilter
|
C |
done |
|
15 |
1750d |
1768d
|
15/28 |
1737d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
WARNING: ODEBUG bug in rsi_probe
usb
wireless
|
C |
|
|
10487 |
1751d |
2047d
|
15/28 |
1737d |
92aafe77123a
rsi: fix use-after-free on probe errors
|
KASAN: use-after-free Read in macvlan_broadcast
net
|
C |
done |
|
12 |
1778d |
1780d
|
15/28 |
1737d |
96cc4b69581d
macvlan: do not assume mac_header is set in macvlan_broadcast()
|
general protection fault in nft_tunnel_get_init
netfilter
|
C |
done |
|
7 |
1771d |
1771d
|
15/28 |
1737d |
1c702bf902bd
netfilter: nft_tunnel: fix null-attribute check
|
KASAN: slab-out-of-bounds Read in bitmap_port_add
netfilter
|
syz |
done |
|
9 |
1762d |
1768d
|
15/28 |
1737d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
WARNING: bad unlock balance in gtp_encap_enable_socket
net
|
C |
done |
|
8 |
1776d |
1781d
|
15/28 |
1737d |
90d72256addf
net-backports: gtp: fix bad unlock balance in gtp_encap_enable_socket
|
WARNING: bad unlock balance in sch_direct_xmit
net
|
C |
done |
|
35 |
1767d |
1814d
|
15/28 |
1737d |
53d374979ef1
net: avoid updating qdisc_xmit_lock_key in netdev_update_lockdep_key()
|
general protection fault in inet6_set_link_af
net
|
C |
done |
|
8 |
1747d |
1750d
|
15/28 |
1737d |
db3fa271022d
ipv6/addrconf: fix potential NULL deref in inet6_set_link_af()
|
general protection fault in tcf_ife_cleanup
net
|
C |
done |
|
111 |
1752d |
1775d
|
15/28 |
1737d |
44c23d71599f
net/sched: act_ife: initalize ife->metalist earlier
|
BUG: unable to handle kernel paging request in do_csum (2)
kernel
|
C |
done |
|
6 |
1760d |
1762d
|
15/28 |
1737d |
6cd021a58c18
udp: segment looped gso packets correctly
|
KASAN: use-after-free Write in hci_sock_bind
bluetooth
|
|
|
|
4 |
1739d |
1772d
|
15/28 |
1737d |
11eb85ec42dc
Bluetooth: Fix race condition in hci_release_sock()
|
KASAN: use-after-free Write in __alloc_skb (2)
net
|
C |
done |
|
7 |
1788d |
1804d
|
15/28 |
1737d |
d836f5c69d87
net-backports: net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()
|
KASAN: slab-out-of-bounds Read in bitmap_ip_test
netfilter
|
syz |
|
|
10 |
1757d |
1768d
|
15/28 |
1737d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
WARNING in geneve_exit_batch_net
net
|
|
|
|
15 |
1737d |
1763d
|
15/28 |
1737d |
760d228e322e
net_sched: walk through all child classes in tc_bind_tclass()
|
KASAN: slab-out-of-bounds Read in tcf_exts_destroy
net
|
C |
done |
error |
8 |
1860d |
1763d
|
15/28 |
1737d |
599be01ee567
net_sched: fix an OOB access in cls_tcindex
|
general protection fault in hash_ipportnet4_uadt
netfilter
|
C |
done |
|
13 |
1777d |
1779d
|
15/28 |
1737d |
22dad713b8a5
netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
|
KASAN: use-after-free Write in percpu_ref_switch_to_percpu
fs
|
|
|
|
1 |
1752d |
1751d
|
15/28 |
1737d |
2faf852d1be8
io_uring: cleanup fixed file data table references
|
KASAN: slab-out-of-bounds Read in bitmap_port_list
netfilter
|
C |
|
|
152 |
1760d |
1768d
|
15/28 |
1737d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
WARNING in uvc_scan_chain_forward
usb
media
|
C |
|
|
6 |
1777d |
1801d
|
15/28 |
1737d |
68035c80e129
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
|
WARNING: ODEBUG bug in tcindex_destroy_work (2)
net
|
|
|
|
5 |
1742d |
1753d
|
15/28 |
1737d |
599be01ee567
net_sched: fix an OOB access in cls_tcindex
|
inconsistent lock state in rxrpc_put_client_connection_id
net
afs
|
C |
done |
|
473 |
1746d |
1752d
|
15/28 |
1737d |
963485d436cc
rxrpc: Fix call RCU cleanup using non-bh-safe locks
|
INFO: task hung in aead_recvmsg
crypto
|
C |
done |
|
11991 |
1764d |
2537d
|
15/28 |
1737d |
bbefa1dd6a6d
crypto: pcrypt - Avoid deadlock by using per-instance padata queues
|
KASAN: use-after-free Read in bitmap_port_destroy
netfilter
|
C |
|
|
1 |
1768d |
1768d
|
15/28 |
1737d |
c120959387ef
netfilter: fix a use-after-free in mtype_destroy()
|
KASAN: null-ptr-deref Read in tcf_generic_walker
net
|
C |
done |
|
6 |
1741d |
1759d
|
15/28 |
1737d |
760d228e322e
net_sched: walk through all child classes in tc_bind_tclass()
|
WARNING: refcount bug in chrdev_open
fs
|
C |
inconclusive |
done |
15 |
1817d |
1919d
|
15/28 |
1737d |
68faa679b8be
chardev: Avoid potential use-after-free in 'chrdev_open()'
|
KMSAN: uninit-value in dvb_usb_adapter_dvb_init
media
|
|
|
|
1 |
1847d |
1839d
|
15/28 |
1737d |
26cff637121d
media: vp7045: do not read uninitialized values if usb transfer fails
|
INFO: task hung in __generic_file_fsync (2)
fs
mm
|
C |
done |
done |
28 |
1784d |
1785d
|
15/28 |
1737d |
85a8ce62c2ea
block: add bio_truncate to fix guard_bio_eod
|
WARNING in tcp_enter_loss (2)
net
|
C |
done |
unreliable |
4 |
2395d |
2445d
|
15/28 |
1737d |
16ae6aa17052
tcp: ignore Fast Open on repair mode
|
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked (2)
media
|
C |
inconclusive |
done |
916 |
1997d |
2198d
|
15/28 |
1737d |
62dcb4f41836
media: vb2: check memory model for VIDIOC_CREATE_BUFS
|
BUG: unable to handle kernel paging request in xfs_sb_quiet_read_verify
xfs
|
C |
done |
|
6 |
1798d |
1798d
|
15/28 |
1742d |
d98c9e83b5e7
kasan: fix crashes on access to memory mapped by vm_map_ram()
|
KASAN: vmalloc-out-of-bounds Write in pcpu_alloc
bpf
|
C |
done |
|
31 |
1789d |
1814d
|
15/28 |
1742d |
253a496d8e57
kasan: don't assume percpu shadow allocations will succeed
|
KASAN: use-after-free Read in iov_iter_alignment
iomap
|
C |
error |
|
3 |
1816d |
1815d
|
15/28 |
1742d |
e0ff126ee7ad
pipe: Fix bogus dereference in iov_iter_alignment()
|
memory leak in sctp_stream_init
sctp
|
C |
|
|
1 |
1803d |
1802d
|
15/28 |
1742d |
951c6db954a1
sctp: fix memleak on err handling of stream initialization
|
general protection fault in gigaset_probe
staging
usb
|
C |
|
|
6 |
1826d |
1945d
|
15/28 |
1742d |
53f35a39c386
staging: gigaset: fix general protection fault on probe
|
KASAN: use-after-free Read in ext4_xattr_set_entry (2)
ext4
|
C |
done |
|
19 |
1801d |
2210d
|
15/28 |
1742d |
9803387c55f7
ext4: validate the debug_want_extra_isize mount option at parse time
|
KMSAN: uninit-value in __crc32c_le_base
crypto
|
syz |
|
|
567 |
1778d |
1824d
|
15/28 |
1742d |
b6f3320b1d52
sctp: fully initialize v4 addr in some functions
|
unregister_netdevice: waiting for DEV to become free (2)
|
C |
done |
|
385621 |
1742d |
2289d
|
15/28 |
1742d |
ddd9b5e3e765
net-sysfs: Call dev_hold always in rx_queue_add_kobject
|
KMSAN: uninit-value in br_nf_forward_arp (3)
bridge
netfilter
|
|
|
|
2 |
1818d |
1810d
|
15/28 |
1742d |
5604285839aa
net-backports: netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
|
KCSAN: data-race in taskstats_exit / taskstats_exit
kernel
|
|
|
|
157 |
1742d |
1874d
|
15/28 |
1742d |
0b8d616fb5a8
taskstats: fix data-race
|
WARNING in azx_rirb_get_response
sound
|
|
|
|
4 |
1799d |
1801d
|
15/28 |
1742d |
475feec0c41a
ALSA: hda - Downgrade error message for single-cmd fallback
|
INFO: task hung in sync_inodes_sb (3)
fs
mm
|
C |
done |
|
6 |
1782d |
1791d
|
15/28 |
1742d |
85a8ce62c2ea
block: add bio_truncate to fix guard_bio_eod
|
linux-next boot error: general protection fault in do_mount_root
kernel
|
|
|
|
9 |
1801d |
1801d
|
15/28 |
1742d |
7de7de7ca0ae
Fix root mounting with no mount options
|
upstream boot error: general protection fault in do_mount_root
kernel
|
|
|
|
12 |
1801d |
1801d
|
15/28 |
1742d |
7de7de7ca0ae
Fix root mounting with no mount options
|
KMSAN: uninit-value in bond_neigh_setup
net
|
|
|
|
64 |
1786d |
1810d
|
15/28 |
1742d |
f394722fb0d0
net-backports: neighbour: remove neigh_cleanup() method
|
KASAN: use-after-free Read in tomoyo_realpath_from_path
tomoyo
|
syz |
error |
error |
7 |
1802d |
1995d
|
15/28 |
1742d |
6f7c41374b62
tomoyo: Don't use nifty names on sockets.
|
KASAN: slab-out-of-bounds Read in hsr_debugfs_rename
net
|
C |
done |
|
18 |
1780d |
1790d
|
15/28 |
1742d |
04b69426d846
hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename()
|
general protection fault in j1939_sk_bind
|
syz |
done |
done |
22 |
1816d |
1843d
|
15/28 |
1742d |
00d4e14d2e4c
can: j1939: j1939_sk_bind(): take priv after lock is held
|
BUG: unable to handle kernel paging request in pcpu_alloc
bpf
|
C |
done |
|
24 |
1795d |
1813d
|
15/28 |
1742d |
253a496d8e57
kasan: don't assume percpu shadow allocations will succeed
|
general protection fault in sctp_stream_free (2)
sctp
|
C |
done |
|
25 |
1787d |
1798d
|
15/28 |
1742d |
61d5d4062876
sctp: fix err handling of stream initialization
|
inconsistent lock state in sp_get
ppp
|
C |
done |
|
2 |
1805d |
1805d
|
15/28 |
1742d |
5c9934b6767b
6pack,mkiss: fix possible deadlock
|
general protection fault in j1939_jsk_del (2)
can
|
syz |
|
|
21 |
1801d |
1817d
|
15/28 |
1742d |
00d4e14d2e4c
can: j1939: j1939_sk_bind(): take priv after lock is held
|
KASAN: vmalloc-out-of-bounds Read in compat_copy_entries
netfilter
bridge
|
C |
done |
|
3 |
1803d |
1803d
|
15/28 |
1742d |
e608f631f0ba
netfilter: ebtables: compat: reject all padding in matches/watchers
|
WARNING in ovl_rename
overlayfs
|
C |
done |
done |
5 |
2034d |
2030d
|
15/28 |
1742d |
6889ee5a53b8
ovl: relax WARN_ON() on rename to self
|
possible deadlock in mon_bin_vma_fault
|
C |
done |
|
11427 |
1803d |
2270d
|
15/28 |
1742d |
19e6317d24c2
usb: mon: Fix a deadlock in usbmon between mmap and read
|
WARNING: refcount bug in smc_release (2)
net
s390
|
C |
done |
|
9 |
1799d |
1822d
|
15/28 |
1742d |
86434744fedf
net/smc: add fallback check to connect()
|
BUG: corrupted list in hsr_add_node
net
|
|
|
|
1 |
1844d |
1842d
|
15/28 |
1742d |
92a35678ec07
hsr: fix a race condition in node list insertion and deletion
|
BUG: Bad rss-counter state (3)
|
C |
unreliable |
done |
438 |
1941d |
2407d
|
15/28 |
1755d |
173d9d9fd3dd
mm/huge_memory: splitting set mapping+index before unfreeze
|
possible deadlock in flush_workqueue (2)
|
C |
done |
done |
256 |
1790d |
2223d
|
15/28 |
1755d |
e7c58097793e
hugetlbfs: revert "Use i_mmap_rwsem to fix page fault/truncate race"
|
KASAN: slab-out-of-bounds Read in build_audio_procunit (2)
sound
usb
|
C |
|
|
1 |
1841d |
1840d
|
15/28 |
1763d |
976a68f06b2e
ALSA: usb-audio: Fix incorrect size check for processing/extension units
|
KASAN: use-after-free Read in j1939_xtp_rx_abort_one
can
|
C |
done |
done |
11 |
1835d |
1843d
|
15/28 |
1768d |
ddeeb7d4822e
can: j1939: j1939_can_recv(): add priv refcounting
|
memory leak in fdb_create (2)
bridge
|
C |
|
|
1 |
1815d |
1815d
|
15/28 |
1779d |
c4b4c421857d
net: bridge: deny dev_set_mac_address() when unregistering
|
KMSAN: uninit-value in __request_module (2)
kernel
|
|
|
|
3 |
1798d |
1810d
|
15/28 |
1779d |
2dd5616ecdce
net-backports: net_sched: validate TCA_KIND attribute in tc_chain_tmplt_add()
|
KASAN: vmalloc-out-of-bounds Write in kvm_dev_ioctl_get_cpuid
kvm
|
C |
|
|
41 |
1813d |
1814d
|
15/28 |
1779d |
433f4ba19041
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
|
kernel BUG at include/linux/mm.h:LINE! (5)
net
|
C |
done |
done |
129 |
2018d |
2088d
|
15/28 |
1779d |
9354544cbccf
net/tls: fix page double free on TX cleanup
|
KASAN: use-after-free Read in __queue_work (2)
|
C |
done |
done |
577 |
1973d |
2327d
|
15/28 |
1779d |
430ac66eb4c5
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
|
KASAN: slab-out-of-bounds Read in bpf_prog_create
bpf
net
|
C |
done |
|
447 |
1809d |
1891d
|
15/28 |
1779d |
0033b34a03ec
ppp: fix out-of-bounds access in bpf_prog_create()
|
memory leak in register_netdevice
net
|
C |
|
|
19 |
1810d |
1815d
|
15/28 |
1779d |
42c17fa69f98
net: fix a leak in register_netdevice()
|
KASAN: slab-out-of-bounds Read in vcs_scr_readw
serial
|
C |
done |
done |
16 |
1813d |
1814d
|
15/28 |
1779d |
0c9acb1af77a
vcs: prevent write access to vcsu devices
|
kernel BUG at fs/pipe.c:LINE!
fs
|
C |
done |
|
693 |
1809d |
1815d
|
15/28 |
1779d |
8c7b8c34ae95
pipe: Remove assertion from pipe_poll()
|
KMSAN: uninit-value in usbnet_probe
usb
|
C |
|
|
1 |
1995d |
1995d
|
15/28 |
1779d |
78226f6eaac8
net: usb: asix: init MAC address buffers
|
KMSAN: uninit-value in nf_conntrack_tcp_packet
netfilter
|
syz |
|
|
3 |
1813d |
1815d
|
15/28 |
1779d |
9424e2e7ad93
net-backports: tcp: md5: fix potential overestimation of TCP option space
|
KASAN: slab-out-of-bounds Read in linear_transfer (3)
sound
|
C |
done |
|
5 |
1812d |
1813d
|
15/28 |
1779d |
4cc8d6505ab8
ALSA: pcm: oss: Avoid potential buffer overflows
|
KCSAN: data-race in mod_timer / run_timer_softirq
net
|
|
|
|
4 |
1795d |
1861d
|
15/28 |
1779d |
56144737e673
net-backports: hrtimer: Annotate lockless access to timer->state
|
KASAN: slab-out-of-bounds Write in pipe_write
|
C |
done |
|
40 |
1810d |
1815d
|
15/28 |
1779d |
8f868d68d335
pipe: Fix missing mask update after pipe_wait()
|
WARNING in tty_set_termios
|
C |
done |
done |
1997 |
1939d |
2139d
|
15/28 |
1779d |
b36a1552d731
Bluetooth: hci_uart: check for missing tty operations
|
general protection fault in override_creds
kernel
|
C |
done |
|
6 |
1812d |
1816d
|
15/28 |
1779d |
0b8c0ec7eedc
io_uring: use current task creds instead of allocating a new one
|
WARNING in drm_mode_createblob_ioctl
dri
|
C |
done |
|
7 |
1841d |
1865d
|
15/28 |
1779d |
5bf8bec3f4ce
drm: limit to INT_MAX in create_blob ioctl
|
WARNING: refcount bug in skb_set_owner_w
net
|
C |
done |
|
2 |
1815d |
1816d
|
15/28 |
1779d |
501a90c94510
net-backports: inet: protect against too small mtu values.
|
KASAN: use-after-free Read in xlog_alloc_log (2)
xfs
|
|
|
|
55 |
1810d |
1817d
|
15/28 |
1779d |
798a9cada469
xfs: fix mount failure crash on invalid iclog memory access
|
KMSAN: use-after-free in netlink_recvmsg
net
|
C |
|
|
1 |
1835d |
1835d
|
15/28 |
1805d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
KMSAN: use-after-free in kfree_skb
bluetooth
|
syz |
|
|
34 |
1822d |
1870d
|
15/28 |
1805d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
general protection fault in io_commit_cqring
fs
|
C |
done |
|
3 |
1834d |
1834d
|
15/28 |
1805d |
15dff286d0e0
io_uring: check for validity of ->rings in teardown
|
general protection fault in ext4_writepages
ext4
|
C |
done |
|
18 |
1828d |
1837d
|
15/28 |
1805d |
4d06bfb97ecb
ext4: Add error handling for io_end_vec struct allocation
|
KMSAN: use-after-free in __skb_try_recv_from_queue
net
|
C |
|
|
4 |
1833d |
1857d
|
15/28 |
1805d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
general protection fault in ip_sublist_rcv
net
|
C |
done |
|
287 |
1848d |
1857d
|
15/28 |
1805d |
51210ad5a558
inet: do not call sublist_rcv on empty list
|
kernel BUG at include/linux/scatterlist.h:LINE!
net
|
C |
done |
|
307 |
1815d |
2009d
|
15/28 |
1805d |
d10523d0b3d7
net/tls: free the record on encryption error
|
KASAN: use-after-free Read in snd_timer_open
sound
|
C |
done |
|
87 |
1835d |
1836d
|
15/28 |
1805d |
0c4f09ceec3d
ALSA: timer: Fix the breakage of slave link open
|
linux-next boot error: general protection fault in __x64_sys_settimeofday
kernel
|
|
|
|
6 |
1833d |
1833d
|
15/28 |
1805d |
5e0fb1b57bea
y2038: time: avoid timespec usage in settimeofday()
|
INFO: task hung in io_wq_destroy
fs
|
C |
done |
|
20 |
1819d |
1850d
|
15/28 |
1805d |
b60fda6000a9
io-wq: wait for io_wq_create() to setup necessary workers
|
INFO: trying to register non-static key in io_cqring_ev_posted
fs
|
C |
done |
|
6 |
1820d |
1832d
|
15/28 |
1805d |
eb065d301e8c
io_uring: io_allocate_scq_urings() should return a sane state
|
KASAN: global-out-of-bounds Write in kbd_event
serial
input
usb
|
C |
|
|
6 |
1819d |
1841d
|
15/28 |
1805d |
b2b2dd71e085
tty: vt: keyboard: reject invalid keycodes
|
KCSAN: data-race in __ip4_datagram_connect / raw_bind
net
|
|
|
|
1 |
1853d |
1853d
|
15/28 |
1805d |
25c7a6d1f90e
net: avoid potential false sharing in neighbor related code
|
KASAN: slab-out-of-bounds Write in __ext4_expand_extra_isize
ext4
|
|
|
|
16 |
1928d |
2270d
|
15/28 |
1805d |
4ea99936a163
ext4: add more paranoia checking in ext4_expand_extra_isize handling
|
KASAN: use-after-free Read in tipc_nl_node_dump_monitor_peer
tipc
|
C |
done |
|
3 |
1870d |
1869d
|
15/28 |
1805d |
ab5b526da048
net: genetlink: always allocate separate attrs for dumpit ops
|
KCSAN: data-race in __dev_queue_xmit / __dev_queue_xmit
net
|
|
|
|
40 |
1805d |
1855d
|
15/28 |
1805d |
90b2be27bb0e
net/sched: annotate lockless accesses to qdisc->empty
|
general protection fault in tss_update_io_bitmap
kernel
|
C |
done |
|
65 |
1821d |
1827d
|
15/28 |
1805d |
e3cb0c7102f0
x86/ioperm: Fix use of deprecated config option
|
general protection fault in ip6_sublist_rcv
net
|
C |
done |
|
327 |
1847d |
1850d
|
15/28 |
1805d |
51210ad5a558
inet: do not call sublist_rcv on empty list
|
KCSAN: data-race in inet_putpeer / inet_putpeer
net
|
|
|
|
20 |
1838d |
1855d
|
15/28 |
1805d |
71685eb4ce80
inetpeer: fix data-race in inet_putpeer / inet_putpeer
|
KASAN: use-after-free Write in __ext4_expand_extra_isize (2)
ext4
|
|
|
|
14 |
1840d |
1858d
|
15/28 |
1805d |
4ea99936a163
ext4: add more paranoia checking in ext4_expand_extra_isize handling
|
general protection fault in flexcop_usb_probe
usb
media
|
C |
|
|
403 |
1819d |
2049d
|
15/28 |
1805d |
1b976fc6d684
media: b2c2-flexcop-usb: add sanity checking
|
KCSAN: data-race in __remove_hrtimer / __tcp_ack_snd_check
kernel
|
|
|
|
4 |
1820d |
1841d
|
15/28 |
1805d |
56144737e673
hrtimer: Annotate lockless access to timer->state
|
KCSAN: data-race in eth_header_cache / neigh_resolve_output
net
|
|
|
|
1 |
1842d |
1842d
|
15/28 |
1805d |
c305c6ae79e2
net-backports: net: add annotations on hh->hh_len lockless accesses
|
KMSAN: use-after-free in sk_forced_mem_schedule
net
|
|
|
|
2 |
1828d |
1836d
|
15/28 |
1805d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
WARNING in iov_iter_pipe
fs
|
C |
done |
|
1117 |
1822d |
1840d
|
15/28 |
1805d |
419e9c38aa07
iomap: Fix pipe page leakage during splicing
|
kernel BUG at kernel/time/timer.c:LINE! (4)
media
usb
|
syz |
|
|
1 |
1875d |
1871d
|
15/28 |
1805d |
f3f5ba42c58d
media: imon: invalid dereference in imon_touch_event
|
general protection fault in devlink_get_from_attrs
net
|
C |
|
|
7 |
1872d |
1871d
|
15/28 |
1805d |
82a843de41d4
net: devlink: fix reporter dump dumpit
|
KASAN: use-after-free Read in appledisplay_bl_get_brightness
usb
|
C |
|
|
1 |
1888d |
1885d
|
15/28 |
1805d |
91feb01596e5
appledisplay: fix error handling in the scheduled work
|
general protection fault in vti6_ioctl
net
|
|
|
|
1 |
1863d |
1863d
|
15/28 |
1805d |
9077f052abd5
net: propagate errors correctly in register_netdevice()
|
INFO: trying to register non-static key in ida_destroy
usb
media
|
C |
|
|
4272 |
1818d |
1941d
|
15/28 |
1805d |
8c279e9394ca
media: uvcvideo: Fix error path in control parsing failure
|
KCSAN: data-race in tun_get_user / tun_net_get_stats64
net
|
|
|
|
1 |
1850d |
1850d
|
15/28 |
1805d |
de7d5084d827
net-backports: net: provide dev_lstats_read() helper
|
KCSAN: data-race in sk_wait_data / tcp_queue_rcv
net
|
|
|
|
4 |
1844d |
1841d
|
15/28 |
1805d |
f8cc62ca3e66
net: add a READ_ONCE() in skb_peek_tail()
|
KCSAN: data-race in __remove_hrtimer / tcp_pacing_check
kernel
|
|
|
|
1 |
1844d |
1841d
|
15/28 |
1805d |
56144737e673
hrtimer: Annotate lockless access to timer->state
|
KMSAN: use-after-free in __netif_receive_skb_core
kernel
|
|
|
|
1 |
1835d |
1835d
|
15/28 |
1805d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
KCSAN: data-race in tcp_add_backlog / tcp_recvmsg (2)
net
|
|
|
|
47 |
1805d |
1841d
|
15/28 |
1805d |
9ed498c6280a
net-backports: net: silence data-races on sk_backlog.tail
|
KCSAN: data-race in sk_wait_data / skb_queue_tail
net
|
|
|
|
3 |
1852d |
1853d
|
15/28 |
1805d |
f8cc62ca3e66
net-backports: net: add a READ_ONCE() in skb_peek_tail()
|
KMSAN: use-after-free in skb_dequeue
bluetooth
|
C |
|
|
1 |
1865d |
1865d
|
15/28 |
1805d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
KASAN: use-after-free Read in tipc_nl_publ_dump
tipc
|
C |
|
|
2 |
1872d |
1871d
|
15/28 |
1805d |
ab5b526da048
net: genetlink: always allocate separate attrs for dumpit ops
|
KCSAN: data-race in ip_finish_output2 / ip_finish_output2
netfilter
|
|
|
|
26 |
1809d |
1854d
|
15/28 |
1805d |
25c7a6d1f90e
net: avoid potential false sharing in neighbor related code
|
general protection fault in snd_usb_create_mixer
sound
usb
|
C |
|
|
1 |
1828d |
1826d
|
15/28 |
1805d |
9435f2bb6687
ALSA: usb-audio: Fix NULL dereference at parsing BADD
|
general protection fault in tipc_nl_publ_dump
tipc
|
C |
|
|
135 |
1869d |
1871d
|
15/28 |
1805d |
6ea67769ff33
net: tipc: prepare attrs in __tipc_nl_compat_dumpit()
|
KASAN: use-after-free Read in nf_ct_deliver_cached_events
netfilter
|
C |
done |
|
169 |
1850d |
1856d
|
15/28 |
1805d |
ad88b7a6aa3e
netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks
|
general protection fault in veth_get_stats64
net
|
C |
done |
|
2 |
1876d |
1876d
|
15/28 |
1805d |
9077f052abd5
net: propagate errors correctly in register_netdevice()
|
KCSAN: data-race in icmp_global_allow / icmp_global_allow
net
|
|
|
|
29 |
1805d |
1856d
|
15/28 |
1805d |
bbab7ef23503
net-backports: net: icmp: fix data-race in cmp_global_allow()
|
general protection fault in usb_set_interface
usb
|
C |
|
|
3 |
1889d |
1892d
|
15/28 |
1805d |
c7a191464078
media: usbvision: Fix invalid accesses after device disconnect
|
KCSAN: data-race in __dev_queue_xmit / pfifo_fast_dequeue
net
|
|
|
|
6 |
1818d |
1856d
|
15/28 |
1805d |
90b2be27bb0e
net/sched: annotate lockless accesses to qdisc->empty
|
KCSAN: data-race in tcp_chrono_stop / tcp_recvmsg
net
|
|
|
|
3 |
1840d |
1841d
|
15/28 |
1805d |
a5a7daa52edb
net-backports: tcp: fix data-race in tcp_recvmsg()
|
KCSAN: data-race in gro_normal_list.part.0 / napi_busy_loop
net
|
|
|
|
1 |
1838d |
1838d
|
15/28 |
1805d |
c39e342a050a
net-backports: tun: fix data-race in gro_normal_list()
|
KASAN: use-after-free Read in slip_open
net
|
C |
done |
|
3 |
1823d |
1825d
|
15/28 |
1805d |
e58c19124189
slip: Fix use-after-free Read in slip_open
|
KCSAN: data-race in fanout_demux_rollover / fanout_demux_rollover
net
|
|
|
|
1 |
1839d |
1839d
|
15/28 |
1805d |
b756ad928d98
net-backports: packet: fix data-race in fanout_flow_is_huge()
|
WARNING in __rtnl_newlink
net
|
C |
done |
|
2 |
1875d |
1875d
|
15/28 |
1805d |
9077f052abd5
net: propagate errors correctly in register_netdevice()
|
BUG: unable to handle kernel paging request in __ext4_expand_extra_isize
ext4
|
|
|
|
6 |
1877d |
1858d
|
15/28 |
1805d |
4ea99936a163
ext4: add more paranoia checking in ext4_expand_extra_isize handling
|
KASAN: use-after-free Read in shmem_fault (2)
mm
|
|
|
|
5 |
1849d |
1909d
|
15/28 |
1805d |
8897c1b1a179
shmem: pin the file in shmem_fault() if mmap_sem is dropped
|
BUG: unable to handle kernel paging request in io_wq_cancel_all
fs
|
C |
done |
|
2 |
1849d |
1849d
|
15/28 |
1805d |
975c99a57096
io_uring: io_wq_create() returns an error pointer, not NULL
|
KASAN: invalid-free in io_sqe_files_unregister
fs
|
C |
done |
|
3 |
1837d |
1837d
|
15/28 |
1805d |
46568e9be70f
io_uring: fix error clear of ->file_table in io_sqe_files_register()
|
KASAN: invalid-free in skb_free_head
bluetooth
|
C |
done |
|
1 |
1846d |
1846d
|
15/28 |
1805d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
general protection fault in ovs_vport_add
openvswitch
|
C |
done |
|
5 |
1867d |
1875d
|
15/28 |
1805d |
9077f052abd5
net: propagate errors correctly in register_netdevice()
|
KASAN: use-after-free Read in nl8NUM_dump_wpan_phy
wpan
|
C |
done |
|
6 |
1869d |
1871d
|
15/28 |
1805d |
ab5b526da048
net: genetlink: always allocate separate attrs for dumpit ops
|
KASAN: use-after-free Read in tipc_udp_nl_dump_remoteip
tipc
|
C |
done |
|
3 |
1870d |
1871d
|
15/28 |
1805d |
ab5b526da048
net: genetlink: always allocate separate attrs for dumpit ops
|
KASAN: use-after-free Read in __cfg8NUM_wpan_dev_from_attrs
wpan
|
C |
done |
|
3 |
1872d |
1871d
|
15/28 |
1805d |
ab5b526da048
net: genetlink: always allocate separate attrs for dumpit ops
|
WARNING: ODEBUG bug in free_netdev
net
|
C |
done |
|
2 |
1874d |
1874d
|
15/28 |
1805d |
11fc7d5a0a2d
tun: fix memory leak in error path
|
KCSAN: data-race in sctp_assoc_migrate / sctp_hash_obj
sctp
|
|
|
|
12 |
1813d |
1840d
|
15/28 |
1805d |
312434617cb1
sctp: cache netns in sctp_ep_common
|
general protection fault in ip6_tnl_ioctl
net
|
C |
done |
|
7 |
1864d |
1875d
|
15/28 |
1805d |
9077f052abd5
net: propagate errors correctly in register_netdevice()
|
KCSAN: data-race in __dev_queue_xmit / net_tx_action
net
|
|
|
|
1 |
1839d |
1839d
|
15/28 |
1805d |
90b2be27bb0e
net/sched: annotate lockless accesses to qdisc->empty
|
KMSAN: use-after-free in copyout
net
|
C |
|
|
1 |
1870d |
1870d
|
15/28 |
1805d |
cf94da6f502d
Bluetooth: Fix invalid-free in bcsp_close()
|
general protection fault in virtio_transport_release
net
|
C |
done |
|
7 |
1827d |
1828d
|
15/28 |
1805d |
039fcccaed33
vsock: avoid to assign transport if its initialization fails
|
BUG: workqueue lockup (4)
block
|
C |
|
|
47 |
1830d |
2236d
|
15/28 |
1805d |
7e7c005b4b1f
rtc: disable uie before setting time and enable after
|
WARNING in port100_send_cmd_async/usb_submit_urb
usb
nfc
|
C |
|
|
83 |
1820d |
1960d
|
15/28 |
1807d |
5f9f0b11f081
nfc: port100: handle command failure cleanly
|
general protection fault in kvm_coalesced_mmio_init
kvm
|
syz |
done |
|
48 |
1834d |
1843d
|
14/28 |
1818d |
8a44119a98be
KVM: Fix NULL-ptr deref after kvm_create_vm fails
|
general protection fault in j1939_netdev_notify
can
|
syz |
done |
|
11 |
1831d |
1843d
|
14/28 |
1818d |
c48c8c1e2e81
can: j1939: main: j1939_ndev_to_priv(): avoid crash if can_ml_priv is NULL
|
KASAN: use-after-free Read in j1939_sk_recv
can
|
C |
done |
|
2 |
1837d |
1837d
|
14/28 |
1818d |
ddeeb7d4822e
can: j1939: j1939_can_recv(): add priv refcounting
|
KASAN: use-after-free Read in j1939_session_deactivate
can
|
syz |
done |
|
1 |
1839d |
1839d
|
14/28 |
1818d |
ddeeb7d4822e
can: j1939: j1939_can_recv(): add priv refcounting
|
WARNING in smc_unhash_sk (3)
net
s390
|
C |
done |
|
362 |
1822d |
1911d
|
14/28 |
1818d |
8204df72bea1
net/smc: fix fastopen for non-blocking connect()
|
KASAN: use-after-free Read in do_mount
fs
|
syz |
done |
|
6 |
1863d |
1871d
|
14/28 |
1818d |
0ecee6699064
fs/namespace.c: fix use-after-free of mount in mnt_warn_timestamp_expiry()
|
general protection fault in j1939_jsk_del
|
syz |
done |
|
132 |
1819d |
1843d
|
14/28 |
1818d |
fd81ebfe7975
can: j1939: socket: rework socket locking for j1939_sk_release() and j1939_sk_sendmsg()
|
memory leak in smc_create
net
s390
|
C |
|
|
19 |
1831d |
1844d
|
14/28 |
1818d |
6d6dd528d5af
net/smc: fix refcount non-blocking connect() -part 2
|
KASAN: use-after-free Read in j1939_session_get_by_addr_locked
can
|
C |
done |
|
1 |
1837d |
1837d
|
14/28 |
1818d |
ddeeb7d4822e
can: j1939: j1939_can_recv(): add priv refcounting
|
INFO: task hung in synchronize_rcu
|
syz |
done |
|
1206 |
1818d |
1844d
|
14/28 |
1818d |
8a44119a98be
KVM: Fix NULL-ptr deref after kvm_create_vm fails
|
KMSAN: uninit-value in ax88172a_bind
usb
|
C |
|
|
5 |
1850d |
1864d
|
14/28 |
1818d |
a9a51bd727d1
ax88172a: fix information leak on short answers
|
KMSAN: uninit-value in gf128mul_4k_lle (3)
crypto
|
C |
|
|
2958 |
1824d |
2189d
|
14/28 |
1818d |
683916f6a840
net/tls: fix sk_msg trim on fallback to copy mode
|
KMSAN: uninit-value in aesti_encrypt
crypto
|
C |
|
|
54 |
1872d |
1973d
|
14/28 |
1818d |
683916f6a840
net/tls: fix sk_msg trim on fallback to copy mode
|
WARNING: suspicious RCU usage in kvm_dev_ioctl
|
C |
done |
|
333 |
1834d |
1845d
|
14/28 |
1818d |
e2d3fcaf939d
KVM: fix placement of refcount initialization
|
KMSAN: use-after-free in build_audio_procunit
usb
sound
|
C |
|
|
2 |
1856d |
1856d
|
14/28 |
1818d |
976a68f06b2e
ALSA: usb-audio: Fix incorrect size check for processing/extension units
|
WARNING: refcount bug in j1939_netdev_start
can
|
syz |
done |
|
6 |
1820d |
1842d
|
14/28 |
1818d |
fd81ebfe7975
can: j1939: socket: rework socket locking for j1939_sk_release() and j1939_sk_sendmsg()
|
KMSAN: uninit-value in get_min_max_with_quirks
sound
usb
|
C |
|
|
11 |
1851d |
1839d
|
14/28 |
1818d |
167beb175679
ALSA: usb-audio: Fix missing error check at mixer resolution test
|
WARNING: ODEBUG bug in input_ff_destroy
usb
input
|
C |
|
|
6 |
1827d |
1834d
|
14/28 |
1818d |
fa3a5a1880c9
Input: ff-memless - kill timer in destroy()
|
general protection fault in memcg_flush_percpu_vmstats
cgroups
mm
|
C |
error |
|
19 |
1847d |
1911d
|
14/28 |
1818d |
7961eee39784
mm: memcontrol: fix NULL-ptr deref in percpu stats flush
|
KCSAN: data-race in neigh_resolve_output / neigh_resolve_output
net
|
|
|
|
4 |
1840d |
1854d
|
14/28 |
1818d |
1b53d64435d5
net-backports: net: fix data-race in neigh_event_send()
|
KCSAN: data-race in find_match / find_match
net
|
|
|
|
2 |
1841d |
1844d
|
14/28 |
1818d |
1bef4c223b85
net-backports: ipv6: fixes rt6_probe() and fib6_nh->last_probe init
|
INFO: task hung in mpage_prepare_extent_to_map
|
syz |
done |
|
18606 |
1842d |
1850d
|
14/28 |
1818d |
4655e5e5f387
mm,thp: recheck each page before collapsing file THP
|
KMSAN: uninit-value in cdc_ncm_set_dgram_size
usb
|
C |
|
|
4 |
1849d |
1848d
|
14/28 |
1818d |
332f989a3b00
CDC-NCM: handle incomplete transfer of MTU
|
KASAN: use-after-free Read in mcba_usb_disconnect
can
usb
|
C |
|
|
2 |
1845d |
1878d
|
14/28 |
1818d |
4d6636498c41
can: mcba_usb: fix use-after-free on disconnect
|
KMSAN: kernel-usb-infoleak in pcan_usb_wait_rsp
usb
|
C |
|
|
2 |
1862d |
1862d
|
14/28 |
1818d |
f7a1337f0d29
can: peak_usb: fix slab info leak
|
KASAN: invalid-free in rsi_91x_deinit
usb
wireless
|
C |
|
|
109 |
1891d |
2038d
|
13/28 |
1819d |
8b51dc729147
rsi: fix a double free bug in rsi_91x_deinit()
|
WARNING in generic_make_request_checks
|
C |
done |
|
7760 |
1819d |
2296d
|
13/28 |
1819d |
8b2ded1c94c0
block: don't warn when doing fsync on read-only devices
|
BUG: spinlock recursion in release_sock
net
|
C |
done |
|
116 |
1945d |
1946d
|
13/28 |
1820d |
5d92e631b8be
net/tls: partially revert fix transition through disconnect with close
|
KMSAN: use-after-free in adu_disconnect
usb
|
C |
|
|
16 |
1864d |
1870d
|
13/28 |
1821d |
44efc269db79
USB: adutux: fix use-after-free on disconnect
|
KMSAN: use-after-free in mutex_spin_on_owner
usb
|
C |
|
|
1 |
1869d |
1869d
|
13/28 |
1821d |
edc4746f253d
USB: iowarrior: fix use-after-free on disconnect
|
KMSAN: use-after-free in iowarrior_disconnect
usb
|
C |
|
|
21 |
1864d |
1870d
|
13/28 |
1821d |
edc4746f253d
USB: iowarrior: fix use-after-free on disconnect
|
KMSAN: use-after-free in usb_autopm_put_interface
usb
|
C |
|
|
63 |
1850d |
1864d
|
13/28 |
1821d |
7a7591979748
USB: usblp: fix use-after-free on disconnect
|
KMSAN: use-after-free in __pm_runtime_resume
usb
|
|
|
|
1 |
1870d |
1870d
|
13/28 |
1821d |
5f9242775bb6
HID: logitech: Fix general protection fault caused by Logitech driver
|
KMSAN: use-after-free in hidraw_ioctl
fs
|
|
|
|
1 |
1870d |
1870d
|
13/28 |
1821d |
416dacb819f5
HID: hidraw: Fix invalid read in hidraw_ioctl
|
KMSAN: use-after-free in rxrpc_put_peer
afs
net
|
|
|
|
1 |
1861d |
1861d
|
13/28 |
1821d |
91fcfbe8852e
rxrpc: Fix call crypto state cleanup
|
KMSAN: uninit-value in lg4ff_set_autocenter_default
input
usb
|
C |
|
|
1 |
1851d |
1850d
|
13/28 |
1821d |
d9d4b1e46d95
HID: Fix assumption that devices have inputs
|
WARNING in sk_stream_kill_queues (3)
net
|
C |
done |
|
622 |
1992d |
2351d
|
13/28 |
1821d |
9354544cbccf
net/tls: fix page double free on TX cleanup
|
KCSAN: data-race in udp_set_dev_scratch / udpv6_recvmsg
net
|
|
|
|
5 |
1844d |
1855d
|
13/28 |
1825d |
a793183caa9a
udp: fix data-race in udp_set_dev_scratch()
|
KCSAN: data-race in __skb_wait_for_more_packets / skb_queue_tail
net
|
|
|
|
1 |
1848d |
1848d
|
13/28 |
1825d |
7c422d0ce975
net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
|
KASAN: use-after-free Read in batadv_iv_ogm_queue_add
batman
|
|
|
|
3 |
1847d |
1878d
|
13/28 |
1825d |
40e220b4218b
batman-adv: Avoid free/alloc race when handling OGM buffer
|
WARNING: refcount bug in smc_release
net
s390
|
C |
done |
|
8 |
1831d |
1855d
|
13/28 |
1825d |
301428ea3708
net/smc: fix refcounting for non-blocking connect()
|
INFO: trying to register non-static key in bond_3ad_update_lacp_rate
net
|
C |
done |
|
26 |
1848d |
1850d
|
13/28 |
1825d |
ad9bd8daf2f9
bonding: fix using uninitialized mode_lock
|
KCSAN: data-race in datagram_poll / skb_queue_tail
net
|
|
|
|
5 |
1843d |
1853d
|
13/28 |
1825d |
3ef7cf57c72f
net-backports: net: use skb_queue_empty_lockless() in poll() handlers
|
general protection fault in process_one_work
net
|
|
|
|
2 |
1849d |
1849d
|
13/28 |
1825d |
6d6f0383b697
netdevsim: Fix use-after-free during device dismantle
|
KASAN: use-after-free Read in fuse_request_end
fuse
|
syz |
done |
|
6 |
1855d |
1860d
|
13/28 |
1825d |
2b319d1f6f92
fuse: don't dereference req->args on finished request
|
KCSAN: data-race in udp6_lib_lookup2 / udpv6_queue_rcv_one_skb
net
|
|
|
|
1 |
1854d |
1854d
|
13/28 |
1825d |
7170a977743b
net: annotate accesses to sk->sk_incoming_cpu
|
KCSAN: data-race in tcp_v4_rcv / tcp_v4_rcv
net
|
|
|
|
4 |
1844d |
1848d
|
13/28 |
1825d |
7170a977743b
net-backports: net: annotate accesses to sk->sk_incoming_cpu
|
memory leak in internal_dev_create
openvswitch
|
C |
|
|
88 |
1847d |
1933d
|
13/28 |
1825d |
9464cc37f367
net: openvswitch: free vport unless register_netdevice() succeeds
|
divide error in dummy_timer
usb
|
C |
|
|
3 |
1849d |
1854d
|
13/28 |
1825d |
54f83b8c8ea9
USB: gadget: Reject endpoints with 0 maxpacket value
|
KCSAN: data-race in __skb_recv_udp / __udp_enqueue_schedule_skb
net
|
|
|
|
7 |
1843d |
1855d
|
13/28 |
1825d |
137a0dbe3426
net-backports: udp: use skb_queue_empty_lockless()
|
KCSAN: data-race in first_packet_length / udp_poll
net
|
|
|
|
2 |
1847d |
1853d
|
13/28 |
1825d |
137a0dbe3426
net-backports: udp: use skb_queue_empty_lockless()
|
memory leak in copy_net_ns
|
C |
done |
|
422 |
1846d |
1884d
|
13/28 |
1825d |
82ecff655e79
keys: Fix memory leak in copy_net_ns
|
KCSAN: data-race in update_defense_level / update_defense_level (2)
lvs
|
|
|
|
20 |
1843d |
1855d
|
13/28 |
1825d |
c24b75e0f923
ipvs: move old_secure_tcp into struct netns_ipvs
|
INFO: trying to register non-static key in bond_3ad_update_ad_actor_settings
net
|
C |
done |
|
69 |
1847d |
1850d
|
13/28 |
1825d |
ad9bd8daf2f9
bonding: fix using uninitialized mode_lock
|
KASAN: use-after-free Read in bpf_prog_kallsyms_find (2)
bpf
|
C |
done |
|
9 |
1854d |
1865d
|
13/28 |
1825d |
cd7455f1013e
bpf: Fix use after free in subprog's jited symbol removal
|
KASAN: use-after-free Read in is_bpf_text_address
bpf
|
C |
done |
|
3 |
1855d |
1856d
|
13/28 |
1825d |
cd7455f1013e
bpf: Fix use after free in subprog's jited symbol removal
|
KCSAN: data-race in __skb_wait_for_more_packets / __sock_queue_rcv_skb
net
|
|
|
|
10 |
1844d |
1854d
|
13/28 |
1825d |
7c422d0ce975
net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
|
KASAN: use-after-free Read in io_uring_setup
fs
|
syz |
error |
|
1 |
1851d |
1850d
|
13/28 |
1825d |
044c1ab399af
io_uring: don't touch ctx in setup after ring fd install
|
KCSAN: data-race in udpv6_queue_rcv_one_skb / udpv6_queue_rcv_one_skb
net
|
|
|
|
1 |
1851d |
1850d
|
13/28 |
1825d |
ee8d153d46a3
net-backports: net: annotate lockless accesses to sk->sk_napi_id
|
BUG: unable to handle kernel paging request in is_bpf_text_address
bpf
|
C |
done |
|
2 |
1861d |
1861d
|
13/28 |
1825d |
cd7455f1013e
bpf: Fix use after free in subprog's jited symbol removal
|
INFO: task hung in ld_usb_write
usb
|
C |
|
|
831 |
1843d |
1856d
|
13/28 |
1825d |
52403cfbc635
USB: ldusb: fix control-message timeout
|
KCSAN: data-race in __skb_recv_udp / datagram_poll
net
|
|
|
|
1 |
1844d |
1844d
|
13/28 |
1825d |
3f926af3f4d6
net: use skb_queue_empty_lockless() in busy poll contexts
|
KCSAN: data-race in __skb_wait_for_more_packets / __udp_enqueue_schedule_skb
net
|
|
|
|
2 |
1848d |
1855d
|
13/28 |
1825d |
7c422d0ce975
net-backports: net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
|
general protection fault in kernfs_add_one
|
C |
done |
|
98 |
1934d |
2257d
|
13/28 |
1825d |
ac43432cb1f5
driver core: Fix use-after-free and double free on glue directory
|
KASAN: use-after-free Read in ep_scan_ready_list
fs
|
C |
|
done |
39 |
2289d |
2324d
|
13/28 |
1827d |
430ac66eb4c5
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
|
KASAN: use-after-free Read in iowarrior_disconnect
usb
|
C |
|
|
3056 |
1864d |
1920d
|
13/28 |
1827d |
edc4746f253d
USB: iowarrior: fix use-after-free on disconnect
|
WARNING in kernfs_get
|
C |
done |
|
316 |
1935d |
2263d
|
13/28 |
1827d |
ac43432cb1f5
driver core: Fix use-after-free and double free on glue directory
|
KASAN: use-after-free Read in __schedule (2)
kvm
|
C |
|
done |
961 |
2084d |
2302d
|
13/28 |
1827d |
26b471c7e2f7
KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs
|
divide error in usbtmc_generic_read
usb
|
C |
|
|
2 |
1926d |
1925d
|
13/28 |
1827d |
de7b9aa633b6
usbtmc: more sanity checking for packet size
|
KASAN: use-after-free Read in p9_fd_poll
v9fs
|
C |
|
done |
8 |
2292d |
2324d
|
13/28 |
1827d |
430ac66eb4c5
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
|
KASAN: use-after-free Read in vhci_hub_control
usb
|
C |
|
done |
41 |
2225d |
2270d
|
13/28 |
1827d |
81f7567c51ad
usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
|
INFO: task hung in vivid_stop_generating_vid_cap
|
C |
done |
done |
81 |
2211d |
2214d
|
13/28 |
1836d |
d65842f7126a
media: vb2: add waiting_in_dqbuf flag
|
WARNING in event_function_local
perf
|
C |
|
unreliable |
15451 |
2233d |
2489d
|
13/28 |
1836d |
214ff83d4473
KVM: x86: hyperv: implement PV IPI send hypercalls
|
BUG: MAX_LOCK_DEPTH too low! (2)
net
|
C |
|
done |
5 |
2323d |
2353d
|
13/28 |
1836d |
bab2c80e5a6c
nsh: set mac len based on inner packet
|
inconsistent lock state in ila_xlat_nl_cmd_del_mapping
net
|
C |
|
unreliable |
2496 |
2285d |
2291d
|
13/28 |
1836d |
7494de0454af
mfd: da9063: Replace regmap_add_irq_chip with devm counterpart
|
INFO: task hung in fuse_reverse_inval_entry
fuse
|
C |
|
done |
23 |
2300d |
2312d
|
13/28 |
1836d |
c59fd85e4fd0
fuse: change interrupt requests allocation algorithm
|
BUG: corrupted list in p9_conn_cancel
v9fs
|
C |
|
done |
18 |
2226d |
2326d
|
13/28 |
1836d |
9f476d7c540c
net/9p/trans_fd.c: fix race by holding the lock
|
general protection fault in p9_conn_cancel
v9fs
|
C |
|
done |
2 |
2306d |
2324d
|
13/28 |
1836d |
9f476d7c540c
net/9p/trans_fd.c: fix race by holding the lock
|
WARNING: ODEBUG bug in p9_fd_close
v9fs
|
C |
|
done |
82 |
2287d |
2327d
|
13/28 |
1836d |
430ac66eb4c5
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
|
general protection fault in vb2_mmap
media
|
C |
inconclusive |
done |
21 |
2157d |
2202d
|
13/28 |
1836d |
cd26d1c4d1bc
media: vb2: vb2_mmap: move lock up
|
KASAN: stack-out-of-bounds Read in xfrm_state_find (5)
net
|
C |
|
done |
654 |
2122d |
2425d
|
13/28 |
1836d |
32bf94fb5c2e
xfrm: validate template mode
|
KASAN: slab-out-of-bounds Write in end_requests
fuse
|
C |
|
done |
2 |
2301d |
2305d
|
13/28 |
1836d |
45ff350bbd9d
fuse: fix unlocked access to processing queue
|
KASAN: use-after-free Read in uprobe_perf_close
trace
|
C |
|
done |
54 |
2105d |
2424d
|
13/28 |
1836d |
621b6d2ea297
perf/core: Fix use-after-free in uprobe_perf_close()
|
KASAN: use-after-free Read in _decode_session4
net
|
C |
|
done |
3 |
2427d |
2427d
|
13/28 |
1836d |
c6741fbed6dc
vti6: Properly adjust vti6 MTU from MTU of lower device
|
general protection fault in tcp_cleanup_ulp
net
|
syz |
done |
done |
6 |
2252d |
2267d
|
13/28 |
1836d |
5607fff30363
bpf: sockmap only allow ESTABLISHED sock state
|
WARNING in request_end
fuse
|
C |
done |
done |
14 |
2212d |
2249d
|
13/28 |
1836d |
4c316f2f3ff3
fuse: set FR_SENT while locked
|
WARNING in dma_buf_vunmap
dri
media
|
C |
done |
done |
17 |
2162d |
2200d
|
13/28 |
1836d |
62dcb4f41836
media: vb2: check memory model for VIDIOC_CREATE_BUFS
|
BUG: corrupted list in p9_write_work
v9fs
|
C |
|
done |
5 |
2249d |
2294d
|
13/28 |
1836d |
728356dedeff
9p: Add refcount to p9_req_t
|
KASAN: use-after-free Read in tick_sched_handle (3)
kernel
|
C |
|
done |
12 |
2138d |
2193d
|
13/28 |
1838d |
bc6e019b6ee6
fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
|
general protection fault in qca_setup
bluetooth
|
C |
done |
done |
6 |
2109d |
2109d
|
13/28 |
1838d |
b36a1552d731
Bluetooth: hci_uart: check for missing tty operations
|
general protection fault in tcp_splice_read
net
|
C |
done |
done |
23 |
2053d |
2162d
|
13/28 |
1838d |
07603b230895
net/smc: propagate file from SMC to TCP socket
|
KASAN: use-after-free Read in crypto_gcm_init_common
crypto
|
C |
done |
done |
14 |
2141d |
2206d
|
13/28 |
1839d |
9354544cbccf
net/tls: fix page double free on TX cleanup
|
KASAN: slab-out-of-bounds Read in find_first_zero_bit
bfs
|
C |
|
done |
1 |
2426d |
2426d
|
13/28 |
1839d |
d18771558910
bfs: extra sanity checking and static inode bitmap
|
kernel BUG at net/ipv4/ip_output.c:LINE!
net
|
C |
|
done |
28225 |
2131d |
2322d
|
13/28 |
1839d |
e7c87bd6cc4e
bpf: in __bpf_redirect_no_mac pull mac only if present
|
general protection fault in put_pid
kernel
|
syz |
done |
done |
3 |
2161d |
2171d
|
13/28 |
1839d |
a8e911d13540
x86_64: increase stack size for KASAN_EXTRA
|
suspicious RCU usage at ./include/net/inet_sock.h:LINE
net
|
C |
|
done |
171 |
2482d |
2572d
|
13/28 |
1839d |
3f32d0be6c16
tipc: lock wakeup & inputq at tipc_link_reset()
|
KASAN: use-after-free Read in _decode_session6
net
|
C |
|
done |
4 |
2199d |
2267d
|
13/28 |
1840d |
e7c87bd6cc4e
bpf: in __bpf_redirect_no_mac pull mac only if present
|
general protection fault in propagate_entity_cfs_rq
kernel
|
C |
|
done |
1 |
2323d |
2323d
|
13/28 |
1840d |
bab2c80e5a6c
nsh: set mac len based on inner packet
|
KASAN: use-after-free Write in __vb2_cleanup_fileio
media
|
C |
done |
inconclusive |
2 |
2211d |
2214d
|
13/28 |
1840d |
d65842f7126a
media: vb2: add waiting_in_dqbuf flag
|
KCSAN: data-race in sk_stream_wait_memory / tcp_shifted_skb
net
|
|
|
|
1 |
1853d |
1841d
|
13/28 |
1841d |
ab4e846a82d0
tcp: annotate sk->sk_wmem_queued lockless reads
|
KCSAN: data-race in sk_stream_wait_memory / tcp_fragment
net
|
|
|
|
1 |
1844d |
1841d
|
13/28 |
1841d |
ab4e846a82d0
tcp: annotate sk->sk_wmem_queued lockless reads
|
KCSAN: data-race in tcp_sendmsg_locked / tcp_stream_memory_free
net
|
|
|
|
2 |
1852d |
1841d
|
13/28 |
1841d |
0f31746452e6
tcp: annotate tp->write_seq lockless reads
|
KCSAN: data-race in tcp_event_new_data_sent / tcp_stream_memory_free
net
|
|
|
|
3 |
1845d |
1841d
|
13/28 |
1841d |
e0d694d638db
tcp: annotate tp->snd_nxt lockless reads
|
KCSAN: data-race in tcp_ack / tcp_poll (2)
net
|
|
|
|
5 |
1848d |
1841d
|
13/28 |
1841d |
ab4e846a82d0
tcp: annotate sk->sk_wmem_queued lockless reads
|
KCSAN: data-race in sk_stream_wait_memory / tcp_ack
net
|
|
|
|
2 |
1845d |
1841d
|
13/28 |
1841d |
ab4e846a82d0
tcp: annotate sk->sk_wmem_queued lockless reads
|
KASAN: slab-out-of-bounds Read in ld_usb_read (3)
usb
|
C |
|
|
74 |
1851d |
1862d
|
13/28 |
1841d |
7a6f22d7479b
USB: ldusb: fix read info leaks
|
KASAN: slab-out-of-bounds Read in build_audio_procunit
usb
sound
|
C |
|
|
6 |
1847d |
1856d
|
13/28 |
1841d |
ba8bf0967a15
ALSA: usb-audio: Fix copy&paste error in the validator
|
KASAN: slab-out-of-bounds Write in ga_probe
input
|
C |
|
|
5 |
1870d |
1892d
|
13/28 |
1841d |
d9d4b1e46d95
HID: Fix assumption that devices have inputs
|
INFO: task hung in nbd_ioctl
nbd
|
C |
done |
|
71 |
1842d |
1878d
|
13/28 |
1841d |
cf1b2326b734
nbd: verify socket is supported during setup
|
KASAN: use-after-free Read in usb_autopm_put_interface
usb
|
C |
|
|
2373 |
1850d |
1863d
|
13/28 |
1841d |
7a7591979748
USB: usblp: fix use-after-free on disconnect
|
memory leak in gfs2_init_fs_context
gfs2
|
C |
|
|
13 |
1854d |
1876d
|
13/28 |
1841d |
30aecae86e91
gfs2: Fix memory leak when gfs2meta's fs_context is freed
|
KMSAN: uninit-value in sr9800_bind
usb
|
C |
|
|
27 |
1853d |
1876d
|
13/28 |
1843d |
77b6d09f4ae6
net: usb: sr9800: fix uninitialized local variable
|
WARNING in filldir64
exfat
|
|
|
|
76 |
1861d |
1871d
|
13/28 |
1843d |
b9959c7a347d
filldir[64]: remove WARN_ON_ONCE() for bad directory entries
|
memory leak in llc_ui_create (2)
|
C |
done |
|
19 |
1859d |
1979d
|
13/28 |
1843d |
c6ee11c39fcc
llc: fix sk_buff leak in llc_sap_state_process()
|
KCSAN: data-race in tcp_add_backlog / tcp_rcv_space_adjust (2)
net
|
|
|
|
18 |
1856d |
1862d
|
13/28 |
1843d |
ebb3b78db7bf
tcp: annotate sk->sk_rcvbuf lockless reads
|
KCSAN: data-race in __nf_ct_refresh_acct / __nf_ct_refresh_acct
netfilter
|
|
|
|
2460 |
1843d |
1874d
|
13/28 |
1843d |
e37542ba111f
net-backports: netfilter: conntrack: avoid possible false sharing
|
BUG: unable to handle kernel NULL pointer dereference in xsk_poll
bpf
net
|
C |
done |
|
10 |
1861d |
1878d
|
13/28 |
1843d |
df551058f7a3
xsk: Fix crash in poll when device does not support ndo_xsk_wakeup
|
KASAN: use-after-free Read in rxrpc_release_call
afs
net
|
syz |
done |
|
13 |
1861d |
1916d
|
13/28 |
1843d |
91fcfbe8852e
rxrpc: Fix call crypto state cleanup
|
KASAN: use-after-free Read in rxrpc_send_keepalive
afs
net
|
C |
error |
|
694 |
1858d |
1930d
|
13/28 |
1843d |
c48fc11b69e9
rxrpc: Fix call ref leak
|
KCSAN: data-race in __tcp_select_window / tcp_add_backlog
net
|
|
|
|
23502 |
1843d |
1874d
|
13/28 |
1843d |
70c2655849a2
net: silence KCSAN warnings about sk->sk_backlog.len reads
|
memory leak in sctp_get_port_local (3)
sctp
|
C |
|
|
4 |
1859d |
1865d
|
13/28 |
1843d |
63dfb7938b13
sctp: change sctp_prot .no_autobind with true
|
memory leak in llc_ui_sendmsg
net
|
C |
|
|
125 |
1859d |
2010d
|
13/28 |
1843d |
c6ee11c39fcc
llc: fix sk_buff leak in llc_sap_state_process()
|
KCSAN: data-race in tcp_add_backlog / tcp_recvmsg
net
|
|
|
|
17719 |
1844d |
1874d
|
13/28 |
1843d |
8265792bf887
net-backports: net: silence KCSAN warnings around sk_add_backlog() calls
|
INFO: task hung in addrconf_verify_work (2)
net
|
C |
|
|
22 |
1865d |
1865d
|
13/28 |
1843d |
39f13ea2f61b
net: avoid potential infinite loop in tc_ctl_action()
|
KASAN: use-after-free Read in pn533_send_complete
nfc
usb
|
C |
|
|
4 |
1851d |
1871d
|
13/28 |
1843d |
6af3aa57a098
NFC: pn533: fix use-after-free and memleaks
|
KCSAN: data-race in tcp_poll / tcp_recvmsg (2)
net
|
|
|
|
22 |
1856d |
1862d
|
13/28 |
1843d |
7db48e983930
tcp: annotate tp->copied_seq lockless reads
|
KASAN: use-after-free Read in rxrpc_put_peer
afs
net
|
C |
error |
|
38 |
1859d |
1911d
|
13/28 |
1843d |
55f6c98e3674
rxrpc: Fix trace-after-put looking at the put peer record
9ebeddef58c4
rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record
|
KCSAN: data-race in tcp_poll / tcp_queue_rcv
net
|
|
|
|
1897 |
1843d |
1874d
|
13/28 |
1843d |
dba7d9b8c739
net-backports: tcp: annotate tp->rcv_nxt lockless reads
|
memory leak in llc_conn_ac_send_sabme_cmd_p_set_x
net
|
C |
|
|
225 |
1859d |
2010d
|
13/28 |
1843d |
b74555de21ac
llc: fix sk_buff leak in llc_conn_service()
|
general protection fault in rxrpc_error_report
afs
net
|
C |
done |
|
6 |
1859d |
1871d
|
13/28 |
1843d |
f0308fb07080
rxrpc: Fix possible NULL pointer access in ICMP handling
|
KCSAN: data-race in tcp_add_backlog / tcp_grow_window.isra.0
net
|
|
|
|
21713 |
1843d |
1874d
|
13/28 |
1843d |
70c2655849a2
net-backports: net: silence KCSAN warnings about sk->sk_backlog.len reads
|
WARNING: suspicious RCU usage in xfrm_alloc_userspi
net
|
C |
done |
error |
86 |
2072d |
2073d
|
13/28 |
1844d |
f10e0010fae8
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
|
general protection fault in get_work_pool
net
|
C |
|
done |
24 |
2052d |
2455d
|
13/28 |
1844d |
07bf7908950a
xfrm: Validate address prefix lengths in the xfrm selector.
|
general protection fault in xfrm_init_replay
net
|
syz |
inconclusive |
done |
2 |
2442d |
2441d
|
13/28 |
1844d |
d97ca5d714a5
xfrm_user: uncoditionally validate esn replay attribute struct
|
WARNING: suspicious RCU usage in xfrm_get_spdinfo
net
|
C |
done |
error |
46 |
2072d |
2073d
|
13/28 |
1844d |
f10e0010fae8
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
|
WARNING: suspicious RCU usage in xfrm_get_sadinfo
net
|
C |
done |
error |
28 |
2072d |
2073d
|
13/28 |
1844d |
f10e0010fae8
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
|
WARNING: suspicious RCU usage in xfrm_get_policy
net
|
syz |
done |
error |
8 |
2073d |
2073d
|
13/28 |
1844d |
f10e0010fae8
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
|
memory leak in sctp_stream_init_ext
sctp
|
C |
|
|
34 |
1865d |
2000d
|
13/28 |
1850d |
3c52b0af059e
lib/generic-radix-tree.c: add kmemleak annotations
|
possible deadlock in usb_deregister_dev (2)
usb
|
C |
|
|
956 |
1864d |
1892d
|
13/28 |
1851d |
33a7813219f2
USB: legousbtower: fix deadlock on disconnect
|
KMSAN: uninit-value in mts_usb_probe
usb
|
C |
|
|
29 |
1870d |
1876d
|
13/28 |
1851d |
177238c3d47d
USB: microtek: fix info-leak at probe
|
WARNING in mark_lock (2)
fs
|
|
|
|
14 |
1857d |
1884d
|
13/28 |
1851d |
8e00c4e9dd85
writeback: fix use-after-free in finish_writeback_work()
|
BUG: bad usercopy in read_rio
hardening
mm
|
|
|
|
2 |
1866d |
1869d
|
13/28 |
1851d |
015664d15270
USB: rio500: Remove Rio 500 kernel driver
|
KMSAN: uninit-value in iowarrior_disconnect
usb
|
C |
|
|
18 |
1869d |
1875d
|
13/28 |
1851d |
edc4746f253d
USB: iowarrior: fix use-after-free on disconnect
|
general protection fault in open_rio
kernel
|
|
|
|
2 |
1883d |
1884d
|
13/28 |
1851d |
015664d15270
USB: rio500: Remove Rio 500 kernel driver
|
KASAN: use-after-free Read in adu_disconnect
usb
|
C |
|
|
5304 |
1864d |
1934d
|
13/28 |
1851d |
44efc269db79
USB: adutux: fix use-after-free on disconnect
|
INFO: rcu detected stall in dummy_timer
usb
|
C |
|
|
16 |
1865d |
1930d
|
13/28 |
1851d |
32a0721c6620
USB: yurex: Don't retry on unexpected errors
|
KASAN: invalid-free in disconnect_rio (2)
usb
|
C |
|
|
51 |
1868d |
1889d
|
13/28 |
1851d |
015664d15270
USB: rio500: Remove Rio 500 kernel driver
|
general protection fault in finish_writeback_work
fs
|
|
|
|
10 |
1860d |
1885d
|
13/28 |
1851d |
8e00c4e9dd85
writeback: fix use-after-free in finish_writeback_work()
|
INFO: trying to register non-static key in finish_writeback_work
fs
|
syz |
error |
|
1 |
1886d |
1884d
|
13/28 |
1851d |
8e00c4e9dd85
writeback: fix use-after-free in finish_writeback_work()
|
INFO: rcu detected stall in rt6_probe_deferred
net
|
|
|
|
336 |
1893d |
1898d
|
13/28 |
1857d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in addrconf_rs_timer (2)
net
|
|
|
|
362 |
1876d |
1898d
|
13/28 |
1857d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
general protection fault in bpf_tcp_close (2)
bpf
|
C |
|
done |
26 |
2280d |
2324d
|
13/28 |
1857d |
e06fa9c16ce4
bpf, sockmap: fix potential use after free in bpf_tcp_close
|
BUG: unable to handle kernel NULL pointer dereference in rds_bind
rds
|
C |
done |
|
51 |
1881d |
1892d
|
13/28 |
1863d |
05733434ee9a
net/rds: Check laddr_check before calling it
|
divide error in tabledist
net
|
|
|
|
3 |
1880d |
1889d
|
13/28 |
1863d |
b41d936b5ecf
sch_netem: fix a divide by zero in tabledist()
|
WARNING: lock held when returning to user space in rcu_lock_acquire
kernel
|
C |
done |
|
3 |
1876d |
1876d
|
13/28 |
1863d |
73956fc07dd7
membarrier: Fix RCU locking bug caused by faulty merge
|
memory leak in v9fs_cache_session_get_cookie
v9fs
|
C |
|
|
242 |
1863d |
2010d
|
13/28 |
1863d |
962a991c5de1
9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie
|
WARNING in em28xx_usb_disconnect
usb
media
|
C |
|
|
8 |
1898d |
1930d
|
13/28 |
1863d |
46e4a26615cc
media: em28xx: modules workqueue not inited for 2nd device
|
KASAN: use-after-free Read in si470x_int_in_callback
usb
media
|
C |
|
|
25 |
1872d |
1961d
|
13/28 |
1863d |
0d616f2a3fdb
media: radio/si470x: kill urb on error
|
kernel BUG at include/linux/skbuff.h:LINE! (2)
sctp
|
C |
done |
|
58 |
1913d |
1923d
|
13/28 |
1863d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
general protection fault in make_kuid
kernel
|
C |
done |
|
4 |
1923d |
1948d
|
13/28 |
1863d |
1dd9bc08cf14
vfs: set fs_context::user_ns for reconfigure
|
general protection fault in ath6kl_usb_alloc_urb_from_pipe
usb
wireless
|
C |
|
|
1160 |
1889d |
2049d
|
13/28 |
1863d |
39d170b3cb62
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
|
KMSAN: uninit-value in read_sensor_register
media
usb
|
C |
|
|
25 |
1863d |
1993d
|
13/28 |
1863d |
4843a543fad3
media: gspca: zero usb_buf on error
|
WARNING in rcu_note_context_switch
kernel
|
C |
done |
|
1 |
1878d |
1877d
|
13/28 |
1863d |
73956fc07dd7
membarrier: Fix RCU locking bug caused by faulty merge
|
KMSAN: kernel-usb-infoleak in ttusb_dec_send_command
usb
|
C |
|
|
2 |
1931d |
1940d
|
13/28 |
1863d |
a10feaf8c464
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
|
KASAN: use-after-free Read in atusb_disconnect
usb
wpan
|
C |
|
|
112 |
1864d |
1905d
|
13/28 |
1863d |
7fd25e6fc035
ieee802154: atusb: fix use-after-free at disconnect
|
possible deadlock in io_submit_one (2)
fuse
|
|
|
|
353 |
1883d |
1921d
|
13/28 |
1863d |
76e43c8ccaa3
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
|
BUG: using smp_processor_id() in preemptible [ADDR] code: mime_typevmnet0/NUM
net
|
|
|
|
1 |
1907d |
1905d
|
13/28 |
1863d |
00d9e47f8ec2
posix-cpu-timers: Always clear head pointer on dequeue
|
KMSAN: uninit-value in inet_ehash_insert
net
|
C |
|
|
7 |
1871d |
1878d
|
13/28 |
1863d |
6af1799aaf3f
net-backports: ipv6: drop incoming packets having a v4mapped source address
|
KASAN: slab-out-of-bounds Read in hdpvr_probe
usb
media
|
C |
|
|
10 |
1899d |
1975d
|
13/28 |
1863d |
8b8900b729e4
media: hdpvr: add terminating 0 at end of string
|
BUG: assuming atomic context at net/kcm/kcmsock.c:LINE
|
C |
done |
|
178 |
1879d |
1885d
|
13/28 |
1863d |
0355d6c1d591
net-backports: kcm: disable preemption in kcm_parse_func_strparser()
|
WARNING: suspicious RCU usage in netem_enqueue
|
C |
done |
|
16 |
1881d |
1895d
|
13/28 |
1863d |
159d2c7d8106
net-backports: sch_netem: fix rcu splat in netem_enqueue()
|
general protection fault in xsk_poll
bpf
net
|
C |
done |
|
430 |
1893d |
1920d
|
13/28 |
1863d |
42fddcc7c64b
xsk: use state member for socket synchronization
|
INFO: task syz-executor can't die for more than 143 seconds.
fs
|
C |
done |
|
61 |
1880d |
1988d
|
13/28 |
1863d |
8619e5bdeee8
/dev/mem: Bail out upon SIGKILL.
7c3a6aedcd6a
kexec: bail out upon SIGKILL when allocating memory.
8f9e86ee7959
staging: android: ion: Bail out upon SIGKILL when allocating memory.
|
BUG: sleeping function called from invalid context in tcf_chain0_head_change_cb_del
net
|
C |
done |
|
187 |
1879d |
1892d
|
13/28 |
1863d |
e3ae1f96accd
net: sched: sch_sfb: don't call qdisc_put() while holding tree lock
|
KASAN: global-out-of-bounds Read in load_next_firmware_from_table
usb
libertas
|
C |
|
|
5 |
1911d |
1961d
|
13/28 |
1863d |
764f3f1ecffc
libertas: Add missing sentinel at end of if_usb.c fw_table
|
WARNING in handle_desc
kvm
|
C |
done |
|
6 |
1889d |
1897d
|
13/28 |
1863d |
3ca94192278c
KVM: X86: Fix userspace set invalid CR4
|
KASAN: use-after-free Read in ext4_data_block_valid
ext4
|
|
|
|
108 |
1947d |
2393d
|
13/28 |
1863d |
7727ae52975d
ext4: fix potential use after free after remounting with noblock_validity
|
general protection fault in kstrtouint (2)
fuse
|
C |
done |
|
40 |
1909d |
1952d
|
13/28 |
1863d |
74983ac20aea
vfs: Make fs_parse() handle fs_param_is_fd-type params better
|
BUG: corrupted list in __netif_receive_skb_list_core
net
|
|
|
|
3 |
1870d |
1924d
|
13/28 |
1863d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
divide error in usbnet_update_max_qlen
usb
|
C |
|
|
17 |
1880d |
1892d
|
13/28 |
1863d |
280ceaed79f1
usbnet: sanity checking of packet sizes and device mtu
|
KASAN: slab-out-of-bounds Read in technisat_usb2_rc_query
usb
media
|
C |
|
|
2236 |
1909d |
2047d
|
13/28 |
1863d |
0c4df39e504b
media: technisat-usb2: break out of loop at end of buffer
|
KASAN: slab-out-of-bounds Read in do_tcp_getsockopt
net
|
|
|
|
3 |
1886d |
1906d
|
13/28 |
1863d |
3afb09618840
tcp: fix slab-out-of-bounds in tcp_zerocopy_receive()
|
general protection fault in __apic_accept_irq
|
C |
done |
|
69 |
1891d |
1903d
|
13/28 |
1863d |
a073d7e3ad68
KVM: hyperv: Fix Direct Synthetic timers assert an interrupt w/o lapic_in_kernel
|
INFO: rcu detected stall in pie_timer
net
|
C |
|
|
19 |
1864d |
1899d
|
13/28 |
1863d |
4ce70b4aed57
net-backports: net: sched: sch_htb: don't call qdisc_put() while holding tree lock
|
KASAN: global-out-of-bounds Read in dvb_pll_attach
media
usb
|
C |
|
|
2 |
1900d |
1960d
|
13/28 |
1863d |
c268e7adea52
media: dvb-frontends: use ida for pll number
|
general protection fault in pk_probe
input
usb
|
C |
|
|
2 |
1909d |
1905d
|
13/28 |
1863d |
98375b86c791
HID: prodikeys: Fix general protection fault during probe
|
possible deadlock in free_ioctx_users
fuse
|
C |
|
|
509 |
1883d |
2264d
|
13/28 |
1863d |
76e43c8ccaa3
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
|
KASAN: use-after-free Read in cbq_enqueue
net
|
C |
done |
|
4 |
1871d |
1873d
|
13/28 |
1863d |
e9789c7cc182
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
|
general protection fault in dsmark_init
net
|
C |
done |
|
3 |
1872d |
1874d
|
13/28 |
1863d |
474f0813a300
sch_dsmark: fix potential NULL deref in dsmark_init()
|
KASAN: global-out-of-bounds Read in hdpvr_probe
usb
media
|
C |
|
|
15 |
1916d |
2029d
|
13/28 |
1863d |
d4a6a9537bc3
media: hdpvr: Add device num check and handling
|
KASAN: slab-out-of-bounds Read in sctp_inq_pop
sctp
|
|
|
|
1 |
1915d |
1913d
|
13/28 |
1863d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
WARNING: lock held when returning to user space in membarrier_private_expedited
kernel
|
C |
done |
|
7 |
1876d |
1877d
|
13/28 |
1863d |
73956fc07dd7
membarrier: Fix RCU locking bug caused by faulty merge
|
WARNING in blk_mq_sched_free_requests (2)
block
|
|
|
|
7 |
1880d |
1885d
|
13/28 |
1863d |
284b94be1925
blk-mq: move lockdep_assert_held() into elevator_exit
|
WARNING: ODEBUG bug in usbhid_disconnect (2)
input
usb
|
C |
|
|
48 |
1883d |
1905d
|
13/28 |
1863d |
2bcdacb70327
HID: sony: Fix memory corruption issue on cleanup.
|
KASAN: slab-out-of-bounds Read in usb_reset_and_verify_device
usb
|
syz |
|
|
1 |
1914d |
1905d
|
13/28 |
1863d |
3dd550a2d365
USB: usbcore: Fix slab-out-of-bounds bug during device reset
|
general protection fault in sctp_inq_pop
sctp
|
|
|
|
4 |
1914d |
1917d
|
13/28 |
1863d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
KMSAN: uninit-value in i2c_w
usb
media
|
C |
|
|
2 |
1997d |
1996d
|
13/28 |
1863d |
4843a543fad3
media: gspca: zero usb_buf on error
|
BUG: MAX_STACK_TRACE_ENTRIES too low! (2)
|
C |
done |
|
5045 |
1895d |
2063d
|
13/28 |
1863d |
12593b7467f9
locking/lockdep: Reduce space occupied by stack traces
|
possible deadlock in open_rio (3)
usb
|
C |
|
|
169 |
1889d |
1891d
|
13/28 |
1863d |
9472aff16ca0
USB: rio500: Fix lockdep violation
|
WARNING in kfree
fs
|
C |
done |
|
2 |
1910d |
1909d
|
13/28 |
1863d |
43ce4c1feadb
vfs: Add a single-or-reconfig keying to vfs_get_super()
|
KMSAN: uninit-value in __request_module
kernel
|
C |
|
|
13 |
1873d |
1892d
|
13/28 |
1863d |
62794fc4fbf5
net_sched: add max len check for TCA_KIND
|
WARNING in zd_mac_clear
usb
wireless
|
C |
|
|
13194 |
1889d |
2049d
|
13/28 |
1863d |
7a2eb7367fde
zd1211rw: remove false assertion from zd_mac_clear()
|
general protection fault in xsk_map_update_elem
bpf
|
C |
done |
|
12 |
1882d |
1885d
|
13/28 |
1863d |
fcd30ae0665c
bpf/xskmap: Return ERR_PTR for failure case instead of NULL.
|
possible deadlock in pie_timer
net
|
C |
done |
|
2 |
1880d |
1881d
|
13/28 |
1863d |
e3ae1f96accd
net: sched: sch_sfb: don't call qdisc_put() while holding tree lock
|
KMSAN: uninit-value in sd_init
media
usb
|
C |
|
|
122 |
1863d |
1996d
|
13/28 |
1863d |
4843a543fad3
media: gspca: zero usb_buf on error
|
WARNING in iguanair_probe/usb_submit_urb
media
usb
|
C |
|
|
3 |
1894d |
1944d
|
13/28 |
1863d |
ab1cbdf159be
media: iguanair: add sanity checks
|
memory leak in llcp_sock_bind
kernel
|
C |
done |
|
2 |
1885d |
1949d
|
13/28 |
1863d |
a0c2dc1fe63e
nfc: fix memory leak in llcp_sock_bind()
|
general protection fault in __pm_runtime_resume
input
usb
pm
|
C |
|
|
197 |
1883d |
1946d
|
13/28 |
1863d |
5f9242775bb6
HID: logitech: Fix general protection fault caused by Logitech driver
|
BUG: unable to handle kernel paging request in coalesced_mmio_write
kvm
|
C |
done |
|
10 |
1970d |
1975d
|
13/28 |
1863d |
b60fe990c6b0
KVM: coalesced_mmio: add bounds checking
|
divide error in cdc_ncm_update_rxtx_max
usb
|
C |
|
|
5 |
1878d |
1892d
|
13/28 |
1863d |
3fe4b3351301
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
|
general protection fault in tcf_action_destroy
net
|
|
|
|
128 |
1880d |
1898d
|
13/28 |
1863d |
3d66b89c30f9
net: sched: fix possible crash in tcf_action_destroy()
|
general protection fault in trace_probe_unlink
trace
|
C |
done |
|
7 |
1888d |
1892d
|
13/28 |
1863d |
d59fae6fea39
tracing/kprobe: Fix NULL pointer access in trace_porbe_unlink()
|
memory leak in ppp_write
ppp
|
C |
|
|
5 |
1890d |
1934d
|
13/28 |
1863d |
4c247de564f1
ppp: Fix memory leak in ppp_write
|
general protection fault in qdisc_put
|
C |
done |
|
60 |
1890d |
1901d
|
13/28 |
1863d |
6efb971ba8ed
net_sched: let qdisc_put() accept NULL pointer
|
general protection fault in dev_map_hash_update_elem
bpf
net
|
C |
done |
|
4 |
1896d |
1903d
|
13/28 |
1863d |
af58e7ee6a8d
xdp: Fix race in dev_map_hash_update_elem() when replacing element
|
KASAN: slab-out-of-bounds Read in hidraw_ioctl
input
|
C |
|
|
104 |
1890d |
1940d
|
13/28 |
1863d |
416dacb819f5
HID: hidraw: Fix invalid read in hidraw_ioctl
|
INFO: rcu detected stall in sys_exit_group
kernel
|
C |
done |
|
1 |
1894d |
1890d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in sys_sendmmsg
net
|
|
|
|
2 |
1898d |
1899d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in pppoe_sendmsg
net
|
|
|
|
7 |
1894d |
1900d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
WARNING in xfrm_policy_inexact_list_reinsert
net
|
|
|
|
2 |
1903d |
1931d
|
13/28 |
1869d |
769a807d0b41
xfrm: policy: avoid warning splat when merging nodes
|
general protection fault in rds_recv_rcvbuf_delta
rds
|
C |
done |
|
35 |
1973d |
2201d
|
13/28 |
1869d |
c5c1a030a7db
net/rds: An rds_sock is added too early to the hash table
|
INFO: rcu detected stall in sys_sendmsg
net
|
C |
done |
|
2 |
1895d |
1895d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in br_hello_timer_expired
net
|
|
|
|
4 |
1893d |
1898d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in addrconf_dad_work
|
C |
done |
|
126 |
1893d |
1898d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in inet_release
net
|
|
|
|
1 |
1902d |
1901d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in packet_sendmsg
net
|
|
|
|
10 |
1894d |
1899d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
general protection fault in addrconf_f6i_alloc
net
|
C |
|
|
305 |
1892d |
1903d
|
13/28 |
1869d |
8652f17c658d
ipv6: addrconf_f6i_alloc - fix non-null pointer check to !IS_ERR()
|
INFO: rcu detected stall in sys_clone
kernel
|
|
|
|
1 |
1897d |
1897d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
WARNING in __mark_chain_precision (2)
bpf
|
C |
done |
|
18 |
1892d |
1910d
|
13/28 |
1869d |
2339cd6cd0b5
bpf: fix precision tracking of stack slots
|
INFO: rcu detected stall in dccp_write_timer
net
|
|
|
|
5 |
1899d |
1901d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in br_handle_frame
|
C |
done |
|
341 |
1893d |
1898d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
general protection fault in tls_sk_proto_close (2)
net
|
syz |
error |
|
246 |
1893d |
1911d
|
13/28 |
1869d |
44580a0118d3
net: sock_map, fix missing ulp check in sock hash case
|
INFO: rcu detected stall in mld_ifc_timer_expire
|
C |
done |
|
152 |
1893d |
1901d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in neigh_timer_handler (2)
net
|
|
|
|
2 |
1898d |
1899d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
BUG: soft lockup in addrconf_dad_work
net
|
C |
done |
|
1 |
1897d |
1897d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in igmp_ifc_timer_expire
net
|
C |
|
|
57 |
1893d |
2152d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
INFO: rcu detected stall in mld_dad_timer_expire
net
|
|
|
|
3 |
1898d |
1899d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
memory leak in sctp_get_port_local (2)
sctp
|
C |
|
|
34 |
1873d |
1931d
|
13/28 |
1869d |
29b99f54a8e6
sctp: destroy bucket if failed to bind addr
|
BUG: unable to handle kernel NULL pointer dereference in tc_bind_tclass
net
|
C |
done |
|
61 |
1893d |
1901d
|
13/28 |
1869d |
8b142a00edcf
net_sched: check cops->tcf_block in tc_bind_tclass()
|
INFO: rcu detected stall in netlink_sendmsg (2)
|
C |
done |
|
11 |
1894d |
1900d
|
13/28 |
1869d |
d4d6ec6dac07
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
|
KMSAN: uninit-value in capi_write
isdn4linux
|
C |
|
|
445 |
1869d |
2109d
|
13/28 |
1869d |
fe163e534e5e
isdn/capi: check message length in capi_write()
|
general protection fault in icmpv6_xrlim_allow
net
|
|
|
|
4 |
1997d |
2003d
|
13/28 |
1870d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
general protection fault in ip6_rcv_finish
net
|
|
|
|
3 |
1987d |
1993d
|
13/28 |
1870d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
memory leak in sctp_send_reset_streams
sctp
|
C |
|
|
7 |
1923d |
2000d
|
13/28 |
1874d |
6d5afe20397b
sctp: fix memleak in sctp_send_reset_streams
|
general protection fault in requeue_rx_msgs
net
|
syz |
done |
inconclusive |
1 |
2366d |
2365d
|
13/28 |
1874d |
eb7f54b90bd8
kcm: Fix use-after-free caused by clonned sockets
|
WARNING: suspicious RCU usage (4)
bpf
trace
|
C |
|
done |
1 |
2272d |
2270d
|
13/28 |
1874d |
865e63b04e9b
tracing: Add back in rcu_irq_enter/exit_irqson() for rcuidle tracepoints
|
WARNING: suspicious RCU usage in trace_call_bpf
bpf
trace
|
C |
|
done |
327 |
2253d |
2270d
|
13/28 |
1874d |
865e63b04e9b
tracing: Add back in rcu_irq_enter/exit_irqson() for rcuidle tracepoints
|
KASAN: use-after-free Read in psock_map_pop
bpf
|
C |
|
done |
204 |
2220d |
2263d
|
13/28 |
1874d |
5607fff30363
bpf: sockmap only allow ESTABLISHED sock state
|
WARNING in lockdep_unregister_key (2)
kernel
|
|
|
|
3 |
2043d |
2047d
|
13/28 |
1874d |
8b39adbee805
locking/lockdep: Make lockdep_unregister_key() honor 'debug_locks' again
|
WARNING: refcount bug in nr_insert_socket
|
C |
done |
|
55 |
1937d |
1961d
|
13/28 |
1874d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
KASAN: slab-out-of-bounds Read in sock_hash_ctx_update_elem
bpf
|
C |
|
done |
5 |
2305d |
2305d
|
13/28 |
1874d |
b845c898b2f1
bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
|
general protection fault in smap_list_hash_remove
bpf
|
C |
|
done |
52 |
2312d |
2331d
|
13/28 |
1874d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: user-memory-access Read in ip6_hold_safe (3)
net
|
|
|
|
456 |
1981d |
2000d
|
13/28 |
1874d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
WARNING in cbs_dequeue_soft
net
|
C |
done |
|
13 |
1893d |
1901d
|
12/28 |
1893d |
1c6c09a0ae62
net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate
|
KMSAN: uninit-value in batadv_iv_send_outstanding_bat_ogm_packet
batman
|
C |
|
|
9 |
1918d |
1918d
|
12/28 |
1893d |
a15d56a60760
batman-adv: Only read OGM tvlv_len after buffer len check
|
possible deadlock in open_rio
usb
|
|
|
|
1107 |
1902d |
1938d
|
12/28 |
1902d |
2ca359f4f8b9
Revert "USB: rio500: simplify locking"
|
possible deadlock in usb_deregister_dev
usb
|
C |
|
|
82 |
1927d |
1934d
|
12/28 |
1902d |
c468a8aa790e
usb: iowarrior: fix deadlock on disconnect
|
general protection fault in packet_lookup_frame
net
|
C |
done |
|
7 |
1926d |
1926d
|
12/28 |
1902d |
32d3182cd2cd
net/packet: fix race in tpacket_snd()
|
WARNING in bpf_jit_free
bpf
|
C |
done |
|
21697 |
1902d |
2319d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
BUG: Dentry still in use [unmount of nfsd nfsd]
nfs
|
|
|
|
1 |
1932d |
1928d
|
12/28 |
1902d |
d6846bfbeeac
nfsd: fix dentry leak upon mkdir failure.
|
kernel BUG at mm/huge_memory.c:LINE!
mm
|
|
|
|
27 |
1978d |
2148d
|
12/28 |
1902d |
a53190a4aaa3
mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
|
memory leak in ip6_mc_add_src
net
|
C |
|
|
1 |
1913d |
1913d
|
12/28 |
1902d |
a84d01647989
mld: fix memory leak in mld_del_delrec()
|
WARNING in bpf_prog_kallsyms_add
bpf
|
syz |
done |
done |
2 |
1944d |
2147d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
WARNING in __iforce_usb_xmit/usb_submit_urb
usb
input
|
C |
|
|
3 |
1930d |
1934d
|
12/28 |
1902d |
849f5ae3a513
Input: iforce - add sanity checks
|
WARNING in kbtab_open/usb_submit_urb
usb
|
C |
|
|
5 |
1929d |
1947d
|
12/28 |
1902d |
c88090dfc842
Input: kbtab - sanity check for endpoint type
|
BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find
bpf
|
syz |
done |
inconclusive |
3 |
2119d |
2194d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
KASAN: use-after-free Read in rxrpc_queue_local
afs
net
|
C |
done |
|
1 |
1927d |
1927d
|
12/28 |
1902d |
06d9532fa6b3
rxrpc: Fix read-after-free in rxrpc_queue_local()
|
BUG: unable to handle kernel paging request in bpf_prog_kallsyms_add
bpf
|
syz |
error |
|
234 |
1903d |
2263d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
general protection fault in tls_write_space
net
|
syz |
|
|
33 |
1920d |
1930d
|
12/28 |
1902d |
57c722e932cf
net/tls: swap sk_write_space on close
|
WARNING in usbtouch_open
input
usb
|
C |
|
|
768 |
1927d |
1941d
|
12/28 |
1902d |
b55d996f057b
Input: usbtouchscreen - initialize PM mutex before using it
|
KASAN: use-after-free Read in usb_free_coherent
usb
|
|
|
|
310 |
1927d |
1938d
|
12/28 |
1902d |
fc05481b2fca
usb: yurex: Fix use-after-free in yurex_delete
|
KMSAN: uninit-value in rtm_new_nexthop
net
|
C |
|
|
8 |
1918d |
1918d
|
12/28 |
1902d |
d00ee64e1dcf
netlink: Fix nlmsg_parse as a wrapper for strict message parsing
|
KASAN: slab-out-of-bounds Read in bpf_int_jit_compile
kernel
|
C |
done |
|
1 |
1950d |
1947d
|
12/28 |
1902d |
7c2e988f400e
bpf: fix x64 JIT code generation for jmp to 1st insn
|
KASAN: use-after-free Read in snd_seq_ioctl_get_client_pool
sound
|
|
|
|
1 |
1920d |
1917d
|
12/28 |
1902d |
75545304eba6
ALSA: seq: Fix potential concurrent access to the deleted pool
|
KASAN: use-after-free Read in bpf_prog_kallsyms_del
bpf
|
syz |
done |
inconclusive |
3 |
2150d |
2229d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
kernel BUG at net/rxrpc/local_object.c:LINE!
afs
net
|
C |
done |
|
11167 |
1906d |
1973d
|
12/28 |
1902d |
730c5fd42c1e
rxrpc: Fix local endpoint refcounting
|
KASAN: null-ptr-deref Write in rxrpc_unuse_local
|
C |
done |
|
4422 |
1926d |
1930d
|
12/28 |
1902d |
68553f1a6f74
rxrpc: Fix local refcounting
|
KASAN: use-after-free Read in bpf_get_prog_name
bpf
|
|
|
|
1 |
1945d |
1944d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
KMSAN: uninit-value in batadv_netlink_dump_hardif
batman
|
C |
|
|
58 |
1913d |
1948d
|
12/28 |
1902d |
3ee1bb7aae97
batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
|
WARNING in bpf_prog_kallsyms_find
bpf
|
C |
error |
|
5632 |
1902d |
2024d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
KASAN: slab-out-of-bounds Read in do_jit
kernel
|
C |
done |
|
16 |
1902d |
1947d
|
12/28 |
1902d |
7c2e988f400e
bpf: fix x64 JIT code generation for jmp to 1st insn
|
KASAN: use-after-free Read in ld_usb_release
usb
|
C |
|
|
14 |
1921d |
1930d
|
12/28 |
1902d |
303911cfc5b9
USB: core: Fix races in character device registration and deregistraion
|
KMSAN: uninit-value in rtm_dump_nexthop
net
|
C |
|
|
6 |
1912d |
1928d
|
12/28 |
1902d |
d00ee64e1dcf
netlink: Fix nlmsg_parse as a wrapper for strict message parsing
|
WARNING in is_bpf_text_address
bpf
|
C |
done |
|
104 |
1912d |
1979d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
KASAN: slab-out-of-bounds Read in usbnet_generic_cdc_bind
net
usb
|
C |
|
|
2 |
1926d |
1927d
|
12/28 |
1902d |
54364278fb3c
USB: CDC: fix sanity checks in CDC union parser
|
WARNING in __blkdev_put (2)
fs
|
syz |
|
|
3082 |
1927d |
1934d
|
12/28 |
1902d |
e91455bad5cf
bdev: Fixup error handling in blkdev_get()
|
KASAN: use-after-free Read in device_release_driver_internal
usb
|
C |
|
|
5 |
1924d |
1947d
|
12/28 |
1902d |
c52873e5a1ef
usb: cdc-acm: make sure a refcount is taken early enough
|
KASAN: use-after-free Read in bpf_prog_kallsyms_add
bpf
|
syz |
error |
inconclusive |
120 |
2029d |
2263d
|
12/28 |
1902d |
c751798aa224
bpf: fix use after free in prog symbol exposure
|
WARNING in wdm_write/usb_submit_urb
usb
|
C |
|
|
15 |
1906d |
1920d
|
12/28 |
1902d |
1426bd2c9f7e
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
|
BUG: corrupted list in rxrpc_local_processor
afs
net
|
C |
done |
|
1679 |
1922d |
1930d
|
12/28 |
1902d |
b00df840fb40
rxrpc: Fix local endpoint replacement
|
KASAN: use-after-free Write in __xfrm_policy_unlink (2)
net
|
|
|
|
7 |
1969d |
2015d
|
12/28 |
1907d |
b805d78d300b
xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
|
BUG: unable to handle kernel paging request in hrtimer_interrupt
kernel
|
syz |
done |
|
2 |
1945d |
1981d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
WARNING in smc_unhash_sk (2)
|
C |
done |
|
1047 |
1912d |
2048d
|
12/28 |
1912d |
cd2063604ea6
net/smc: avoid fallback in case of non-blocking connect
|
WARNING: ODEBUG bug in tls_sw_free_resources_tx
net
|
|
|
|
23 |
1947d |
2206d
|
12/28 |
1912d |
f87e62d45e51
net/tls: remove close callback sock unlock/lock around TX work flush
|
general protection fault in rcu_core
kernel
|
syz |
done |
|
1 |
1961d |
1960d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
general protection fault in mm_update_next_owner
kernel
|
syz |
done |
done |
1 |
1992d |
1992d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
KMSAN: kernel-usb-infoleak in pcan_usb_pro_send_req
usb
|
C |
|
|
16 |
1915d |
1940d
|
12/28 |
1912d |
30a8beeb3042
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
|
KASAN: use-after-free Write in validate_chain
kernel
|
syz |
done |
|
3 |
1969d |
1979d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
WARNING: held lock freed! (2)
hams
|
C |
done |
|
1 |
1966d |
1962d
|
12/28 |
1912d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
general protection fault in tls_trim_both_msgs
net
|
C |
done |
|
36 |
1934d |
1946d
|
12/28 |
1912d |
5d92e631b8be
net/tls: partially revert fix transition through disconnect with close
|
KASAN: use-after-free Read in psi_task_change
kernel
|
syz |
done |
|
1 |
1945d |
1944d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
KASAN: slab-out-of-bounds Read in class_equal
|
syz |
done |
|
45 |
1933d |
2006d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
KASAN: slab-out-of-bounds Write in check_noncircular
kernel
|
syz |
done |
|
1 |
1952d |
1952d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
WARNING in mark_lock
kernel
|
syz |
done |
|
2 |
1921d |
1976d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
general protection fault in holtek_kbd_input_event
input
|
C |
|
|
67 |
1933d |
1945d
|
12/28 |
1912d |
01ec0a5f19c8
HID: holtek: test for sanity of intfdata
|
KASAN: use-after-free Read in release_sock
hams
|
C |
done |
|
10 |
1935d |
1944d
|
12/28 |
1912d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
KASAN: slab-out-of-bounds Write in validate_chain
mm
hardening
|
syz |
done |
|
6 |
1964d |
1979d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
general protection fault in tcf_ife_init
|
C |
done |
|
72 |
1934d |
1948d
|
12/28 |
1912d |
c8ec4632c6ac
ife: error out when nla attributes are empty
|
KASAN: invalid-free in tls_sk_proto_cleanup
net
|
|
|
|
5 |
1936d |
1939d
|
12/28 |
1912d |
5d92e631b8be
net/tls: partially revert fix transition through disconnect with close
|
BUG: unable to handle kernel paging request in __do_softirq
bpf
|
syz |
done |
done |
1 |
1982d |
1981d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
kernel panic: stack is corrupted in validate_chain
kernel
|
syz |
done |
|
1 |
1975d |
1975d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
KASAN: slab-out-of-bounds Read in corrupted (2)
hardening
mm
|
syz |
done |
|
3 |
1944d |
1994d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
BUG: unable to handle kernel paging request in tls_prots
net
bpf
|
syz |
done |
|
1 |
1974d |
1974d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
kernel panic: corrupted stack end in dput
fs
|
syz |
done |
|
1 |
1969d |
1969d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
general protection fault in tls_sk_proto_close
|
syz |
done |
|
260 |
1912d |
1944d
|
12/28 |
1912d |
5d92e631b8be
net/tls: partially revert fix transition through disconnect with close
|
WARNING in debug_check_no_obj_freed
|
C |
done |
|
47 |
1913d |
1980d
|
12/28 |
1912d |
f9cedf1a9b1c
net/smc: do not schedule tx_work in SMC_CLOSED state
|
BUG: unable to handle kernel paging request in cpuacct_account_field
kernel
|
syz |
done |
done |
1 |
1980d |
1979d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
memory leak in fdb_create
bridge
|
C |
done |
|
4 |
1937d |
1976d
|
12/28 |
1912d |
d7bae09fa008
net: bridge: delete local fdb on device init failure
|
KASAN: use-after-free Read in tls_wait_data
net
|
|
|
|
1 |
1937d |
1931d
|
12/28 |
1912d |
5d92e631b8be
net/tls: partially revert fix transition through disconnect with close
|
BUG: unable to handle kernel NULL pointer dereference in corrupted (4)
|
syz |
done |
done |
1 |
1976d |
1975d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
possible deadlock in rxrpc_put_peer
kernel
|
|
|
|
1 |
1948d |
1944d
|
12/28 |
1912d |
60034d3d146b
rxrpc: Fix potential deadlock
|
WARNING: held lock freed in nr_release
kernel
|
C |
done |
|
344 |
1933d |
1953d
|
12/28 |
1912d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
KASAN: use-after-free Read in corrupted (3)
kernel
|
syz |
done |
|
1 |
1974d |
1974d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
WARNING: ODEBUG bug in __sk_destruct
net
s390
|
C |
|
|
2855 |
1932d |
2397d
|
12/28 |
1912d |
f9cedf1a9b1c
net/smc: do not schedule tx_work in SMC_CLOSED state
|
WARNING in cgroup_rstat_updated
mm
|
syz |
done |
|
1 |
1933d |
1933d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
general protection fault in rb_erase (2)
kernel
|
syz |
done |
|
4 |
1941d |
2148d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
KASAN: slab-out-of-bounds Read in usage_accumulate
kernel
|
syz |
done |
|
3 |
1975d |
1994d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
KASAN: use-after-free Read in nr_release
hams
|
C |
done |
|
25 |
1913d |
1992d
|
12/28 |
1912d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
WARNING: refcount bug in nr_rx_frame
kernel
|
C |
done |
|
15 |
1936d |
1952d
|
12/28 |
1912d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
KASAN: use-after-free Read in hiddev_release
input
usb
|
C |
|
|
11 |
1923d |
1938d
|
12/28 |
1912d |
9c09b214f30e
HID: hiddev: avoid opening a disconnected device
6d4472d7bec3
HID: hiddev: do cleanup in failure of opening a device
|
KASAN: use-after-free Read in nr_insert_socket
hams
|
C |
done |
|
22 |
1936d |
1952d
|
12/28 |
1912d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
general protection fault in tls_tx_records
net
|
|
|
|
1 |
1939d |
1931d
|
12/28 |
1912d |
5d92e631b8be
net/tls: partially revert fix transition through disconnect with close
|
BUG: unable to handle kernel paging request in bpf_prog_ADDR
kernel
|
C |
done |
|
13 |
1935d |
1951d
|
12/28 |
1912d |
06a22d897d82
bpf: fix access to skb_shared_info->gso_segs
|
KASAN: use-after-free Read in nr_rx_frame (2)
hams
|
C |
done |
|
3 |
1939d |
1947d
|
12/28 |
1912d |
4638faac0327
netrom: hold sock when setting skb->destructor
|
memory leak in create_ctx
net
|
syz |
|
|
1 |
1992d |
1992d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
WARNING in xt_compat_add_offset
netfilter
|
C |
done |
|
18 |
1934d |
2098d
|
12/28 |
1912d |
3b48300d5cc7
netfilter: ebtables: also count base chain policies
|
KMSAN: kernel-usb-infoleak in pcan_usb_pro_init
usb
|
C |
|
|
13 |
1916d |
1940d
|
12/28 |
1912d |
ead16e53c2f0
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
|
kernel panic: corrupted stack end in corrupted
|
syz |
done |
|
17 |
1933d |
1980d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
WARNING in gpio_to_desc
usb
gpio
|
C |
|
|
3 |
1930d |
1960d
|
12/28 |
1912d |
c3953a3c2d31
NFC: nfcmrvl: fix gpio-handling regression
|
KASAN: use-after-free Read in tls_sk_proto_cleanup
net
|
|
|
|
9 |
1935d |
1946d
|
12/28 |
1912d |
5d92e631b8be
net/tls: partially revert fix transition through disconnect with close
|
general protection fault in rb_next (3)
kernel
|
syz |
done |
done |
1 |
1985d |
1983d
|
12/28 |
1912d |
95fa145479fb
bpf: sockmap/tls, close can race with map free
|
general protection fault in tls_setsockopt
net
|
syz |
done |
|
7 |
1940d |
1954d
|
12/28 |
1912d |
5d92e631b8be
net/tls: partially revert fix transition through disconnect with close
|
KMSAN: uninit-value in read_eprom_word
usb
|
C |
|
|
31 |
1914d |
1940d
|
12/28 |
1912d |
224c04973db1
net: usb: pegasus: fix improper read if get_registers() fail
|
general protection fault in finish_task_switch (2)
kernel
|
C |
|
done |
1538 |
2250d |
2294d
|
12/28 |
1917d |
26b471c7e2f7
KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs
|
KASAN: use-after-free Read in tls_push_sg
net
|
|
|
|
2 |
1941d |
2014d
|
12/28 |
1919d |
9354544cbccf
net/tls: fix page double free on TX cleanup
|
possible deadlock in xsk_notifier
bpf
net
|
C |
done |
|
495 |
1951d |
1962d
|
12/28 |
1926d |
5464c3a0e9a0
xdp: fix potential deadlock on socket mutex
|
KASAN: use-after-free Write in _free_event
perf
|
C |
|
|
112 |
2089d |
2327d
|
12/28 |
1926d |
1cf8dfe8a661
perf/core: Fix race between close() and fork()
|
WARNING in __mark_chain_precision
|
C |
done |
|
105 |
1926d |
1962d
|
12/28 |
1926d |
b3b50f05dc50
bpf: fix precision bit propagation for BPF_ST instructions
|
linux-next boot error: WARNING in corrupted
pm
|
|
|
|
12 |
1964d |
1966d
|
12/28 |
1926d |
18c49926c4bf
cpufreq: Add QoS requests for userspace constraints
|
INFO: task hung in snd_seq_write
sound
|
|
|
|
6 |
2072d |
2277d
|
12/28 |
1926d |
ede34f397ddb
ALSA: seq: Break too long mutex context in the write loop
|
memory leak in nfs_get_client
nfs
|
C |
|
|
12 |
1963d |
1990d
|
12/28 |
1926d |
9f7761cf0409
NFS: Cleanup if nfs_match_client is interrupted
|
usb-fuzzer boot error: general protection fault in dma_direct_max_mapping_size
iommu
|
|
|
|
21 |
1944d |
1947d
|
12/28 |
1926d |
1b5d9a6e9835
scsi: core: fix the dma_max_mapping_size call
|
memory leak in policydb_read
kernel
|
C |
done |
|
1 |
1949d |
1947d
|
12/28 |
1926d |
45385237f65a
selinux: fix memory leak in policydb_init()
|
WARNING in binder_transaction_buffer_release
kernel
|
syz |
error |
|
38 |
1968d |
2011d
|
12/28 |
1926d |
49ed96943a8e
binder: prevent transactions to context manager from its own process.
|
general protection fault in snd_usb_pipe_sanity_check
usb
sound
|
C |
|
|
72 |
1927d |
1941d
|
12/28 |
1926d |
5d78e1c2b7f4
ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
|
INFO: rcu detected stall in snd_seq_write
sound
|
syz |
error |
|
18 |
1946d |
2277d
|
12/28 |
1926d |
ede34f397ddb
ALSA: seq: Break too long mutex context in the write loop
|
KASAN: stack-out-of-bounds Read in hfcsusb_probe
usb
isdn4linux
|
C |
|
|
634 |
1941d |
2047d
|
12/28 |
1926d |
f384e62a82ba
ISDN: hfcsusb: checking idx of ep configuration
|
BUG: unable to handle kernel NULL pointer dereference in hci_uart_set_flow_control
bluetooth
|
C |
done |
|
7 |
2071d |
2071d
|
12/28 |
1926d |
b36a1552d731
Bluetooth: hci_uart: check for missing tty operations
|
kernel BUG at drivers/usb/wusbcore/wusbhc.c:LINE!
usb
|
C |
|
|
1 |
1947d |
1947d
|
12/28 |
1926d |
f90bf1ece48a
usb: wusbcore: fix unbalanced get/put cluster_id
|
memory leak in sctp_get_port_local
sctp
|
C |
|
|
28 |
1936d |
2003d
|
12/28 |
1934d |
9b6c08878e23
sctp: not bind the socket in sctp_connect
|
WARNING: Support for this device (Terratec Grabster AV400) is experimental.
usb
|
C |
|
|
371 |
1942d |
2031d
|
12/28 |
1934d |
1753c7c4367a
media: pvrusb2: use a different format for warnings
|
general protection fault in send_hsr_supervision_frame
net
|
C |
done |
|
1395 |
1955d |
1962d
|
12/28 |
1934d |
311633b60406
hsr: switch ->dellink() to ->ndo_uninit()
|
memory leak in ip_mc_add_src (2)
net
|
C |
|
|
7 |
1945d |
1973d
|
12/28 |
1934d |
e5b1c6c6277d
igmp: fix memory leak in igmpv3_del_delrec()
|
general protection fault in btf_array_resolve
bpf
|
C |
error |
|
109 |
1959d |
1981d
|
12/28 |
1934d |
e4f07120210a
bpf: fix NULL deref in btf_type_is_resolve_source_only
|
general protection fault in sctp_sched_prio_sched
sctp
|
C |
done |
|
3 |
1971d |
1985d
|
12/28 |
1934d |
4d1415811e49
sctp: fix error handling on stream scheduler initialization
|
general protection fault in ip6_datagram_dst_update
net
|
C |
done |
|
12 |
1958d |
1960d
|
12/28 |
1934d |
8975a3abc303
ipv6: fix potential crash in ip6_datagram_dst_update()
|
KMSAN: uninit-value in ax88772_bind
usb
|
C |
|
|
80 |
1936d |
1997d
|
12/28 |
1934d |
78226f6eaac8
net: usb: asix: init MAC address buffers
|
KASAN: use-after-free Read in ip_expire
net
|
|
|
|
1 |
1983d |
1983d
|
12/28 |
1934d |
d5dd88794a13
inet: fix various use-after-free in defrags units
|
kernel BUG at drivers/android/binder_alloc.c:LINE! (4)
|
C |
done |
|
26 |
1974d |
1982d
|
12/28 |
1934d |
bb4a2e48d510
binder: return errors from buffer copy functions
|
KASAN: use-after-free Read in cpia2_usb_disconnect
usb
media
|
C |
|
|
3 |
1961d |
2045d
|
12/28 |
1934d |
eff73de2b160
media: cpia2_usb: first wake up, then free in disconnect
|
general protection fault in ovs_ct_exit
|
C |
done |
|
9888 |
1976d |
1981d
|
12/28 |
1934d |
b272a0ad7301
netns: restore ops before calling ops_exit_list
|
memory leak in binder_transaction
kernel
|
C |
|
|
3 |
1975d |
1987d
|
12/28 |
1934d |
1909a671dbc3
binder: fix memory leak in error path
|
KASAN: use-after-free Read in xlog_alloc_log
xfs
|
|
|
|
16 |
1954d |
1973d
|
12/28 |
1934d |
89b171acb222
xfs: fix iclog allocation size
|
KMSAN: uninit-value in bond_start_xmit (2)
net
|
C |
|
|
2309 |
1934d |
2258d
|
12/28 |
1934d |
9d1bc24b52fb
bonding: validate ip header before check IPPROTO_IGMP
|
WARNING in __flush_work (3)
usb
|
C |
|
|
1251 |
1937d |
2047d
|
12/28 |
1934d |
11a087f484bf
media: uvcvideo: Fix access to uninitialized fields on probe error
|
memory leak in pfkey_xfrm_policy2msg_prep
net
|
C |
|
|
4 |
1975d |
2006d
|
12/28 |
1934d |
7c80eb1c7e2b
af_key: fix leaks in key_pol_get_resp and dump_sp.
|
KASAN: use-after-free Read in dvb_usb_device_exit
usb
|
C |
|
|
825 |
1935d |
2049d
|
12/28 |
1934d |
6cf97230cd5f
media: dvb: usb: fix use after free in dvb_usb_device_exit
|
KASAN: slab-out-of-bounds Read in au0828_rc_unregister (2)
media
|
|
|
|
11 |
2005d |
2016d
|
12/28 |
1934d |
6d0d1ff9ff21
media: au0828: fix null dereference in error path
|
INFO: trying to register non-static key in rtl_c2hcmd_launcher
usb
wireless
|
C |
|
|
48950 |
1941d |
2049d
|
12/28 |
1934d |
6c0ed66f1a5b
rtlwifi: rtl8192cu: fix error handle when usb probe failed
|
KASAN: use-after-free Read in kfree_skb_list
net
|
C |
done |
|
383 |
1981d |
1999d
|
12/28 |
1934d |
b7034146756b
net: fix use-after-free in kfree_skb_list
|
KASAN: null-ptr-deref Read in zr364xx_vidioc_querycap
usb
media
|
C |
|
|
76 |
1942d |
2032d
|
12/28 |
1934d |
5d2e73a5f80a
media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
|
memory leak in __ip6_append_data
net
|
C |
|
|
10 |
1977d |
2003d
|
12/28 |
1934d |
dc93f46bc4e0
inet: frags: fix use-after-free read in inet_frag_destroy_rcu
|
WARNING: ath10k USB support is incomplete, don't expect anything to work!
usb
|
C |
|
|
347 |
1942d |
2022d
|
12/28 |
1934d |
265df32eae58
ath10k: Change the warning message string
|
KASAN: use-after-free Write in xfrm_hash_rebuild
net
|
syz |
done |
|
8 |
1967d |
2015d
|
12/28 |
1934d |
fd709721352d
xfrm: policy: fix bydst hlist corruption on hash rebuild
|
memory leak in bcsp_recv
bluetooth
|
C |
|
|
3 |
1979d |
2006d
|
12/28 |
1934d |
4ce9146e0370
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
|
memory leak in start_sync_thread
lvs
|
C |
|
|
7 |
1971d |
2003d
|
12/28 |
1934d |
5db7c8b9f9fc
ipvs: fix tinfo memory leak in start_sync_thread
|
KASAN: use-after-free Read in v4l2_release
usb
media
|
C |
|
|
275 |
1942d |
2046d
|
12/28 |
1934d |
c666355e60dd
media: radio-raremono: change devm_k*alloc to k*alloc
|
net-next build error (2)
netfilter
|
|
|
|
2 |
2000d |
2000d
|
12/28 |
1934d |
c9bb6165a16e
netfilter: nf_conntrack_bridge: fix CONFIG_IPV6=y
|
KASAN: use-after-free Read in brnf_exit_net
bridge
netfilter
|
syz |
done |
|
3 |
1978d |
1981d
|
12/28 |
1934d |
7e6daf50e1f4
netfilter: bridge: prevent UAF in brnf_exit_net()
|
WARNING in static_key_slow_try_dec
kernel
|
C |
done |
|
58 |
1957d |
1961d
|
12/28 |
1934d |
d44e3fa5d7e6
ipv6: fix static key imbalance in fl_create()
|
WARNING: suspicious RCU usage in in_dev_dump_addr
net
|
C |
done |
|
107 |
1995d |
1997d
|
12/28 |
1934d |
d3e6e285fff3
net: ipv4: fix rcu lockdep splat due to wrong annotation
|
memory leak in nf_hook_entries_grow
lvs
|
C |
|
|
99 |
1962d |
1997d
|
12/28 |
1934d |
cf47a0b882a4
ipvs: defer hook registration to avoid leaks
|
general protection fault in tcp_v6_send_reset
net
|
C |
done |
|
353 |
1989d |
1994d
|
12/28 |
1934d |
392096736a06
ipv6: tcp: fix potential NULL deref in tcp_v6_send_reset()
|
KASAN: use-after-free Read in inet_frag_destroy_rcu
net
|
C |
done |
|
61 |
2002d |
2004d
|
12/28 |
1934d |
dc93f46bc4e0
inet: frags: fix use-after-free read in inet_frag_destroy_rcu
|
general protection fault in btf_struct_resolve
bpf
|
C |
error |
|
49 |
1959d |
1981d
|
12/28 |
1934d |
e4f07120210a
bpf: fix NULL deref in btf_type_is_resolve_source_only
|
KASAN: use-after-free Read in rhashtable_last_table (2)
net
|
|
|
|
1 |
2008d |
2008d
|
12/28 |
1934d |
dc93f46bc4e0
inet: frags: fix use-after-free read in inet_frag_destroy_rcu
|
KASAN: use-after-free Read in unregister_shrinker
mm
|
syz |
done |
|
3 |
1990d |
1995d
|
12/28 |
1934d |
689d7ba4895b
nfsd: fix cleanup of nfsd_reply_cache_init on failure
|
general protection fault in oom_unkillable_task
mm
|
|
|
|
1 |
1991d |
1986d
|
12/28 |
1934d |
ac311a14c682
oom: decouple mems_allowed from oom_unkillable_task
|
general protection fault in rxrpc_connect_call
net
afs
|
C |
done |
|
15 |
1983d |
2128d
|
12/28 |
1934d |
e835ada07091
rxrpc: Fix send on a connected, but unbound socket
|
WARNING: Detected a wedged cx25840 chip; the device will not work.
usb
|
C |
|
|
62 |
1942d |
2031d
|
12/28 |
1934d |
1753c7c4367a
media: pvrusb2: use a different format for warnings
|
WARNING: suspicious RCU usage in fib_dump_info_fnhe
net
|
C |
done |
|
7 |
1974d |
1975d
|
12/28 |
1934d |
3b525691529b
ipv6: fix suspicious RCU usage in rt6_dump_route()
|
memory leak in hsr_create_self_node
net
|
C |
|
|
5 |
1973d |
2004d
|
12/28 |
1934d |
b9a1e627405d
hsr: implement dellink to clean up resources
|
general protection fault in call_fib6_multipath_entry_notifiers
net
|
C |
done |
|
94 |
1976d |
1981d
|
12/28 |
1934d |
9eee3b4913d7
ipv6: Error when route does not have any valid nexthops
|
WARNING in snd_usb_motu_microbookii_communicate/usb_submit_urb
usb
|
C |
|
|
3 |
1951d |
1989d
|
12/28 |
1934d |
801ebf1043ae
ALSA: usb-audio: Sanity checks for each pipe and EP types
|
memory leak in nr_rx_frame
hams
|
C |
|
|
5 |
1940d |
2004d
|
12/28 |
1934d |
c8c8218ec5af
netrom: fix a memory leak in nr_rx_frame()
|
KASAN: use-after-free Read in p54u_load_firmware_cb
wireless
usb
|
syz |
|
|
40 |
1942d |
2025d
|
12/28 |
1934d |
6e41e2257f10
p54usb: Fix race between disconnect and firmware loading
|
memory leak in batadv_tvlv_handler_register
batman
|
C |
|
|
313 |
1959d |
2010d
|
12/28 |
1934d |
17f78dd1bd62
batman-adv: fix for leaked TVLV handler.
|
INFO: task hung in io_uring_release
fs
|
|
|
|
24 |
1959d |
1976d
|
12/28 |
1934d |
a4c0b3decb33
io_uring: fix io_sq_thread_stop running in front of io_sq_thread
|
general protection fault in get_task_pid
kernel
|
C |
done |
|
24 |
1967d |
1969d
|
12/28 |
1941d |
28dd29c06d0d
fork: return proper negative error code
|
general protection fault in do_move_mount (2)
fs
|
syz |
done |
|
7 |
1974d |
1982d
|
12/28 |
1941d |
570d7a98e7d6
vfs: move_mount: reject moving kernel internal mounts
|
memory leak in packet_set_ring
net
|
C |
|
|
2 |
1973d |
1978d
|
12/28 |
1941d |
55655e3d1197
net/packet: fix memory leak in packet_set_ring()
|
possible deadlock in io_submit_one
fs
|
C |
done |
|
1779 |
1945d |
2116d
|
12/28 |
1941d |
cbcfa130a911
fs/userfaultfd.c: disable irqs for fault_pending and event locks
|
KMSAN: uninit-value in tipc_nl_compat_bearer_disable
tipc
|
C |
|
|
19 |
1968d |
1981d
|
12/28 |
1941d |
4f07b80c9733
tipc: check msg->req data len in tipc_nl_compat_bearer_disable
|
memory leak in sctp_v6_create_accept_sk
sctp
|
C |
|
|
1 |
1998d |
1998d
|
12/28 |
1941d |
25bff6d5478b
sctp: change to hold sk after auth shkey is created successfully
|
memory leak in sctp_v4_create_accept_sk
sctp
|
C |
|
|
1 |
1978d |
1976d
|
12/28 |
1941d |
25bff6d5478b
sctp: change to hold sk after auth shkey is created successfully
|
possible deadlock in userfaultfd_release
|
C |
done |
|
137 |
1973d |
2216d
|
12/28 |
1941d |
cbcfa130a911
fs/userfaultfd.c: disable irqs for fault_pending and event locks
|
possible deadlock in userfaultfd_read (2)
fs
|
|
|
|
228 |
1964d |
2063d
|
12/28 |
1941d |
cbcfa130a911
fs/userfaultfd.c: disable irqs for fault_pending and event locks
|
memory leak in mpihelp_mul_karatsuba_case
crypto
|
C |
|
|
2 |
1976d |
1976d
|
12/28 |
1941d |
c8ea9fce2baf
lib/mpi: Fix karactx leak in mpi_powm
|
KASAN: global-out-of-bounds Read in qmi_wwan_probe
usb
|
C |
|
|
2 |
1964d |
1976d
|
12/28 |
1941d |
904d88d743b0
qmi_wwan: Fix out-of-bounds read
|
KASAN: null-ptr-deref Write in submit_audio_out_urb (2)
usb
|
C |
|
|
3423 |
1941d |
1973d
|
12/28 |
1941d |
3450121997ce
ALSA: line6: Fix write on zero-sized buffer
|
WARNING in kvm_set_tsc_khz
kvm
|
C |
|
|
5 |
2297d |
2293d
|
12/28 |
1941d |
3f16a5c31839
KVM: x86: degrade WARN to pr_warn_ratelimited
|
WARNING in notify_change
fs
|
C |
|
|
566 |
2028d |
2417d
|
12/28 |
1946d |
f69e749a4935
Abort file_remove_privs() for non-reg. files
|
WARNING in cgroup_exit
cgroups
|
C |
done |
|
64 |
2022d |
2024d
|
12/28 |
1946d |
f2b31bb59824
cgroup: never call do_group_exit() with task->frozen bit set
|
WARNING: syz-executor still has locks held!
|
C |
done |
|
233 |
2177d |
2188d
|
12/28 |
1946d |
a72173ecfc67
Revert "exec: make de_thread() freezable"
|
general protection fault in inet_accept
net
|
C |
|
|
131 |
2162d |
2324d
|
12/28 |
1959d |
07603b230895
net/smc: propagate file from SMC to TCP socket
|
memory leak in sctp_process_init
sctp
|
C |
|
|
10 |
1984d |
2004d
|
12/28 |
1960d |
0a8dd9f67cd0
Fix memory leak in sctp_process_init
ce950f1050ce
sctp: Free cookie before we memdup a new one
|
BUG: unable to handle kernel paging request in ipv6_rcv (2)
net
|
|
|
|
18 |
1982d |
2006d
|
12/28 |
1960d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
memory leak in __memcg_init_list_lru_node
mm
|
C |
|
|
3 |
1990d |
2004d
|
12/28 |
1960d |
3510955b3271
mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
|
KMSAN: uninit-value in tcp_create_openreq_child
net
|
C |
|
|
4000 |
1960d |
1981d
|
12/28 |
1960d |
85f9aa7565bd
inet: clear num_timeout reqsk_alloc()
|
KASAN: slab-out-of-bounds Read in dst_dev_put
net
|
|
|
|
3 |
2093d |
2144d
|
12/28 |
1960d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
WARNING in fanotify_handle_event
fs
|
C |
done |
|
5 |
1983d |
1982d
|
12/28 |
1960d |
c285a2f01d69
fanotify: update connector fsid cache on add mark
|
KASAN: use-after-free Read in pneigh_get_next
net
|
syz |
done |
|
2 |
1985d |
1985d
|
12/28 |
1960d |
f3e92cb8e2eb
neigh: fix use-after-free read in pneigh_get_next
|
KASAN: use-after-free Read in css_task_iter_advance
cgroups
|
|
|
|
48 |
1989d |
1996d
|
12/28 |
1960d |
c596687a008b
cgroup: Fix css_task_iter_advance_css_set() cset skip condition
|
BUG: Dentry still in use [unmount of tmpfs tmpfs]
fs
|
|
|
|
2 |
1992d |
1991d
|
12/28 |
1960d |
1b0b9cc8d379
vfs: fsmount: add missing mntget()
|
KASAN: slab-out-of-bounds Read in __fib6_drop_pcpu_from
net
|
|
|
|
1 |
1984d |
1984d
|
12/28 |
1960d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
WARNING: refcount bug in css_task_iter_next
cgroups
|
|
|
|
11 |
1990d |
1995d
|
12/28 |
1960d |
c596687a008b
cgroup: Fix css_task_iter_advance_css_set() cset skip condition
|
memory leak in raw_sendmsg
can
|
C |
|
|
2 |
1985d |
1997d
|
12/28 |
1960d |
fd704bd5ee74
can: purge socket error queue on sock destruct
|
KASAN: slab-out-of-bounds Read in css_task_iter_advance
cgroups
|
C |
done |
|
19 |
1990d |
1996d
|
12/28 |
1960d |
c596687a008b
cgroup: Fix css_task_iter_advance_css_set() cset skip condition
|
memory leak in tipc_buf_acquire
tipc
|
C |
|
|
15 |
1984d |
2007d
|
12/28 |
1960d |
5cf02612b33f
tipc: purge deferredq list for each grp member in tipc_group_delete
|
general protection fault in __smc_diag_dump
|
syz |
done |
|
309 |
2136d |
2149d
|
12/28 |
1960d |
b03faa1fafc8
net/smc: postpone release of clcsock
|
inconsistent lock state in ax25_destroy_timer
hams
|
|
|
|
2 |
1984d |
1985d
|
12/28 |
1960d |
d4d5d8e83c96
ax25: fix inconsistent lock state in ax25_destroy_timer
|
memory leak in inet6_create
net
|
C |
|
|
2 |
1991d |
1994d
|
12/28 |
1960d |
522924b58308
net: correct udp zerocopy refcnt also when zerocopy only on append
|
memory leak in kobject_set_name_vargs
kernel
|
C |
|
|
12 |
1969d |
2002d
|
12/28 |
1960d |
4f488fbca2a8
cfg80211: fix memory leak of wiphy device name
|
inconsistent lock state in ax25_rt_autobind
hams
|
|
|
|
2 |
1984d |
1984d
|
12/28 |
1960d |
d4d5d8e83c96
ax25: fix inconsistent lock state in ax25_destroy_timer
|
general protection fault in rt_cache_valid
net
|
|
|
|
24 |
1978d |
2104d
|
12/28 |
1960d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
KASAN: use-after-free Read in sprintf
net
|
syz |
done |
|
2 |
1985d |
1985d
|
12/28 |
1960d |
f3e92cb8e2eb
neigh: fix use-after-free read in pneigh_get_next
|
BUG: Dentry still in use [unmount of sysfs sysfs]
kernfs
|
C |
done |
|
6 |
1985d |
1985d
|
12/28 |
1960d |
1b0b9cc8d379
vfs: fsmount: add missing mntget()
|
general protection fault in dst_dev_put (2)
net
|
C |
done |
|
442 |
1982d |
2171d
|
12/28 |
1960d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
KASAN: null-ptr-deref Read in css_task_iter_advance
cgroups
|
|
|
|
2 |
1990d |
1990d
|
12/28 |
1960d |
c596687a008b
cgroup: Fix css_task_iter_advance_css_set() cset skip condition
|
BUG: Dentry still in use [unmount of hugetlbfs hugetlbfs]
fs
|
C |
done |
|
3 |
1982d |
1982d
|
12/28 |
1960d |
1b0b9cc8d379
vfs: fsmount: add missing mntget()
|
KMSAN: kernel-infoleak in copy_siginfo_to_user (2)
kernel
|
C |
|
|
15 |
1990d |
2019d
|
12/28 |
1960d |
f6e2aa91a46d
signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
|
WARNING in blk_mq_sched_free_requests
block
|
C |
done |
|
4 |
1987d |
1990d
|
12/28 |
1960d |
c326f846ebc2
blk-mq: remove WARN_ON(!q->elevator) from blk_mq_sched_free_requests
|
KASAN: slab-out-of-bounds Read in rt_cache_valid
net
|
|
|
|
3 |
1998d |
1997d
|
12/28 |
1960d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
BUG: unable to handle kernel paging request in dst_dev_put
net
|
|
|
|
3 |
2002d |
2144d
|
12/28 |
1960d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
KASAN: use-after-free Read in rt_cache_valid
net
|
syz |
done |
|
5 |
1992d |
2108d
|
12/28 |
1960d |
c3bcde026684
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
|
memory leak in new_inode_pseudo
net
s390
|
C |
|
|
136 |
1960d |
2009d
|
12/28 |
1960d |
355e8d26f719
io_uring: fix memory leak of UNIX domain socket inode
|
memory leak in lapb_register
x25
|
C |
|
|
16 |
1983d |
2010d
|
12/28 |
1960d |
6be8e297f9bc
lapb: fixed leak of control-blocks.
|
KASAN: use-after-free Read in blk_mq_free_rqs
block
|
C |
error |
|
3481 |
1989d |
1994d
|
12/28 |
1967d |
c3e2219216c9
block: free sched's request pool in blk_cleanup_queue
|
possible deadlock in aio_poll
fs
|
C |
|
|
5041 |
2119d |
2263d
|
12/28 |
1971d |
ae62c16e105a
userfaultfd: disable irqs when taking the waitqueue lock
|
KASAN: slab-out-of-bounds Read in linear_transfer (2)
sound
|
|
|
|
1 |
2047d |
2038d
|
12/28 |
1976d |
ca0214ee2802
ALSA: pcm: Fix possible OOB access in PCM oss plugins
|
KASAN: slab-out-of-bounds Read in rhashtable_walk_enter
|
C |
done |
|
48 |
2010d |
2013d
|
12/28 |
1976d |
526f5b851a96
tipc: fix modprobe tipc failed after switch order of device registration
|
BUG: spinlock bad magic in rhashtable_walk_enter
tipc
|
C |
done |
|
8 |
2010d |
2013d
|
12/28 |
1976d |
526f5b851a96
tipc: fix modprobe tipc failed after switch order of device registration
|
KASAN: use-after-free Write in check_and_subscribe_port
sound
|
|
|
|
1 |
2031d |
2024d
|
12/28 |
1976d |
7c32ae35fbf9
ALSA: seq: Cover unsubscribe_port() in list_mutex
|
WARNING: proc registration bug in snd_info_card_register
usb
sound
|
C |
|
|
453 |
2005d |
2049d
|
12/28 |
1976d |
0b074ab7fc0d
ALSA: line6: Assure canceling delayed work at disconnection
|
KASAN: slab-out-of-bounds Write in default_read_copy_kernel
sound
|
C |
done |
|
3 |
2096d |
2173d
|
12/28 |
1976d |
ca0214ee2802
ALSA: pcm: Fix possible OOB access in PCM oss plugins
|
INFO: task hung in __ia32_sys_io_uring_enter
fs
|
|
|
|
2 |
2046d |
2047d
|
12/28 |
1977d |
b19062a56726
io_uring: fix possible deadlock between io_uring_{enter,register}
|
INFO: task hung in __x64_sys_io_uring_enter
fs
|
|
|
|
12 |
2040d |
2047d
|
12/28 |
1977d |
b19062a56726
io_uring: fix possible deadlock between io_uring_{enter,register}
|
general protection fault in sctp_sched_dequeue_common (2)
sctp
|
C |
done |
|
3 |
2078d |
2078d
|
12/28 |
1977d |
2e990dfd1397
sctp: remove sched init from sctp_stream_init
|
WARNING in ovl_instantiate
overlayfs
|
syz |
done |
|
75 |
2034d |
2202d
|
12/28 |
1977d |
146d62e5a586
ovl: detect overlapping layers
acf3062a7e1c
ovl: relax WARN_ON() for overlapping layers use case
|
general protection fault in sisusb_probe
usb
|
C |
|
|
3 |
2019d |
2022d
|
12/28 |
1981d |
9a5729f68d3a
USB: sisusbvga: fix oops in error path of sisusb_probe
|
INFO: task hung in __get_super
fs
|
C |
|
|
80 |
1981d |
2425d
|
12/28 |
1981d |
33ec3e53e7b1
loop: Don't change loop device under exclusive opener
|
KASAN: slab-out-of-bounds Write in usb_get_bos_descriptor
usb
|
syz |
|
|
3 |
2008d |
2021d
|
12/28 |
1981d |
a03ff5446081
USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
|
KASAN: invalid-free in disconnect_rio
usb
|
C |
|
|
180 |
2004d |
2049d
|
12/28 |
1981d |
3864d33943b4
USB: rio500: refuse more than one device at a time
|
general protection fault in smsusb_init_device
media
usb
|
C |
|
|
23 |
2004d |
2043d
|
12/28 |
1981d |
31e0456de5be
media: usb: siano: Fix general protection fault in smsusb
|
memory leak in packet_setsockopt
net
|
C |
|
|
10 |
1994d |
2010d
|
12/28 |
1981d |
afa0925c6fcc
packet: unconditionally free po->rollover
|
KASAN: wild-memory-access Read in refcount_sub_and_test_checked
net
|
|
|
|
2 |
2000d |
2017d
|
12/28 |
1982d |
61fb0d016807
ipv6: prevent possible fib6 leaks
|
KASAN: use-after-free Read in ip6_fragment
net
|
|
|
|
1 |
2013d |
2013d
|
12/28 |
1982d |
61fb0d016807
ipv6: prevent possible fib6 leaks
|
BUG: unable to handle kernel NULL pointer dereference in ip6_rcv_finish
net
|
|
|
|
3 |
1989d |
2017d
|
12/28 |
1982d |
61fb0d016807
ipv6: prevent possible fib6 leaks
|
KASAN: use-after-free Write in fib6_purge_rt
net
|
|
|
|
2 |
2007d |
2015d
|
12/28 |
1982d |
61fb0d016807
ipv6: prevent possible fib6 leaks
|
KASAN: null-ptr-deref Write in fib6_purge_rt
net
|
|
|
|
18 |
1996d |
2019d
|
12/28 |
1982d |
61fb0d016807
ipv6: prevent possible fib6 leaks
|
KASAN: use-after-free Read in napi_gro_frags
|
C |
done |
|
16 |
2000d |
2002d
|
12/28 |
1982d |
a4270d6795b0
net-gro: fix use-after-free read in napi_gro_frags()
|
memory leak in ip_mc_add_src
net
|
C |
|
|
14 |
1986d |
2010d
|
12/28 |
1982d |
3580d04aa674
ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
|
memory leak in process_preds
trace
|
C |
|
|
1 |
2004d |
2004d
|
12/28 |
1982d |
dfb4a6f2191a
tracing: Avoid memory leak in predicate_parse()
|
memory leak in llc_ui_create
net
|
C |
|
|
4 |
1992d |
2004d
|
12/28 |
1982d |
8fb44d60d414
llc: fix skb leak in llc_build_and_send_ui_pkt()
|
memory leak in inet_create
net
|
C |
|
|
2 |
1996d |
2010d
|
12/28 |
1982d |
100f6d8e0990
net: correct zerocopy refcnt with udp MSG_MORE
|
KASAN: slab-out-of-bounds Write in fib6_purge_rt
net
|
|
|
|
6 |
1983d |
2018d
|
12/28 |
1982d |
61fb0d016807
ipv6: prevent possible fib6 leaks
|
INFO: trying to register non-static key in rhashtable_walk_enter
tipc
|
C |
|
|
16 |
2010d |
2013d
|
12/28 |
1982d |
526f5b851a96
tipc: fix modprobe tipc failed after switch order of device registration
|
KASAN: use-after-free Read in __dev_map_entry_free
bpf
net
|
C |
|
|
473 |
2064d |
2345d
|
12/28 |
1982d |
2baae3545327
bpf: devmap: fix use-after-free Read in __dev_map_entry_free
|
KASAN: null-ptr-deref Write in submit_audio_out_urb
sound
usb
|
C |
|
|
185 |
1989d |
2004d
|
12/28 |
1982d |
0b074ab7fc0d
ALSA: line6: Assure canceling delayed work at disconnection
|
INFO: task hung in usb_kill_urb
usb
|
C |
|
|
1515 |
2044d |
2049d
|
12/28 |
1986d |
50896c410354
USB: dummy-hcd: Fix failure to give back unlinked URBs
USB: dummy-hcd: Fix failure to give back unlinked URBs
|
KASAN: use-after-free Read in snd_seq_timer_interrupt
sound
|
|
|
|
1 |
2219d |
2219d
|
12/28 |
1986d |
fe1b26c93d43
ALSA: timer: Make snd_timer_close() really kill pending actions
|
general protection fault in do_move_mount
fs
|
|
|
|
3 |
2023d |
2023d
|
12/28 |
1986d |
05883eee857e
do_move_mount(): fix an unsafe use of is_anon_ns()
|
KASAN: use-after-free Read in tipc_sk_filter_rcv
tipc
|
C |
done |
|
3439 |
2065d |
2072d
|
12/28 |
1986d |
77d5ad4048fb
tipc: fix use-after-free in tipc_sk_filter_rcv
|
BUG: assuming atomic context at net/core/flow_dissector.c:LINE
net
|
syz |
|
|
19 |
2016d |
2021d
|
12/28 |
1986d |
b1c17a9a3538
flow_dissector: disable preemption around BPF calls
|
general protection fault in load_elf_binary
fs
mm
|
C |
done |
|
15 |
2059d |
2063d
|
12/28 |
1986d |
cc338010a233
fs/binfmt_elf.c: free PT_INTERP filename ASAP
|
INFO: task hung in snd_seq_kernel_client_ctl
sound
|
C |
done |
|
554 |
2049d |
2050d
|
12/28 |
1986d |
f0654ba94e33
Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex"
|
BUG: unable to handle kernel paging request in isolate_freepages_block
mm
|
|
|
|
3 |
2030d |
2024d
|
12/28 |
1986d |
60fce36afa9c
mm/compaction.c: correct zone boundary handling when isolating pages from a pageblock
|
KASAN: use-after-free Read in snd_timer_process_callbacks
sound
|
C |
done |
|
4 |
2051d |
2052d
|
12/28 |
1986d |
df55531b8b0e
ALSA: timer: Revert active callback sync check at close
|
WARNING in cma_exit_net
rdma
|
|
|
|
25 |
2059d |
2060d
|
12/28 |
1986d |
061ccb52d23c
RDMA/cma: Set proper port number as index
|
KASAN: use-after-free Read in snd_seq_ioctl_get_subscription
sound
|
|
|
|
2 |
2210d |
2242d
|
12/28 |
1986d |
2eabc5ec8ab4
ALSA: seq: Fix race of get-subscription call vs port-delete ioctls
|
KASAN: use-after-free Read in tcp_v6_send_reset
net
|
|
|
|
1 |
2067d |
2067d
|
12/28 |
1986d |
4f661542a402
tcp: fix zerocopy and notsent_lowat issues
|
WARNING in batadv_mcast_mla_update
batman
|
|
|
|
75 |
2017d |
2152d
|
12/28 |
1986d |
a3c7cd0cdf11
batman-adv: mcast: fix multicast tt/tvlv worker locking
|
BUG: using __this_cpu_read() in preemptible code in ip6_finish_output
|
C |
done |
|
18807 |
2054d |
2059d
|
12/28 |
1986d |
28b05b928868
net: use correct this_cpu primitive in dev_recursion_level
|
WARNING: ODEBUG bug in netdev_freemem
|
syz |
done |
|
1042 |
1986d |
2151d
|
12/28 |
1986d |
a3c7cd0cdf11
batman-adv: mcast: fix multicast tt/tvlv worker locking
|
WARNING: locking bug in nfs_get_client
nfs
|
C |
done |
|
13 |
2022d |
2023d
|
12/28 |
1986d |
c260121a97a3
NFS: Fix a double unlock from nfs_match,get_client
|
WARNING: locking bug in copy_process
kernel
|
C |
done |
|
3 |
2019d |
2022d
|
12/28 |
1986d |
c3b7112df86b
fork: do not release lock that wasn't taken
|
KASAN: use-after-free Read in string
input
|
C |
|
|
247 |
2030d |
2270d
|
12/28 |
1986d |
c03a0fd0b609
kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
|
KASAN: use-after-free Read in get_mem_cgroup_from_mm
mm
cgroups
|
C |
done |
|
375 |
2032d |
2206d
|
12/28 |
1986d |
c3f3ce049f7d
userfaultfd: use RCU to free the task struct when fork fails
|
KASAN: slab-out-of-bounds Write in skb_release_data
net
|
|
|
|
1 |
2066d |
2065d
|
12/28 |
1986d |
4f661542a402
tcp: fix zerocopy and notsent_lowat issues
|
KASAN: use-after-free Read in __vb2_perform_fileio
|
C |
done |
|
786 |
2023d |
2214d
|
12/28 |
1986d |
d65842f7126a
media: vb2: add waiting_in_dqbuf flag
|
BUG: sleeping function called from invalid context in line6_pcm_acquire
sound
|
|
|
|
119 |
2005d |
2023d
|
12/28 |
1986d |
7f84ff68be05
ALSA: line6: toneport: Fix broken usage of timer for delayed execution
|
kernel BUG at drivers/android/binder_alloc.c:LINE! (3)
kernel
|
C |
done |
|
24 |
1995d |
2064d
|
12/28 |
1986d |
a3c7cd0cdf11
batman-adv: mcast: fix multicast tt/tvlv worker locking
|
WARNING in batadv_mcast_mla_tt_retract
batman
|
syz |
done |
|
190 |
2017d |
2152d
|
12/28 |
1986d |
a3c7cd0cdf11
batman-adv: mcast: fix multicast tt/tvlv worker locking
|
KASAN: use-after-free Write in __ext4_expand_extra_isize
ext4
|
C |
|
|
95 |
2033d |
2424d
|
12/28 |
1986d |
7bc04c5c2cc4
ext4: fix use-after-free race with debug_want_extra_isize
|
general protection fault in tipc_mcast_filter_msg
tipc
|
C |
done |
|
3889 |
2050d |
2072d
|
12/28 |
1986d |
08e046c8966a
tipc: fix a null pointer deref
|
WARNING in port_delete
sound
|
syz |
done |
|
22 |
2109d |
2324d
|
12/28 |
1986d |
7c32ae35fbf9
ALSA: seq: Cover unsubscribe_port() in list_mutex
feb689025fbb
ALSA: seq: Protect in-kernel ioctl calls with mutex
|
kernel BUG at mm/slab.c:LINE! (4)
fs
|
|
|
|
12 |
1998d |
2065d
|
12/28 |
1986d |
4f661542a402
tcp: fix zerocopy and notsent_lowat issues
|
possible deadlock in acct_pin_kill
|
C |
done |
|
273 |
2029d |
2246d
|
12/28 |
1986d |
9419a3191dcb
acct_on(): don't mess with freeze protection
|
kernel BUG at arch/x86/mm/physaddr.c:LINE! (2)
media
|
C |
done |
|
522 |
1986d |
2196d
|
12/28 |
1986d |
dad7e270ba71
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
|
general protection fault in __handle_mm_fault
net
|
C |
error |
|
17 |
2228d |
2238d
|
12/28 |
1989d |
ff09d7ec9786
mm/memory.c: recheck page table entry with page table lock held
|
KMSAN: uninit-value in aa_fqlookupn_profile
apparmor
|
C |
|
|
39 |
2200d |
2245d
|
12/28 |
1989d |
250f2da49cb8
apparmor: Fix uninitialized value in aa_split_fqname
|
BUG: bad usercopy in __check_heap_object (3)
hardening
mm
|
C |
|
|
287 |
2258d |
2329d
|
12/28 |
1989d |
1f4aace60b0e
fs/seq_file.c: simplify seq_file iteration code and interface
|
general protection fault in put_fs_context
fs
|
C |
|
|
9 |
2213d |
2213d
|
12/28 |
1989d |
8d0347f6c3a9
convert do_remount_sb() to fs_context
|
kernel panic: MAC Initialization failed. (3)
tomoyo
|
C |
done |
|
799 |
2018d |
2092d
|
9/28 |
1989d |
e80b18599a39
tomoyo: Add a kernel config option for fuzzing testing.
|
KASAN: use-after-free Read in br_mdb_ip_get
bridge
|
|
|
|
1 |
2124d |
2124d
|
12/28 |
2000d |
1515a63fc413
net: bridge: always clear mcast matching struct on reports and leaves
|
KMSAN: uninit-value in br_mdb_ip_get
bridge
|
|
|
|
5 |
2064d |
2123d
|
12/28 |
2000d |
1515a63fc413
net: bridge: always clear mcast matching struct on reports and leaves
|
WARNING in xfrm_state_fini (2)
net
|
C |
|
|
37510 |
2029d |
2481d
|
12/28 |
2004d |
dbb2483b2a46
xfrm: clean up xfrm protocol checks
|
KMSAN: uninit-value in rds_connect
rds
|
C |
|
|
952 |
2032d |
2274d
|
12/28 |
2004d |
dd3ac9a68435
net/rds: Check address length before reading address family
|
general protection fault in __dev_printk
usb
|
C |
|
|
300 |
2031d |
2044d
|
12/28 |
2004d |
ef61eb43ada6
USB: yurex: Fix protection fault after device removal
|
INFO: trying to register non-static key in vmk80xx_detach
staging
usb
|
C |
|
|
1528 |
2004d |
2049d
|
12/28 |
2004d |
08b7c2f9208f
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
|
KMSAN: uninit-value in rtnl_stats_dump
net
|
syz |
|
|
14 |
2034d |
2049d
|
12/28 |
2004d |
69f23a09daf9
rtnetlink: fix rtnl_valid_stats_req() nlmsg_len check
|
WARNING: suspicious RCU usage in fib_compute_spec_dst
net
|
|
|
|
1 |
2048d |
2048d
|
12/28 |
2004d |
c543cb4a5f07
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
|
BUG: unable to handle page fault for address = ADDR
kernel
|
C |
done |
|
3 |
2036d |
2036d
|
12/28 |
2004d |
baf76f0c58ae
slip: make slhc_free() silently accept an error pointer
|
KASAN: use-after-free Read in seccomp_notify_release (2)
kernel
|
C |
done |
|
9 |
2067d |
2067d
|
12/28 |
2004d |
7a0df7fbc145
seccomp: Make NEW_LISTENER and TSYNC flags exclusive
|
WARNING in compat_copy_entries (2)
|
syz |
done |
|
19416 |
2018d |
2451d
|
12/28 |
2004d |
7caa56f006e9
netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
|
KMSAN: uninit-value in tomoyo_check_inet_address
tomoyo
|
|
|
|
33 |
2015d |
2015d
|
12/28 |
2004d |
e6193f78bb68
tomoyo: Check address length before reading address family
|
BUG: sleeping function called from invalid context at crypto/skcipher.c:LINE
crypto
|
|
|
|
1 |
2048d |
2047d
|
12/28 |
2004d |
44427c0fbc09
crypto: xts - Fix atomic sleep when walking skcipher
|
KMSAN: uninit-value in rds_bind
rds
|
C |
|
|
6202 |
2032d |
2274d
|
12/28 |
2004d |
dd3ac9a68435
net/rds: Check address length before reading address family
|
INFO: trying to register non-static key in ni6501_detach
staging
usb
|
C |
|
|
127 |
2005d |
2047d
|
12/28 |
2004d |
660cf4ce9d0f
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
|
KASAN: slab-out-of-bounds Read in skb_gro_receive (2)
net
|
C |
done |
|
5 |
2030d |
2030d
|
12/28 |
2004d |
4dd2b82d5adf
udp: fix GRO packet of death
|
KASAN: stack-out-of-bounds Write in __ip_options_echo
net
|
syz |
done |
|
8 |
2038d |
2042d
|
12/28 |
2004d |
20ff83f10f11
ipv4: add sanity checks in ipv4_link_failure()
|
general protection fault in vcpu_enter_guest (2)
kvm
|
C |
done |
|
11286 |
2030d |
2036d
|
12/28 |
2004d |
b904cb8dff82
KVM: lapic: Check for in-kernel LAPIC before deferencing apic pointer
|
KASAN: use-after-free Read in snd_info_free_entry
usb
sound
|
C |
|
|
47 |
2016d |
2047d
|
12/28 |
2004d |
2a3f7221acdd
ALSA: core: Fix card races between register and disconnect
8c2f870890fd
ALSA: info: Fix racy addition/deletion of nodes
|
WARNING in percpu_ref_kill_and_confirm
|
C |
done |
|
443 |
2032d |
2039d
|
12/28 |
2004d |
35fa71a030ca
io_uring: fail io_uring_register(2) on a dying io_uring instance
|
general protection fault in skb_queue_tail
|
C |
done |
|
35 |
2037d |
2038d
|
12/28 |
2004d |
032be5f19a94
rxrpc: fix race condition in rxrpc_input_packet()
|
WARNING in wiphy_register (4)
wireless
|
syz |
error |
|
3 |
2048d |
2077d
|
12/28 |
2004d |
45fcef8b727b
mac80211_hwsim: calculate if_combination.max_interfaces
|
INFO: task hung in __io_uring_register
fs
|
C |
done |
|
51 |
2040d |
2048d
|
12/28 |
2004d |
b19062a56726
io_uring: fix possible deadlock between io_uring_{enter,register}
|
WARNING in __kthread_bind_mask
|
C |
done |
|
2929 |
2038d |
2048d
|
12/28 |
2004d |
060586324648
io_uring: park SQPOLL thread if it's percpu
|
general protection fault in ieee80211_debugfs_rename_netdev
wireless
|
|
|
|
8 |
2033d |
2047d
|
12/28 |
2004d |
517879147493
mac80211: don't attempt to rename ERR_PTR() debugfs dirs
|
KASAN: slab-out-of-bounds Read in ds_probe
usb
|
C |
|
|
5 |
2006d |
2044d
|
12/28 |
2004d |
c114944d7d67
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
|
INFO: rcu detected stall in rose_loopback_timer
hams
|
|
|
|
5 |
2019d |
2038d
|
12/28 |
2004d |
0453c6824595
net/rose: fix unbound loop in rose_loopback_timer()
|
KMSAN: uninit-value in rtnl_stats_get
net
|
C |
|
|
5 |
2041d |
2049d
|
12/28 |
2004d |
69f23a09daf9
rtnetlink: fix rtnl_valid_stats_req() nlmsg_len check
|
KASAN: use-after-free Read in pid_nr_ns
kernel
|
|
|
|
1 |
2034d |
2034d
|
12/28 |
2004d |
6c0afef5fb0c
ipv6/flowlabel: wait rcu grace period before put_pid()
|
KMSAN: uninit-value in tomoyo_check_unix_address
tomoyo
|
|
|
|
8 |
2015d |
2015d
|
12/28 |
2004d |
e6193f78bb68
tomoyo: Check address length before reading address family
|
kernel BUG at net/core/net-sysfs.c:LINE!
net
|
C |
done |
|
890 |
2033d |
2069d
|
12/28 |
2004d |
8ed633b9baf9
Revert "net-sysfs: Fix memory leak in netdev_register_kobject"
|
WARNING: refcount bug in l2tp_tunnel_get
net
|
|
|
|
1 |
2032d |
2032d
|
12/28 |
2004d |
a622b40035d1
l2ip: fix possible use-after-free
|
WARNING in io_uring_setup
|
C |
done |
|
3601 |
2028d |
2048d
|
12/28 |
2004d |
917257daa0fe
io_uring: only test SQPOLL cpu after we've verified it
|
KASAN: user-memory-access Write in fib6_purge_rt
net
|
|
|
|
6 |
2006d |
2035d
|
12/28 |
2004d |
0e2338749192
ipv6: fix races in ip6_dst_destroy()
|
general protection fault in xfrmi_decode_session
|
C |
done |
|
16694 |
2029d |
2100d
|
12/28 |
2004d |
6ed69184ed9c
xfrm: Reset secpath in xfrm failure
|
INFO: task hung in vhost_net_stop_vq
kvm
net
virt
|
C |
done |
|
136 |
2044d |
2182d
|
12/28 |
2004d |
813dbeb656d6
vhost: reject zero size iova range
|
general protection fault in fanotify_handle_event
fs
|
syz |
done |
|
5 |
2043d |
2043d
|
12/28 |
2004d |
b1da6a51871c
fsnotify: Fix NULL ptr deref in fanotify_get_fsid()
|
BUG: unable to handle kernel paging request in do_mount
fs
|
C |
|
|
194 |
2215d |
2252d
|
12/28 |
2011d |
3e1aeb00e6d1
vfs: Implement a filesystem superblock creation/configuration context
|
KASAN: stack-out-of-bounds Read in string
usb
|
C |
|
|
46 |
2038d |
2049d
|
12/28 |
2016d |
c01c348ecdc6
USB: core: Fix unterminated string returned by usb_string()
|
WARNING in usb_submit_urb (4)
usb
|
syz |
done |
|
46 |
2017d |
2206d
|
12/28 |
2016d |
c2b71462d294
USB: core: Fix bug caused by duplicate interface PM usage counter
|
WARNING: locking bug in icmp_send
net
|
syz |
done |
|
1 |
2101d |
2101d
|
12/28 |
2022d |
9926cb5f8b0f
tipc: change to check tipc_own_id to return in tipc_net_stop
|
KMSAN: uninit-value in ip6_compressed_string
net
nfs
|
C |
|
|
9024 |
2032d |
2184d
|
12/28 |
2032d |
7c2bd9a39845
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
|
kernel BUG at fs/inode.c:LINE!
autofs
|
C |
done |
|
2 |
2167d |
2166d
|
12/28 |
2049d |
9bf964c9cee4
autofs: simplify parse_options() function call
|
KMSAN: uninit-value in tipc_nl_compat_name_table_dump (2)
tipc
|
C |
|
|
6 |
2079d |
2064d
|
12/28 |
2049d |
2ac695d1d602
tipc: handle the err returned from cmd header function
|
BUG: corrupted list in rhashtable_walk_enter
net
|
syz |
error |
|
3 |
2068d |
2067d
|
12/28 |
2049d |
b5f9bd15b885
ila: Fix rhashtable walker list corruption
|
possible deadlock in seq_read
fs
|
C |
|
|
19074 |
2057d |
2546d
|
12/28 |
2049d |
73601ea5b7b1
fs/open.c: allow opening only regular files during execve()
|
KASAN: use-after-free Read in link_path_walk
fs
|
syz |
done |
|
5 |
2169d |
2184d
|
12/28 |
2049d |
1da6c4d9140c
bpf: fix use after free in bpf_evict_inode
|
KASAN: slab-out-of-bounds Read in default_write_copy_kernel
sound
|
C |
done |
|
366 |
2065d |
2188d
|
12/28 |
2049d |
ca0214ee2802
ALSA: pcm: Fix possible OOB access in PCM oss plugins
|
KASAN: use-after-free Read in trailing_symlink
fs
|
syz |
done |
|
2 |
2170d |
2184d
|
12/28 |
2049d |
1da6c4d9140c
bpf: fix use after free in bpf_evict_inode
|
KMSAN: kernel-infoleak in sctp_getsockopt (3)
sctp
|
syz |
|
|
11 |
2052d |
2064d
|
12/28 |
2049d |
09279e615c81
sctp: initialize _pad of sockaddr_in before copying to user memory
|
BUG: unable to handle kernel paging request in ip6_fragment
net
|
|
|
|
1 |
2065d |
2063d
|
12/28 |
2049d |
ef0efcd3bd3f
ipv6: Fix dangling pointer when ipv6 fragment
|
KMSAN: uninit-value in tipc_nl_compat_link_set (3)
tipc
|
C |
|
|
15 |
2055d |
2065d
|
12/28 |
2049d |
8c63bf9ab4be
tipc: check link name with right length in tipc_nl_compat_link_set
|
KASAN: use-after-free Read in path_lookupat
fs
|
syz |
done |
|
1 |
2184d |
2184d
|
12/28 |
2049d |
1da6c4d9140c
bpf: fix use after free in bpf_evict_inode
|
KMSAN: uninit-value in tipc_nl_compat_bearer_enable (2)
tipc
|
C |
|
|
51 |
2052d |
2065d
|
12/28 |
2049d |
6f07e5f06c87
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
|
KASAN: use-after-free Read in drm_gem_object_release
dri
|
C |
|
|
480 |
2065d |
2218d
|
12/28 |
2049d |
21d2b1227323
drm/vgem: fix use-after-free when drm_gem_handle_create() fails
|
WARNING: lock held when returning to user space in tun_get_user
net
|
C |
done |
|
55 |
2076d |
2076d
|
12/28 |
2051d |
9180bb4f0460
tun: add a missing rcu_read_unlock() in error path
|
kernel panic: corrupted stack end in wb_workfn
mm
|
C |
done |
|
14 |
2151d |
2152d
|
12/28 |
2051d |
ef82bcfa671b
sctp: use memdup_user instead of vmemdup_user
|
general protection fault in fib6_purge_rt
net
|
C |
done |
|
60 |
2053d |
2170d
|
12/28 |
2051d |
9926cb5f8b0f
tipc: change to check tipc_own_id to return in tipc_net_stop
|
KASAN: slab-out-of-bounds Read in icmp6_send
net
|
|
|
|
1 |
2078d |
2078d
|
12/28 |
2051d |
4477138fa0ae
tun: properly test for IFF_UP
|
KASAN: stack-out-of-bounds Write in rose_write_internal
hams
|
|
|
|
1 |
2078d |
2078d
|
12/28 |
2051d |
e5dcc0c3223c
net: rose: fix a possible stack overflow
|
KASAN: use-after-free Read in __icmp_send
net
|
|
|
|
1 |
2070d |
2065d
|
12/28 |
2051d |
4477138fa0ae
tun: properly test for IFF_UP
|
general protection fault in sctp_assoc_rwnd_increase
sctp
|
C |
done |
|
28 |
2065d |
2080d
|
12/28 |
2051d |
636d25d557d1
sctp: not copy sctp_sock pd_lobby in sctp_copy_descendant
|
WARNING in free_loaded_vmcs (2)
kvm
|
syz |
done |
|
5 |
2269d |
2290d
|
11/28 |
2059d |
5bea5123cbf0
KVM: VMX: check nested state and CR4.VMXE against SMM
|
general protection fault in kvm_lapic_hv_timer_in_use
kvm
|
syz |
done |
|
205 |
2251d |
2293d
|
11/28 |
2059d |
26b471c7e2f7
KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs
|
WARNING in enter_vmx_operation
kvm
|
syz |
done |
|
8 |
2262d |
2274d
|
11/28 |
2059d |
5bea5123cbf0
KVM: VMX: check nested state and CR4.VMXE against SMM
|
general protection fault in loop_validate_file (2)
block
|
|
|
|
3 |
2072d |
2075d
|
11/28 |
2060d |
f7c8a4120eed
loop: access lo_backing_file only when the loop device is Lo_bound
|
WARNING in lockdep_unregister_key
bluetooth
|
C |
done |
|
214 |
2067d |
2081d
|
11/28 |
2060d |
82efcab3b9f3
workqueue: Only unregister a registered lockdep key
|
WARNING: bad usercopy in fanotify_read
hardening
mm
|
C |
done |
|
5 |
2080d |
2081d
|
11/28 |
2060d |
b2d22b6bb33a
fanotify: Allow copying of file handle to userspace
|
KASAN: use-after-free Read in filemap_fault
fs
mm
|
C |
|
|
277 |
2144d |
2154d
|
11/28 |
2060d |
6b4c9f446981
filemap: drop the mmap_sem for all blocking operations
|
general protection fault in ebitmap_destroy (2)
selinux
|
C |
done |
|
36 |
2070d |
2078d
|
11/28 |
2060d |
6a1afffb08ce
selinux: fix NULL dereference in policydb_destroy()
|
WARNING in __flush_work (2)
dri
|
C |
|
|
38 |
2084d |
2085d
|
11/28 |
2064d |
b30b61ff6b1d
drm/vkms: Fix flush_work() without INIT_WORK().
|
general protection fault in sctp_sched_rr_dequeue
sctp
|
C |
done |
|
11 |
2077d |
2087d
|
11/28 |
2064d |
2e990dfd1397
sctp: remove sched init from sctp_stream_init
|
KASAN: use-after-free Read in br_multicast_rcv
bridge
|
|
|
|
1 |
2083d |
2083d
|
11/28 |
2064d |
083b78a9ed64
ip: fix ip_mc_may_pull() return value
|
possible deadlock in shmem_fallocate (2)
mm
|
C |
|
|
1325 |
2086d |
2294d
|
11/28 |
2064d |
fb4415a12632
staging: android: ashmem: Don't call fallocate() with ashmem_mutex held.
|
BUG: MAX_STACK_TRACE_ENTRIES too low!
|
C |
done |
|
1725 |
2064d |
2090d
|
11/28 |
2064d |
009bb421b6ce
workqueue, lockdep: Fix an alloc_workqueue() error path
|
general protection fault in tc_ctl_chain
net
|
C |
|
|
21 |
2099d |
2107d
|
11/28 |
2064d |
af736bf071e8
net: sched: potential NULL dereference in tcf_block_find()
|
KMSAN: uninit-value in mpol_rebind_mm
mm
|
|
|
|
6 |
2067d |
2151d
|
11/28 |
2064d |
2e25644e8da4
mm, mempolicy: fix uninit memory access
|
INFO: trying to register non-static key in dump_header
mm
|
|
|
|
1 |
2096d |
2096d
|
11/28 |
2064d |
b30b61ff6b1d
drm/vkms: Fix flush_work() without INIT_WORK().
|
WARNING: lock held when returning to user space in grab_super
kernfs
|
|
|
|
2 |
2106d |
2149d
|
11/28 |
2064d |
399504e21a10
fix cgroup_do_mount() handling of failure exits
|
KASAN: use-after-free Read in unix_dgram_poll
net
|
syz |
|
|
2 |
2093d |
2089d
|
11/28 |
2064d |
84c4e1f89fef
aio: simplify - and fix - fget/fput for io_submit()
|
general protection fault in hci_uart_write_work
bluetooth
|
C |
|
|
84 |
2088d |
2137d
|
11/28 |
2064d |
32a7b4cbe93b
Bluetooth: hci_ldisc: Initialize hci_dev before open()
|
KASAN: use-after-free Read in rdma_listen
rdma
|
C |
|
|
1548 |
2065d |
2425d
|
11/28 |
2064d |
5fc01fb846bc
RDMA/cma: Rollback source IP address if failing to acquire device
|
KASAN: use-after-free Read in h5_reset_rx
bluetooth
|
|
|
|
2 |
2095d |
2100d
|
11/28 |
2064d |
56897b217a1d
Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()
|
kernel BUG at drivers/android/binder_alloc.c:LINE! (2)
kernel
|
C |
|
|
1257 |
2064d |
2106d
|
11/28 |
2064d |
26528be6720b
binder: fix handling of misaligned binder object
|
INFO: trying to register non-static key in __flush_work
dri
|
C |
|
|
5255 |
2085d |
2153d
|
11/28 |
2064d |
b30b61ff6b1d
drm/vkms: Fix flush_work() without INIT_WORK().
|
KASAN: use-after-free Read in alloc_workqueue
rdma
|
C |
|
|
37 |
2077d |
2089d
|
11/28 |
2064d |
009bb421b6ce
workqueue, lockdep: Fix an alloc_workqueue() error path
|
general protection fault in cgroup_reconfigure
cgroups
|
C |
|
|
7 |
2300d |
2328d
|
11/28 |
2064d |
23bf1b6be9c2
kernfs, sysfs, cgroup, intel_rdt: Support fs_context
|
KASAN: use-after-free Read in x25_device_event
x25
|
C |
|
|
548 |
2078d |
2153d
|
11/28 |
2064d |
95d6ebd53c79
net/x25: fix use-after-free in x25_device_event()
|
possible deadlock in __do_page_fault
fs
mm
|
C |
|
|
820 |
2086d |
2253d
|
11/28 |
2064d |
fb4415a12632
staging: android: ashmem: Don't call fallocate() with ashmem_mutex held.
|
possible deadlock in vfs_fallocate
fs
|
C |
|
|
3981 |
2286d |
2397d
|
11/28 |
2064d |
fb4415a12632
staging: android: ashmem: Don't call fallocate() with ashmem_mutex held.
|
WARNING in get_q_data
media
|
C |
|
|
649 |
2112d |
2122d
|
11/28 |
2064d |
db9a01b32ca9
media: vicodec: check type in g/s_selection
|
KMSAN: kernel-infoleak in video_usercopy
media
|
C |
|
|
410 |
2065d |
2164d
|
11/28 |
2064d |
f45f3f753b0a
media: v4l2-ctrls.c/uvc: zero v4l2_event
|
KMSAN: uninit-value in gue6_err (2)
net
|
C |
|
|
2826 |
2064d |
2086d
|
11/28 |
2064d |
5355ed6388e2
fou, fou6: avoid uninit-value in gue_err() and gue6_err()
|
kernel BUG at kernel/time/timer.c:LINE! (3)
net
|
|
|
|
1 |
2085d |
2085d
|
11/28 |
2064d |
1e027960edfa
net/hsr: fix possible crash in add_timer()
|
BUG: unable to handle kernel paging request in gro_cells_destroy (3)
net
|
|
|
|
3 |
2066d |
2083d
|
11/28 |
2064d |
2a5ff07a0eb9
gro_cells: make sure device is up in gro_cells_receive()
|
KMSAN: kernel-infoleak in move_addr_to_user (2)
net
|
C |
|
|
8 |
2065d |
2080d
|
11/28 |
2064d |
163d1c3d6f17
l2tp: fix infoleak in l2tp_ip6_recvmsg()
|
general protection fault in nf_ct_gre_keymap_flush
netfilter
|
C |
|
|
22 |
2123d |
2129d
|
11/28 |
2064d |
ac088a88b5d5
netfilter: conntrack: fix error path in nf_conntrack_pernet_init()
|
general protection fault in xsk_diag_dump
bpf
net
|
C |
|
|
5 |
2082d |
2088d
|
11/28 |
2064d |
915905f8b1d4
xsk: fix potential crash in xsk_diag_put_umem()
|
BUG: unable to handle kernel paging request in h4_recv_buf
bluetooth
|
C |
|
|
203 |
2088d |
2149d
|
11/28 |
2064d |
1dc2d785156c
Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf()
|
general protection fault in x25_write_internal
x25
|
|
|
|
8 |
2081d |
2081d
|
11/28 |
2064d |
ee74d0bd4325
net/x25: reset state in x25_connect()
|
BUG: unable to handle kernel NULL pointer dereference in __generic_file_write_iter
fs
mm
|
|
|
|
5 |
2091d |
2099d
|
11/28 |
2064d |
ac5ceccce550
x86/unwind: Add hardcoded ORC entry for NULL
f4f34e1b82eb
x86/unwind: Handle NULL pointer calls better in frame unwinder
|
possible deadlock in userfaultfd_read
fs
|
|
|
|
239 |
2065d |
2119d
|
11/28 |
2064d |
d3d6a18d7d35
aio: Fix locking in aio_poll()
|
KMSAN: uninit-value in gue_err (2)
net
|
C |
|
|
1617 |
2064d |
2086d
|
11/28 |
2064d |
5355ed6388e2
fou, fou6: avoid uninit-value in gue_err() and gue6_err()
|
KASAN: use-after-free Read in kobject_put
kernel
|
C |
|
|
12 |
2093d |
2224d
|
11/28 |
2064d |
e20a2e9c42c9
Bluetooth: Fix decrementing reference count twice in releasing socket
|
BUG: assuming atomic context at kernel/seccomp.c:LINE
kernel
|
C |
|
|
709 |
2099d |
2100d
|
11/28 |
2064d |
e80d02dd7630
seccomp, bpf: disable preemption before calling into bpf prog
|
general protection fault in delayed_uprobe_remove
perf
|
C |
done |
|
2 |
2209d |
2211d
|
11/28 |
2070d |
1aed58e67a6e
Uprobes: Fix kernel oops with delayed_uprobe_remove()
|
WARNING: locking bug in lock_downgrade
mm
|
|
|
|
30 |
2130d |
2186d
|
6/28 |
2071d |
513e1073d52e
locking/lockdep: Add debug_locks check in __lock_downgrade()
locking/lockdep: Add debug_locks check in __lock_downgrade()
|
general protection fault in __x86_indirect_thunk_rbx
|
C |
done |
|
16 |
2205d |
2206d
|
11/28 |
2071d |
d6367d624137
fs/locks: use properly initialized file_lock when unlocking.
|
KASAN: use-after-free Read in update_blocked_averages
kernel
|
C |
done |
|
3 |
2187d |
2201d
|
11/28 |
2071d |
bc6e019b6ee6
fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
|
kernel BUG at mm/slab.c:LINE! (3)
mm
|
C |
done |
|
14 |
2071d |
2198d
|
11/28 |
2071d |
bc6e019b6ee6
fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
|
WARNING in update_load_avg
kernel
|
C |
done |
|
1 |
2194d |
2193d
|
11/28 |
2072d |
bc6e019b6ee6
fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
|
WARNING: bad usercopy in corrupted (2)
|
C |
done |
|
12 |
2140d |
2187d
|
11/28 |
2072d |
bc6e019b6ee6
fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
|
KASAN: slab-out-of-bounds Read in tick_sched_handle
kernel
|
C |
done |
|
7 |
2138d |
2166d
|
11/28 |
2075d |
bc6e019b6ee6
fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
|
WARNING: lock held when returning to user space in set_property_atomic
dri
|
C |
|
|
145 |
2139d |
2153d
|
11/28 |
2085d |
4089e272ac61
gpu/drm: Fix lock held when returning to user space.
|
general protection fault in ax25cmp
hams
|
C |
|
|
2294 |
2122d |
2154d
|
11/28 |
2086d |
b0cf029234f9
net/rose: fix NULL ax25_cb kernel panic
|
KMSAN: uninit-value in batadv_interface_tx
batman
|
C |
|
|
98 |
2087d |
2109d
|
11/28 |
2086d |
4ffcbfac6064
batman-adv: fix uninit-value in batadv_interface_tx()
|
kernel panic: stack is corrupted in perf_output_begin_forward
perf
|
|
|
|
2 |
2137d |
2143d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
kernel BUG at security/keys/keyring.c:LINE!
keyrings
lsm
|
C |
|
|
12 |
2139d |
2238d
|
11/28 |
2086d |
ede0fa98a900
KEYS: always initialize keyring_index_key::desc_len
|
KASAN: slab-out-of-bounds Read in xfrm_policy_insert_list
net
|
|
|
|
1 |
2138d |
2137d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
KMSAN: uninit-value in tipc_subscrb_rcv_cb
tipc
|
C |
|
|
13 |
2397d |
2418d
|
11/28 |
2086d |
a88289f4ddee
tipc: fix uninit-value in in tipc_conn_rcv_sub
|
KASAN: use-after-free Write in __xfrm_policy_unlink
net
|
C |
|
|
254 |
2089d |
2317d
|
11/28 |
2086d |
1548bc4e0512
xfrm: policy: delete inexact policies from inexact list on hash rebuild
|
KMSAN: kernel-infoleak in kvm_vcpu_write_guest_page
kvm
|
C |
|
|
25 |
2178d |
2206d
|
11/28 |
2086d |
3a33d030daaa
kvm: x86/vmx: Use kzalloc for cached_vmcs12
|
KASAN: use-after-free Read in task_is_descendant
lsm
|
C |
|
|
27 |
2135d |
2222d
|
11/28 |
2086d |
9474f4e7cd71
Yama: Check for pid death before checking ancestry
|
KASAN: use-after-free Read in xfrm_migrate
net
|
|
|
|
5 |
2122d |
2144d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
INFO: rcu detected stall in netlink_sendmsg
netfilter
|
syz |
|
|
83 |
2103d |
2159d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
WARNING in xfrm_policy_insert_list
net
|
|
|
|
2 |
2136d |
2147d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
WARNING in __flush_work
block
|
C |
|
|
402 |
2116d |
2122d
|
11/28 |
2086d |
2e3c18d0ada1
block: pass no-op callback to INIT_WORK().
|
KASAN: use-after-free Read in __smc_diag_dump
net
s390
|
syz |
|
|
34 |
2137d |
2149d
|
11/28 |
2086d |
26d92e951fe0
smc: move unhash as early as possible in smc_release()
|
KASAN: slab-out-of-bounds Read in xfrm_policy_lookup_bytype
net
|
|
|
|
6 |
2140d |
2162d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
general protection fault in crypto_remove_spawns (2)
crypto
|
|
|
|
2 |
2132d |
2137d
|
11/28 |
2086d |
6db43410179b
crypto: adiantum - initialize crypto_spawn::inst
|
KMSAN: uninit-value in tipc_nl_compat_doit
tipc
|
C |
|
|
153 |
2101d |
2253d
|
11/28 |
2086d |
2753ca5d9009
tipc: fix uninit-value in tipc_nl_compat_doit
|
general protection fault in watchdog
kernel
|
C |
|
|
1 |
2169d |
2168d
|
11/28 |
2086d |
e2c8d550a973
netfilter: ebtables: account ebt_table_info to kmemcg
|
KASAN: stack-out-of-bounds Read in select_task_rq_fair
kernel
|
|
|
|
2 |
2137d |
2146d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KASAN: use-after-free Read in kernel_accept
net
s390
|
C |
|
|
19 |
2169d |
2319d
|
11/28 |
2086d |
78abe3d0dfad
net/smc: fix TCP fallback socket release
26d92e951fe0
smc: move unhash as early as possible in smc_release()
|
KASAN: use-after-free Read in xfrm_policy_insert_list
net
|
|
|
|
30 |
2122d |
2163d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
WARNING: refcount bug in rds_sock_addref
rds
|
|
|
|
1 |
2120d |
2120d
|
11/28 |
2086d |
6fa19f5637a6
rds: fix refcount bug in rds_sock_addref
|
WARNING in __skb_flow_dissect (3)
net
|
syz |
|
|
224 |
2136d |
2226d
|
11/28 |
2086d |
0b7959b62573
tun: publish tfile after it's fully initialized
|
general protection fault in fuse_dev_do_write
fuse
|
C |
|
|
134 |
2115d |
2241d
|
11/28 |
2086d |
97e1532ef81a
fuse: handle zero sized retrieve correctly
|
KMSAN: uninit-value in tipc_nl_compat_name_table_dump
tipc
|
C |
|
|
51 |
2172d |
2213d
|
11/28 |
2086d |
974cb0e3e7c9
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
|
INFO: rcu detected stall in snd_pcm_oss_read
sound
|
C |
|
|
2 |
2159d |
2158d
|
11/28 |
2086d |
e190161f96b8
ALSA: pcm: Fix tight loop of OSS capture stream
|
KASAN: use-after-free Read in sctp_outq_tail
sctp
|
|
|
|
1 |
2108d |
2108d
|
11/28 |
2086d |
af98c5a78517
sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
|
net-next boot error: can't ssh into the instance
|
|
|
|
33 |
2122d |
2124d
|
11/28 |
2086d |
947b7ac135b1
Revert "block: cover another queue enter recursion via BIO_QUEUE_ENTERED"
|
BUG: unable to handle kernel paging request in dput (2)
fs
|
C |
|
|
4 |
2121d |
2121d
|
11/28 |
2086d |
36991ca68db9
blk-mq: protect debugfs_create_files() from failures
37ea7b630ae5
debugfs: debugfs_lookup() should return NULL if not found
|
KASAN: slab-out-of-bounds Read in batadv_interface_tx
batman
|
C |
|
|
41 |
2113d |
2151d
|
11/28 |
2086d |
9114daa825fc
batman-adv: Force mac header to start of data on xmit
|
INFO: rcu detected stall in pfkey_sendmsg
net
|
|
|
|
7 |
2138d |
2163d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
INFO: task hung in generic_file_write_iter
fs
mm
|
|
|
|
7 |
2179d |
2317d
|
11/28 |
2086d |
04906b2f542c
blockdev: Fix livelocks on loop device
|
general protection fault in kernel_accept
net
s390
|
C |
|
|
280 |
2163d |
2324d
|
11/28 |
2086d |
78abe3d0dfad
net/smc: fix TCP fallback socket release
26d92e951fe0
smc: move unhash as early as possible in smc_release()
|
KASAN: stack-out-of-bounds in do_raw_spin_lock
hardening
mm
|
C |
|
|
1 |
2147d |
2146d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KASAN: use-after-free Read in refcount_inc_not_zero_checked
hams
|
syz |
|
|
24 |
2090d |
2149d
|
11/28 |
2086d |
63346650c1a9
netrom: switch to sock timer API
|
KMSAN: uninit-value in tipc_nl_compat_link_set (2)
tipc
|
C |
|
|
13 |
2123d |
2164d
|
11/28 |
2086d |
edf5ff04a457
tipc: fix uninit-value in tipc_nl_compat_link_set
|
KMSAN: uninit-value in tipc_nl_compat_bearer_enable
tipc
|
C |
|
|
144 |
2088d |
2213d
|
11/28 |
2086d |
0762216c0ad2
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
|
KMSAN: kernel-infoleak in move_addr_to_user
net
|
|
|
|
5 |
2093d |
2144d
|
11/28 |
2086d |
7d033c9f6a7f
ipv6: fix kernel-infoleak in ipv6_local_error()
|
KASAN: use-after-free Read in kmemdup
hams
|
|
|
|
1 |
2133d |
2133d
|
11/28 |
2086d |
63530aba7826
ax25: fix possible use-after-free
|
KMSAN: uninit-value in tipc_nl_compat_link_reset_stats
tipc
|
syz |
|
|
16 |
2091d |
2144d
|
11/28 |
2086d |
8b66fee7f8ee
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
|
BUG: unable to handle kernel paging request in depot_save_stack
net
|
C |
|
|
1 |
2147d |
2147d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KASAN: global-out-of-bounds Read in validate_nla
wireless
|
C |
|
|
14 |
2122d |
2127d
|
11/28 |
2086d |
a8b5c6d69261
nl80211: fix NLA_POLICY_NESTED() arguments
|
KASAN: invalid-free in sctp_stream_free
sctp
|
C |
|
|
5 |
2109d |
2116d
|
11/28 |
2086d |
af98c5a78517
sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
|
WARNING: refcount bug in nr_release
hams
|
|
|
|
1 |
2146d |
2144d
|
11/28 |
2086d |
63346650c1a9
netrom: switch to sock timer API
|
general protection fault in dccp_parse_options
dccp
|
|
|
|
1 |
2122d |
2122d
|
11/28 |
2086d |
9b1f19d810e9
dccp: fool proof ccid_hc_[rt]x_parse_options()
|
KASAN: slab-out-of-bounds Read in __xfrm_policy_bysel_ctx
net
|
|
|
|
1 |
2149d |
2148d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
KMSAN: uninit-value in kvm_clear_dirty_log_protect
kvm
|
|
|
|
6 |
2087d |
2131d
|
11/28 |
2086d |
98938aa8edd6
KVM: validate userspace input in kvm_clear_dirty_log_protect()
|
BUG: unable to handle kernel NULL pointer dereference in corrupted (3)
|
C |
|
|
1 |
2144d |
2144d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KASAN: slab-out-of-bounds Read in kvm_clear_dirty_log_protect
kvm
|
C |
|
|
54 |
2138d |
2149d
|
11/28 |
2086d |
98938aa8edd6
KVM: validate userspace input in kvm_clear_dirty_log_protect()
|
net boot error: can't ssh into the instance
|
|
|
|
42 |
2122d |
2124d
|
11/28 |
2086d |
947b7ac135b1
Revert "block: cover another queue enter recursion via BIO_QUEUE_ENTERED"
|
general protection fault in __dentry_path
fs
|
C |
|
|
2082 |
2089d |
2121d
|
11/28 |
2086d |
8ed0579c12b2
kvm: properly check debugfs dentry before using it
|
WARNING in tcp_send_loss_probe
net
|
C |
|
|
9 |
2097d |
2148d
|
11/28 |
2086d |
bf50b606cfd8
tcp: repaired skbs must init their tso_segs
|
BUG: unable to handle kernel paging request in do_csum
kernel
|
C |
|
|
11 |
2179d |
2180d
|
11/28 |
2086d |
d5be7f632bad
net-backports: net: validate untrusted gso packets without csum offload
|
KASAN: stack-out-of-bounds Read in pick_next_task_fair
net
|
C |
|
|
1 |
2147d |
2147d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
general protection fault in icmp6_send
net
|
syz |
|
|
2 |
2147d |
2147d
|
11/28 |
2086d |
8d9336704521
ipv6: make icmp6_send() robust against null skb->dev
|
WARNING in batadv_is_on_batman_iface
batman
|
syz |
|
|
10 |
2127d |
2152d
|
11/28 |
2086d |
955d3411a17f
batman-adv: Avoid WARN on net_device without parent in netns
|
kernel panic: stack is corrupted in rcu_irq_enter
rcu
|
|
|
|
1 |
2136d |
2136d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
WARNING in clear_standby
ceph
net
|
C |
|
|
3522 |
2127d |
2252d
|
11/28 |
2086d |
4aac9228d164
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
|
general protection fault in __xfrm_policy_bysel_ctx
net
|
|
|
|
1 |
2124d |
2122d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
KASAN: slab-out-of-bounds Read in xfrm_policy_inexact_insert
net
|
|
|
|
3 |
2139d |
2162d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
WARNING in apparmor_cred_free
apparmor
|
C |
|
|
109 |
2134d |
2140d
|
11/28 |
2086d |
a5795fd38ee8
LSM: Check for NULL cred-security on free
|
KASAN: out-of-bounds Read in update_curr
hardening
mm
|
syz |
|
|
1 |
2146d |
2146d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
general protection fault in team_nl_cmd_options_set
net
|
C |
|
|
7 |
2156d |
2114d
|
11/28 |
2086d |
2fdeee254923
team: avoid complex list operations in team_nl_cmd_options_set()
|
KASAN: slab-out-of-bounds Write in __xfrm_policy_unlink
net
|
|
|
|
34 |
2122d |
2202d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
INFO: rcu detected stall in xfrm_hash_rebuild
net
|
|
|
|
77 |
2122d |
2172d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
INFO: task hung in lo_ioctl
block
|
|
|
|
47 |
2421d |
2537d
|
11/28 |
2086d |
04906b2f542c
blockdev: Fix livelocks on loop device
|
WARNING in wiphy_register (3)
wireless
|
syz |
|
|
31 |
2122d |
2153d
|
11/28 |
2086d |
9c5d3afac436
mac80211_hwsim: check that n_limits makes sense
|
general protection fault in sctp_sched_dequeue_common
sctp
|
|
|
|
6 |
2102d |
2192d
|
11/28 |
2086d |
cfe4bd7a257f
sctp: check and update stream->out_curr when allocating stream_out
|
kernel panic: stack is corrupted in printk
kernel
|
C |
|
|
1 |
2147d |
2147d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KMSAN: kernel-infoleak in vmx_get_nested_state
kvm
|
C |
|
|
6 |
2087d |
2198d
|
11/28 |
2086d |
3a33d030daaa
kvm: x86/vmx: Use kzalloc for cached_vmcs12
|
general protection fault in xfrm_policy_insert_list
net
|
|
|
|
4 |
2144d |
2158d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
BUG: unable to handle kernel NULL pointer dereference in setup_kmem_cache_node
v9fs
|
|
|
|
3 |
2148d |
2149d
|
11/28 |
2086d |
09c2e76ed734
slab: alien caches must not be initialized if the allocation of the alien cache failed
|
general protection fault in xfrm_policy_lookup_bytype
net
|
|
|
|
5 |
2122d |
2151d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
KASAN: slab-out-of-bounds Read in __pskb_copy_fclone
net
|
|
|
|
22 |
2169d |
2235d
|
11/28 |
2086d |
e7c87bd6cc4e
bpf: in __bpf_redirect_no_mac pull mac only if present
|
INFO: rcu detected stall in sys_bind
x25
|
|
|
|
1 |
2113d |
2112d
|
11/28 |
2086d |
cf657d22ee1f
net/x25: do not hold the cpu too long in x25_new_lci()
|
kernel panic: stack is corrupted in udp4_lib_lookup2
net
|
|
|
|
11 |
2152d |
2148d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
general protection fault in rb_erase_cached
kernel
|
C |
|
|
1 |
2147d |
2147d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KASAN: stack-out-of-bounds Read in gue_err_proto_handler
net
|
C |
|
|
1 |
2144d |
2144d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KASAN: use-after-free Read in oom_kill_process
mm
|
|
|
|
1 |
2135d |
2130d
|
11/28 |
2086d |
cefc7ef3c87d
mm, oom: fix use-after-free in oom_kill_process
|
kernel panic: stack is corrupted in select_idle_sibling
kernel
|
|
|
|
1 |
2146d |
2146d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KASAN: use-after-free Read in __xfrm_policy_bysel_ctx
net
|
|
|
|
11 |
2122d |
2159d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
KASAN: out-of-bounds Read in __switch_to
kernel
|
C |
|
|
1 |
2147d |
2147d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KASAN: use-after-free Read in xfrm_policy_inexact_insert
net
|
|
|
|
42 |
2122d |
2151d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
KASAN: use-after-free Read in __wake_up_common_lock
isdn4linux
|
|
|
|
1 |
2122d |
2121d
|
11/28 |
2086d |
bdcc5bc25548
mISDN: fix a race in dev_expire_timer()
|
KMSAN: uninit-value in tipc_nl_compat_dumpit
tipc
|
C |
|
|
209 |
2102d |
2252d
|
11/28 |
2086d |
2753ca5d9009
tipc: fix uninit-value in tipc_nl_compat_doit
|
general protection fault in corrupted (2)
perf
|
C |
|
|
2 |
2144d |
2147d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
WARNING: locking bug in corrupted
kernel
|
C |
|
|
1 |
2136d |
2136d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
possible deadlock in __wake_up_common_lock
mm
|
|
|
|
7 |
2140d |
2149d
|
11/28 |
2086d |
73444bc4d8f9
mm, page_alloc: do not wake kswapd with zone lock held
|
WARNING: refcount bug in kvm_vm_ioctl
kvm
|
syz |
|
|
13 |
2121d |
2233d
|
11/28 |
2086d |
cfa39381173d
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
|
INFO: rcu detected stall in ipv6_rcv
net
|
|
|
|
7 |
2124d |
2161d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
KASAN: use-after-free Read in selinux_netlbl_socket_setsockopt
selinux
|
|
|
|
1 |
2121d |
2121d
|
11/28 |
2086d |
63346650c1a9
netrom: switch to sock timer API
|
KMSAN: uninit-value in gue_err
net
|
C |
|
|
4686 |
2087d |
2140d
|
11/28 |
2086d |
26fc181e6cac
fou, fou6: do not assume linear skbs
|
KASAN: use-after-free Read in seccomp_notify_release
kernel
|
C |
|
|
27 |
2091d |
2140d
|
11/28 |
2086d |
a811dc61559e
seccomp: fix UAF in user-trap code
|
KASAN: use-after-free Read in batadv_interface_tx
batman
|
C |
|
|
54 |
2113d |
2152d
|
11/28 |
2086d |
9114daa825fc
batman-adv: Force mac header to start of data on xmit
|
general protection fault in ip6erspan_set_version
net
|
C |
|
|
39 |
2096d |
2101d
|
11/28 |
2086d |
efcc9bcaf77c
net: ip6_gre: fix possible NULL pointer dereference in ip6erspan_set_version
|
WARNING in __might_sleep (2)
serial
|
C |
|
|
36 |
2126d |
2154d
|
11/28 |
2086d |
fc01d8c61ce0
tty/n_hdlc: fix __might_sleep warning
|
upstream boot error: can't ssh into the instance (2)
|
|
|
|
45 |
2124d |
2124d
|
11/28 |
2086d |
947b7ac135b1
Revert "block: cover another queue enter recursion via BIO_QUEUE_ENTERED"
|
KASAN: use-after-free Read in xfrm_policy_lookup_bytype
net
|
|
|
|
33 |
2122d |
2162d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
BUG: soft lockup in x25_connect
x25
|
|
|
|
1 |
2099d |
2099d
|
11/28 |
2086d |
797a22bd5298
net/x25: fix a race in x25_bind()
|
WARNING in xfrm6_tunnel_net_exit (2)
net
|
C |
|
|
48816 |
2096d |
2377d
|
11/28 |
2086d |
f75a2804da39
xfrm: destroy xfrm_state synchronously on net exit path
|
WARNING in xfrm_policy_inexact_gc_tree
net
|
|
|
|
645 |
2122d |
2172d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
KMSAN: uninit-value in tipc_conn_rcv_sub
tipc
|
C |
|
|
557 |
2088d |
2383d
|
11/28 |
2086d |
a88289f4ddee
tipc: fix uninit-value in in tipc_conn_rcv_sub
|
WARNING: refcount bug in xfrm_policy_bysel_ctx
net
|
|
|
|
1 |
2140d |
2140d
|
11/28 |
2086d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
WARNING: bad unlock balance in rxrpc_recvmsg
afs
net
|
C |
|
|
9 |
2112d |
2117d
|
11/28 |
2086d |
6dce3c20ac42
rxrpc: bad unlock balance in rxrpc_recvmsg
|
KASAN: stack-out-of-bounds Write in page_counter_try_charge
mm
|
|
|
|
1 |
2136d |
2136d
|
11/28 |
2086d |
44039e00171b
fou6: Prevent unbounded recursion in GUE error handler
|
KMSAN: kernel-infoleak in sctp_getsockopt (2)
sctp
|
C |
|
|
16 |
2087d |
2137d
|
11/28 |
2086d |
400b8b9a2a17
sctp: allocate sctp_sockaddr_entry with kzalloc
|
general protection fault in relay_open_buf
block
trace
|
C |
|
|
287 |
2120d |
2121d
|
11/28 |
2086d |
2c1cf00eeacb
relay: check return of create_buf_file() properly
|
KASAN: use-after-free Write in __wake_up_common_lock
isdn4linux
|
|
|
|
1 |
2115d |
2115d
|
11/28 |
2086d |
bdcc5bc25548
mISDN: fix a race in dev_expire_timer()
|
KMSAN: uninit-value in gue6_err
net
|
C |
|
|
8359 |
2086d |
2140d
|
11/28 |
2086d |
26fc181e6cac
fou, fou6: do not assume linear skbs
|
general protection fault in ebitmap_destroy
selinux
|
syz |
|
|
1 |
2142d |
2142d
|
11/28 |
2086d |
5b0e7310a2a3
selinux: fix GPF on invalid policy
|
general protection fault in debugfs_create_files
block
|
C |
|
|
111 |
2120d |
2121d
|
11/28 |
2086d |
36991ca68db9
blk-mq: protect debugfs_create_files() from failures
|
general protection fault in kvm_ioapic_scan_entry
kvm
|
C |
|
|
148 |
2181d |
2290d
|
11/28 |
2093d |
dcbd3e49c2f0
KVM: X86: Fix NULL deref in vcpu_scan_ioapic
|
general protection fault in finish_wait
net
|
C |
|
|
22 |
2111d |
2326d
|
11/28 |
2093d |
78abe3d0dfad
net/smc: fix TCP fallback socket release
|
KASAN: slab-out-of-bounds Write in fpstate_init
kernel
|
C |
|
|
15088 |
2158d |
2159d
|
11/28 |
2093d |
ed8e48122728
KVM: x86: fix size of x86_fpu_cache objects
|
KASAN: out-of-bounds Write in tls_push_record
net
|
C |
|
|
10 |
2227d |
2328d
|
11/28 |
2094d |
d829e9c4112b
tls: convert to generic sk_msg interface
|
KASAN: use-after-free Read in tls_tx_records
net
|
|
|
|
1 |
2245d |
2245d
|
11/28 |
2094d |
d829e9c4112b
tls: convert to generic sk_msg interface
|
general protection fault in tls_push_sg
net
|
|
|
|
12 |
2236d |
2346d
|
11/28 |
2094d |
d829e9c4112b
tls: convert to generic sk_msg interface
|
general protection fault in gcmaes_crypt_by_sg
crypto
|
|
|
|
3 |
2229d |
2237d
|
11/28 |
2094d |
d829e9c4112b
tls: convert to generic sk_msg interface
|
kernel BUG at include/linux/mm.h:LINE! (2)
net
|
C |
|
|
1009 |
2094d |
2357d
|
11/28 |
2094d |
d829e9c4112b
tls: convert to generic sk_msg interface
|
KASAN: use-after-free Write in tls_push_record (2)
net
|
C |
|
|
64 |
2221d |
2324d
|
11/28 |
2094d |
d829e9c4112b
tls: convert to generic sk_msg interface
|
KASAN: use-after-free Read in rdma_resolve_addr
rdma
|
|
|
|
1 |
2248d |
2247d
|
11/28 |
2099d |
5fe23f262e05
ucma: fix a use-after-free in ucma_resolve_ip()
|
KASAN: use-after-free Read in cma_acquire_dev
rdma
|
|
|
|
1 |
2330d |
2328d
|
11/28 |
2099d |
5fe23f262e05
ucma: fix a use-after-free in ucma_resolve_ip()
|
KASAN: use-after-free Read in wait_for_completion
rdma
|
|
|
|
1 |
2223d |
2222d
|
11/28 |
2099d |
5fe23f262e05
ucma: fix a use-after-free in ucma_resolve_ip()
|
KASAN: use-after-free Read in __list_add_valid (5)
rdma
|
C |
|
|
16 |
2425d |
2432d
|
11/28 |
2099d |
5fe23f262e05
ucma: fix a use-after-free in ucma_resolve_ip()
|
KASAN: use-after-free Read in bpf_cgroup_storage_release
bpf
|
C |
|
|
2 |
2302d |
2302d
|
11/28 |
2103d |
82c018d734a7
Merge branch 'bpf-cgroup-local-storage'
|
KASAN: stack-out-of-bounds Read in rb_erase (4)
kernel
|
|
|
|
1 |
2138d |
2138d
|
11/28 |
2103d |
11789039da53
fou: Prevent unbounded recursion in GUE error handler
|
general protection fault in list_lru_count_one
mm
|
C |
|
|
12 |
2320d |
2318d
|
11/28 |
2126d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
WARNING in __debug_object_init (3)
bpf
net
|
C |
|
|
1557 |
2214d |
2216d
|
11/28 |
2130d |
2cb494a36c98
bpf: add tests for direct packet access from CGROUP_SKB
|
general protection fault in keyctl_pkey_params_get
keyrings
lsm
|
C |
|
|
85 |
2150d |
2209d
|
11/28 |
2136d |
57b0e3145320
KEYS: fix parsing invalid pkey info string
94c13f66e13c
security: don't use a negative Opt_err token index
|
KASAN: stack-out-of-bounds Read in keyctl_pkey_params_get
keyrings
lsm
|
|
|
|
2 |
2150d |
2149d
|
11/28 |
2136d |
57b0e3145320
KEYS: fix parsing invalid pkey info string
|
general protection fault in encode_rpcb_string
net
nfs
|
C |
|
|
6 |
2313d |
2410d
|
11/28 |
2136d |
81c88b18de1f
sunrpc: handle ENOMEM in rpcb_getport_async
|
KMSAN: uninit-value in vti6_tnl_xmit
net
|
syz |
|
|
60 |
2141d |
2164d
|
11/28 |
2136d |
cb9f1b783850
ip: validate header length on virtual device xmit
|
general protection fault in lo_ioctl (2)
block
|
syz |
|
|
2 |
2395d |
2394d
|
11/28 |
2136d |
310ca162d779
block/loop: Use global lock for ioctl() operation.
|
inconsistent lock state in nr_find_socket
hams
|
C |
|
|
19 |
2138d |
2153d
|
11/28 |
2136d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
KASAN: invalid-free in x25_asy_free
net
|
C |
|
|
67 |
2147d |
2154d
|
11/28 |
2136d |
d5c7c745f254
net/wan: fix a double free in x25_asy_open_tty()
|
WARNING in kmem_cache_create_usercopy
v9fs
|
C |
|
|
10 |
2151d |
2210d
|
11/28 |
2136d |
574d356b7a02
9p/net: put a lower bound on msize
|
possible deadlock in blkdev_reread_part
block
|
C |
|
|
5736 |
2155d |
2576d
|
11/28 |
2136d |
0da03cab87e6
loop: Fix deadlock when calling blkdev_reread_part()
85b0a54a82e4
loop: Move loop_reread_partitions() out of loop_ctl_mutex
|
KMSAN: uninit-value in check_6rd
net
|
C |
|
|
81 |
2142d |
2164d
|
11/28 |
2136d |
cb9f1b783850
ip: validate header length on virtual device xmit
|
WARNING: locking bug in loop_control_ioctl
block
|
C |
|
|
4018 |
2175d |
2203d
|
11/28 |
2136d |
628bd8594709
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
|
WARNING: ODEBUG bug in tipc_enable_bearer
tipc
|
C |
|
|
3 |
2156d |
2159d
|
11/28 |
2136d |
dc4501ff2875
tipc: fix a double free in tipc_enable_bearer()
|
kernel BUG at kernel/time/timer.c:LINE! (2)
hams
|
C |
|
|
5 |
2148d |
2150d
|
11/28 |
2136d |
202700e30740
net/hamradio/6pack: use mod_timer() to rearm timers
|
KASAN: slab-out-of-bounds Read in tun_net_xmit (2)
net
|
C |
|
|
10 |
2152d |
2319d
|
11/28 |
2136d |
aff6db454599
ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
|
KASAN: use-after-free Read in nr_rx_frame
hams
|
syz |
|
|
2 |
2143d |
2149d
|
11/28 |
2136d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
possible deadlock in nr_destroy_socket
hams
|
syz |
|
|
20 |
2139d |
2149d
|
11/28 |
2136d |
7314f5480f3e
netrom: fix locking in nr_find_socket()
|
INFO: task hung in loop_control_ioctl
block
|
|
|
|
4 |
2232d |
2426d
|
11/28 |
2136d |
1dded9acf6dc
loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
|
KASAN: use-after-free Read in posix_lock_inode
fs
|
syz |
|
|
5 |
2149d |
2149d
|
11/28 |
2136d |
bf77ae4c98d7
locks: fix error in locks_move_blocks()
|
general protection fault in transparent_hugepage_enabled
mm
|
C |
|
|
626 |
2150d |
2158d
|
11/28 |
2136d |
7635d9cbe832
mm, thp, proc: report THP eligibility for each vma
|
KMSAN: kernel-infoleak in capi_unlocked_ioctl
isdn4linux
|
C |
|
|
109 |
2141d |
2151d
|
11/28 |
2136d |
d63967e475ae
isdn: fix kernel-infoleak in capi_unlocked_ioctl
|
INFO: task hung in lo_open (2)
block
|
|
|
|
10 |
2197d |
2426d
|
11/28 |
2136d |
1dded9acf6dc
loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
|
KASAN: user-memory-access Write in n_tty_set_termios
serial
|
C |
|
|
85 |
2155d |
2425d
|
11/28 |
2136d |
83d817f41070
tty: Hold tty_ldisc_lock() during tty_reopen()
|
KASAN: use-after-free Read in ax25_fillin_cb
hams
|
syz |
|
|
4 |
2157d |
2154d
|
11/28 |
2136d |
c433570458e4
ax25: fix a use-after-free in ax25_fillin_cb()
|
INFO: task hung in lo_release
block
|
|
|
|
1 |
2317d |
2317d
|
11/28 |
2136d |
1dded9acf6dc
loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
|
KASAN: use-after-free Read in locks_delete_block
fs
|
syz |
|
|
4 |
2177d |
2200d
|
11/28 |
2136d |
16306a61d3b7
fs/locks: always delete_block after waiting.
|
general protection fault in fdb_find_rcu
bridge
|
C |
|
|
3 |
2157d |
2153d
|
11/28 |
2136d |
f989d03ef25d
net: rtnetlink: address is mandatory for rtnl_fdb_get
|
general protection fault in kvm_arch_vcpu_ioctl_run
kvm
|
C |
|
|
12 |
2163d |
2178d
|
11/28 |
2141d |
dcbd3e49c2f0
KVM: X86: Fix NULL deref in vcpu_scan_ioapic
|
general protection fault in __vb2_queue_free
media
|
C |
|
|
38 |
2157d |
2213d
|
11/28 |
2141d |
62dcb4f41836
media: vb2: check memory model for VIDIOC_CREATE_BUFS
|
WARNING in static_key_enable_cpuslocked
kernel
|
|
|
|
1 |
2187d |
2187d
|
11/28 |
2141d |
9c48060141bd
udp: fix jump label misuse
|
WARNING in static_key_disable_cpuslocked
kernel
|
syz |
|
|
5 |
2177d |
2195d
|
11/28 |
2141d |
9c48060141bd
udp: fix jump label misuse
|
BUG: corrupted list in ___neigh_create
net
|
C |
|
|
706 |
2169d |
2173d
|
11/28 |
2141d |
8cc196d6ef86
neighbor: gc_list changes should be protected by table lock
|
WARNING in __rcu_read_unlock
kernel
|
C |
|
|
2 |
2159d |
2167d
|
11/28 |
2141d |
11789039da53
fou: Prevent unbounded recursion in GUE error handler
|
KASAN: use-after-free Read in __ipv6_addr_type
net
|
|
|
|
1 |
2161d |
2161d
|
11/28 |
2141d |
cbb49697d551
ipv6: tunnels: fix two use-after-free
|
BUG: corrupted list in neigh_mark_dead
net
|
C |
|
|
4117 |
2169d |
2173d
|
11/28 |
2141d |
8cc196d6ef86
neighbor: gc_list changes should be protected by table lock
|
KMSAN: kernel-infoleak in sctp_getsockopt
sctp
|
syz |
|
|
147 |
2141d |
2177d
|
11/28 |
2141d |
4a2eb0c37b47
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
|
KASAN: use-after-free Read in tipc_group_bc_cong
tipc
|
C |
|
|
280 |
2162d |
2173d
|
11/28 |
2141d |
143ece654f9f
tipc: check tsk->group in tipc_wait_for_cond()
|
KASAN: use-after-free Read in tipc_mcast_xmit
tipc
|
syz |
|
|
7 |
2159d |
2166d
|
11/28 |
2141d |
3c6306d44082
tipc: check group dests after tipc_wait_for_cond()
|
KMSAN: uninit-value in __inet6_bind
net
|
C |
|
|
56 |
2142d |
2172d
|
11/28 |
2141d |
fb2427454631
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
|
INFO: task hung in flush_workqueue
media
|
C |
|
|
293 |
2160d |
2211d
|
11/28 |
2141d |
52117be68b82
media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
|
KASAN: slab-out-of-bounds Read in neigh_mark_dead
net
|
|
|
|
12 |
2170d |
2172d
|
11/28 |
2141d |
8cc196d6ef86
neighbor: gc_list changes should be protected by table lock
|
KASAN: slab-out-of-bounds Read in ___neigh_create
net
|
|
|
|
1 |
2173d |
2172d
|
11/28 |
2141d |
8cc196d6ef86
neighbor: gc_list changes should be protected by table lock
|
KASAN: null-ptr-deref Write in kthread_stop
media
|
C |
|
|
2527 |
2157d |
2214d
|
11/28 |
2141d |
701f49bc028e
media: vivid: fix error handling of kthread_run
|
KASAN: use-after-free Read in kfree_skb (2)
tipc
|
C |
|
|
66 |
2162d |
2172d
|
11/28 |
2141d |
acb4a33e9856
tipc: fix a double kfree_skb()
|
KASAN: use-after-free Read in skcipher_recvmsg
crypto
|
|
|
|
6 |
2187d |
2211d
|
11/28 |
2141d |
f7d76e05d058
crypto: user - fix use_after_free of struct xxx_request
|
BUG: sleeping function called from invalid context at mm/slab.h:LINE (4)
crypto
|
C |
|
|
36 |
2166d |
2326d
|
11/28 |
2141d |
f9c9bdb5131e
crypto: x86/chacha - avoid sleeping under kernel_fpu_begin()
|
general protection fault in inet_lhash2_lookup
net
|
C |
|
|
1137 |
2164d |
2167d
|
11/28 |
2141d |
eedbbb0d98b2
net: dccp: initialize (addr,port) listening hashtable
|
divide error in alarm_forward
kernel
|
|
|
|
1 |
2166d |
2165d
|
11/28 |
2141d |
0e334db6bb4b
posix-timers: Fix division by zero bug
|
KASAN: use-after-free Read in kvm_put_kvm
kvm
|
C |
|
|
143 |
2163d |
2223d
|
11/28 |
2141d |
987d1149be7d
KVM: fix unregistering coalesced mmio zone from wrong bus
|
general protection fault in inet6_lhash2_lookup
net
|
C |
|
|
718 |
2164d |
2167d
|
11/28 |
2141d |
eedbbb0d98b2
net: dccp: initialize (addr,port) listening hashtable
|
KASAN: use-after-free Read in neigh_mark_dead
net
|
C |
|
|
858 |
2169d |
2173d
|
11/28 |
2141d |
8cc196d6ef86
neighbor: gc_list changes should be protected by table lock
|
WARNING in rds_message_alloc_sgs
rds
|
C |
|
|
6 |
2179d |
2213d
|
11/28 |
2141d |
ea010070d0a7
net/rds: fix warn in rds_message_alloc_sgs
|
WARNING in vkms_plane_duplicate_state
dri
|
C |
|
|
108 |
2157d |
2190d
|
11/28 |
2141d |
7cdf33ab02e0
drm/vkms: Fix plane duplicate_state
|
divide error in vivid_vid_cap_s_dv_timings
media
|
C |
|
|
108 |
2157d |
2214d
|
11/28 |
2141d |
9729d6d282a6
media: vivid: set min width/height to a value > 0
|
KMSAN: uninit-value in packet_sendmsg
net
|
|
|
|
5 |
2190d |
2164d
|
11/28 |
2141d |
99137b7888f4
packet: validate address length
|
KASAN: use-after-free Read in vb2_mmap
media
|
C |
|
|
276 |
2157d |
2213d
|
11/28 |
2141d |
cd26d1c4d1bc
media: vb2: vb2_mmap: move lock up
|
general protection fault in __ipv6_sock_mc_join
net
|
C |
|
|
9 |
2168d |
2172d
|
11/28 |
2141d |
fb83ed496b9a
tipc: compare remote and local protocols in tipc_udp_enable()
|
BUG: pagefault on kernel address ADDR in non-whitelisted uaccess
media
|
C |
|
|
17 |
2166d |
2211d
|
11/28 |
2141d |
560ccb75c2ca
media: vivid: free bitmap_cap when updating std/timings/etc.
|
KASAN: global-out-of-bounds Read in tpg_print_str_4
media
|
C |
|
|
52 |
2179d |
2204d
|
11/28 |
2141d |
e5f71a27fa12
media: v4l2-tpg: array index could become negative
|
KASAN: use-after-free Read in ___neigh_create
net
|
C |
|
|
164 |
2170d |
2172d
|
11/28 |
2141d |
8cc196d6ef86
neighbor: gc_list changes should be protected by table lock
|
net build error
|
|
|
|
2 |
2250d |
2250d
|
11/28 |
2151d |
16fdf8ba9839
rds: Fix build regression.
|
WARNING in fuse_destroy_inode
fuse
|
C |
|
|
7 |
2195d |
2196d
|
11/28 |
2155d |
4fc4bb796b0c
fuse: Add bad inode check in fuse_destroy_inode()
|
WARNING in userfaultfd_ioctl
fs
|
C |
|
|
11 |
2169d |
2179d
|
11/28 |
2155d |
01e881f5a1fc
userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered
|
KASAN: use-after-free Read in sctp_hash_transport
sctp
|
|
|
|
1 |
2195d |
2194d
|
11/28 |
2164d |
fb6df5a6234c
sctp: kfree_rcu asoc
|
KASAN: use-after-free Read in vhost_transport_send_pkt
net
virt
kvm
|
syz |
|
|
36 |
2179d |
2305d
|
11/28 |
2164d |
834e772c8db0
vhost/vsock: fix use-after-free in network stack callers
|
KASAN: use-after-free Read in delayed_uprobe_remove
perf
|
C |
|
|
2 |
2208d |
2211d
|
11/28 |
2164d |
1aed58e67a6e
Uprobes: Fix kernel oops with delayed_uprobe_remove()
|
KMSAN: kernel-infoleak in _copy_to_iter (4)
net
|
C |
|
|
56 |
2179d |
2183d
|
11/28 |
2164d |
688838934c23
rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
|
KASAN: invalid-free in hub_event
usb
|
|
|
|
1 |
2187d |
2186d
|
11/28 |
2164d |
d81bb019d7bb
USB: Fix invalid-free bug in port_over_current_notify()
|
KASAN: use-after-free Read in sctp_epaddr_lookup_transport
sctp
|
syz |
|
|
5 |
2195d |
2196d
|
11/28 |
2164d |
fb6df5a6234c
sctp: kfree_rcu asoc
|
KASAN: use-after-free Read in vhost_work_queue
kvm
net
virt
|
syz |
|
|
30 |
2177d |
2276d
|
11/28 |
2164d |
834e772c8db0
vhost/vsock: fix use-after-free in network stack callers
|
KASAN: use-after-free Read in vhost_transport_cancel_pkt
kvm
net
virt
|
syz |
|
|
17 |
2203d |
2247d
|
11/28 |
2164d |
834e772c8db0
vhost/vsock: fix use-after-free in network stack callers
|
WARNING in alloc_pages_vma
mm
|
C |
|
|
98 |
2173d |
2176d
|
11/28 |
2164d |
356ff8a9a78f
Revert "mm, thp: consolidate THP gfp handling into alloc_hugepage_direct_gfpmask"
|
KASAN: use-after-free Read in snd_ctl_elem_add
sound
|
|
|
|
1 |
2198d |
2197d
|
11/28 |
2167d |
e1a7bfe38079
ALSA: control: Fix race between adding and removing a user element
|
WARNING in cttimeout_default_get
netfilter
|
C |
|
|
44 |
2176d |
2196d
|
11/28 |
2175d |
89259088c1b7
netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too
|
WARNING in format_decode (2)
trace
|
C |
|
|
16 |
2195d |
2277d
|
11/28 |
2175d |
1efb6ee3edea
bpf: fix check of allowed specifiers in bpf_trace_printk
|
KMSAN: uninit-value in linear_transfer (2)
sound
|
C |
|
|
7 |
2181d |
2204d
|
11/28 |
2175d |
65766ee0bf7f
ALSA: oss: Use kvzalloc() for local buffer allocations
|
KASAN: use-after-free Read in nbp_vlan_rcu_free
bridge
|
|
|
|
1 |
2201d |
2201d
|
11/28 |
2175d |
9d332e69c1dc
net: bridge: fix vlan stats use-after-free on destruction
|
KMSAN: kernel-infoleak in kvm_write_guest_page
kvm
|
C |
|
|
36 |
2178d |
2205d
|
11/28 |
2175d |
bcbfbd8ec210
KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
|
BUG: GPF in non-whitelisted uaccess (non-canonical address?)
input
|
C |
|
|
10 |
2194d |
2201d
|
11/28 |
2175d |
8c01db7619f0
HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
|
KASAN: slab-out-of-bounds Write in queue_stack_map_push_elem
bpf
|
C |
|
|
30 |
2185d |
2187d
|
11/28 |
2175d |
813961de3ee6
bpf: fix integer overflow in queue_stack_map
|
WARNING in bpf_check (2)
bpf
|
C |
|
|
9 |
2198d |
2197d
|
11/28 |
2175d |
afd594240806
bpf: fix off-by-one error in adjust_subprog_starts
|
INFO: task hung in fuse_sb_destroy
fuse
|
C |
|
|
2 |
2211d |
2211d
|
11/28 |
2175d |
7fabaf303458
fuse: fix leaked notify reply
|
KMSAN: kernel-infoleak in kvm_arch_vcpu_ioctl
kvm
|
C |
|
|
31 |
2181d |
2196d
|
11/28 |
2175d |
7f9ad1dfa3c7
KVM: nVMX: Fix kernel info-leak when enabling KVM_CAP_HYPERV_ENLIGHTENED_VMCS more than once
|
general protection fault in icmp_timeout_obj_to_nlattr
netfilter
|
C |
|
|
13 |
2208d |
2212d
|
11/28 |
2200d |
8866df9264a3
netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr
|
general protection fault in addr_resolve
rdma
|
C |
|
|
32 |
2236d |
2252d
|
11/28 |
2200d |
fe33507ec38a
RDMA/core: Check error status of rdma_find_ndev_for_src_ip_rcu
|
KMSAN: uninit-value in synaptics_detect
input
|
C |
|
|
137 |
2200d |
2253d
|
11/28 |
2200d |
f39f8688888a
Input: synaptics - avoid using uninitialized variable when probing
|
BUG: unable to handle kernel NULL pointer dereference in sha256_mb_mgr_get_comp_job_avx2
crypto
|
|
|
|
1 |
2234d |
2233d
|
11/28 |
2200d |
ab8085c130ed
crypto: x86 - remove SHA multibuffer routines and mcryptd
|
KMSAN: uninit-value in dev_mc_add_excl
net
|
C |
|
|
13 |
2205d |
2217d
|
11/28 |
2200d |
da71577545a5
rtnetlink: Disallow FDB configuration for non-Ethernet device
|
KASAN: stack-out-of-bounds Read in __aa_lookupn_ns
apparmor
|
C |
|
|
52 |
2216d |
2247d
|
11/28 |
2200d |
250f2da49cb8
apparmor: Fix uninitialized value in aa_split_fqname
|
KASAN: slab-out-of-bounds Read in sctp_getsockopt
sctp
|
C |
|
|
9 |
2218d |
2217d
|
11/28 |
2200d |
713358369382
sctp: check policy more carefully when getting pr status
|
WARNING in __put_task_struct (2)
kernel
|
C |
|
|
17 |
2227d |
2235d
|
11/28 |
2200d |
fe9bc1644918
RDMA/restrack: Protect from reentry to resource return path
|
KASAN: invalid-free in p9stat_free
v9fs
|
C |
|
|
3 |
2278d |
2278d
|
11/28 |
2200d |
62e3941776fe
9p: clear dangling pointers in p9stat_free
81c99089bce6
v9fs_dir_readdir: fix double-free on p9stat_read error
|
possible deadlock in ovl_copy_up_start
overlayfs
|
|
|
|
2 |
2218d |
2226d
|
11/28 |
2200d |
6cd078702f2f
ovl: fix recursive oi->lock in ovl_link()
|
KASAN: use-after-free Read in sha_complete_job
crypto
|
|
|
|
1 |
2239d |
2238d
|
11/28 |
2200d |
ab8085c130ed
crypto: x86 - remove SHA multibuffer routines and mcryptd
|
BUG: corrupted list in cpu_stop_queue_work
kernel
|
C |
|
|
24 |
2319d |
2328d
|
11/28 |
2200d |
552446a41661
shmem: Convert shmem_add_to_page_cache to XArray
|
KMSAN: uninit-value in dev_uc_add_excl
net
|
C |
|
|
20 |
2211d |
2253d
|
11/28 |
2200d |
da71577545a5
rtnetlink: Disallow FDB configuration for non-Ethernet device
|
general protection fault in rb_erase
integrity
lsm
|
C |
|
|
79836 |
2207d |
2248d
|
11/28 |
2200d |
18aded174920
ext4: fix EXT4_IOC_SWAP_BOOT
|
KASAN: use-after-free Read in tcf_block_find
net
|
C |
|
|
27 |
2241d |
2247d
|
11/28 |
2200d |
460b360104d5
net_sched: fix a crash in tc_new_tfilter()
|
KASAN: use-after-free Read in seq_escape
ext4
|
|
|
|
1 |
2243d |
2242d
|
11/28 |
2200d |
33458eaba4df
ext4: fix use-after-free race in ext4_remount()'s error path
|
KASAN: use-after-free Read in _copy_from_iter
v9fs
|
C |
|
|
12 |
2304d |
2316d
|
11/28 |
2200d |
728356dedeff
9p: Add refcount to p9_req_t
|
KASAN: use-after-free Read in gfs2_log_flush
gfs2
|
syz |
|
|
14 |
2221d |
2261d
|
11/28 |
2200d |
4c62bd9cea7b
gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
|
general protection fault in getname_kernel
gfs2
|
C |
|
|
10 |
2228d |
2236d
|
11/28 |
2200d |
3df629d873f8
gfs2_meta: ->mount() can get NULL dev_name
|
kernel BUG at arch/x86/mm/physaddr.c:LINE!
overlayfs
|
C |
|
|
10 |
2201d |
2233d
|
11/28 |
2200d |
babf4770be0a
ovl: fix error handling in ovl_verify_set_fh()
|
general protection fault in __skb_flow_dissect (2)
net
|
C |
|
|
11 |
2248d |
2255d
|
11/28 |
2200d |
d0e13a1488ad
flow_dissector: lookup netns by skb->sk if skb->dev is NULL
|
general protection fault in ctnetlink_alloc_filter
netfilter
|
C |
|
|
80 |
2250d |
2253d
|
11/28 |
2200d |
9306425b70bf
netfilter: ctnetlink: must check mark attributes vs NULL
|
WARNING: kmalloc bug in krealloc
fs
|
C |
|
|
2 |
2320d |
2320d
|
11/28 |
2200d |
61448479a9f2
mm: don't warn about large allocations for slab
|
KASAN: slab-out-of-bounds Read in refcount_inc_not_zero_checked
bpf
net
|
|
|
|
2 |
2226d |
2226d
|
11/28 |
2200d |
5032d079909d
bpf: skmsg, fix psock create on existing kcm/tls port
|
WARNING: kmalloc bug in __v9fs_get_acl
v9fs
|
C |
|
|
212 |
2218d |
2325d
|
11/28 |
2200d |
61448479a9f2
mm: don't warn about large allocations for slab
|
BUG: unable to handle kernel NULL pointer dereference in blk_mq_map_swqueue
block
|
C |
|
|
8 |
2227d |
2247d
|
11/28 |
2200d |
e01ad46d53b5
blk-mq: fallback to previous nr_hw_queues when updating fails
|
KASAN: use-after-free Write in jbd2_log_do_checkpoint
ext4
|
|
|
|
1 |
2262d |
2256d
|
11/28 |
2200d |
ccd3c4373eac
jbd2: fix use after free in jbd2_log_do_checkpoint()
|
WARNING: kmalloc bug in str_read
selinux
|
C |
|
|
11 |
2222d |
2266d
|
11/28 |
2200d |
4458bba09788
selinux: Add __GFP_NOWARN to allocation at str_read()
|
KASAN: use-after-free Read in __dev_queue_xmit (3)
net
|
|
|
|
11 |
2242d |
2246d
|
11/28 |
2200d |
460b360104d5
net_sched: fix a crash in tc_new_tfilter()
|
KMSAN: uninit-value in ip_tunnel_lookup (2)
net
|
C |
|
|
2 |
2218d |
2218d
|
11/28 |
2200d |
b0350d51f001
ip_gre: fix parsing gre header in ipgre_err
|
KASAN: use-after-free Read in sha512_ctx_mgr_resubmit
crypto
|
C |
|
|
4 |
2239d |
2289d
|
11/28 |
2200d |
ab8085c130ed
crypto: x86 - remove SHA multibuffer routines and mcryptd
|
kernel BUG at mm/shmem.c:LINE!
mm
|
C |
|
|
30 |
2327d |
2329d
|
11/28 |
2200d |
552446a41661
shmem: Convert shmem_add_to_page_cache to XArray
|
KASAN: null-ptr-deref Read in refcount_sub_and_test_checked
media
|
C |
|
|
31 |
2207d |
2238d
|
11/28 |
2200d |
fda21d46cce2
ipv6: do not leave garbage in rt->fib6_metrics
|
WARNING in tcp_cleanup_ulp
net
|
syz |
|
|
16 |
2227d |
2227d
|
11/28 |
2200d |
aadd4355918f
tcp, ulp: remove socket lock assertion on ULP cleanup
|
KASAN: use-after-free Read in sctp_outq_select_transport
sctp
|
|
|
|
1 |
2221d |
2220d
|
11/28 |
2200d |
df132eff4638
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
|
WARNING: kmalloc bug in input_mt_init_slots
input
|
C |
|
|
54 |
2218d |
2252d
|
11/28 |
2200d |
61448479a9f2
mm: don't warn about large allocations for slab
|
general protection fault in dev_gro_receive (2)
net
|
syz |
|
|
4 |
2225d |
2232d
|
11/28 |
2200d |
ece23711dd95
net: Properly unlink GRO packets on overflow.
|
upstream boot error (2)
block
|
|
|
|
1 |
2213d |
2213d
|
11/28 |
2200d |
153fcd5f6d93
block: brd: associate with queue until adding disk
|
WARNING: kmalloc bug in get_valid_checkpoint
f2fs
|
syz |
|
|
2 |
2386d |
2386d
|
11/28 |
2200d |
61448479a9f2
mm: don't warn about large allocations for slab
|
WARNING in tcp_close
net
|
syz |
|
|
284 |
2221d |
2321d
|
11/28 |
2200d |
8873c064d1de
tcp: do not release socket ownership in tcp_close()
|
BUG: corrupted list in p9_read_work
v9fs
|
syz |
|
|
23 |
2208d |
2320d
|
11/28 |
2200d |
e4ca13f7d075
9p/trans_fd: abort p9_read_work if req status changed
|
general protection fault in netdev_master_upper_dev_get
net
|
|
|
|
1 |
2218d |
2218d
|
11/28 |
2200d |
aab456dfa404
net/neigh: fix NULL deref in pneigh_dump_table()
|
KASAN: use-after-free Read in kfree_skb
net
|
|
|
|
1 |
2222d |
2222d
|
11/28 |
2200d |
604d415e2bd6
llc: do not use sk_eat_skb()
|
KASAN: use-after-free Read in fuse_dev_do_read
fuse
|
syz |
|
|
19 |
2213d |
2260d
|
11/28 |
2200d |
bc78abbd55dd
fuse: Fix use-after-free in fuse_dev_do_read()
|
WARNING: kmalloc bug in vfs_getxattr_alloc
fs
|
C |
|
|
9 |
2275d |
2317d
|
11/28 |
2200d |
61448479a9f2
mm: don't warn about large allocations for slab
|
BUG: unable to handle kernel NULL pointer dereference in sha1_mb_mgr_get_comp_job_avx2
crypto
|
|
|
|
1 |
2247d |
2247d
|
11/28 |
2200d |
ab8085c130ed
crypto: x86 - remove SHA multibuffer routines and mcryptd
|
WARNING: kmalloc bug in bfs_fill_super
bfs
|
C |
|
|
147 |
2383d |
2427d
|
11/28 |
2200d |
9f2df09a33aa
bfs: add sanity check at bfs_fill_super()
|
INFO: task hung in ext4_fallocate
ext4
|
C |
|
|
1 |
2243d |
2242d
|
11/28 |
2200d |
f18b2b83a727
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
|
WARNING: refcount bug in qdisc_put
net
|
|
|
|
5 |
2243d |
2244d
|
11/28 |
2200d |
460b360104d5
net_sched: fix a crash in tc_new_tfilter()
|
KMSAN: uninit-value in vcs_read
serial
|
C |
|
|
2343 |
2357d |
2381d
|
11/28 |
2204d |
21eff69aaaa0
vt: prevent leaking uninitialized data to userspace via /dev/vcs*
|
kernel BUG at include/linux/skbuff.h:LINE!
net
|
|
|
|
3 |
2313d |
2321d
|
11/28 |
2213d |
bab2c80e5a6c
nsh: set mac len based on inner packet
|
KASAN: use-after-free Read in sctp_id2assoc
sctp
|
|
|
|
1 |
2240d |
2239d
|
11/28 |
2214d |
b336decab221
sctp: fix race on sctp_id2asoc
|
WARNING in usb_submit_urb (3)
usb
|
C |
|
|
58 |
2215d |
2231d
|
11/28 |
2214d |
665c365a77fb
USB: fix the usbfs flag sanitization for control transfers
|
KMSAN: kernel-infoleak in _copy_to_iter (3)
net
|
C |
|
|
36 |
2214d |
2225d
|
11/28 |
2214d |
b06f9d9f1a90
tipc: fix info leak from kernel tipc_event
|
KASAN: use-after-free Read in inet6_mc_check
net
|
|
|
|
1 |
2231d |
2231d
|
11/28 |
2214d |
dc012f3628ea
ipv6: mcast: fix a use-after-free in inet6_mc_check
|
KASAN: slab-out-of-bounds Read in fscache_alloc_cookie
fs
|
C |
|
|
1936 |
2225d |
2327d
|
11/28 |
2214d |
1ff22883b0b2
fscache: Fix incomplete initialisation of inline key space
fa520c47eaa1
fscache: Fix out of bound read in long cookie keys
|
KASAN: use-after-free Read in __llc_lookup_established
net
|
|
|
|
1 |
2233d |
2233d
|
11/28 |
2214d |
5a8e7aea953b
llc: set SOCK_RCU_FREE in llc_sap_add_socket()
|
KASAN: slab-out-of-bounds Read in vhci_hub_control
usb
|
C |
|
|
43 |
2224d |
2269d
|
11/28 |
2214d |
81f7567c51ad
usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
|
BUG: sleeping function called from invalid context at net/core/dev.c:LINE
bpf
|
syz |
|
|
8 |
2226d |
2235d
|
11/28 |
2214d |
cee271678d0e
xsk: do not call synchronize_net() under RCU read lock
|
KASAN: slab-out-of-bounds Read in _decode_session6
net
|
C |
|
|
35 |
2214d |
2272d
|
11/28 |
2214d |
9f7e43da6ae4
net/xfrm: fix out-of-bounds packet access
|
INFO: rcu detected stall in mousedev_write
input
|
|
|
|
18 |
2267d |
2281d
|
11/28 |
2225d |
f74c371fe72a
Input: mousedev - add a schedule point in mousedev_write()
|
kernel BUG at net/core/dev.c:LINE! (2)
net
|
syz |
|
|
2 |
2234d |
2234d
|
11/28 |
2225d |
52b5d6f5dcf0
net: make skb_partial_csum_set() more robust against overflows
|
KASAN: use-after-free Read in finish_task_switch
kernel
|
C |
|
|
3047 |
2250d |
2294d
|
11/28 |
2228d |
26b471c7e2f7
KVM: nVMX: Fix bad cleanup on error of get/set nested state IOCTLs
|
WARNING in __skb_flow_dissect
net
|
syz |
|
|
3 |
2233d |
2234d
|
11/28 |
2232d |
af3fb24eecb2
tun: napi flags belong to tfile
|
general protection fault in dev_gro_receive
net
|
syz |
|
|
8 |
2234d |
2246d
|
11/28 |
2232d |
af3fb24eecb2
tun: napi flags belong to tfile
|
possible deadlock in flush_workqueue
net
|
C |
|
|
73762 |
2239d |
2282d
|
11/28 |
2232d |
d4859d749aa7
net-backports: bonding: avoid possible dead-lock
|
KASAN: use-after-free Read in rawv6_sendmsg
net
|
C |
|
|
84 |
2234d |
2266d
|
11/28 |
2232d |
a688caa34beb
net-backports: ipv6: take rcu lock in rawv6_send_hdrinc()
|
possible deadlock in rtnetlink_rcv_msg
net
|
|
|
|
1 |
2256d |
2256d
|
11/28 |
2232d |
d4859d749aa7
net-backports: bonding: avoid possible dead-lock
|
KASAN: slab-out-of-bounds Read in string (2)
overlayfs
|
|
|
|
14 |
2239d |
2245d
|
11/28 |
2232d |
601350ff58d5
ovl: fix access beyond unterminated strings
|
WARNING in pcpu_alloc
bpf
|
C |
|
|
4 |
2234d |
2242d
|
11/28 |
2232d |
b0584ea66d73
bpf: don't accept cgroup local storage with zero value size
|
KASAN: use-after-free Write in ucma_put_ctx
rdma
|
syz |
|
|
11 |
2248d |
2266d
|
11/28 |
2232d |
5fe23f262e05
ucma: fix a use-after-free in ucma_resolve_ip()
|
general protection fault in usb_find_alt_setting (2)
usb
|
C |
|
|
53 |
2248d |
2270d
|
11/28 |
2232d |
c9a4cb204e9e
USB: handle NULL config in usb_find_alt_setting()
|
INFO: trying to register non-static key in tun_chr_write_iter
net
|
|
|
|
14 |
2234d |
2245d
|
11/28 |
2232d |
c7256f579f83
tun: initialize napi_mutex unconditionally
|
WARNING in rollback_registered_many
net
|
|
|
|
1 |
2244d |
2244d
|
11/28 |
2232d |
0e1d6eca5113
rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
|
KASAN: use-after-free Read in ip_cmsg_recv_offset
net
|
C |
|
|
9 |
2242d |
2244d
|
11/28 |
2232d |
64199fc0a46b
net-backports: ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
|
possible deadlock in team_vlan_rx_add_vid
net
|
syz |
|
|
5 |
2262d |
2296d
|
11/28 |
2232d |
471b83bd8bbe
team: Forbid enslaving team device to itself
|
general protection fault in ubifs_mount
mtd
fs
|
C |
|
|
216 |
2253d |
2270d
|
11/28 |
2232d |
37f31b6ca431
ubifs: Check for name being NULL while mounting
|
KMSAN: uninit-value in ip6_tnl_start_xmit
net
|
C |
|
|
69 |
2246d |
2256d
|
11/28 |
2232d |
76c0ddd8c3a6
ip6_tunnel: be careful when accessing the inner header
|
KASAN: use-after-free Read in destroy_async_on_interface
usb
|
C |
|
|
134 |
2248d |
2270d
|
11/28 |
2232d |
bd729f9d67aa
USB: fix error handling in usb_driver_claim_interface()
|
WARNING in usb_submit_urb (2)
usb
|
C |
|
|
259 |
2232d |
2270d
|
11/28 |
2232d |
7a68d9fb8510
USB: usbdevfs: sanitize flags more
|
INFO: task hung in unregister_netdevice_notifier (2)
can
|
|
|
|
1 |
2242d |
2241d
|
11/28 |
2232d |
0e1d6eca5113
rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
|
KASAN: use-after-free Read in cma_bind_port
rdma
|
syz |
|
|
2 |
2262d |
2266d
|
11/28 |
2232d |
5fe23f262e05
ucma: fix a use-after-free in ucma_resolve_ip()
|
KMSAN: uninit-value in pppoe_rcv
net
|
C |
|
|
2 |
2392d |
2261d
|
11/28 |
2232d |
8540827ebac6
pppoe: fix reception of frames with no mac header
|
INFO: task hung in rollback_registered_many
can
|
|
|
|
4 |
2236d |
2243d
|
11/28 |
2232d |
0e1d6eca5113
rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
|
WARNING: suspicious RCU usage in inet_csk_route_req
net
|
C |
|
|
43 |
2240d |
2474d
|
11/28 |
2232d |
1ad98e9d1bdf
tcp/dccp: fix lockdep issue when SYN is backlogged
|
KMSAN: kernel-infoleak in _copy_to_iter (2)
net
|
C |
|
|
7 |
2241d |
2268d
|
11/28 |
2235d |
45c180bc29ba
xfrm_user: prevent leaking 2 bytes of kernel memory
|
general protection fault in rhashtable_walk_start_check
tipc
|
C |
|
|
112 |
2260d |
2272d
|
10/28 |
2247d |
8f5c5fcf3533
tipc: call start and done ops directly in __tipc_nl_compat_dumpit()
|
WARNING in try_charge
cgroups
mm
xfs
|
syz |
|
|
649 |
2247d |
2300d
|
10/28 |
2247d |
3100dab2aa09
mm: memcontrol: print proper OOM header when no eligible victim left
|
divide error in nbd_ioctl
nbd
|
C |
|
|
50 |
2262d |
2269d
|
10/28 |
2247d |
bc811f05d77f
nbd: don't allow invalid blocksize settings
|
WARNING in apparmor_secid_to_secctx
apparmor
|
C |
|
|
3344 |
2260d |
2275d
|
10/28 |
2247d |
edf4e7b7b910
apparmor: fix bad debug check in apparmor_secid_to_secctx()
|
KASAN: use-after-free Read in ceph_destroy_options
ceph
net
|
|
|
|
1 |
2282d |
2281d
|
10/28 |
2247d |
8aaff15168cf
ceph: avoid a use-after-free in ceph_destroy_options()
|
general protection fault in ovl_free_fs
overlayfs
|
C |
|
|
4 |
2264d |
2266d
|
10/28 |
2247d |
8c25741aaad8
ovl: fix oopses in ovl_fill_super() failure paths
|
KMSAN: uninit-value in snd_midi_event_encode_byte
sound
|
C |
|
|
3 |
2271d |
2271d
|
10/28 |
2247d |
5a7b44a8df82
ALSA: rawmidi: Initialize allocated buffers
|
KASAN: use-after-free Read in __rhashtable_lookup (2)
rds
|
C |
|
|
22 |
2261d |
2281d
|
10/28 |
2247d |
cc4dfb7f70a3
rds: fix two RCU related problems
|
general protection fault in rhashtable_walk_exit
tipc
|
C |
|
|
8 |
2261d |
2263d
|
10/28 |
2247d |
12a78b026f87
tipc: check return value of __tipc_dump_start()
|
KASAN: use-after-free Read in sock_i_ino
tipc
|
syz |
|
|
127 |
2260d |
2270d
|
10/28 |
2247d |
0a3b8b2b215f
tipc: orphan sock in tipc_release()
|
BUG: unable to handle kernel paging request in kfree (2)
mm
|
C |
|
|
297 |
2275d |
2327d
|
10/28 |
2249d |
7913690dcc5e
net/9p/client.c: version pointer uninitialized
|
KMSAN: uninit-value in memcmp (2)
net
|
C |
|
|
131 |
2261d |
2252d
|
10/28 |
2250d |
77d36398d99f
net: fix uninit-value in __hw_addr_add_ex()
|
KASAN: use-after-free Write in ip6_dst_destroy
net
|
|
|
|
1 |
2328d |
2328d
|
10/28 |
2260d |
e873e4b9cc7e
ipv6: use fib6_info_hold_safe() when necessary
|
KASAN: stack-out-of-bounds Read in fib_table_lookup
net
|
|
|
|
1 |
2320d |
2320d
|
10/28 |
2262d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
WARNING in wiphy_register (2)
wireless
|
C |
|
|
8 |
2288d |
2289d
|
10/28 |
2263d |
484004339d45
mac80211_hwsim: require at least one channel
|
KASAN: use-after-free Read in tipc_group_fill_sock_diag
tipc
|
syz |
|
|
35 |
2268d |
2286d
|
10/28 |
2263d |
9a07efa9aea2
tipc: switch to rhashtable iterator
|
KASAN: global-out-of-bounds Read in ip6_xmit
net
|
|
|
|
2 |
2443d |
2444d
|
10/28 |
2263d |
b954f94023dc
l2tp: fix races with ipv4-mapped ipv6 addresses
|
WARNING in __fsnotify_recalc_mask
fs
|
syz |
|
|
9 |
2285d |
2286d
|
10/28 |
2263d |
d3bc0fa8411c
fsnotify: fix false positive warning on inode delete
|
KASAN: use-after-free Read in sctp_transport_get_next
sctp
|
C |
|
|
6 |
2278d |
2280d
|
10/28 |
2263d |
bab1be79a516
sctp: hold transport before accessing its asoc in sctp_transport_get_next
|
KASAN: stack-out-of-bounds Read in __schedule
ext4
|
syz |
|
|
4 |
2274d |
2276d
|
10/28 |
2263d |
b845c898b2f1
bpf, sockmap: fix sock_hash_alloc and reject zero-sized keys
|
BUG: soft lockup in shrink_dcache_parent (2)
fs
|
|
|
|
7 |
2354d |
2362d
|
10/28 |
2263d |
4fb48871409e
restore cond_resched() in shrink_dcache_parent()
|
INFO: task hung in fsnotify_mark_destroy_workfn
fs
|
syz |
|
|
13 |
2295d |
2409d
|
10/28 |
2266d |
128f38041035
android: binder: Rate-limit debug and userspace triggered err msgs
|
KASAN: use-after-free Read in ip6_tnl_start_xmit
net
|
|
|
|
1 |
2395d |
2395d
|
10/28 |
2267d |
b84bbaf7a6c8
packet: in packet_snd start writing at link layer allocation
|
INFO: rcu detected stall in snd_pcm_oss_prepare
sound
|
|
|
|
4 |
2416d |
2418d
|
8/28 |
2268d |
e15dc99dbb9c
ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
|
WARNING in up_write
ext4
|
C |
|
|
725 |
2376d |
2424d
|
8/28 |
2268d |
d7d760efad70
locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
|
BUG: soft lockup in d_walk
fs
|
C |
|
|
163 |
2354d |
2400d
|
8/28 |
2268d |
4fb48871409e
restore cond_resched() in shrink_dcache_parent()
|
general protection fault in vsscanf
v9fs
|
C |
|
|
7 |
2295d |
2325d
|
8/28 |
2270d |
10aa14527f45
9p: fix multiple NULL-pointer-dereferences
|
net-next boot error
kernel
|
|
|
|
66 |
2304d |
2309d
|
8/28 |
2276d |
ca9e83b4a55b
virtio-net: correctly update XDP_TX counters
|
WARNING in input_alloc_absinfo
input
|
C |
|
|
318 |
2278d |
2351d
|
8/28 |
2276d |
100294cee9a9
Input: do not use WARN() in input_alloc_absinfo()
|
KASAN: use-after-free Read in ip6_hold_safe
net
|
C |
|
|
1 |
2302d |
2302d
|
8/28 |
2276d |
6d37fa49da1e
l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
|
KASAN: use-after-free Read in iotlb_access_ok
kvm
net
virt
|
|
|
|
1 |
2301d |
2297d
|
8/28 |
2276d |
b13f9c636437
vhost: reset metadata cache when initializing new IOTLB
|
general protection fault in process_init_reply
fuse
|
C |
|
|
24 |
2283d |
2318d
|
8/28 |
2276d |
e8f3bd773d22
fuse: Fix oops at process_init_reply()
|
WARNING: suspicious RCU usage in bpf_prog_array_copy_core
bpf
|
C |
|
|
22873 |
2276d |
2290d
|
8/28 |
2276d |
965931e3a803
bpf: fix a rcu usage warning in bpf_prog_array_copy_core()
|
WARNING: lock held when returning to user space in fuse_lock_inode
fuse
|
C |
|
|
1439 |
2282d |
2323d
|
8/28 |
2276d |
63576c13bd17
fuse: fix initial parallel dirops
|
WARNING: refcount bug in llc_sap_find
net
|
C |
|
|
18 |
2295d |
2297d
|
8/28 |
2276d |
0dcb82254d65
llc: use refcount_inc_not_zero() for llc_sap_find()
|
possible deadlock in rhashtable_lookup_insert_fast
net
|
C |
|
|
28 |
2288d |
2291d
|
8/28 |
2276d |
ff93bca76992
ila: make lockdep happy again
|
KASAN: slab-out-of-bounds Write in crypto_dh_encode_key
crypto
|
C |
|
|
1401 |
2298d |
2326d
|
8/28 |
2276d |
35f7d5225ffc
crypto: dh - fix calculating encoded key size
|
KASAN: slab-out-of-bounds Read in _autofs_dev_ioctl
autofs
|
C |
|
|
5 |
2288d |
2289d
|
8/28 |
2276d |
0633da48f079
autofs: fix autofs_sbi() does not check super block type
|
KASAN: use-after-free Write in ip6_hold_safe
net
|
C |
|
|
25 |
2299d |
2310d
|
8/28 |
2276d |
6d37fa49da1e
l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
|
general protection fault in validate_checkpoint
f2fs
|
|
|
|
186 |
2302d |
2303d
|
8/28 |
2276d |
d3f07c049dab
f2fs: fix invalid memory access
|
BUG: soft lockup in snd_virmidi_output_trigger
sound
|
|
|
|
3 |
2316d |
2418d
|
8/28 |
2276d |
50e9ffb1996a
ALSA: virmidi: Fix too long output trigger loop
|
general protection fault in send_sigurg_to_task
fs
|
C |
|
|
6 |
2288d |
2291d
|
8/28 |
2276d |
84fe4cc09abc
signal: Don't send signals to tasks that don't exist
|
KASAN: slab-out-of-bounds Write in eth_header_parse
net
|
C |
|
|
7 |
2295d |
2308d
|
8/28 |
2276d |
4576cd469d98
packet: refine ring v3 block size test to hold one frame
|
WARNING in __snd_rawmidi_transmit_ack (2)
sound
|
C |
|
|
6 |
2283d |
2290d
|
8/28 |
2276d |
82fd4b05d704
ALSA: seq: virmidi: Fix discarding the unsubscribed output
|
general protection fault in send_sigio_to_task
fs
|
C |
|
|
176 |
2288d |
2291d
|
8/28 |
2276d |
84fe4cc09abc
signal: Don't send signals to tasks that don't exist
|
KASAN: use-after-free Read in do_shrink_slab
mm
|
|
|
|
9 |
2282d |
2286d
|
8/28 |
2276d |
8df4a44cc46b
mm: check shrinker is memcg-aware in register_shrinker_prepared()
|
KMSAN: uninit-value in do_msgrcv
kernel
|
C |
|
|
8 |
2276d |
2353d
|
8/28 |
2276d |
39cfffd774a2
ipc/util.c: use ipc_rcu_putref() for failues in ipc_addid()
615c999cd8a0
ipc: compute kern_ipc_perm.id under the ipc lock
e2652ae6bd74
ipc: reorganize initialization of kern_ipc_perm.seq
|
WARNING: ODEBUG bug in vsock_stream_connect
net
virt
|
C |
|
|
42 |
2296d |
2305d
|
8/28 |
2276d |
455f05ecd2b2
vsock: split dwork to avoid reinitializations
|
KASAN: slab-out-of-bounds Read in pdu_read
v9fs
|
C |
|
|
267 |
2292d |
2327d
|
8/28 |
2276d |
f984579a01d8
9p: validate PDU length
7913690dcc5e
net/9p/client.c: version pointer uninitialized
|
WARNING in close_fs_devices
btrfs
|
C |
|
|
137 |
2317d |
2360d
|
8/28 |
2276d |
81ffd56b5745
btrfs: fix mount and ioctl device scan ioctl race
|
general protection fault in string (2)
net
|
|
|
|
1 |
2302d |
2302d
|
8/28 |
2276d |
a6bcfc89694e
net: check extack._msg before print
|
general protection fault in p9_fd_create_unix
v9fs
|
C |
|
|
4 |
2322d |
2325d
|
8/28 |
2276d |
10aa14527f45
9p: fix multiple NULL-pointer-dereferences
|
general protection fault in mount_fs
hfs
|
C |
|
|
1 |
2422d |
2422d
|
8/28 |
2276d |
7464726cb599
hfsplus: don't return 0 when fill_super() failed
|
general protection fault in open_fs_devices
btrfs
|
C |
|
|
8 |
2327d |
2359d
|
8/28 |
2276d |
81ffd56b5745
btrfs: fix mount and ioctl device scan ioctl race
|
general protection fault in smc_ioctl (3)
net
s390
|
C |
|
|
15 |
2295d |
2296d
|
8/28 |
2276d |
7311d665ca68
net/smc: move sock lock in smc_ioctl()
|
KASAN: slab-out-of-bounds Write in vmac_final
crypto
|
C |
|
|
2 |
2353d |
2349d
|
8/28 |
2276d |
bb2964810233
crypto: vmac - separate tfm and request context
|
BUG: corrupted list in p9_fd_cancel
v9fs
|
C |
|
|
34 |
2312d |
2326d
|
8/28 |
2276d |
9f476d7c540c
net/9p/trans_fd.c: fix race by holding the lock
|
general protection fault in smc_tx_prepared_sends
net
s390
|
C |
|
|
7 |
2301d |
2302d
|
8/28 |
2276d |
7311d665ca68
net/smc: move sock lock in smc_ioctl()
|
KASAN: use-after-free Read in p9_poll_workfn
v9fs
|
C |
|
|
148 |
2287d |
2326d
|
8/28 |
2276d |
430ac66eb4c5
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
|
WARNING: bad usercopy in __kvm_write_guest_page
mm
hardening
|
C |
|
|
4 |
2377d |
2370d
|
8/28 |
2280d |
0a06d4256674
KVM: vmx: use local variable for current_vmptr when emulating VMPTRST
|
WARNING in refcount_inc (3)
net
|
C |
|
|
7 |
2425d |
2426d
|
8/28 |
2280d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
KASAN: use-after-free Write in irq_bypass_register_consumer
kvm
|
C |
|
|
1632 |
2317d |
2578d
|
8/28 |
2280d |
b5020a8e6b54
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
|
KASAN: slab-out-of-bounds Write in process_preds
trace
|
C |
|
|
6020 |
2339d |
2415d
|
8/28 |
2280d |
70303420b572
tracing: Check for no filter when processing event filters
|
kernel BUG at net/ipv6/route.c:LINE!
net
|
C |
|
|
197 |
2298d |
2321d
|
8/28 |
2296d |
e873e4b9cc7e
ipv6: use fib6_info_hold_safe() when necessary
|
possible deadlock in bond_get_stats
net
|
C |
|
|
11 |
2302d |
2306d
|
8/28 |
2296d |
7e2556e40026
bonding: avoid lockdep confusion in bond_get_stats()
|
kernel BUG at mm/memory.c:LINE!
fs
mm
|
|
|
|
1 |
2327d |
2327d
|
8/28 |
2296d |
bfd40eaff5ab
mm: fix vma_is_anonymous() false-positives
|
WARNING in __ip6_make_skb
net
|
C |
|
|
1 |
2321d |
2321d
|
8/28 |
2296d |
e873e4b9cc7e
ipv6: use fib6_info_hold_safe() when necessary
|
general protection fault in tcp_gso_segment
net
|
|
|
|
1 |
2321d |
2321d
|
8/28 |
2296d |
ff907a11a0d6
net: skb_segment() should not return NULL
|
KASAN: use-after-free Read in refcount_sub_and_test_checked
net
|
|
|
|
3 |
2302d |
2303d
|
8/28 |
2296d |
e6aed040eafb
Revert "net/ipv6: fix metrics leak"
|
WARNING in ip6_sk_dst_lookup_flow
net
|
C |
|
|
2 |
2302d |
2319d
|
8/28 |
2296d |
e873e4b9cc7e
ipv6: use fib6_info_hold_safe() when necessary
|
KMSAN: uninit-value in __nf_conntrack_find_get
netfilter
|
C |
|
|
67 |
2312d |
2318d
|
8/28 |
2296d |
6613b6173dee
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
|
KASAN: invalid-free in fat_fill_super
exfat
|
|
|
|
1 |
2324d |
2324d
|
8/28 |
2296d |
35033ab988c3
fat: fix memory allocation failure handling of match_strdup()
|
WARNING in ip6_setup_cork
net
|
C |
|
|
4 |
2301d |
2320d
|
8/28 |
2296d |
e873e4b9cc7e
ipv6: use fib6_info_hold_safe() when necessary
|
KMSAN: kernel-infoleak in put_cmsg
net
|
C |
|
|
3 |
2329d |
2318d
|
8/28 |
2296d |
2efd4fca703a
ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
|
BUG: unable to handle kernel paging request in neigh_update
net
|
|
|
|
1 |
2315d |
2315d
|
8/28 |
2296d |
e873e4b9cc7e
ipv6: use fib6_info_hold_safe() when necessary
|
KMSAN: uninit-value in gc_worker
netfilter
|
|
|
|
10 |
2312d |
2324d
|
8/28 |
2296d |
6613b6173dee
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
|
kernel BUG at fs/userfaultfd.c:LINE! (2)
fs
|
C |
|
|
8 |
2302d |
2320d
|
8/28 |
2296d |
31e810aa1033
userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
|
KASAN: use-after-free Write in dst_release (2)
net
|
C |
|
|
3 |
2302d |
2303d
|
8/28 |
2296d |
e6aed040eafb
Revert "net/ipv6: fix metrics leak"
|
KMSAN: kernel-infoleak in _copy_to_iter
net
|
C |
|
|
285 |
2311d |
2347d
|
8/28 |
2296d |
45c180bc29ba
xfrm_user: prevent leaking 2 bytes of kernel memory
|
general protection fault in __delayacct_blkio_end
kernel
|
C |
|
|
50 |
2312d |
2407d
|
8/28 |
2296d |
b512719f771a
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
|
unregister_netdevice: waiting for DEV to become free
|
C |
|
|
170521 |
2296d |
2407d
|
8/28 |
2296d |
8cc88773855f
xfrm: fix missing dst_release() after policy blocking lbcast and multicast
|
general protection fault in rds_ib_get_mr
rds
|
C |
|
|
9 |
2337d |
2436d
|
8/28 |
2296d |
9e630bcb7701
RDS: RDMA: Fix the NULL-ptr deref in rds_ib_get_mr
|
KASAN: out-of-bounds Read in bpf_test_finish
bpf
net
|
|
|
|
9 |
2320d |
2326d
|
8/28 |
2297d |
6e6fddc78323
bpf: fix panic due to oob in bpf_prog_test_run_skb
|
KASAN: slab-out-of-bounds Read in ipv6_gso_pull_exthdrs
net
|
C |
|
|
4 |
2335d |
2351d
|
8/28 |
2297d |
bab2c80e5a6c
nsh: set mac len based on inner packet
|
KASAN: stack-out-of-bounds Read in __d_lookup_rcu
fs
|
|
|
|
1 |
2316d |
2316d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
WARNING: refcount bug in smap_release_sock
bpf
|
C |
|
|
55 |
2314d |
2352d
|
8/28 |
2297d |
7ebc14d507b4
bpf: sockmap, consume_skb in close path
547b3aa451ae
bpf: sockmap, error path can not release psock in multi-map case
|
KASAN: stack-out-of-bounds Read in __handle_mm_fault (2)
kernel
|
C |
|
|
3 |
2315d |
2317d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in vma_interval_tree_insert (2)
mm
|
|
|
|
1 |
2312d |
2311d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in kernfs_find_ns
kernfs
|
|
|
|
1 |
2317d |
2317d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
WARNING in __snd_rawmidi_transmit_ack
sound
|
syz |
|
|
2 |
2320d |
2320d
|
8/28 |
2297d |
39675f7a7c7e
ALSA: rawmidi: Change resized buffers atomically
|
KASAN: stack-out-of-bounds Read in rb_next (2)
kernel
|
|
|
|
1 |
2317d |
2317d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
general protection fault in scheduler_tick
kernel
|
C |
|
|
1 |
2327d |
2327d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in neigh_flush_dev
net
|
|
|
|
1 |
2322d |
2320d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in copy_page_range
kernel
|
|
|
|
1 |
2317d |
2317d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in __cgroup_account_cputime_field
cgroups
|
|
|
|
1 |
2317d |
2317d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in debug_check_no_obj_freed (5)
mm
|
|
|
|
4 |
2313d |
2319d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in unmap_page_range (3)
mm
|
|
|
|
1 |
2313d |
2312d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
general protection fault in cpuacct_account_field (2)
kernel
|
|
|
|
1 |
2315d |
2314d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in lock_sock_nested
net
|
|
|
|
1 |
2320d |
2320d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in netlink_has_listeners
net
|
|
|
|
1 |
2319d |
2319d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
BUG: unable to handle kernel NULL pointer dereference in corrupted (2)
kernel
|
C |
|
|
1 |
2318d |
2318d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: slab-out-of-bounds Read in corrupted
kernel
|
C |
|
|
1 |
2318d |
2318d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
general protection fault in cpuacct_charge
kernel
|
|
|
|
1 |
2312d |
2311d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in bpf_tcp_close
bpf
|
C |
|
|
1 |
2317d |
2317d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in update_blocked_averages
cgroups
|
|
|
|
1 |
2322d |
2322d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KMSAN: uninit-value in af_alg_free_areq_sgls
crypto
|
C |
|
|
640 |
2311d |
2418d
|
8/28 |
2297d |
2546da99212f
crypto: af_alg - Initialize sg_num_bytes in error code path
|
WARNING in bpf_check
bpf
|
|
|
|
3 |
2317d |
2323d
|
8/28 |
2297d |
c7a897843224
bpf: don't leave partial mangled prog in jit_subprogs error path
|
KASAN: stack-out-of-bounds Read in __enqueue_entity
kernel
|
|
|
|
1 |
2321d |
2321d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in account_system_index_time
kernel
|
C |
|
|
2 |
2320d |
2327d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
WARNING in sctp_assoc_update_frag_point
sctp
|
|
|
|
5 |
2318d |
2340d
|
8/28 |
2297d |
a65925475571
sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
|
kernel BUG at mm/slab.c:LINE! (2)
hardening
mm
|
C |
|
|
701 |
2312d |
2327d
|
8/28 |
2297d |
6e6fddc78323
bpf: fix panic due to oob in bpf_prog_test_run_skb
|
KASAN: stack-out-of-bounds Read in __task_pid_nr_ns
kernel
|
|
|
|
1 |
2326d |
2326d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in locks_remove_posix
fs
|
C |
|
|
1 |
2314d |
2314d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in get_mem_cgroup_from_mm
cgroups
mm
|
|
|
|
1 |
2325d |
2325d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in change_protection
mm
|
|
|
|
1 |
2319d |
2319d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
WARNING in do_debug (2)
bpf
|
|
|
|
1 |
2318d |
2318d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in __delayacct_add_tsk
kernel
|
|
|
|
1 |
2324d |
2324d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
general protection fault in __sock_release
net
|
|
|
|
1 |
2316d |
2316d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in add_wait_queue
kernel
|
C |
|
|
1 |
2327d |
2327d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in ext4_symlink
ext4
|
|
|
|
1 |
2320d |
2320d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
INFO: rcu detected stall in vprintk_emit
net
nfc
|
syz |
|
|
2 |
2334d |
2340d
|
8/28 |
2297d |
3bc53be9db21
net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
|
WARNING: refcount bug in smc_tcp_listen_work
net
s390
|
|
|
|
1 |
2359d |
2359d
|
8/28 |
2297d |
e1bbdd570474
net/smc: reduce sock_put() for fallback sockets
|
WARNING in set_precision
net
|
C |
|
|
140 |
2316d |
2357d
|
8/28 |
2297d |
c604cb767049
KEYS: DNS: fix parsing multiple options
|
BUG: unable to handle kernel paging request in cpuacct_charge
kernel
|
syz |
|
|
2 |
2319d |
2319d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in __acct_update_integrals
kernel
|
|
|
|
2 |
2315d |
2323d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: use-after-free Read in ipv6_gso_pull_exthdrs
net
|
C |
|
|
5 |
2315d |
2347d
|
8/28 |
2297d |
bab2c80e5a6c
nsh: set mac len based on inner packet
|
general protection fault in rb_next
kernel
|
|
|
|
1 |
2318d |
2318d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Write in __tlb_remove_page_size
mm
|
|
|
|
1 |
2314d |
2313d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in timerqueue_add
kernel
|
C |
|
|
4 |
2315d |
2331d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in rb_insert_color (2)
kernel
|
|
|
|
1 |
2321d |
2321d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in __tlb_remove_page_size
mm
|
|
|
|
1 |
2314d |
2314d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in enqueue_task_fair
kernel
|
|
|
|
1 |
2318d |
2318d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
BUG: unable to handle kernel paging request in account_system_index_time
kernel
|
|
|
|
1 |
2315d |
2314d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
KASAN: stack-out-of-bounds Read in find_inode_nowait
ext4
|
|
|
|
1 |
2327d |
2326d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
WARNING in iov_iter_revert
net
|
C |
|
|
74 |
2317d |
2383d
|
8/28 |
2297d |
32da12216e46
tls: Stricter error checking in zerocopy sendmsg path
|
general protection fault in smc_ioctl (2)
net
s390
|
C |
|
|
43 |
2297d |
2320d
|
8/28 |
2297d |
1992d99882af
net/smc: take sock lock in smc_ioctl()
|
KASAN: stack-out-of-bounds Read in tlb_flush_mmu_free
mm
|
|
|
|
2 |
2323d |
2326d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
general protection fault in do_tcp_getsockopt
net
|
C |
|
|
9 |
2316d |
2328d
|
8/28 |
2297d |
6508b6781be0
tcp: cleanup copied_seq and urg_data in tcp_disconnect
|
KASAN: use-after-free Read in bpf_test_finish
bpf
net
|
C |
|
|
1211 |
2312d |
2327d
|
8/28 |
2297d |
6e6fddc78323
bpf: fix panic due to oob in bpf_prog_test_run_skb
|
KASAN: use-after-free Write in skb_release_data
net
|
C |
|
|
1903 |
2371d |
2424d
|
8/28 |
2297d |
993675a3100b
packet: reset network header if packet shorter than ll reserved space
|
KASAN: stack-out-of-bounds Read in rcu_process_callbacks
kernel
|
C |
|
|
1 |
2321d |
2321d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
BUG: unable to handle kernel paging request in ttwu_do_activate
kernel
|
|
|
|
1 |
2331d |
2331d
|
8/28 |
2297d |
99ba2b5aba24
bpf: sockhash, disallow bpf_tcp_close and update in parallel
|
WARNING in smc_unhash_sk
s390
net
|
C |
|
|
155731 |
2300d |
2462d
|
8/28 |
2297d |
e1bbdd570474
net/smc: reduce sock_put() for fallback sockets
|
kernel BUG at net/packet/af_packet.c:LINE! (3)
net
|
syz |
|
|
5 |
2447d |
2494d
|
8/28 |
2306d |
a6361f0ca4b2
packet: fix bitfield update race
|
KASAN: slab-out-of-bounds Read in getname_kernel
fs
|
C |
|
|
8 |
2322d |
2421d
|
8/28 |
2311d |
02f51d45937f
autofs: fix slab out of bounds read in getname_kernel()
|
kernel BUG at mm/gup.c:LINE!
mm
|
syz |
|
|
4 |
2334d |
2332d
|
8/28 |
2311d |
24962af7e104
fs, elf: make sure to page align bss in load_elf_library
bb177a732c43
mm: do not bug_on on incorrect length in __mm_populate()
|
KASAN: global-out-of-bounds Write in string
reiserfs
|
C |
|
|
7 |
2366d |
2423d
|
8/28 |
2311d |
fe10e398e860
reiserfs: fix buffer overflow with long warning messages
|
KASAN: use-after-free Read in l2tp_session_create
net
|
|
|
|
119 |
2433d |
2500d
|
8/28 |
2315d |
6b9f34239b00
l2tp: fix races in tunnel creation
|
KMSAN: uninit-value in ip_tunnel_xmit
net
|
C |
|
|
2594 |
2318d |
2405d
|
8/28 |
2318d |
b84bbaf7a6c8
packet: in packet_snd start writing at link layer allocation
|
KMSAN: uninit-value in br_nf_forward_arp
bridge
netfilter
|
|
|
|
1 |
2364d |
2361d
|
8/28 |
2318d |
b84bbaf7a6c8
packet: in packet_snd start writing at link layer allocation
|
KMSAN: kernel-infoleak in vcs_read
serial
|
C |
|
|
531 |
2347d |
2357d
|
8/28 |
2322d |
21eff69aaaa0
vt: prevent leaking uninitialized data to userspace via /dev/vcs*
|
WARNING: suspicious RCU usage in fib6_info_alloc
net
|
syz |
|
|
2 |
2408d |
2408d
|
8/28 |
2326d |
27b10608a2fe
net/ipv6: Fix gfp_flags arg to addrconf_prefix_route
|
WARNING in kernfs_add_one
kernfs
|
C |
|
|
174 |
2327d |
2391d
|
8/28 |
2326d |
84d0c27d6233
driver core: Don't ignore class_dir_create_and_add() failure.
|
INFO: rcu detected stall in unwind_next_frame
kernel
|
|
|
|
2 |
2376d |
2379d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
BUG: unable to handle kernel paging request in dput
fs
|
C |
|
|
26 |
2357d |
2360d
|
8/28 |
2326d |
d85b399b64e8
fix proc_fill_cache() in case of d_alloc_parallel() failure
|
general protection fault in fuse_ctl_remove_conn
fuse
|
C |
|
|
16 |
2360d |
2399d
|
8/28 |
2326d |
6becdb601bae
fuse: fix control dir setup and teardown
|
WARNING in bpf_int_jit_compile
bpf
net
|
syz |
|
|
11 |
2334d |
2370d
|
8/28 |
2326d |
9facc336876f
bpf: reject any prog that failed read-only lock
|
possible deadlock in sock_hash_free
bpf
|
C |
|
|
45 |
2368d |
2368d
|
8/28 |
2326d |
e9db4ef6bf4c
bpf: sockhash fix omitted bucket lock in sock_close
|
possible deadlock in __might_fault (2)
net
|
C |
|
|
20 |
2396d |
2399d
|
8/28 |
2326d |
05255b823a61
tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
|
KMSAN: uninit-value in _copy_to_iter (2)
kvm
net
virt
|
C |
|
|
226 |
2358d |
2403d
|
8/28 |
2326d |
670ae9caaca4
vhost: fix info leak due to uninitialized memory
|
BUG: unable to handle kernel NULL pointer dereference in do_select
fs
|
|
|
|
45 |
2336d |
2337d
|
8/28 |
2326d |
e88958e6369a
net: handle NULL ->poll gracefully
|
kernel BUG at fs/f2fs/inode.c:LINE!
f2fs
|
C |
|
|
1 |
2406d |
2405d
|
8/28 |
2326d |
5d64600d4f33
f2fs: avoid bug_on on corrupted inode
|
WARNING: ODEBUG bug in sock_hash_free
bpf
|
|
|
|
1 |
2340d |
2340d
|
8/28 |
2326d |
e9db4ef6bf4c
bpf: sockhash fix omitted bucket lock in sock_close
|
KASAN: slab-out-of-bounds Write in sha512_final
crypto
|
C |
|
|
21 |
2338d |
2356d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
KASAN: slab-out-of-bounds Write in rmd320_final
crypto
|
C |
|
|
44 |
2338d |
2358d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
INFO: rcu detected stall in kmem_cache_alloc_node_trace
sctp
|
|
|
|
1 |
2414d |
2396d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
KASAN: slab-out-of-bounds Read in bpf_csum_update
bpf
net
|
C |
|
|
2 |
2364d |
2362d
|
8/28 |
2326d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
KMSAN: uninit-value in ip_vs_lblcr_check_expire
lvs
|
|
|
|
2050 |
2326d |
2403d
|
8/28 |
2326d |
3aa1409a7b16
ipvs: initialize tbl->entries after allocation
|
general protection fault in wb_workfn (2)
fs
|
|
|
|
38 |
2346d |
2370d
|
8/28 |
2326d |
3ee7e8697d58
bdi: Fix another oops in wb_workfn()
|
INFO: rcu detected stall in is_bpf_text_address
bpf
|
C |
|
|
1 |
2377d |
2377d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
KASAN: use-after-free Read in __vfs_write
fs
|
syz |
|
|
14 |
2355d |
2358d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
general protection fault in pipe_write
fs
|
syz |
|
|
1 |
2358d |
2357d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
possible deadlock in tcp_mmap
net
|
C |
|
|
1908 |
2396d |
2399d
|
8/28 |
2326d |
05255b823a61
tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
|
KASAN: use-after-free Read in bpf_skb_change_proto
bpf
net
|
|
|
|
1 |
2356d |
2355d
|
8/28 |
2326d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
KASAN: use-after-free Write in prb_fill_curr_block
net
|
C |
|
|
2 |
2364d |
2364d
|
8/28 |
2326d |
eb73190f4fbe
net/packet: refine check for priv area size
|
kernel BUG at fs/f2fs/node.c:LINE!
f2fs
|
C |
|
|
1 |
2405d |
2405d
|
8/28 |
2326d |
a4f843bd004d
f2fs: give message and set need_fsck given broken node id
|
WARNING in skb_warn_bad_offload (2)
net
|
C |
|
|
6 |
2398d |
2399d
|
8/28 |
2326d |
a8c744a8b437
udp: disable gso with no_check_tx
|
BUG: unable to handle kernel NULL pointer dereference in ep_item_poll
fs
|
C |
|
|
15 |
2336d |
2337d
|
8/28 |
2326d |
e88958e6369a
net: handle NULL ->poll gracefully
|
WARNING in bpf_prog_select_runtime
bpf
|
syz |
|
|
45 |
2350d |
2351d
|
8/28 |
2326d |
9facc336876f
bpf: reject any prog that failed read-only lock
|
KASAN: slab-out-of-bounds Read in bpf_skb_vlan_push
bpf
net
|
syz |
|
|
2 |
2352d |
2352d
|
8/28 |
2326d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
WARNING: kernel stack regs has bad 'bp' value (3)
|
C |
|
|
7971 |
2328d |
2483d
|
8/28 |
2326d |
b7b73cd5d746
crypto: x86/salsa20 - remove x86 salsa20 implementations
|
general protection fault in __vfs_write
fs
|
syz |
|
|
25 |
2354d |
2358d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
INFO: task hung in n_tty_flush_buffer
serial
|
|
|
|
6 |
2335d |
2409d
|
8/28 |
2326d |
ebec3f8f5271
n_tty: Access echo_* variables carefully.
|
KASAN: use-after-free Read in skb_ensure_writable
bpf
net
|
C |
|
|
4 |
2355d |
2362d
|
8/28 |
2326d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
KASAN: use-after-free Read in build_segment_manager
f2fs
|
C |
|
|
5 |
2405d |
2406d
|
8/28 |
2326d |
8a29c1260e24
f2fs: sanity check for total valid node blocks
|
KASAN: use-after-free Read in bpf_tcp_close
bpf
|
C |
|
|
1748 |
2331d |
2370d
|
8/28 |
2326d |
e9db4ef6bf4c
bpf: sockhash fix omitted bucket lock in sock_close
|
KMSAN: uninit-value in nfqnl_recv_config (2)
netfilter
|
C |
|
|
10 |
2339d |
2355d
|
8/28 |
2326d |
ba062ebb2cd5
netfilter: nf_queue: augment nfqa_cfg_policy
|
KASAN: use-after-free Read in pipe_read
fs
|
C |
|
|
3 |
2357d |
2358d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
KASAN: slab-out-of-bounds Read in crypto_morus640_decrypt_chunk
crypto
|
C |
|
|
8 |
2345d |
2352d
|
8/28 |
2326d |
a81ae8095712
crypto: morus640 - Fix out-of-bounds access
|
WARNING in perf_trace_buf_alloc (2)
trace
|
C |
|
|
22 |
2466d |
2571d
|
8/28 |
2326d |
4d220ed0f814
bpf: remove tracepoints from bpf core
|
KASAN: use-after-free Read in finish_wait
fs
|
|
|
|
8 |
2355d |
2358d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
BUG: unable to handle kernel paging request in bpf_prog_select_runtime
bpf
|
|
|
|
1 |
2342d |
2341d
|
8/28 |
2326d |
85782e037f8a
bpf: undo prog rejection on read-only lock failure
|
WARNING: kmalloc bug in xdp_umem_create
bpf
net
|
C |
|
|
7 |
2350d |
2356d
|
8/28 |
2326d |
a343993c518c
xsk: silence warning on memory allocation failure
|
KASAN: use-after-free Write in tls_push_record
net
|
C |
|
|
24 |
2327d |
2371d
|
8/28 |
2326d |
a447da7d0041
tls: fix use-after-free in tls_push_record
|
KASAN: use-after-free Read in fib6_table_lookup
net
|
|
|
|
1 |
2349d |
2348d
|
8/28 |
2326d |
9b0a8da8c4c6
net/ipv6: respect rcu grace period before freeing fib6_info
|
INFO: rcu detected stall in skb_free_head
net
|
|
|
|
4 |
2365d |
2397d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
KASAN: use-after-free Read in __kernel_write
fs
|
syz |
|
|
7 |
2355d |
2358d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
WARNING in ion_dma_buf_begin_cpu_access
staging
|
C |
|
|
62 |
2334d |
2356d
|
8/28 |
2326d |
0a2bc00341dc
staging: android: ion: Return an ERR_PTR in ion_map_kernel
|
WARNING: lock held when returning to user space! (2)
net
|
C |
|
|
9 |
2386d |
2387d
|
8/28 |
2326d |
9e5750106630
net/ipv6: fix lock imbalance in ip6_route_del()
|
INFO: rcu detected stall in corrupted
net
|
syz |
|
|
1 |
2375d |
2375d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
INFO: rcu detected stall in ip_route_output_key_hash
net
|
|
|
|
2 |
2377d |
2380d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
KMSAN: uninit-value in ebt_stp_mt_check (2)
bridge
netfilter
|
C |
|
|
222 |
2326d |
2358d
|
8/28 |
2326d |
c568503ef020
netfilter: x_tables: initialise match/target check parameter struct
|
kernel BUG at fs/f2fs/segment.c:LINE!
f2fs
|
syz |
|
|
1 |
2405d |
2405d
|
8/28 |
2326d |
8a29c1260e24
f2fs: sanity check for total valid node blocks
|
BUG: unable to handle kernel NULL pointer dereference in corrupted
net
|
C |
|
|
5 |
2357d |
2357d
|
8/28 |
2326d |
c0129a061442
smc: convert to ->poll_mask
|
KMSAN: uninit-value in eth_mac_addr
net
|
|
|
|
2 |
2328d |
2361d
|
8/28 |
2326d |
644c7eebbfd5
rtnetlink: validate attributes in do_setlink()
|
KASAN: slab-out-of-bounds Write in tgr192_final
crypto
|
C |
|
|
30 |
2338d |
2357d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
KASAN: slab-out-of-bounds Write in wp384_final
crypto
|
C |
|
|
27 |
2338d |
2357d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
INFO: rcu detected stall in dev_queue_xmit_nit
net
|
|
|
|
1 |
2371d |
2371d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
KASAN: slab-out-of-bounds Write in crypto_sha3_final
crypto
|
C |
|
|
68 |
2338d |
2357d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
KASAN: slab-out-of-bounds Read in bpf_skb_change_proto
bpf
net
|
C |
|
|
2 |
2355d |
2355d
|
8/28 |
2326d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
BUG: unable to handle kernel paging request in build_segment_manager
f2fs
|
C |
|
|
1 |
2406d |
2406d
|
8/28 |
2326d |
b2ca374f33bd
f2fs: sanity check on sit entry
|
KASAN: null-ptr-deref Write in simple_write_to_buffer
fs
|
C |
|
|
5 |
2366d |
2391d
|
8/28 |
2326d |
fc14eebfc208
PM / hibernate: Fix oops at snapshot_write()
|
INFO: rcu detected stall in sctp_packet_transmit
sctp
|
|
|
|
1 |
2381d |
2380d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
general protection fault in touch_atime
fs
|
syz |
|
|
6 |
2355d |
2358d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
WARNING: possible circular locking dependency detected (4)
net
|
C |
|
|
27 |
2399d |
2407d
|
8/28 |
2326d |
05255b823a61
tcp: add TCP_ZEROCOPY_RECEIVE support for zerocopy receive
|
BUG: delta (-6195) <= 0 at net/dccp/ccids/ccid3.c:LINE/ccid3_hc_rx_send_feedback()
dccp
|
|
|
|
1 |
2343d |
2343d
|
8/28 |
2326d |
74174fe5634f
net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
|
INFO: rcu detected stall in sctp_chunk_put
sctp
|
|
|
|
1 |
2365d |
2364d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
KASAN: slab-out-of-bounds Read in ip6_xmit (3)
net
|
C |
|
|
69 |
2332d |
2374d
|
8/28 |
2326d |
9901c5d77e96
bpf: sockmap, fix crash when ipv6 sock is added
|
KASAN: slab-out-of-bounds Read in skb_ensure_writable
bpf
net
|
C |
|
|
9 |
2353d |
2362d
|
8/28 |
2326d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
INFO: rcu detected stall in sctp_generate_heartbeat_event
sctp
|
|
|
|
2 |
2379d |
2388d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
KASAN: use-after-free Read in bpf_csum_update
bpf
net
|
C |
|
|
1 |
2364d |
2362d
|
8/28 |
2326d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
BUG: soft lockup in do_raw_spin_unlock (2)
fs
|
|
|
|
1 |
2354d |
2354d
|
8/28 |
2326d |
4fb48871409e
restore cond_resched() in shrink_dcache_parent()
|
BUG: unable to handle kernel paging request in bpf_int_jit_compile
bpf
net
|
syz |
|
|
2 |
2338d |
2342d
|
8/28 |
2326d |
85782e037f8a
bpf: undo prog rejection on read-only lock failure
|
general protection fault in __mnt_want_write
fs
|
|
|
|
1 |
2356d |
2356d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
KASAN: use-after-free Write in bpf_tcp_close
bpf
|
C |
|
|
67 |
2333d |
2369d
|
8/28 |
2326d |
e9db4ef6bf4c
bpf: sockhash fix omitted bucket lock in sock_close
|
general protection fault in bpf_tcp_close
bpf
|
C |
|
|
421 |
2327d |
2370d
|
8/28 |
2326d |
e9db4ef6bf4c
bpf: sockhash fix omitted bucket lock in sock_close
54fedb42c653
bpf: sockmap, fix smap_list_map_remove when psock is in many maps
|
general protection fault in smc_ioctl
net
s390
|
C |
|
|
5214 |
2348d |
2378d
|
8/28 |
2326d |
2351abe6f873
net/smc: return 0 for ioctl calls in states INIT and CLOSED
|
INFO: rcu detected stall in kfree_skbmem
net
|
|
|
|
4 |
2366d |
2396d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
INFO: task hung in tty_set_termios
serial
|
|
|
|
1 |
2427d |
2426d
|
8/28 |
2326d |
ebec3f8f5271
n_tty: Access echo_* variables carefully.
|
bpf-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work
kernel
|
|
|
|
3 |
2358d |
2361d
|
8/28 |
2326d |
bf956be520fb
umh: fix race condition
|
WARNING in do_dentry_open
fs
|
C |
|
|
26 |
2350d |
2357d
|
8/28 |
2326d |
b16558579576
bpf: implement dummy fops for bpf objects
|
KASAN: slab-out-of-bounds Write in prb_fill_curr_block
net
|
C |
|
|
2 |
2365d |
2365d
|
8/28 |
2326d |
eb73190f4fbe
net/packet: refine check for priv area size
|
KASAN: slab-out-of-bounds Read in build_segment_manager
f2fs
|
C |
|
|
1 |
2406d |
2406d
|
8/28 |
2326d |
8a29c1260e24
f2fs: sanity check for total valid node blocks
|
KASAN: use-after-free Read in xfs_inobt_init_key_from_rec
xfs
|
C |
|
|
1 |
2423d |
2423d
|
8/28 |
2326d |
2e050e648ad6
xfs: fix inobt magic number check
|
WARNING: refcount bug in __udp_gso_segment
net
|
|
|
|
2 |
2385d |
2386d
|
8/28 |
2326d |
575b65bc5bff
udp: avoid refcount_t saturation in __udp_gso_segment()
|
INFO: task hung in namespace_unlock
fs
|
|
|
|
15 |
2330d |
2339d
|
8/28 |
2326d |
ebec3f8f5271
n_tty: Access echo_* variables carefully.
|
KMSAN: uninit-value in rtnetlink_put_metrics
net
|
syz |
|
|
3 |
2360d |
2362d
|
8/28 |
2326d |
5b5e7a0de2bb
net: metrics: add proper netlink validation
|
KASAN: slab-out-of-bounds Read in bpf_skb_change_head
bpf
net
|
C |
|
|
2 |
2352d |
2352d
|
8/28 |
2326d |
58990d1ff3f7
bpf: reject passing modified ctx to helper functions
|
KASAN: slab-out-of-bounds Write in sha1_finup
crypto
|
C |
|
|
119 |
2338d |
2358d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
WARNING: kmalloc bug in map_get_next_key
bpf
|
C |
|
|
5 |
2380d |
2380d
|
8/28 |
2326d |
683d2ac3904c
bpf: fix sock hashmap kmalloc warning
|
unexpected kernel reboot (2)
kernel
|
C |
|
|
2073 |
2326d |
2416d
|
8/28 |
2326d |
0447378a4a79
kvm: vmx: Nested VM-entry prereqs for event inj.
|
BUG: workqueue lockup (3)
|
C |
|
|
1215 |
2330d |
2383d
|
8/28 |
2326d |
4fb48871409e
restore cond_resched() in shrink_dcache_parent()
|
INFO: rcu detected stall in ipv6_addr_label
net
|
|
|
|
1 |
2460d |
2460d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
WARNING: kernel stack frame pointer has bad value
|
C |
|
|
1108 |
2329d |
2407d
|
8/28 |
2326d |
f044a84e040b
crypto: don't optimize keccakf()
|
KASAN: use-after-free Read in fuse_kill_sb_blk
fuse
|
|
|
|
4 |
2377d |
2396d
|
8/28 |
2326d |
543b8f8662fe
fuse: don't keep dead fuse_conn at fuse_fill_super().
|
general protection fault in vfs_read
fs
|
syz |
|
|
2 |
2356d |
2358d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
KASAN: use-after-free Read in ip6_route_mpath_notify
net
|
C |
|
|
25 |
2359d |
2364d
|
8/28 |
2326d |
f7225172f25a
net/ipv6: prevent use after free in ip6_route_mpath_notify
|
BUG: unable to handle kernel NULL pointer dereference in do_sys_poll
fs
|
C |
|
|
297 |
2336d |
2337d
|
8/28 |
2326d |
e88958e6369a
net: handle NULL ->poll gracefully
|
WARNING in ebt_do_table
bridge
netfilter
|
C |
|
|
13 |
2335d |
2360d
|
8/28 |
2326d |
11ff7288beb2
netfilter: ebtables: reject non-bridge targets
|
WARNING in sysfs_remove_group
fs
|
C |
|
|
11125 |
2327d |
2581d
|
8/28 |
2326d |
d3349b6b3c37
loop: remember whether sysfs_create_group() was done
|
KASAN: null-ptr-deref Write in xdp_umem_unaccount_pages
bpf
net
|
C |
|
|
25 |
2354d |
2358d
|
8/28 |
2326d |
c09290c56376
bpf, xdp: fix crash in xdp_umem_unaccount_pages
|
WARNING: kernel stack regs at (ptrval) in syzkaller has bad 'bp' value (ptrval)
kernel
|
C |
|
|
3 |
2403d |
2403d
|
8/28 |
2326d |
f044a84e040b
crypto: don't optimize keccakf()
|
KASAN: slab-out-of-bounds Write in tls_push_record
net
|
|
|
|
2 |
2341d |
2356d
|
8/28 |
2326d |
a447da7d0041
tls: fix use-after-free in tls_push_record
|
WARNING: suspicious RCU usage in rt6_remove_exception_rt
net
|
syz |
|
|
1761 |
2401d |
2403d
|
8/28 |
2326d |
091311debcf0
net/ipv6: fix LOCKDEP issue in rt6_remove_exception_rt()
|
INFO: task hung in blk_queue_enter
block
|
C |
|
|
1595 |
2326d |
2398d
|
8/28 |
2326d |
cd4a4ae4683d
block: don't use blocking queue entered for recursive bio submits
|
KASAN: use-after-free Read in skb_dequeue
net
|
C |
|
|
4 |
2344d |
2345d
|
8/28 |
2326d |
945d015ee0c3
net/packet: fix use-after-free
|
KASAN: slab-out-of-bounds Write in sha1_final
crypto
|
C |
|
|
201 |
2338d |
2358d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
KASAN: use-after-free Read in corrupted
mm
|
C |
|
|
2 |
2381d |
2383d
|
8/28 |
2326d |
543b8f8662fe
fuse: don't keep dead fuse_conn at fuse_fill_super().
|
WARNING in ion_buffer_destroy
staging
|
C |
|
|
7901 |
2356d |
2507d
|
8/28 |
2326d |
45ad559a2962
staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy
|
KASAN: slab-out-of-bounds Write in tgr160_final
crypto
|
C |
|
|
55 |
2338d |
2358d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
KASAN: use-after-free Read in crypto_morus640_decrypt_chunk
crypto
|
C |
|
|
3 |
2352d |
2352d
|
8/28 |
2326d |
a81ae8095712
crypto: morus640 - Fix out-of-bounds access
|
WARNING: ODEBUG bug in del_timer (2)
net
s390
|
C |
|
|
6 |
2379d |
2380d
|
8/28 |
2326d |
be7f3e59997b
net/smc: init conn.tx_work & conn.send_lock sooner
|
INFO: task hung in jbd2_journal_stop
ext4
|
|
|
|
1 |
2422d |
2421d
|
8/28 |
2326d |
ebec3f8f5271
n_tty: Access echo_* variables carefully.
|
INFO: rcu detected stall in n_tty_receive_char_special
serial
|
C |
|
|
3 |
2398d |
2420d
|
8/28 |
2326d |
3d63b7e4ae0d
n_tty: Fix stall at n_tty_receive_char_special().
|
net-next boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work
kernel
|
|
|
|
8 |
2358d |
2370d
|
8/28 |
2326d |
bf956be520fb
umh: fix race condition
|
KMSAN: uninit-value in ip_vs_lblc_check_expire
lvs
|
C |
|
|
1431 |
2326d |
2403d
|
8/28 |
2326d |
8b2ebb6cf064
ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()
|
KASAN: null-ptr-deref Read in refcount_sub_and_test
net
|
C |
|
|
4 |
2406d |
2408d
|
8/28 |
2326d |
263243d6c257
net/ipv6: Fix ip6_convert_metrics() bug
|
INFO: rcu detected stall in __ipv6_dev_get_saddr
net
|
|
|
|
1 |
2367d |
2367d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
WARNING: suspicious RCU usage in rt6_check_expired
net
|
|
|
|
4 |
2403d |
2403d
|
8/28 |
2326d |
c3c14da0288d
net/ipv6: add rcu locking to ip6_negative_advice
|
INFO: rcu detected stall in blkdev_ioctl
block
|
C |
|
|
249 |
2357d |
2531d
|
8/28 |
2326d |
d2ac838e4cd7
loop: add recursion validation to LOOP_CHANGE_FD
|
INFO: rcu detected stall in __save_stack_trace
kernel
|
|
|
|
3 |
2327d |
2460d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
INFO: task hung in commit_echoes
serial
|
|
|
|
1 |
2335d |
2331d
|
8/28 |
2326d |
ebec3f8f5271
n_tty: Access echo_* variables carefully.
|
WARNING: kmalloc bug in memdup_user (3)
bpf
|
C |
|
|
137 |
2379d |
2380d
|
8/28 |
2326d |
683d2ac3904c
bpf: fix sock hashmap kmalloc warning
|
KASAN: slab-out-of-bounds Write in sha512_finup
crypto
|
C |
|
|
25 |
2339d |
2355d
|
8/28 |
2326d |
3619dec5103d
dh key: fix rounding up KDF output length
|
INFO: rcu detected stall in d_walk
fs
|
C |
|
|
25680 |
2352d |
2414d
|
8/28 |
2326d |
4fb48871409e
restore cond_resched() in shrink_dcache_parent()
|
KASAN: use-after-free Read in pipe_wait
fs
|
|
|
|
2 |
2355d |
2356d
|
8/28 |
2326d |
66e58e0ef80a
bpfilter: fix race in pipe access
|
INFO: rcu detected stall in save_stack_trace
sctp
|
C |
|
|
1 |
2377d |
2375d
|
8/28 |
2326d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
INFO: rcu detected stall in __process_echoes
serial
|
C |
|
|
326 |
2334d |
2429d
|
8/28 |
2326d |
ebec3f8f5271
n_tty: Access echo_* variables carefully.
|
INFO: task hung in blk_freeze_queue
block
|
C |
|
|
188 |
2328d |
2478d
|
8/28 |
2326d |
d2ac838e4cd7
loop: add recursion validation to LOOP_CHANGE_FD
|
upstream boot error: KASAN: use-after-free Write in call_usermodehelper_exec_work
kernel
|
|
|
|
5 |
2355d |
2357d
|
8/28 |
2326d |
bf956be520fb
umh: fix race condition
|
possible deadlock in bpf_tcp_close
bpf
|
C |
|
|
152 |
2368d |
2368d
|
8/28 |
2326d |
e9db4ef6bf4c
bpf: sockhash fix omitted bucket lock in sock_close
|
WARNING in arch_uprobe_analyze_insn
kernel
|
C |
|
|
2 |
2383d |
2382d
|
8/28 |
2326d |
90718e32e1dc
uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
|
KASAN: use-after-free Read in rds_cong_queue_updates
rds
|
C |
|
|
18168 |
2332d |
2463d
|
8/28 |
2326d |
f1693c63ab13
rds: avoid unenecessary cong_update in loop transport
c809195f5523
rds: clean up loopback rds_connections on netns deletion
|
KASAN: use-after-free Read in iput
fuse
|
C |
|
|
2 |
2409d |
2409d
|
8/28 |
2328d |
0c92c7a3c5d4
tracing: Fix bad use of igrab in trace_uprobe.c
|
INFO: task hung in ucma_destroy_id
rdma
|
C |
|
|
46 |
2408d |
2444d
|
5/28 |
2331d |
ef95a90ae6f4
RDMA/ucma: ucma_context reference leak in error path
|
BUG: corrupted list in tipc_nametbl_unsubscribe
tipc
|
C |
|
|
40 |
2388d |
2448d
|
5/28 |
2331d |
c3317f4db831
tipc: fix unbalanced reference counter
|
general protection fault in kernel_sock_shutdown
net
s390
|
C |
|
|
3329 |
2404d |
2462d
|
5/28 |
2331d |
1255fcb2a655
net/smc: fix shutdown in state SMC_LISTEN
|
INFO: trying to register non-static key in tun_do_read
net
|
C |
|
|
28 |
2382d |
2389d
|
5/28 |
2347d |
7063efd33bb1
tuntap: fix use after free during release
|
KASAN: use-after-free Read in iptunnel_handle_offloads
net
|
C |
|
|
133 |
2372d |
2418d
|
5/28 |
2347d |
9aad13b087ab
packet: fix reserve calculation
|
WARNING: suspicious RCU usage in rds_loop_conn_alloc
rds
|
C |
|
|
34303 |
2465d |
2473d
|
5/28 |
2353d |
d4014d8cc6df
rds: do not call ->conn_alloc with GFP_KERNEL
|
KASAN: use-after-free Read in copyout
net
|
C |
|
|
11 |
2376d |
2432d
|
5/28 |
2358d |
b84bbaf7a6c8
packet: in packet_snd start writing at link layer allocation
|
KASAN: use-after-free Read in sock_recv_errqueue
net
|
|
|
|
1 |
2381d |
2381d
|
5/28 |
2358d |
b84bbaf7a6c8
packet: in packet_snd start writing at link layer allocation
|
KASAN: use-after-free Read in skb_copy_datagram_iter
net
|
C |
|
|
7 |
2394d |
2432d
|
5/28 |
2358d |
b84bbaf7a6c8
packet: in packet_snd start writing at link layer allocation
|
kernel BUG at lib/string.c:LINE! (4)
lvs
|
C |
|
|
2 |
2380d |
2380d
|
5/28 |
2358d |
52f96757905b
ipvs: fix buffer overflow with sync daemon and service
|
WARNING in dev_vprintk_emit
kernel
|
C |
|
|
77 |
2372d |
2499d
|
5/28 |
2358d |
814596495dd2
cfg80211: further limit wiphy names to 64 bytes
|
BUG: spinlock bad magic in tun_do_read
net
|
syz |
|
|
1 |
2389d |
2389d
|
5/28 |
2358d |
b196d88aba8a
tun: fix use after free for ptr_ring
|
BUG: soft lockup in _decode_session6
net
|
C |
|
|
1 |
2385d |
2385d
|
5/28 |
2358d |
d9f92772e8ec
xfrm6: avoid potential infinite loop in _decode_session6()
|
KASAN: use-after-free Read in timer_is_static_object
dccp
|
|
|
|
1 |
2379d |
2379d
|
5/28 |
2358d |
2677d2067731
dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
|
kernel BUG at net/ipv4/tcp_output.c:LINE! (2)
net
|
syz |
|
|
23 |
2390d |
2495d
|
5/28 |
2358d |
7f582b248d0a
tcp: purge write queue in tcp_connect_init()
|
KASAN: use-after-free Read in radix_tree_next_chunk
xfs
|
C |
|
|
2749 |
2375d |
2426d
|
5/28 |
2358d |
79f546a696bf
fs: don't scan the inode cache before SB_BORN is set
|
general protection fault in shmem_unused_huge_count
mm
|
|
|
|
8 |
2380d |
2383d
|
5/28 |
2358d |
79f546a696bf
fs: don't scan the inode cache before SB_BORN is set
|
KASAN: use-after-free Read in __dev_queue_xmit (2)
net
|
C |
|
|
2 |
2376d |
2376d
|
5/28 |
2358d |
b84bbaf7a6c8
packet: in packet_snd start writing at link layer allocation
|
BUG: unable to handle kernel paging request in smc_ib_remember_port_attr
net
s390
|
C |
|
|
112 |
2375d |
2432d
|
5/28 |
2358d |
d49baa7e12ee
net/smc: check for missing nlattrs in SMC_PNETID messages
|
WARNING in __mutex_unlock_slowpath
kvm
|
C |
|
|
2 |
2394d |
2397d
|
5/28 |
2358d |
7a4deea1aa8b
idr: fix invalid ptr dereference on item delete
|
general protection fault in kernfs_kill_sb (2)
kernfs
|
C |
|
|
22 |
2372d |
2384d
|
5/28 |
2358d |
82382acec0c9
kernfs: deal with kernfs_fill_super() failures
|
general protection fault in __radix_tree_delete
kvm
|
C |
|
|
38 |
2371d |
2397d
|
5/28 |
2358d |
7a4deea1aa8b
idr: fix invalid ptr dereference on item delete
|
BUG: unable to handle kernel paging request in nla_strlcpy
netfilter
|
|
|
|
1 |
2367d |
2367d
|
5/28 |
2358d |
4b83a9049a98
netfilter: provide correct argument to nla_strlcpy()
|
KASAN: slab-out-of-bounds Read in nla_strlcpy
netfilter
|
C |
|
|
34 |
2362d |
2375d
|
5/28 |
2358d |
4b83a9049a98
netfilter: provide correct argument to nla_strlcpy()
|
KASAN: use-after-free Read in __sk_free
net
|
|
|
|
1 |
2379d |
2379d
|
5/28 |
2358d |
9709020c86f6
sock_diag: fix use-after-free read in __sk_free
|
KASAN: use-after-free Read in nla_strlcpy
netfilter
|
C |
|
|
59 |
2362d |
2375d
|
5/28 |
2358d |
4b83a9049a98
netfilter: provide correct argument to nla_strlcpy()
|
KMSAN: uninit-value in ebt_stp_mt_check
bridge
netfilter
|
C |
|
|
211 |
2359d |
2403d
|
5/28 |
2358d |
a4995684a949
netfilter: bridge: stp fix reference to uninitialized data
|
general protection fault in mr_mfc_find_parent
net
|
|
|
|
2 |
2371d |
2376d
|
5/28 |
2358d |
66fb33254f45
ipmr: properly check rhltable_init() return value
|
KASAN: stack-out-of-bounds Write in compat_copy_entries
bridge
netfilter
|
syz |
|
|
10 |
2363d |
2402d
|
5/28 |
2358d |
94c752f99954
netfilter: ebtables: handle string from userspace with care
|
WARNING: ODEBUG bug in hfsplus_fill_super
hfs
|
C |
|
|
1 |
2427d |
2426d
|
5/28 |
2358d |
66072c293287
hfsplus: stop workqueue when fill_super() failed
|
WARNING in kcm_exit_net (3)
net
|
syz |
|
|
5 |
2365d |
2365d
|
5/28 |
2358d |
eb7f54b90bd8
kcm: Fix use-after-free caused by clonned sockets
|
kernel BUG at include/linux/mm.h:LINE!
kernel
|
syz |
|
|
68 |
2358d |
2395d
|
5/28 |
2358d |
a466ef76b815
x86/kexec: Avoid double free_page() upon do_kexec_load() failure
|
KASAN: use-after-free Read in remove_wait_queue (2)
fs
|
C |
|
|
4 |
2447d |
2457d
|
5/28 |
2358d |
af8d3c7c001a
ppp: remove the PPPIOCDETACH ioctl
|
KASAN: slab-out-of-bounds Read in __ext4_check_dir_entry
ext4
|
C |
|
|
18 |
2425d |
2426d
|
5/28 |
2367d |
e40ff2138985
ext4: force revalidation of directory pointer after seekdir(2)
|
general protection fault in gfn_to_rmap
|
syz |
|
|
7 |
2468d |
2577d
|
5/28 |
2379d |
b7e31be38558
KVM: x86: fix vcpu initialization with userspace lapic
|
KASAN: slab-out-of-bounds Read in pfkey_add
net
|
C |
|
|
835 |
2385d |
2531d
|
5/28 |
2379d |
4b66af2d6356
af_key: Always verify length of provided sadb_key
|
KASAN: use-after-free Read in tls_sk_proto_close (2)
net
|
C |
|
|
297 |
2384d |
2391d
|
5/28 |
2379d |
98f0a39529e5
tls: fix use after free in tls_sk_proto_close
|
KASAN: use-after-free Read in debugfs_remove (2)
fs
|
|
|
|
1 |
2405d |
2403d
|
5/28 |
2379d |
f53823c18131
bdi: Fix use after free bug in debugfs_remove()
|
WARNING in add_uevent_var
wireless
|
C |
|
|
5 |
2425d |
2425d
|
5/28 |
2379d |
a7cfebcb7594
cfg80211: limit wiphy names to 128 bytes
|
BUG: bad usercopy in __check_object_size
mm
hardening
|
|
|
|
1 |
2390d |
2390d
|
5/28 |
2379d |
2c5d5b13c6eb
llc: better deal with too small mtu
|
WARNING in __snd_pcm_lib_xfer
sound
|
syz |
|
|
6 |
2393d |
2395d
|
5/28 |
2379d |
f13876e2c33a
ALSA: pcm: Check PCM state at xfern compat ioctl
|
BUG: MAX_LOCK_DEPTH too low!
net
|
|
|
|
1 |
2395d |
2395d
|
5/28 |
2379d |
af50e4ba34f4
nsh: fix infinite loop
|
KASAN: use-after-free Read in sctp_do_sm
sctp
|
|
|
|
2 |
2388d |
2388d
|
5/28 |
2379d |
6910e25de225
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
|
INFO: task hung in sock_sendmsg
net
|
|
|
|
1 |
2417d |
2417d
|
5/28 |
2379d |
8236b0ae31c8
bdi: wake up concurrent wb_shutdown() callers.
|
INFO: task hung in get_timespec64
kernel
|
|
|
|
1 |
2415d |
2415d
|
5/28 |
2379d |
8236b0ae31c8
bdi: wake up concurrent wb_shutdown() callers.
|
INFO: task hung in do_vfs_ioctl
kvm
|
|
|
|
2 |
2395d |
2412d
|
5/28 |
2379d |
8236b0ae31c8
bdi: wake up concurrent wb_shutdown() callers.
|
KMSAN: uninit-value in move_addr_to_user (2)
net
|
C |
|
|
44 |
2380d |
2387d
|
5/28 |
2379d |
09c8b9718a7a
tipc: fix one byte leak in tipc_sk_set_orig_addr()
|
INFO: task hung in handle_userfault
fs
|
|
|
|
3 |
2394d |
2416d
|
5/28 |
2379d |
8236b0ae31c8
bdi: wake up concurrent wb_shutdown() callers.
|
KMSAN: uninit-value in strcmp
tipc
|
C |
|
|
3 |
2391d |
2393d
|
5/28 |
2379d |
94f6a80c0c11
tipc: eliminate KMSAN uninit-value in strcmp complaint
|
general protection fault in wb_workfn
fs
|
|
|
|
63 |
2381d |
2407d
|
5/28 |
2379d |
b8b784958ecc
bdi: Fix oops in wb_workfn()
|
INFO: task hung in __do_page_fault
fs
|
|
|
|
1 |
2411d |
2411d
|
5/28 |
2379d |
8236b0ae31c8
bdi: wake up concurrent wb_shutdown() callers.
|
INFO: task hung in do_set_master
kernel
|
|
|
|
1 |
2420d |
2420d
|
5/28 |
2379d |
8236b0ae31c8
bdi: wake up concurrent wb_shutdown() callers.
|
KASAN: use-after-free Read in perf_trace_rpc_stats_latency
net
nfs
|
|
|
|
1 |
2397d |
2396d
|
5/28 |
2379d |
98eb6cf25f03
sunrpc: Fix latency trace point crashes
|
INFO: task hung in wb_shutdown (2)
mm
|
|
|
|
5064 |
2391d |
2425d
|
5/28 |
2379d |
8236b0ae31c8
bdi: wake up concurrent wb_shutdown() callers.
|
WARNING in xfrm6_tunnel_net_exit
net
|
syz |
|
|
14002 |
2382d |
2512d
|
5/28 |
2379d |
b48c05ab5d32
xfrm: Fix warning in xfrm6_tunnel_net_exit.
|
KMSAN: uninit-value in __sctp_v6_cmp_addr
sctp
|
C |
|
|
1109 |
2380d |
2381d
|
5/28 |
2380d |
d625329b06e4
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
|
WARNING in tracepoint_probe_unregister (2)
trace
|
|
|
|
120 |
2389d |
2444d
|
5/28 |
2380d |
d66a270be331
tracepoint: Do not warn on ENOMEM
|
BUG: unable to handle kernel NULL pointer dereference in smc_getsockopt
net
s390
|
C |
|
|
9 |
2381d |
2386d
|
5/28 |
2380d |
070204a34884
net/smc: keep clcsock reference in smc_tcp_listen_work()
|
general protection fault in smc_getsockopt
net
s390
|
C |
|
|
577 |
2392d |
2452d
|
5/28 |
2380d |
070204a34884
net/smc: keep clcsock reference in smc_tcp_listen_work()
|
KMSAN: uninit-value in put_cmsg
net
|
C |
|
|
2 |
2394d |
2394d
|
5/28 |
2380d |
eb80ca476ec1
rds: do not leak kernel memory to user land
|
KMSAN: uninit-value in rt6_multipath_hash
net
|
C |
|
|
3 |
2381d |
2398d
|
5/28 |
2380d |
cea67a2dd6b2
ipv6: fix uninit-value in ip6_multipath_l3_keys()
|
general protection fault in smc_setsockopt
net
s390
|
C |
|
|
504 |
2392d |
2456d
|
5/28 |
2380d |
070204a34884
net/smc: keep clcsock reference in smc_tcp_listen_work()
|
general protection fault in smc_set_keepalive
s390
net
|
C |
|
|
6 |
2396d |
2402d
|
5/28 |
2380d |
070204a34884
net/smc: keep clcsock reference in smc_tcp_listen_work()
|
general protection fault in smc_getname
net
s390
|
C |
|
|
44 |
2393d |
2456d
|
5/28 |
2380d |
070204a34884
net/smc: keep clcsock reference in smc_tcp_listen_work()
|
WARNING in tcp_sacktag_write_queue
net
|
C |
|
|
8 |
2397d |
2468d
|
5/28 |
2380d |
bf2acc943a45
tcp: fix TCP_REPAIR_QUEUE bound checking
|
kernel BUG at kernel/softirq.c:LINE!
kernel
|
|
|
|
1 |
2394d |
2393d
|
5/28 |
2380d |
a8d7aa17bbc9
dccp: fix tasklet usage
|
WARNING: kobject bug in br_add_if
bridge
|
|
|
|
41 |
2388d |
2415d
|
5/28 |
2380d |
e8238fc2bd7b
bridge: check iface upper dev when setting master via ioctl
3e14c6abbfb5
kobject: don't use WARN for registration failures
|
WARNING in tcp_mark_head_lost
net
|
C |
|
|
18 |
2389d |
2472d
|
5/28 |
2380d |
16ae6aa17052
net-backports: tcp: ignore Fast Open on repair mode
|
KASAN: slab-out-of-bounds Read in __sctp_v6_cmp_addr
sctp
|
C |
|
|
3202 |
2392d |
2404d
|
5/28 |
2380d |
d625329b06e4
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
|
WARNING in tracepoint_probe_register_prio (2)
trace
|
C |
|
|
849 |
2381d |
2445d
|
5/28 |
2380d |
d66a270be331
tracepoint: Do not warn on ENOMEM
|
WARNING: ODEBUG bug in del_timer
net
s390
|
C |
|
|
200 |
2380d |
2397d
|
5/28 |
2380d |
784813aed6ba
net/smc: restrict non-blocking connect finish
|
KASAN: slab-out-of-bounds Read in clusterip_tg_check
netfilter
|
C |
|
|
22 |
2482d |
2488d
|
5/28 |
2382d |
1a38956cce5e
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
|
WARNING: suspicious RCU usage in tipc_bearer_find
tipc
|
C |
|
|
21 |
2476d |
2476d
|
5/28 |
2382d |
ed4ffdfec26d
tipc: Fix missing RTNL lock protection during setting link properties
|
WARNING: kmalloc bug in memdup_user (2)
rdma
|
|
|
|
1 |
2431d |
2431d
|
5/28 |
2382d |
5f3e3b85cc0a
RDMA/ucma: Correct option size check using optlen
|
INFO: trying to register non-static key in del_timer_sync
netfilter
|
C |
|
|
89 |
2462d |
2488d
|
5/28 |
2383d |
10414014bc08
netfilter: x_tables: fix missing timer initialization in xt_LED
|
BUG: unable to handle kernel paging request in memset_erms (2)
sound
|
C |
|
|
11 |
2482d |
2497d
|
5/28 |
2383d |
02a5d6925cd3
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
|
general protection fault in rdma_addr_size
rdma
|
C |
|
|
2 |
2440d |
2434d
|
5/28 |
2383d |
e8980d67d601
RDMA/ucma: Ensure that CM_ID exists prior to access it
|
general protection fault in account_system_index_time
kernel
|
C |
|
|
2 |
2430d |
2429d
|
5/28 |
2383d |
ae4745730cf8
net: Fix untag for vlan packets without ethernet header
|
KASAN: null-ptr-deref Write in linear_transfer
sound
|
C |
|
|
116 |
2428d |
2511d
|
5/28 |
2383d |
02a5d6925cd3
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
|
BUG: unable to handle kernel paging request in cgroup_mt_destroy_v1
netfilter
|
C |
|
|
3 |
2485d |
2485d
|
5/28 |
2383d |
ba7cd5d95f25
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
|
KASAN: use-after-free Write in xt_rateest_put
netfilter
|
C |
|
|
7 |
2486d |
2487d
|
5/28 |
2383d |
7dc68e98757a
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
|
BUG: workqueue lockup (2)
|
C |
|
|
406 |
2386d |
2544d
|
5/28 |
2383d |
966031f34018
n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
|
KASAN: use-after-free Read in __dev_queue_xmit
net
|
C |
|
|
10 |
2394d |
2513d
|
5/28 |
2387d |
d0c081b49137
flow_dissector: properly cap thoff field
|
KASAN: use-after-free Read in work_is_static_object
net
|
|
|
|
3 |
2493d |
2508d
|
5/28 |
2387d |
2cc683e88c0c
kcm: lock lower socket in kcm_attach
|
WARNING: bad unlock balance in xfs_iunlock
xfs
|
C |
|
|
1 |
2424d |
2424d
|
5/28 |
2387d |
8241f7f983b9
xfs: don't iunlock the quota ip when quota block
|
KASAN: use-after-free Read in ip6_xmit
net
|
C |
|
|
5174 |
2435d |
2512d
|
5/28 |
2387d |
c113187d38ff
tls: Use correct sk->sk_prot for IPV6
|
KASAN: out-of-bounds Read in ip6_xmit
net
|
|
|
|
2 |
2446d |
2488d
|
5/28 |
2387d |
b954f94023dc
l2tp: fix races with ipv4-mapped ipv6 addresses
|
KMSAN: uninit-value in iptable_mangle_hook
netfilter
|
C |
|
|
1134 |
2388d |
2419d
|
5/28 |
2388d |
b855ff827476
dccp: initialize ireq->ir_mark
|
WARNING in ext4_superblock_csum_set
ext4
|
C |
|
|
1 |
2424d |
2424d
|
5/28 |
2388d |
a45403b51582
ext4: always initialize the crc32c checksum driver
|
WARNING: refcount bug in put_pid_ns
fs
|
syz |
|
|
6 |
2426d |
2426d
|
5/28 |
2388d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
WARNING in __might_sleep
kernel
|
|
|
|
6 |
2400d |
2404d
|
5/28 |
2388d |
6c1e851c4edc
random: fix possible sleeping allocation from irq context
|
WARNING: refcount bug in should_fail
mm
|
C |
|
|
3 |
2427d |
2458d
|
5/28 |
2388d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
BUG: corrupted list in team_nl_cmd_options_set
net
|
C |
|
|
2 |
2411d |
2415d
|
5/28 |
2388d |
4fb0534fb7bb
team: avoid adding twice the same option to the event list
|
kernel BUG at drivers/tty/tty_ldisc.c:LINE!
serial
|
|
|
|
6 |
2410d |
2425d
|
5/28 |
2388d |
598c2d41ff44
tty: Avoid possible error pointer dereference at tty_ldisc_restore().
bcdd0ca8cb87
tty: Use __GFP_NOFAIL for tty_ldisc_get()
|
WARNING: refcount bug in free_nsproxy
kernel
|
|
|
|
4 |
2428d |
2452d
|
5/28 |
2388d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
general protection fault in ucma_set_ib_path (2)
rdma
|
C |
|
|
6 |
2416d |
2423d
|
5/28 |
2388d |
8435168d50e6
RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device
|
BUG: sleeping function called from invalid context at net/core/sock.c:LINE (3)
net
|
C |
|
|
234 |
2465d |
2469d
|
5/28 |
2388d |
26736a08ee0f
tipc: don't call sock_release() in atomic context
|
INFO: rcu detected stall in io_playback_transfer
sound
|
|
|
|
9 |
2415d |
2420d
|
5/28 |
2388d |
e15dc99dbb9c
ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
|
KMSAN: uninit-value in inet_csk_bind_conflict
net
|
C |
|
|
446 |
2388d |
2419d
|
5/28 |
2388d |
3099a5291893
soreuseport: initialise timewait reuseport field
|
KMSAN: uninit-value in alg_bind
crypto
|
C |
|
|
1950 |
2388d |
2419d
|
5/28 |
2388d |
a466856e0b7a
crypto: af_alg - fix possible uninit-value in alg_bind()
|
KMSAN: uninit-value in netif_skb_features
net
|
C |
|
|
119 |
2388d |
2414d
|
5/28 |
2388d |
7ce2367254e8
vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
|
general protection fault in __tipc_nl_net_set
tipc
|
syz |
|
|
4 |
2410d |
2411d
|
5/28 |
2388d |
c6404122cb18
tipc: fix possible crash in __tipc_nl_net_set()
|
general protection fault in __list_del_entry_valid (3)
tipc
|
C |
|
|
40 |
2426d |
2426d
|
5/28 |
2388d |
b714295abc59
tipc: Fix missing list initializations in struct tipc_subscription
|
KMSAN: uninit-value in inet_getpeer
net
|
C |
|
|
54 |
2388d |
2417d
|
5/28 |
2388d |
b6a37e5e2541
inetpeer: fix uninit-value in inet_getpeer
|
KMSAN: uninit-value in fib_create_info
net
|
C |
|
|
19 |
2413d |
2419d
|
5/28 |
2388d |
b1993a2de12c
net: fix rtnh_ok()
|
KASAN: use-after-free Read in binder_release_work
kernel
|
C |
|
|
6 |
2402d |
2423d
|
5/28 |
2388d |
7aa135fcf263
ANDROID: binder: prevent transactions into own process.
|
BUG: corrupted list in __dentry_kill
fs
|
C |
|
|
35 |
2406d |
2426d
|
5/28 |
2388d |
4a3877c4cedd
rpc_pipefs: fix double-dput()
|
KMSAN: uninit-value in neigh_dump_info
net
|
C |
|
|
6 |
2401d |
2415d
|
5/28 |
2388d |
7dd07c143a4b
net: validate attribute sizes in neigh_dump_table()
|
KASAN: use-after-free Read in shm_get_unmapped_area
kernel
|
|
|
|
19 |
2484d |
2575d
|
5/28 |
2388d |
3f05317d9889
ipc/shm: fix use-after-free of shm file via remap_file_pages()
|
kernel BUG at drivers/vhost/vhost.c:LINE! (2)
kvm
net
virt
|
C |
|
|
139 |
2389d |
2420d
|
5/28 |
2388d |
d14d2b78090c
vhost: fix vhost_vq_access_ok() log check
|
KMSAN: uninit-value in pppoe_connect
net
|
|
|
|
47 |
2388d |
2403d
|
5/28 |
2388d |
a49e2f5d5fb1
pppoe: check sockaddr length in pppoe_connect()
|
KMSAN: uninit-value in tipc_node_get_mtu
tipc
|
C |
|
|
139 |
2388d |
2419d
|
5/28 |
2388d |
335b929b28ae
tipc: fix missing initializer in tipc_sendmsg()
|
INFO: task hung in stop_sync_thread (2)
lvs
|
C |
|
|
9 |
2412d |
2428d
|
5/28 |
2388d |
5c64576a7789
ipvs: fix rtnl_lock lockups caused by start_sync_thread
|
KASAN: use-after-free Read in sctp_association_free (2)
sctp
|
C |
|
|
2 |
2448d |
2448d
|
5/28 |
2388d |
0aee4c259849
sctp: Fix double free in sctp_sendmsg_to_asoc
|
KMSAN: uninit-value in move_addr_to_user
net
|
C |
|
|
74 |
2388d |
2419d
|
5/28 |
2388d |
6780db244d6b
sctp: do not leak kernel memory to user space
|
KMSAN: uninit-value in memcmp
net
|
C |
|
|
30 |
2390d |
2419d
|
5/28 |
2388d |
77d36398d99f
net: fix uninit-value in __hw_addr_add_ex()
|
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
input
|
C |
|
|
2126 |
2389d |
2404d
|
5/28 |
2388d |
6c1e851c4edc
random: fix possible sleeping allocation from irq context
|
general protection fault in snd_rawmidi_ioctl_compat
sound
|
|
|
|
1 |
2415d |
2407d
|
5/28 |
2388d |
8a56ef4f3ffb
ALSA: rawmidi: Fix missing input substream checks in compat ioctls
|
KASAN: use-after-free Read in alloc_pid
kernel
|
C |
|
|
7 |
2416d |
2425d
|
5/28 |
2388d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
BUG: corrupted list in sctp_association_free
sctp
|
|
|
|
1 |
2448d |
2444d
|
5/28 |
2388d |
d98985dd6c2d
sctp: fix error return code in sctp_sendmsg_new_asoc()
|
KASAN: slab-out-of-bounds Write in perf_callchain_user
perf
|
syz |
|
|
2 |
2414d |
2414d
|
5/28 |
2388d |
5af44ca53d01
perf: Fix sample_max_stack maximum check
|
INFO: task hung in __blkdev_get
fs
|
C |
|
|
662 |
2412d |
2538d
|
5/28 |
2388d |
1e047eaab3bb
block/loop: fix deadlock after loop_set_status
|
WARNING: kobject bug in netdev_queue_update_kobjects
net
|
C |
|
|
27 |
2390d |
2452d
|
5/28 |
2388d |
3e14c6abbfb5
kobject: don't use WARN for registration failures
|
KASAN: use-after-free Read in llc_conn_ac_send_sabme_cmd_p_set_x
net
|
|
|
|
1 |
2411d |
2410d
|
5/28 |
2388d |
f7e43672683b
llc: hold llc_sap before release_sock()
|
WARNING in strp_done
net
|
C |
|
|
2336 |
2422d |
2471d
|
5/28 |
2388d |
dff8baa26117
kcm: Call strp_stop before strp_done in kcm_attach
|
general protection fault in kernfs_kill_sb
mm
|
C |
|
|
29 |
2389d |
2425d
|
5/28 |
2388d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
general protection fault in tipc_conn_close
tipc
|
C |
|
|
3 |
2466d |
2467d
|
5/28 |
2388d |
96c252bf1c5c
tipc: fix bug on error path in tipc_topsrv_kern_subscr()
|
WARNING: refcount bug in nfs_alloc_client
nfs
|
|
|
|
2 |
2425d |
2426d
|
5/28 |
2388d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
KMSAN: uninit-value in tcp_parse_options
net
|
C |
|
|
38 |
2389d |
2415d
|
5/28 |
2388d |
721230326891
tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
|
KASAN: null-ptr-deref Read in xattr_getsecurity
fs
|
|
|
|
68 |
2404d |
2416d
|
5/28 |
2388d |
1f5781725dcb
commoncap: Handle memory allocation failure.
|
WARNING in snd_pcm_hw_params
sound
|
C |
|
|
56 |
2415d |
2421d
|
5/28 |
2388d |
e1a3a981e320
ALSA: pcm: Remove WARN_ON() at snd_pcm_hw_params() error
|
KMSAN: uninit-value in netlink_sendmsg
net
|
C |
|
|
2493 |
2388d |
2419d
|
5/28 |
2388d |
6091f09c2f79
netlink: fix uninit-value in netlink_sendmsg
|
general protection fault in rds_sendmsg
rds
|
C |
|
|
2 |
2463d |
2463d
|
5/28 |
2388d |
79a5b9727a1c
rds: rds_msg_zcopy should return error of null rm->data.op_mmp_znotifier
|
INFO: rcu detected stall in __snd_pcm_lib_xfer (2)
sound
|
C |
|
|
1064 |
2415d |
2420d
|
5/28 |
2388d |
e15dc99dbb9c
ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation
|
KASAN: stack-out-of-bounds Write in ip6gre_tunnel_locate
net
|
C |
|
|
923 |
2414d |
2421d
|
5/28 |
2388d |
5f42df013b8b
ip6_gre: better validate user provided tunnel names
|
KASAN: null-ptr-deref Read in refcount_inc_not_zero
net
|
C |
|
|
2352 |
2402d |
2404d
|
5/28 |
2388d |
3a04ce7130a7
llc: fix NULL pointer deref for SOCK_ZAPPED
|
WARNING: suspicious RCU usage in crng_reseed
ext4
|
|
|
|
39 |
2389d |
2404d
|
5/28 |
2388d |
6c1e851c4edc
random: fix possible sleeping allocation from irq context
|
KMSAN: uninit-value in sctp_sendmsg
sctp
|
syz |
|
|
27 |
2389d |
2418d
|
5/28 |
2388d |
81e98370293a
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
|
KASAN: use-after-free Read in tipc_nametbl_stop
tipc
|
C |
|
|
12 |
2407d |
2411d
|
5/28 |
2388d |
be47e41d77fb
tipc: fix use-after-free in tipc_nametbl_stop
|
WARNING in tty_set_ldisc
serial
|
syz |
|
|
177 |
2397d |
2572d
|
5/28 |
2388d |
598c2d41ff44
tty: Avoid possible error pointer dereference at tty_ldisc_restore().
|
kernel panic: n_tty: init_tty
serial
|
C |
|
|
141 |
2388d |
2572d
|
5/28 |
2388d |
903f9db10f18
tty: Don't call panic() at tty_ldisc_init()
|
WARNING: lock held when returning to user space!
block
|
C |
|
|
40 |
2405d |
2420d
|
5/28 |
2388d |
bdac616db9bb
loop: fix LOOP_GET_STATUS lock imbalance
|
WARNING in kmem_cache_free
fs
|
|
|
|
1 |
2420d |
2420d
|
5/28 |
2388d |
eea0d3ea7546
crypto: drbg - set freed buffers to NULL
|
KMSAN: uninit-value in pppol2tp_connect
net
|
C |
|
|
13 |
2388d |
2403d
|
5/28 |
2388d |
eb1c28c05894
l2tp: check sockaddr length in pppol2tp_connect()
|
WARNING: kobject bug in device_add
kernel
|
C |
|
|
563 |
2388d |
2428d
|
5/28 |
2388d |
3e14c6abbfb5
kobject: don't use WARN for registration failures
|
INFO: rcu detected stall in bitmap_parselist
cgroups
|
|
|
|
8 |
2396d |
2425d
|
5/28 |
2388d |
8351760ff5b2
lib: fix stall in __bitmap_parselist()
|
inconsistent lock state in fs_reclaim_acquire
kernel
|
C |
|
|
36235 |
2388d |
2399d
|
5/28 |
2388d |
6c1e851c4edc
random: fix possible sleeping allocation from irq context
|
KASAN: use-after-free Read in llc_conn_tmr_common_cb
net
|
|
|
|
1 |
2409d |
2407d
|
5/28 |
2388d |
b905ef9ab901
llc: delete timers synchronously in llc_sk_free()
|
KASAN: use-after-free Read in pppol2tp_connect (3)
net
|
C |
|
|
22 |
2414d |
2432d
|
5/28 |
2388d |
6b9f34239b00
l2tp: fix races in tunnel creation
|
KMSAN: uninit-value in packet_set_ring
net
|
C |
|
|
6 |
2395d |
2411d
|
5/28 |
2388d |
5171b37d9596
net: af_packet: fix race in PACKET_{R|T}X_RING
|
kernel BUG at fs/ext4/extents.c:LINE!
ext4
|
C |
|
|
1 |
2425d |
2425d
|
5/28 |
2388d |
349fa7d6e193
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
|
possible deadlock in perf_event_detach_bpf_prog
bpf
trace
|
|
|
|
1 |
2429d |
2428d
|
5/28 |
2388d |
3a38bb98d9ab
bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog
|
KASAN: stack-out-of-bounds Write in ipip6_tunnel_locate
net
|
C |
|
|
33 |
2414d |
2421d
|
5/28 |
2388d |
b95211e066fc
ipv6: sit: better validate user provided tunnel names
|
general protection fault in __mem_cgroup_free
mm
cgroups
|
C |
|
|
22 |
2415d |
2426d
|
5/28 |
2388d |
4eaf431f6f71
memcg: fix per_node_info cleanup
|
KASAN: stack-out-of-bounds Read in __free_filter
trace
|
C |
|
|
41 |
2406d |
2415d
|
5/28 |
2388d |
0b3dec05dbbc
tracing: Enforce passing in filter=NULL to create_filter()
|
KMSAN: uninit-value in ip_route_output_key_hash_rcu
net
|
|
|
|
179 |
2388d |
2419d
|
5/28 |
2388d |
d0ea2b125005
ipv4: fix uninit-value in ip_route_output_key_hash_rcu()
|
KASAN: use-after-free Read in mac80211_hwsim_del_radio
wireless
|
|
|
|
11 |
2427d |
2456d
|
5/28 |
2388d |
8cfd36a0b53a
mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
|
KMSAN: uninit-value in ip6table_mangle_hook
netfilter
|
C |
|
|
601 |
2388d |
2419d
|
5/28 |
2388d |
b855ff827476
dccp: initialize ireq->ir_mark
|
general protection fault in loopback_pos_update
sound
|
C |
|
|
4 |
2496d |
2494d
|
5/28 |
2388d |
02a5d6925cd3
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
|
general protection fault in tipc_sk_fill_sock_diag
tipc
|
C |
|
|
180 |
2414d |
2432d
|
5/28 |
2388d |
4b2e6877b879
tipc: Fix namespace violation in tipc_sk_fill_sock_diag
e41f0548473e
tipc: use the right skb in tipc_sk_fill_sock_diag()
|
KMSAN: uninit-value in strlcpy
net
|
C |
|
|
2 |
2390d |
2390d
|
5/28 |
2388d |
537b361fbcbc
vti6: better validate user provided tunnel names
|
KASAN: stack-out-of-bounds Write in ip6_tnl_locate
net
|
|
|
|
4 |
2415d |
2416d
|
5/28 |
2388d |
db7a65e3ab78
ip6_tunnel: better validate user provided tunnel names
|
KMSAN: uninit-value in inet6_rtm_delroute
net
|
C |
|
|
9 |
2408d |
2419d
|
5/28 |
2388d |
b1993a2de12c
net: fix rtnh_ok()
|
KMSAN: uninit-value in __skb_try_recv_from_queue
net
|
C |
|
|
108 |
2388d |
2419d
|
5/28 |
2388d |
b13dda9f9aa7
net: initialize skb->peeked when cloning
|
WARNING in __local_bh_enable_ip (2)
rds
|
|
|
|
23 |
2432d |
2443d
|
5/28 |
2388d |
53d0e83f9329
rds: tcp: must use spin_lock_irq* and not spin_lock_bh with rds_tcp_conn_lock
|
KMSAN: uninit-value in fib6_new_table
net
|
C |
|
|
3 |
2404d |
2405d
|
5/28 |
2388d |
aa8f8778493c
ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
|
KASAN: use-after-free Write in dst_release
net
|
C |
|
|
832 |
2414d |
2424d
|
5/28 |
2388d |
bfacfb457b36
pptp: remove a buggy dst release in pptp_connect()
|
KASAN: stack-out-of-bounds Write in __ip_tunnel_create
net
|
C |
|
|
29 |
2415d |
2421d
|
5/28 |
2388d |
9cb726a212a8
ip_tunnel: better validate user provided tunnel names
|
KMSAN: uninit-value in sctp_do_bind
sctp
|
C |
|
|
31 |
2388d |
2418d
|
5/28 |
2388d |
81e98370293a
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
|
WARNING in kill_block_super
fuse
|
C |
|
|
51 |
2410d |
2428d
|
5/28 |
2388d |
8e04944f0ea8
mm,vmscan: Allow preallocating memory for register_shrinker().
|
WARNING: kobject bug in gfs2_sys_fs_add
gfs2
|
C |
|
|
49 |
2399d |
2426d
|
5/28 |
2388d |
3e14c6abbfb5
kobject: don't use WARN for registration failures
|
WARNING: inconsistent lock state
kernel
|
C |
|
|
22 |
2400d |
2404d
|
5/28 |
2388d |
6c1e851c4edc
random: fix possible sleeping allocation from irq context
|
KASAN: use-after-free Read in tipc_sub_unsubscribe (2)
tipc
|
C |
|
|
5 |
2408d |
2415d
|
5/28 |
2388d |
c3317f4db831
tipc: fix unbalanced reference counter
|
WARNING in __debug_object_init
kernel
|
C |
|
|
192 |
2421d |
2432d
|
5/28 |
2388d |
bd03143007eb
alarmtimer: Init nanosleep alarm timer on stack
|
KASAN: use-after-free Read in snd_pcm_timer_resolution
sound
|
C |
|
|
3 |
2428d |
2428d
|
5/28 |
2388d |
a820ccbe21e8
ALSA: pcm: Fix UAF at PCM release via PCM timer access
|
WARNING in format_decode
reiserfs
|
C |
|
|
1 |
2426d |
2426d
|
5/28 |
2388d |
9ad553abe66f
fs/reiserfs/journal.c: add missing resierfs_warning() arg
|
BUG: unable to handle kernel paging request in snd_pcm_format_set_silence
sound
|
syz |
|
|
11 |
2388d |
2415d
|
5/28 |
2388d |
02a5d6925cd3
ALSA: pcm: Avoid potential races between OSS ioctls and read/write
|
possible deadlock in rtnl_lock (5)
net
|
C |
|
|
1009 |
2401d |
2430d
|
5/28 |
2388d |
5c64576a7789
ipvs: fix rtnl_lock lockups caused by start_sync_thread
|
possible deadlock in smc_close_non_accepted
net
s390
|
C |
|
|
4 |
2455d |
2455d
|
5/28 |
2391d |
3d502067599f
net/smc: simplify wait when closing listen socket
|
BUG: unable to handle kernel paging request in compat_copy_entries
bridge
netfilter
|
syz |
|
|
5 |
2454d |
2452d
|
5/28 |
2402d |
b71812168571
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
|
KASAN: slab-out-of-bounds Write in tcp_v6_syn_recv_sock
net
|
C |
|
|
1063 |
2496d |
2514d
|
5/28 |
2402d |
d91c3e17f75f
net/tls: Only attach to sockets in ESTABLISHED state
|
KASAN: use-after-free Read in perf_trace_lock_acquire (2)
kvm
net
virt
|
C |
|
|
188 |
2484d |
2555d
|
5/28 |
2402d |
4cd879515d68
vhost_net: stop device during reset owner
|
possible deadlock in ftrace_profile_set_filter (2)
trace
|
C |
|
|
1007 |
2484d |
2544d
|
5/28 |
2402d |
43fa87f7deed
perf/core: Fix another perf,trace,cpuhp lock inversion
|
possible deadlock in perf_trace_destroy (2)
trace
|
C |
|
|
2006 |
2484d |
2570d
|
5/28 |
2402d |
82d94856fa22
perf/core: Fix lock inversion between perf,trace,cpuhp
|
possible deadlock in __neigh_create
net
|
|
|
|
1 |
2425d |
2425d
|
5/28 |
2416d |
1bfa26ff8c4b
ipv6: fix possible deadlock in rt6_age_examine_exception()
|
WARNING in skb_warn_bad_offload
net
|
C |
|
|
6527 |
2452d |
2576d
|
5/28 |
2417d |
8d74e9f88d65
net: avoid skb_warn_bad_offload on IS_ERR
|
WARNING in binder_send_failed_reply
kernel
|
C |
|
|
206 |
2463d |
2546d
|
5/28 |
2417d |
e46a3b3ba750
ANDROID: binder: remove WARN() for redundant txn error
|
KASAN: use-after-free Read in disk_unblock_events
block
|
C |
|
|
65 |
2472d |
2578d
|
5/28 |
2417d |
897366537fb6
genhd: Fix use after free in __blkdev_get()
|
BUG: unable to handle kernel (2)
net
|
syz |
|
|
1 |
2430d |
2430d
|
5/28 |
2420d |
c769accdf3d8
vlan: Fix vlan insertion for packets without ethernet header
|
WARNING in xt_cluster_mt
netfilter
|
C |
|
|
4 |
2458d |
2458d
|
5/28 |
2420d |
aebfa52a925d
netfilter: drop template ct when conntrack is skipped.
|
KASAN: use-after-free Read in worker_thread (2)
net
|
syz |
|
|
6 |
2560d |
2569d
|
5/28 |
2420d |
581e7226a5d4
kcm: Only allow TCP sockets to be attached to a KCM mux
|
general protection fault in try_to_wake_up
kernel
|
syz |
|
|
1 |
2432d |
2428d
|
5/28 |
2420d |
c769accdf3d8
vlan: Fix vlan insertion for packets without ethernet header
|
kernel BUG at ./include/linux/skbuff.h:LINE! (2)
net
|
C |
|
|
5 |
2457d |
2435d
|
5/28 |
2420d |
10b8a3de603d
ipv6: the entire IPv6 header chain must fit the first fragment
|
general protection fault in rdma_notify
rdma
|
C |
|
|
3 |
2437d |
2434d
|
5/28 |
2420d |
c8d3bcbfc5ea
RDMA/ucma: Check that device exists prior to accessing it
|
general protection fault in native_write_cr4
kvm
|
C |
|
|
132300 |
2423d |
2527d
|
5/28 |
2420d |
8eb3f87d9031
KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
|
BUG: unable to handle kernel paging request in netdev_queue_update_kobjects
net
|
syz |
|
|
1 |
2431d |
2431d
|
5/28 |
2420d |
c769accdf3d8
vlan: Fix vlan insertion for packets without ethernet header
|
possible deadlock in handle_rx
kvm
net
virt
|
C |
|
|
4 |
2432d |
2432d
|
5/28 |
2420d |
aaa3149bbee9
vhost_net: add missing lock nesting notation
|
kernel BUG at drivers/vhost/vhost.c:LINE!
kvm
net
virt
|
C |
|
|
152 |
2420d |
2439d
|
5/28 |
2420d |
d65026c6c62e
vhost: validate log when IOTLB is enabled
|
kernel BUG at lib/string.c:LINE! (3)
rdma
|
C |
|
|
5 |
2429d |
2430d
|
5/28 |
2420d |
84652aefb347
RDMA/ucma: Introduce safer rdma_addr_size() variants
|
BUG: corrupted list in remove_wait_queue
kvm
net
virt
|
C |
|
|
5 |
2433d |
2436d
|
5/28 |
2420d |
dc6455a71c7f
vhost: correctly remove wait queue during poll failure
|
general protection fault in timerqueue_add
kernel
|
C |
|
|
2 |
2430d |
2430d
|
5/28 |
2420d |
c769accdf3d8
vlan: Fix vlan insertion for packets without ethernet header
|
general protection fault in rdma_init_qp_attr (2)
rdma
|
C |
|
|
753 |
2428d |
2434d
|
5/28 |
2420d |
4b658d1bbc16
RDMA/ucma: Check that device is connected prior to access it
|
BUG: unable to handle kernel paging request in __memmove
net
|
|
|
|
1 |
2430d |
2430d
|
5/28 |
2420d |
c769accdf3d8
vlan: Fix vlan insertion for packets without ethernet header
|
general protection fault in qlist_move_cache
cgroups
mm
|
|
|
|
1 |
2431d |
2431d
|
5/28 |
2420d |
c769accdf3d8
vlan: Fix vlan insertion for packets without ethernet header
|
possible deadlock in __ipv6_dev_mc_dec
net
|
|
|
|
1 |
2435d |
2435d
|
5/28 |
2420d |
1bfa26ff8c4b
ipv6: fix possible deadlock in rt6_age_examine_exception()
|
possible deadlock in __might_fault
staging
|
C |
|
|
8978 |
2443d |
2458d
|
4/28 |
2434d |
740a5759bf22
staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
|
kernel panic: Out of memory and no killable processes... (2)
mm
|
C |
|
|
1 |
2488d |
2488d
|
4/28 |
2434d |
0537250fdc6c
netfilter: x_tables: make allocation less aggressive
|
INFO: rcu detected stall in xfrm_confirm_neigh
net
|
|
|
|
7 |
2449d |
2473d
|
4/28 |
2434d |
013cb81e89f8
xfrm: Fix infinite loop in xfrm_get_dst_nexthop with transport mode.
|
general protection fault in dccp_write_xmit
dccp
|
C |
|
|
5 |
2451d |
2487d
|
4/28 |
2434d |
67f93df79aee
dccp: check sk for closed state in dccp_sendmsg()
|
KASAN: slab-out-of-bounds Write in setup_udp_tunnel_sock
net
|
C |
|
|
4 |
2452d |
2452d
|
4/28 |
2434d |
17cfe79a65f9
l2tp: do not accept arbitrary sockets
|
WARNING in ata_bmdma_qc_issue
|
C |
|
|
1 |
2658d |
2577d
|
4/28 |
2434d |
2c1ec6fda2d0
libata: don't try to pass through NCQ commands to non-NCQ devices
|
kernel BUG at lib/string.c:LINE! (2)
rdma
|
syz |
|
|
2 |
2445d |
2445d
|
4/28 |
2434d |
0c81ffc60d52
RDMA/ucma: Don't allow join attempts for unsupported AF family
|
KASAN: use-after-free Read in pppol2tp_connect (2)
net
|
C |
|
|
10 |
2435d |
2450d
|
4/28 |
2434d |
17cfe79a65f9
l2tp: do not accept arbitrary sockets
|
BUG: unable to handle kernel paging request in ata_bmdma_qc_prep
|
C |
|
|
13 |
2569d |
2577d
|
4/28 |
2434d |
058f58e235cb
libata: fix length validation of ATAPI-relayed SCSI commands
|
WARNING in __xlate_proc_name
netfilter
|
C |
|
|
11 |
2453d |
2489d
|
4/28 |
2434d |
b1d0a5d0cba4
netfilter: x_tables: add and use xt_check_proc_name
|
KASAN: use-after-free Read in get_work_pool
|
syz |
|
|
8 |
2560d |
2582d
|
4/28 |
2434d |
2cc683e88c0c
kcm: lock lower socket in kcm_attach
|
WARNING: kmalloc bug in xfrm_add_sa
net
|
C |
|
|
109 |
2434d |
2473d
|
4/28 |
2434d |
d97ca5d714a5
xfrm_user: uncoditionally validate esn replay attribute struct
|
general protection fault in rdma_join_multicast
rdma
|
C |
|
|
258 |
2437d |
2450d
|
4/28 |
2434d |
7688f2c3bbf5
RDMA/ucma: Fix access to non-initialized CM_ID object
|
possible deadlock in shmem_file_llseek
mm
|
C |
|
|
4432 |
2443d |
2506d
|
4/28 |
2434d |
cb57469c9573
staging: android: ashmem: Fix lockdep issue during llseek
|
possible deadlock in get_user_pages_unlocked
mm
|
C |
|
|
5 |
2461d |
2484d
|
4/28 |
2434d |
96312e61282a
mm/gup.c: teach get_user_pages_unlocked to handle FOLL_NOWAIT
|
general protection fault in ucma_connect
rdma
|
C |
|
|
2 |
2441d |
2441d
|
4/28 |
2434d |
e8980d67d601
RDMA/ucma: Ensure that CM_ID exists prior to access it
|
BUG: unable to handle kernel paging request in ebt_among_mt_check (2)
bridge
netfilter
|
C |
|
|
946 |
2434d |
2450d
|
4/28 |
2434d |
c8d70a700a5b
netfilter: bridge: ebt_among: add more missing match size checks
|
WARNING in __proc_create
netfilter
|
C |
|
|
12 |
2455d |
2448d
|
4/28 |
2434d |
b1d0a5d0cba4
netfilter: x_tables: add and use xt_check_proc_name
|
KASAN: use-after-free Read in snd_pcm_oss_get_formats
sound
|
C |
|
|
3 |
2448d |
2448d
|
4/28 |
2434d |
01c0b4265cc1
ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
|
KASAN: use-after-free Read in pfifo_fast_enqueue
net
|
C |
|
|
20 |
2436d |
2500d
|
4/28 |
2434d |
cce6294cc2ea
net: sched: fix uses after free
|
WARNING in ata_qc_issue
|
C |
|
|
35 |
2563d |
2581d
|
4/28 |
2434d |
9173e5e80729
libata: remove WARN() for DMA or PIO command without data
|
KASAN: stack-out-of-bounds Read in xfrm_state_find (4)
net
|
C |
|
|
102 |
2434d |
2485d
|
4/28 |
2434d |
19d7df69fdb2
xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
|
general protection fault in rdma_init_qp_attr
rdma
|
C |
|
|
2096 |
2434d |
2450d
|
4/28 |
2434d |
a5880b844303
RDMA/ucma: Check that user doesn't overflow QP state
|
general protection fault in lowpan_device_event
wpan
|
C |
|
|
79 |
2435d |
2452d
|
4/28 |
2434d |
ca0edb131bdf
ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
|
WARNING: kmalloc bug in memdup_user
rdma
|
C |
|
|
441 |
2434d |
2450d
|
4/28 |
2434d |
6a21dfc0d0db
RDMA/ucma: Limit possible option size
|
KASAN: use-after-free Read in ucma_close
rdma
|
C |
|
|
176 |
2437d |
2450d
|
4/28 |
2434d |
ed65a4dc2208
RDMA/ucma: Fix use-after-free access in ucma_close
|
KASAN: null-ptr-deref Write in rdma_resolve_addr
rdma
|
C |
|
|
66 |
2437d |
2448d
|
4/28 |
2434d |
2975d5de6428
RDMA/ucma: Check AF family prior resolving address
|
KASAN: slab-out-of-bounds Read in ip6_xmit (2)
net
|
C |
|
|
259 |
2437d |
2450d
|
4/28 |
2434d |
b954f94023dc
l2tp: fix races with ipv4-mapped ipv6 addresses
|
WARNING in kmalloc_slab (4)
net
|
|
|
|
1 |
2446d |
2444d
|
4/28 |
2434d |
d97ca5d714a5
xfrm_user: uncoditionally validate esn replay attribute struct
|
WARNING in kvm_arch_vcpu_ioctl_run (2)
kvm
|
C |
|
|
61018 |
2487d |
2576d
|
4/28 |
2444d |
c37c28730bb0
KVM: VMX: Fix rflags cache during vCPU reset
|
KASAN: use-after-free Read in strp_data_ready
net
|
C |
|
|
204 |
2492d |
2584d
|
4/28 |
2445d |
581e7226a5d4
kcm: Only allow TCP sockets to be attached to a KCM mux
|
WARNING in tracepoint_probe_register_prio
block
trace
|
C |
|
|
830 |
2446d |
2581d
|
4/28 |
2445d |
a6da0024ffc1
blktrace: fix unlocked registration of tracepoints
|
WARNING in tracepoint_probe_unregister
block
trace
|
C |
|
|
115 |
2446d |
2572d
|
4/28 |
2445d |
a6da0024ffc1
blktrace: fix unlocked registration of tracepoints
|
kernel BUG at arch/x86/kvm/x86.c:LINE!
|
syz |
|
|
20 |
2549d |
2581d
|
4/28 |
2445d |
61cb57c9ed63
KVM: x86: Exit to user-mode on #UD intercept when emulator requires
|
WARNING in refcount_sub_and_test
sctp
|
C |
|
|
75150 |
2483d |
2584d
|
4/28 |
2445d |
d04adf1b3551
sctp: reset owner sk for data chunks on out queues when migrating a sock
|
KASAN: use-after-free Read in pppol2tp_connect
net
|
C |
|
|
25 |
2451d |
2501d
|
4/28 |
2451d |
28f5bfb81919
l2tp: fix tunnel lookup use-after-free race
|
KASAN: slab-out-of-bounds Read in ip6_xmit
net
|
C |
|
|
156 |
2452d |
2503d
|
4/28 |
2451d |
c113187d38ff
tls: Use correct sk->sk_prot for IPV6
|
general protection fault in hrtimer_active (2)
kernel
|
C |
|
|
10612 |
2454d |
2458d
|
4/28 |
2451d |
b7e31be38558
KVM: x86: fix vcpu initialization with userspace lapic
|
KASAN: use-after-free Read in inet_shutdown
net
|
C |
|
|
22 |
2453d |
2500d
|
4/28 |
2451d |
28f5bfb81919
l2tp: fix tunnel lookup use-after-free race
|
KASAN: use-after-free Write in nf_nat_ipv6_manip_pkt
netfilter
|
C |
|
|
2 |
2467d |
2467d
|
4/28 |
2451d |
b078556aecd7
netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
|
general protection fault in smc_create
net
s390
|
C |
|
|
2 |
2459d |
2459d
|
4/28 |
2451d |
a5dcb73b96a9
net/smc: fix NULL pointer dereference on sock_create_kern() error path
|
BUG: unable to handle kernel paging request in ebt_among_mt_check
bridge
netfilter
|
C |
|
|
823 |
2451d |
2467d
|
4/28 |
2451d |
c4585a2823ed
netfilter: bridge: ebt_among: add missing match size checks
|
WARNING in __x86_set_memory_region
kvm
|
C |
|
|
716 |
2459d |
2577d
|
4/28 |
2451d |
103c763c72dd
KVM/x86: remove WARN_ON() for when vm_munmap() fails
|
WARNING in debug_print_object
net
|
C |
|
|
2 |
2484d |
2484d
|
4/28 |
2451d |
28f5bfb81919
l2tp: fix tunnel lookup use-after-free race
|
kernel BUG at arch/x86/kvm/mmu.c:LINE!
kvm
|
C |
|
|
695 |
2459d |
2576d
|
4/28 |
2451d |
b28676bb8ae4
KVM: mmu: Fix overlap between public and private memslots
|
WARNING in handle_ept_misconfig
kvm
|
C |
|
|
238 |
2459d |
2582d
|
4/28 |
2451d |
95e057e25892
KVM: X86: Fix SMRAM accessing even if VM is shutdown
|
KASAN: use-after-free Read in ip6_route_me_harder
netfilter
|
C |
|
|
44 |
2452d |
2460d
|
4/28 |
2451d |
7d98386d55a5
netfilter: use skb_to_full_sk in ip6_route_me_harder
|
general protection fault in pppol2tp_connect
net
|
C |
|
|
1025 |
2451d |
2501d
|
4/28 |
2451d |
28f5bfb81919
l2tp: fix tunnel lookup use-after-free race
|
KASAN: slab-out-of-bounds Read in ip6_route_me_harder
netfilter
|
C |
|
|
66 |
2452d |
2460d
|
4/28 |
2451d |
7d98386d55a5
netfilter: use skb_to_full_sk in ip6_route_me_harder
|
WARNING in compat_copy_entries
bridge
netfilter
|
C |
|
|
434 |
2451d |
2467d
|
4/28 |
2451d |
b71812168571
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
|
WARNING in __queue_work
netfilter
|
C |
|
|
1 |
2469d |
2469d
|
4/28 |
2459d |
cfc2c7405333
netfilter: IDLETIMER: be syzkaller friendly
|
possible deadlock in xt_find_table_lock (2)
netfilter
|
|
|
|
4 |
2477d |
2475d
|
4/28 |
2459d |
01ea306f2ac2
netfilter: drop outermost socket lock in getsockopt()
|
WARNING: ODEBUG bug in __queue_work
netfilter
|
C |
|
|
2 |
2469d |
2465d
|
4/28 |
2459d |
cfc2c7405333
netfilter: IDLETIMER: be syzkaller friendly
|
possible deadlock in rtnl_lock (4)
net
|
C |
|
|
73333 |
2461d |
2478d
|
4/28 |
2459d |
01ea306f2ac2
netfilter: drop outermost socket lock in getsockopt()
|
WARNING in kvmalloc_node
bpf
net
|
C |
|
|
513 |
2466d |
2472d
|
4/28 |
2459d |
7fc17e909edf
bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
|
WARNING: kmalloc bug in relay_open_buf
block
trace
|
C |
|
|
10 |
2463d |
2479d
|
4/28 |
2459d |
88913bd8ea2a
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
|
general protection fault in ip6t_do_table
netfilter
|
C |
|
|
8077 |
2462d |
2489d
|
4/28 |
2459d |
57ebd808a97d
netfilter: add back stackpointer size checks
|
kernel BUG at kernel/time/timer.c:LINE!
netfilter
|
C |
|
|
18 |
2461d |
2473d
|
4/28 |
2459d |
10414014bc08
netfilter: x_tables: fix missing timer initialization in xt_LED
|
WARNING: kmalloc bug in bpf_prog_array_copy_info
bpf
|
C |
|
|
4424 |
2459d |
2472d
|
4/28 |
2459d |
9c481b908b01
bpf: fix bpf_prog_array_copy_to_user warning from perf event prog query
|
general protection fault in SyS_bpf (2)
bpf
|
C |
|
|
1065 |
2459d |
2473d
|
4/28 |
2459d |
952fad8e3239
bpf: fix sock_map_alloc() error path
|
divide error in nf_nat_l4proto_unique_tuple
netfilter
|
C |
|
|
2 |
2473d |
2473d
|
4/28 |
2459d |
db57ccf0f2f4
netfilter: nat: cope with negative port range
|
WARNING: bad unlock balance in hashlimit_mt_common
netfilter
|
C |
|
|
2059 |
2461d |
2474d
|
4/28 |
2459d |
de526f401284
netfilter: xt_hashlimit: fix lock imbalance
|
possible deadlock in do_ipv6_setsockopt (2)
netfilter
|
|
|
|
3642 |
2461d |
2476d
|
4/28 |
2459d |
01ea306f2ac2
netfilter: drop outermost socket lock in getsockopt()
|
general protection fault in arpt_do_table
netfilter
|
C |
|
|
3 |
2464d |
2464d
|
4/28 |
2459d |
57ebd808a97d
netfilter: add back stackpointer size checks
|
possible deadlock in do_ip_getsockopt (2)
netfilter
|
|
|
|
206 |
2461d |
2476d
|
4/28 |
2459d |
01ea306f2ac2
netfilter: drop outermost socket lock in getsockopt()
|
KASAN: use-after-free Read in remove_wait_queue
fs
|
C |
|
|
7 |
2463d |
2473d
|
4/28 |
2459d |
5eeb2ca02a2f
ANDROID: binder: synchronize_rcu() when using POLLFREE.
|
WARNING in check_flush_dependency
wireless
|
C |
|
|
2205 |
2461d |
2493d
|
4/28 |
2459d |
ce162bfbc0b6
mac80211_hwsim: don't use WQ_MEM_RECLAIM
|
general protection fault in binder_poll
kernel
|
C |
|
|
159 |
2463d |
2546d
|
4/28 |
2459d |
f88982679f54
binder: check for binder_thread allocation failure in binder_poll()
|
BUG: unable to handle kernel NULL pointer dereference in sha512_mb_mgr_get_comp_job_avx2
crypto
|
syz |
|
|
32 |
2490d |
2544d
|
4/28 |
2459d |
eff84b379089
crypto: sha512-mb - initialize pending lengths correctly
|
WARNING: proc registration bug in clusterip_tg_check
netfilter
|
C |
|
|
779 |
2461d |
2479d
|
4/28 |
2459d |
b3e456fce9f5
netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation
|
lost connection to test machine (4)
|
C |
|
|
1189 |
2459d |
2473d
|
4/28 |
2459d |
9c2d63b843a5
bpf: fix mlock precharge on arraymaps
|
WARNING: kmalloc bug in cpu_map_update_elem
bpf
net
|
C |
|
|
2677 |
2459d |
2471d
|
4/28 |
2459d |
7fc17e909edf
bpf: cpumap: use GFP_KERNEL instead of GFP_ATOMIC in __cpu_map_entry_alloc()
|
possible deadlock in do_ip_setsockopt (3)
netfilter
|
|
|
|
3731 |
2461d |
2478d
|
4/28 |
2459d |
01ea306f2ac2
netfilter: drop outermost socket lock in getsockopt()
|
WARNING in kmalloc_slab (3)
net
|
C |
|
|
1901 |
2460d |
2544d
|
4/28 |
2459d |
88913bd8ea2a
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
|
WARNING: ODEBUG bug in led_tg_destroy
netfilter
|
C |
|
|
4 |
2465d |
2473d
|
4/28 |
2459d |
10414014bc08
netfilter: x_tables: fix missing timer initialization in xt_LED
|
KASAN: use-after-free Read in rds_find_bound
rds
|
|
|
|
1 |
2521d |
2517d
|
4/28 |
2471d |
ebeeb1ad9b8a
rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management
|
possible deadlock in lru_add_drain_all
mm
|
|
|
|
1300 |
2532d |
2581d
|
4/28 |
2471d |
9852a7212324
mm: drop hotplug lock from lru_add_drain_all()
|
KASAN: use-after-free Read in __do_page_fault
mm
|
syz |
|
|
679 |
2567d |
2578d
|
4/28 |
2471d |
cb0631fd3cf9
x86/mm: fix use-after-free of vma during userfaultfd fault
|
INFO: rcu detected stall in tty_ioctl
serial
|
C |
|
|
12 |
2515d |
2527d
|
4/28 |
2471d |
966031f34018
n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
|
KASAN: use-after-free Read in rds_tcp_tune
rds
|
|
|
|
12 |
2495d |
2505d
|
4/28 |
2471d |
ebeeb1ad9b8a
rds: tcp: use rds_destroy_pending() to synchronize netns/module teardown and rds connection/workq management
|
INFO: rcu detected stall in memcpy
sound
|
|
|
|
12 |
2508d |
2512d
|
4/28 |
2471d |
29159a4ed704
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
|
INFO: rcu detected stall in n_tty_ioctl
serial
|
|
|
|
24 |
2514d |
2527d
|
4/28 |
2471d |
966031f34018
n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
|
KASAN: slab-out-of-bounds Read in string
kernel
|
C |
|
|
129 |
2482d |
2492d
|
4/28 |
2471d |
da17c73b6eb7
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
|
possible deadlock in flush_work (2)
net
nfs
|
|
|
|
3 |
2570d |
2572d
|
4/28 |
2471d |
528fd3547bad
SUNRPC: Destroy transport from the system workqueue
|
KASAN: use-after-free Read in rds_tcp_dev_event
rds
|
|
|
|
1 |
2576d |
2570d
|
4/28 |
2471d |
681648e67d43
rds: tcp: correctly sequence cleanup on netns deletion.
|
KASAN: use-after-free Read in __schedule
kvm
|
C |
|
|
145 |
2526d |
2527d
|
4/28 |
2471d |
8dbfb2bf1bb3
KVM: x86: don't forget vcpu_put() in kvm_arch_vcpu_ioctl_set_sregs()
|
KASAN: use-after-free Read in sock_release
net
|
|
|
|
1 |
2553d |
2548d
|
4/28 |
2471d |
a5739435b5a3
fix kcm_clone()
|
KASAN: stack-out-of-bounds Read in csum_and_copy_from_iter_full
net
|
|
|
|
1 |
2551d |
2546d
|
4/28 |
2471d |
8f659a03a0ba
net: ipv4: fix for a race condition in raw_sendmsg
|
KASAN: stack-out-of-bounds Read in xfrm_selector_match
net
|
|
|
|
368 |
2505d |
2512d
|
4/28 |
2473d |
732706afe1cc
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
|
KASAN: use-after-free Read in __fput
fs
|
|
|
|
23 |
2541d |
2575d
|
4/28 |
2473d |
a5739435b5a3
fix kcm_clone()
|
KASAN: stack-out-of-bounds Read in memcmp
net
|
|
|
|
1 |
2514d |
2511d
|
4/28 |
2473d |
732706afe1cc
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
|
WARNING in drm_modeset_lock_all
dri
|
|
|
|
35 |
2575d |
2581d
|
4/28 |
2473d |
d18d1a5ac811
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
|
WARNING in do_debug
kernel
|
C |
|
|
905 |
2478d |
2577d
|
4/28 |
2473d |
efdab992813f
KVM: x86: fix escape of guest dr6 to the host
|
WARNING in usercopy_warn
hardening
mm
|
C |
|
|
171 |
2479d |
2497d
|
4/28 |
2473d |
79a8a642bf05
net: Whitelist the skbuff_head_cache "cb" field
|
KASAN: double-free or invalid-free in relay_open
block
trace
|
C |
|
|
106 |
2479d |
2577d
|
4/28 |
2473d |
a1be1f3931bf
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
|
WARNING: suspicious RCU usage in bpf_prog_array_copy_info
perf
|
C |
|
|
17842 |
2473d |
2479d
|
4/28 |
2473d |
0911287ce32b
bpf: fix bpf_prog_array_copy_to_user() issues
|
KASAN: use-after-free Write in xt_rateest_tg_checkentry
netfilter
|
C |
|
|
2 |
2486d |
2487d
|
4/28 |
2473d |
7dc68e98757a
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
|
general protection fault in ___bpf_prog_run
bpf
|
C |
|
|
8 |
2479d |
2486d
|
4/28 |
2473d |
65073a67331d
bpf: fix null pointer deref in bpf_prog_test_run_xdp
|
general protection fault in cgroup_mt_destroy_v1
netfilter
|
C |
|
|
91 |
2476d |
2488d
|
4/28 |
2473d |
ba7cd5d95f25
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
|
WARNING: kmalloc bug in tun_device_event
net
|
C |
|
|
15 |
2477d |
2479d
|
4/28 |
2473d |
6e6e41c31122
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
0bf7800f1799
ptr_ring: try vmalloc() when kmalloc() fails
|
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (4)
perf
|
C |
|
|
7264 |
2479d |
2483d
|
4/28 |
2473d |
0911287ce32b
bpf: fix bpf_prog_array_copy_to_user() issues
|
possible deadlock in rtnl_lock (3)
net
|
C |
|
|
3633 |
2478d |
2479d
|
4/28 |
2478d |
3f34cfae1238
netfilter: on sockopt() acquire sock lock only in the required scope
|
possible deadlock in do_ip_setsockopt (2)
netfilter
|
|
|
|
59 |
2478d |
2481d
|
4/28 |
2478d |
3f34cfae1238
netfilter: on sockopt() acquire sock lock only in the required scope
|
WARNING: bad unlock balance in ipmr_mfc_seq_stop
net
|
C |
|
|
286 |
2485d |
2531d
|
4/28 |
2479d |
4adfa79fc254
ip6mr: fix stale iterator
|
WARNING in __alloc_pages_slowpath
mm
|
C |
|
|
9435 |
2484d |
2512d
|
4/28 |
2481d |
0c75f10312a3
staging: android: ion: Add __GFP_NOWARN for system contig heap
|
possible deadlock in xt_find_target
netfilter
|
|
|
|
34 |
2482d |
2489d
|
4/28 |
2481d |
3f34cfae1238
netfilter: on sockopt() acquire sock lock only in the required scope
|
KASAN: use-after-free Read in __lock_acquire (2)
fs
|
C |
|
|
589 |
2484d |
2559d
|
4/28 |
2481d |
f5cb779ba163
ANDROID: binder: remove waitqueue when thread exits.
|
WARNING in __check_heap_object
hardening
mm
|
C |
|
|
5173 |
2498d |
2570d
|
4/28 |
2481d |
ab9ee8e38b29
sctp: Define usercopy region in SCTP proto slab cache
|
WARNING in register_lock_class
fs
|
C |
|
|
2 |
2528d |
2524d
|
4/28 |
2481d |
f5cb779ba163
ANDROID: binder: remove waitqueue when thread exits.
|
WARNING in sysfs_warn_dup
fs
|
|
|
|
11 |
2486d |
2529d
|
4/28 |
2481d |
5d54f948aaac
sysfs: turn WARN() into pr_warn()
|
WARNING in reuseport_add_sock
net
|
C |
|
|
7 |
2494d |
2504d
|
4/28 |
2481d |
4db428a7c9ab
soreuseport: fix mem leak in reuseport_add_sock()
|
possible deadlock in do_ip_getsockopt
netfilter
|
|
|
|
22 |
2483d |
2488d
|
4/28 |
2481d |
3f34cfae1238
netfilter: on sockopt() acquire sock lock only in the required scope
|
lost connection to test machine (3)
|
C |
|
|
4251 |
2481d |
2520d
|
4/28 |
2481d |
889c604fd0b5
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
|
suspicious RCU usage at ./include/linux/inetdevice.h:LINE (2)
net
|
C |
|
|
4 |
2484d |
2484d
|
4/28 |
2481d |
e7aadb27a541
net: igmp: add a missing rcu locking section
|
possible deadlock in rtnl_lock (2)
net
|
C |
|
|
10369 |
2481d |
2484d
|
4/28 |
2481d |
3f34cfae1238
netfilter: on sockopt() acquire sock lock only in the required scope
|
WARNING in ion_ioctl
staging
|
C |
|
|
8888 |
2484d |
2512d
|
4/28 |
2481d |
e4e179a844f5
staging: android: ion: Switch from WARN to pr_warn
|
INFO: task hung in bpf_exit_net
net
|
|
|
|
1 |
2542d |
2528d
|
4/28 |
2481d |
b6c5734db070
sctp: fix the handling of ICMP Frag Needed for too small MTUs
|
KASAN: use-after-free Read in fib6_remove_prefsrc
net
|
|
|
|
4 |
2502d |
2504d
|
4/28 |
2481d |
591ff9ea51ce
ipv6: don't let tb6_root node share routes with other node
|
KASAN: use-after-free Read in fib6_lookup_1
net
|
|
|
|
11 |
2501d |
2504d
|
4/28 |
2481d |
591ff9ea51ce
ipv6: don't let tb6_root node share routes with other node
|
KASAN: use-after-free Read in fib6_age
net
|
|
|
|
3 |
2502d |
2504d
|
4/28 |
2481d |
591ff9ea51ce
ipv6: don't let tb6_root node share routes with other node
|
KASAN: use-after-free Read in mon_bin_vma_fault
usb
|
|
|
|
7 |
2508d |
2519d
|
4/28 |
2481d |
46eb14a6e158
USB: fix usbmon BUG trigger
|
KASAN: use-after-free Read in __list_add_valid (3)
kvm
net
virt
|
|
|
|
16 |
2485d |
2491d
|
4/28 |
2481d |
4cd879515d68
vhost_net: stop device during reset owner
|
INFO: trying to register non-static key in pfifo_fast_reset
net
|
C |
|
|
4 |
2528d |
2530d
|
4/28 |
2481d |
1df94c3c5dad
net_sched: properly check for empty skb array on error path
|
suspicious RCU usage at net/ipv6/ip6_fib.c:LINE
net
|
C |
|
|
56 |
2491d |
2514d
|
4/28 |
2484d |
4512c43eac7e
ipv6: remove null_entry before adding default route
|
WARNING in task_participate_group_stop
|
C |
|
|
29 |
2563d |
2578d
|
4/28 |
2484d |
426915796cca
kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
|
BUG: Bad page state (3)
usb
|
C |
|
|
3 |
2509d |
2515d
|
4/28 |
2484d |
46eb14a6e158
USB: fix usbmon BUG trigger
|
general protection fault in trie_get_next_key
bpf
|
C |
|
|
3 |
2490d |
2491d
|
4/28 |
2484d |
6dd1ec6c7a2c
bpf: fix kernel page fault in lpm map trie_get_next_key
|
WARNING in usb_submit_urb
usb
|
C |
|
|
2 |
2578d |
2570d
|
4/28 |
2484d |
446f666da9f0
USB: usbfs: Filter flags passed in from user space
|
KASAN: use-after-free Read in tipc_group_size
tipc
|
C |
|
|
8 |
2501d |
2508d
|
4/28 |
2484d |
60c253069632
tipc: fix race between poll() and setsockopt()
|
general protection fault in page_mapping
fs
mm
|
C |
|
|
46 |
2507d |
2535d
|
4/28 |
2484d |
7d11f77f84b2
RDS: null pointer dereference in rds_atomic_free_op
|
general protection fault in __netlink_ns_capable
net
|
C |
|
|
74 |
2507d |
2514d
|
4/28 |
2484d |
f428fe4a04cc
rtnetlink: give a user socket to get_target_net()
|
BUG: unable to handle kernel NULL pointer dereference in page_mapping
fs
mm
|
C |
|
|
4 |
2528d |
2530d
|
4/28 |
2484d |
7d11f77f84b2
RDS: null pointer dereference in rds_atomic_free_op
|
KASAN: double-free or invalid-free in skb_free_head
net
virt
|
C |
|
|
13 |
2523d |
2530d
|
4/28 |
2484d |
d76c68109f37
crypto: pcrypt - fix freeing pcrypt instances
|
WARNING in vhost_dev_cleanup
net
virt
kvm
|
C |
|
|
4 |
2486d |
2492d
|
4/28 |
2484d |
4cd879515d68
vhost_net: stop device during reset owner
|
suspicious RCU usage at ./include/linux/inetdevice.h:LINE
net
|
|
|
|
28 |
2567d |
2575d
|
4/28 |
2484d |
25dd169aea65
fib: fib_dump_info can no longer use __in_dev_get_rtnl
|
general protection fault in fib6_add (2)
net
|
C |
|
|
3143 |
2507d |
2514d
|
4/28 |
2484d |
7bbfe00e0252
ipv6: fix general protection fault in fib6_add()
|
general protection fault in sidtab_search_core
selinux
|
syz |
|
|
1306 |
2540d |
2546d
|
4/28 |
2484d |
4b14752ec4e0
selinux: skip bounded transition processing if the policy isn't loaded
|
kernel BUG at fs/userfaultfd.c:LINE!
fs
|
C |
|
|
3 |
2528d |
2525d
|
4/28 |
2484d |
0cbb4b4f4c44
userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
|
general protection fault in show_timer
fs
|
C |
|
|
10 |
2529d |
2548d
|
4/28 |
2484d |
cef31d9af908
posix-timer: Properly check sigevent->sigev_notify
|
BUG: looking up invalid subclass: 8
sound
|
C |
|
|
5 |
2571d |
2571d
|
4/28 |
2484d |
3510c7aa069a
ALSA: seq: Avoid invalid lockdep class warning
|
KASAN: use-after-free Read in sctp_association_free
sctp
|
C |
|
|
20 |
2561d |
2576d
|
4/28 |
2484d |
ca3af4dd28cf
sctp: do not free asoc when it is already dead in sctp_sendmsg
|
inconsistent lock state in est_fetch_counters
net
|
C |
|
|
5829 |
2485d |
2489d
|
4/28 |
2484d |
40ca54e3a686
net_sched: gen_estimator: fix lockdep splat
|
general protection fault in tun_queue_purge
net
|
C |
|
|
4 |
2490d |
2492d
|
4/28 |
2484d |
9fb582b67072
Revert "net: ptr_ring: otherwise safe empty checks can overrun array bounds"
|
kernel BUG at drivers/android/binder_alloc.c:LINE!
kernel
|
C |
|
|
856 |
2542d |
2546d
|
4/28 |
2484d |
fb2c445277e7
ANDROID: binder: fix transaction leak.
|
KASAN: stack-out-of-bounds Read in rds_sendmsg
rds
|
C |
|
|
120 |
2514d |
2538d
|
4/28 |
2484d |
14e138a86f63
RDS: Check cmsg_len before dereferencing CMSG_DATA
|
BUG: unable to handle kernel paging request in devpts_mntget
fs
|
C |
|
|
21 |
2497d |
2574d
|
4/28 |
2484d |
c9cc8d01fb04
devpts: fix error handling in devpts_mntget()
|
KASAN: slab-out-of-bounds Write in sha3_update (2)
crypto
|
C |
|
|
49 |
2486d |
2525d
|
4/28 |
2484d |
9fa68f620041
crypto: hash - prevent using keyed hashes without setting key
|
KASAN: slab-out-of-bounds Read in sctp_send_reset_streams
sctp
|
C |
|
|
73 |
2527d |
2538d
|
4/28 |
2484d |
2342b8d95bca
sctp: make sure stream nums can match optlen in sctp_setsockopt_reset_streams
|
general protection fault in nfs_idmap_legacy_upcall
nfs
|
C |
|
|
4 |
2498d |
2497d
|
4/28 |
2484d |
49686cbbb3eb
NFS: reject request for id_legacy key without auxdata
|
KASAN: use-after-free Read in __bpf_prog_put
bpf
|
|
|
|
1 |
2505d |
2505d
|
4/28 |
2484d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
KASAN: slab-out-of-bounds Read in xfrm_hash_rebuild
net
|
C |
|
|
18 |
2502d |
2570d
|
4/28 |
2484d |
862591bf4f51
xfrm: skip policies marked as dead while rehashing
|
BUG: sleeping function called from invalid context at net/core/sock.c:LINE (2)
crypto
|
|
|
|
185 |
2549d |
2546d
|
4/28 |
2484d |
7d2c3f54e6f6
crypto: af_alg - remove locking in async callback
|
BUG: unable to handle kernel paging request in check_memory_region
bpf
|
C |
|
|
10 |
2501d |
2504d
|
4/28 |
2484d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
WARNING: kernel stack regs has bad 'bp' value (2)
|
C |
|
|
16238 |
2485d |
2549d
|
4/28 |
2484d |
d8c7fe9f2a48
crypto: x86/twofish-3way - Fix %rbp usage
|
KASAN: use-after-free Read in __wake_up_common
fs
|
C |
|
|
888 |
2485d |
2494d
|
4/28 |
2484d |
4cd879515d68
vhost_net: stop device during reset owner
|
KASAN: slab-out-of-bounds Read in strcmp
selinux
|
C |
|
|
150 |
2540d |
2550d
|
4/28 |
2484d |
ef28df55ac27
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
|
KASAN: use-after-free Read in map_lookup_elem
bpf
|
C |
|
|
6 |
2500d |
2504d
|
4/28 |
2484d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
KASAN: use-after-free Read in __xfrm_state_lookup
net
|
C |
|
|
7 |
2577d |
2576d
|
4/28 |
2484d |
cb79a180f2e7
xfrm: defer daddr pointer assignment after spi parsing
|
KASAN: slab-out-of-bounds Read in erspan_build_header
net
|
C |
|
|
30 |
2485d |
2493d
|
4/28 |
2485d |
b423d13c08a6
net: erspan: fix use-after-free
|
KASAN: use-after-free Read in rb_first_postorder
tipc
|
C |
|
|
17267 |
2498d |
2507d
|
4/28 |
2485d |
febafc8455fd
tipc: fix a potental access after delete in tipc_sk_join()
|
KASAN: use-after-free Read in tipc_group_is_open
tipc
|
C |
|
|
1 |
2501d |
2501d
|
4/28 |
2485d |
60c253069632
tipc: fix race between poll() and setsockopt()
|
possible deadlock in rtnl_lock
net
|
C |
|
|
15711 |
2485d |
2541d
|
4/28 |
2485d |
124da8f6118b
tuntap: fix possible deadlock when fail to register netdev
|
KASAN: use-after-free Read in erspan_build_header
net
|
C |
|
|
60 |
2485d |
2494d
|
4/28 |
2485d |
b423d13c08a6
net: erspan: fix use-after-free
|
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (3)
bpf
|
C |
|
|
5087 |
2485d |
2494d
|
4/28 |
2485d |
2310035fa03f
bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
|
KASAN: use-after-free Read in erspan_xmit
net
|
C |
|
|
68 |
2491d |
2494d
|
4/28 |
2485d |
b423d13c08a6
net: erspan: fix use-after-free
|
general protection fault in free_verifier_state (2)
bpf
|
C |
|
|
2 |
2509d |
2508d
|
4/28 |
2485d |
5896351ea936
bpf: fix verifier GPF in kmalloc failure path
|
general protection fault in copy_verifier_state
bpf
|
C |
|
|
2 |
2518d |
2514d
|
4/28 |
2485d |
5896351ea936
bpf: fix verifier GPF in kmalloc failure path
|
general protection fault in get_info
netfilter
|
C |
|
|
760 |
2501d |
2504d
|
4/28 |
2485d |
e3eeacbac4ad
netfilter: x_tables: don't return garbage pointer on modprobe failure
|
BUG: sleeping function called from invalid context at mm/slab.h:LINE (2)
bpf
|
|
|
|
2 |
2493d |
2493d
|
4/28 |
2485d |
2310035fa03f
bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
|
KASAN: slab-out-of-bounds Read in erspan_xmit
net
|
C |
|
|
51 |
2491d |
2494d
|
4/28 |
2485d |
b423d13c08a6
net: erspan: fix use-after-free
|
suspicious RCU usage at net/netfilter/ipset/ip_set_core.c:LINE
netfilter
|
C |
|
|
38048 |
2506d |
2511d
|
4/28 |
2485d |
f998b6b10144
netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
|
WARNING in xdp_rxq_info_unreg
bpf
net
|
C |
|
|
198 |
2494d |
2494d
|
4/28 |
2485d |
c13da21cdb80
tun: avoid calling xdp_rxq_info_unreg() twice
|
suspicious RCU usage at mm/slab.h:LINE
bpf
|
|
|
|
1 |
2494d |
2493d
|
4/28 |
2485d |
2310035fa03f
bpf: fix incorrect kmalloc usage in lpm_trie MAP_GET_NEXT_KEY rcu region
|
general protection fault in sctp_stream_free
sctp
|
|
|
|
17 |
2532d |
2572d
|
4/28 |
2486d |
79d0895140e9
sctp: fix error path in sctp_stream_init
|
general protection fault in __list_del_entry_valid (2)
tipc
|
C |
|
|
21 |
2500d |
2556d
|
4/28 |
2486d |
9ee332d99e4d
sget(): handle failures of register_shrinker()
|
WARNING in xfrm_state_fini
net
|
C |
|
|
2231 |
2501d |
2556d
|
4/28 |
2486d |
6a53b7593233
xfrm: check id proto in validate_tmpl()
|
KASAN: stack-out-of-bounds Read in xfrm_state_find (3)
net
|
C |
|
|
10353 |
2490d |
2557d
|
4/28 |
2486d |
732706afe1cc
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
|
general protection fault in __rds_rdma_map
rds
|
C |
|
|
12 |
2538d |
2550d
|
4/28 |
2486d |
f3069c6d33f6
rds: Fix NULL pointer dereference in __rds_rdma_map
|
BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free
sctp
|
|
|
|
2 |
2529d |
2527d
|
4/28 |
2486d |
79d0895140e9
sctp: fix error path in sctp_stream_init
|
WARNING in fpu__copy
kernel
|
|
|
|
8 |
2527d |
2527d
|
4/28 |
2486d |
5663d8f9bbe4
kvm: x86: fix WARN due to uninitialized guest FPU state
|
kernel BUG at net/core/skbuff.c:LINE! (2)
net
|
C |
|
|
562 |
2489d |
2578d
|
4/28 |
2488d |
02612bb05e51
pppoe: take ->needed_headroom of lower device into account on xmit
|
KASAN: slab-out-of-bounds Read in __dev_queue_xmit
net
|
C |
|
|
6 |
2509d |
2498d
|
4/28 |
2488d |
7c68d1a6b4db
net: qdisc_pkt_len_init() should be more robust
|
possible deadlock in vhost_chr_write_iter
kvm
net
virt
|
C |
|
|
25952 |
2491d |
2494d
|
4/28 |
2488d |
e9cb4239134c
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
|
KASAN: use-after-free Read in psock_write_space
net
|
C |
|
|
6 |
2496d |
2508d
|
4/28 |
2488d |
581e7226a5d4
kcm: Only allow TCP sockets to be attached to a KCM mux
|
kernel BUG at net/l2tp/l2tp_ppp.c:LINE!
net
|
C |
|
|
22 |
2492d |
2513d
|
4/28 |
2488d |
e5571240236c
kcm: Check if sk_user_data already set in kcm_attach
|
general protection fault in skb_segment
sctp
|
C |
|
|
7 |
2508d |
2518d
|
4/28 |
2488d |
121d57af308d
gso: validate gso_type in GSO handlers
|
general protection fault in __lock_acquire (2)
tipc
|
C |
|
|
15 |
2490d |
2575d
|
4/28 |
2489d |
672ecbe1c977
tipc: fix a null pointer deref on error path
|
general protection fault in proc_flush_task
fs
|
syz |
|
|
2 |
2531d |
2548d
|
4/28 |
2489d |
c0ee554906c3
pid: Handle failure to allocate the first pid in a pid namespace
|
general protection fault in lockdep_invariant_state (2)
kernel
|
C |
|
|
114 |
2541d |
2569d
|
4/28 |
2489d |
5e351ad10699
locking/lockdep: Fix possible NULL deref
|
BUG: unable to handle kernel NULL pointer dereference in proc_flush_task
fs
|
syz |
|
|
1 |
2532d |
2527d
|
4/28 |
2489d |
c0ee554906c3
pid: Handle failure to allocate the first pid in a pid namespace
|
KASAN: stack-out-of-bounds Read in write_mmio
kvm
|
C |
|
|
3 |
2536d |
2546d
|
4/28 |
2489d |
e39d200fa5bf
KVM: Fix stack-out-of-bounds read in write_mmio
|
BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:LINE
|
C |
|
|
19609 |
2551d |
2577d
|
4/28 |
2490d |
4d772cb85f64
KVM: x86: fix em_fxstor() sleeping while in atomic
|
WARNING in free_loaded_vmcs
kvm
|
C |
|
|
170 |
2549d |
2556d
|
4/28 |
2491d |
b74558259c51
KVM: VMX: Fix vmx->nested freeing when no SMI handler
|
KASAN: use-after-free Read in fib6_add_1
net
|
C |
|
|
4 |
2501d |
2503d
|
4/28 |
2491d |
591ff9ea51ce
net-backports: ipv6: don't let tb6_root node share routes with other node
|
possible deadlock in snd_seq_deliver_event
|
C |
|
|
6 |
2571d |
2581d
|
4/28 |
2493d |
1f20f9ff57ca
ALSA: seq: Fix nested rwsem annotation for lockdep splat
|
KASAN: slab-out-of-bounds Read in map_lookup_elem
bpf
|
C |
|
|
6 |
2501d |
2504d
|
4/28 |
2493d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
KASAN: use-after-free Write in array_map_update_elem
bpf
|
C |
|
|
11 |
2500d |
2501d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
WARNING in wiphy_register
wireless
|
C |
|
|
15 |
2501d |
2503d
|
4/28 |
2494d |
51a1aaa631c9
mac80211_hwsim: validate number of different channels
|
general protection fault in sctp_v6_get_dst
sctp
|
C |
|
|
6 |
2506d |
2506d
|
4/28 |
2494d |
c5006b8aa745
sctp: do not allow the v4 socket to bind a v4mapped v6 address
|
WARNING in ___bpf_prog_run
bpf
|
C |
|
|
28 |
2499d |
2506d
|
4/28 |
2494d |
7891a87efc71
bpf: arsh is not supported in 32 bit alu thus reject it
|
KASAN: slab-out-of-bounds Read in perf_event_fd_array_release
bpf
|
C |
|
|
96 |
2499d |
2506d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
KASAN: use-after-free Read in bpf_fd_array_map_lookup_elem
bpf
|
|
|
|
21 |
2500d |
2506d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
WARNING in rfkill_alloc
wireless
|
C |
|
|
6 |
2501d |
2503d
|
4/28 |
2494d |
59b179b48ce2
cfg80211: check dev_set_name() return value
|
WARNING in snd_interval_mulkdiv
sound
|
C |
|
|
21 |
2500d |
2506d
|
4/28 |
2494d |
23b19b7b50fe
ALSA: pcm: Remove yet superfluous WARN_ON()
|
WARNING in can_rcv
can
|
C |
|
|
5 |
2501d |
2500d
|
4/28 |
2494d |
8cb68751c115
can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
|
KASAN: use-after-free Read in fib6_ifup (2)
net
|
C |
|
|
18 |
2501d |
2498d
|
4/28 |
2494d |
591ff9ea51ce
ipv6: don't let tb6_root node share routes with other node
|
KASAN: slab-out-of-bounds Read in bpf_fd_array_map_lookup_elem
bpf
|
|
|
|
7 |
2501d |
2505d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
suspicious RCU usage at ./include/linux/rcupdate.h:LINE (2)
net
|
C |
|
|
174 |
2495d |
2575d
|
4/28 |
2494d |
2f10a61cee8f
xfrm: fix rcu usage in xfrm_get_type_offload
|
general protection fault in cgroup_fd_array_put_ptr
bpf
|
C |
|
|
219 |
2499d |
2506d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
general protection fault in ip6_xmit
net
|
|
|
|
16 |
2495d |
2496d
|
4/28 |
2494d |
591ff9ea51ce
ipv6: don't let tb6_root node share routes with other node
|
BUG: unable to handle kernel paging request in __bpf_map_put
bpf
|
|
|
|
1 |
2504d |
2503d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
divide error in ___bpf_prog_run
bpf
|
C |
|
|
28 |
2496d |
2504d
|
4/28 |
2494d |
68fda450a7df
bpf: fix 32-bit divide by zero
|
kernel BUG at ./include/linux/skbuff.h:LINE!
net
|
C |
|
|
4502 |
2499d |
2512d
|
4/28 |
2494d |
374d1b5a81f7
esp: Fix GRO when the headers not fully in the linear part of the skb.
|
WARNING in netlink_ack (2)
net
|
C |
|
|
6 |
2506d |
2506d
|
4/28 |
2494d |
cbbdf8433a5f
netlink: extack needs to be reset each time through loop
|
general protection fault in __bpf_prog_put
bpf
|
C |
|
|
212 |
2499d |
2506d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
possible deadlock in ppp_dev_uninit
ppp
|
C |
|
|
6 |
2500d |
2512d
|
4/28 |
2494d |
0171c4183559
ppp: unlock all_ppp_mutex before registering device
|
BUG: unable to handle kernel paging request in dst_release
net
|
|
|
|
113 |
2499d |
2505d
|
4/28 |
2494d |
95ef498d977b
ipv6: ip6_make_skb() needs to clear cork.base.dst
|
KASAN: stack-out-of-bounds Read in __nla_put
net
|
C |
|
|
57 |
2496d |
2500d
|
4/28 |
2494d |
cd443f1e91ca
netlink: reset extack earlier in netlink_rcv_skb
|
general protection fault in strlen
net
|
C |
|
|
53 |
2496d |
2498d
|
4/28 |
2494d |
cd443f1e91ca
netlink: reset extack earlier in netlink_rcv_skb
|
BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:LINE
net
|
|
|
|
20 |
2502d |
2511d
|
4/28 |
2494d |
b1bdcb59b64f
xfrm: don't call xfrm_policy_cache_flush while holding spinlock
|
WARNING in canfd_rcv
can
|
C |
|
|
4 |
2501d |
2500d
|
4/28 |
2494d |
d4689846881d
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
|
BUG: unable to handle kernel paging request in fd_array_map_delete_elem
bpf
|
|
|
|
11 |
2500d |
2506d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
general protection fault in __bpf_map_put
bpf
|
C |
|
|
331 |
2499d |
2506d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
WARNING: held lock freed!
sctp
|
C |
|
|
497 |
2498d |
2509d
|
4/28 |
2494d |
a0ff660058b8
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
|
KASAN: use-after-free Read in tls_sk_proto_close
net
|
C |
|
|
9 |
2499d |
2507d
|
4/28 |
2494d |
d91c3e17f75f
net/tls: Only attach to sockets in ESTABLISHED state
|
WARNING in adjust_ptr_min_max_vals
bpf
|
C |
|
|
252 |
2496d |
2514d
|
4/28 |
2494d |
6f16101e6a8b
bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
|
KASAN: slab-out-of-bounds Write in array_map_update_elem
bpf
|
C |
|
|
6 |
2502d |
2501d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
BUG: unable to handle kernel paging request in bpf_fd_array_map_lookup_elem
bpf
|
|
|
|
5 |
2500d |
2504d
|
4/28 |
2494d |
bbeb6e4323da
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
|
BUG: soft lockup (2)
sound
|
C |
|
|
29 |
2508d |
2537d
|
3/28 |
2498d |
29159a4ed704
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
|
INFO: rcu detected stall in mulaw_transfer
sound
|
|
|
|
37 |
2508d |
2512d
|
3/28 |
2498d |
898dfe4687f4
ALSA: aloop: Fix racy hw constraints adjustment
|
KASAN: use-after-free Read in fib6_ifdown
net
|
C |
|
|
26 |
2501d |
2505d
|
3/28 |
2498d |
4512c43eac7e
ipv6: remove null_entry before adding default route
|
general protection fault in nf_tables_dump_obj_done
netfilter
|
C |
|
|
976 |
2507d |
2512d
|
3/28 |
2498d |
8bea728dce89
netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done()
|
BUG: unable to handle kernel paging request in memset_erms
sound
|
C |
|
|
35 |
2498d |
2512d
|
3/28 |
2498d |
b088b53e20c7
ALSA: aloop: Fix inconsistent format due to incomplete rule
|
INFO: rcu detected stall in snd_pcm_plug_write_transfer
sound
|
|
|
|
1 |
2506d |
2506d
|
3/28 |
2498d |
29159a4ed704
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
|
general protection fault in crypto_remove_spawns
crypto
|
C |
|
|
85 |
2512d |
2550d
|
3/28 |
2498d |
9a00674213a3
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
|
kernel BUG at ./include/linux/mm.h:LINE! (3)
usb
|
C |
|
|
621 |
2503d |
2520d
|
3/28 |
2498d |
46eb14a6e158
USB: fix usbmon BUG trigger
|
INFO: task hung in snd_pcm_oss_write
sound
|
syz |
|
|
2 |
2506d |
2506d
|
3/28 |
2498d |
29159a4ed704
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
|
KASAN: use-after-free Read in rt6_mtu_change_route
net
|
|
|
|
5 |
2502d |
2505d
|
3/28 |
2498d |
4512c43eac7e
ipv6: remove null_entry before adding default route
|
suspicious RCU usage at sound/core/pcm_lib.c:LINE
sound
|
|
|
|
1 |
2513d |
2512d
|
3/28 |
2498d |
29159a4ed704
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
|
WARNING in rds_cmsg_rdma_args
rds
|
C |
|
|
6 |
2514d |
2513d
|
3/28 |
2498d |
c095508770ae
RDS: Heap OOB write in rds_message_alloc_sgs()
|
WARNING in snd_pcm_hw_param_first
sound
|
C |
|
|
2905 |
2506d |
2516d
|
3/28 |
2498d |
fe08f34d066f
ALSA: pcm: Remove incorrect snd_BUG_ON() usages
|
WARNING in strp_data_ready
net
|
C |
|
|
59034 |
2514d |
2584d
|
3/28 |
2499d |
d66fa9ec53c4
strparser: Call sock_owned_by_user_nocheck
|
KASAN: double-free or invalid-free in kvm_arch_vcpu_uninit
kvm
|
|
|
|
1 |
2507d |
2503d
|
3/28 |
2502d |
d76c68109f37
crypto: pcrypt - fix freeing pcrypt instances
|
BUG: unable to handle kernel NULL pointer dereference in blkcipher_walk_done
crypto
|
C |
|
|
2 |
2533d |
2533d
|
3/28 |
2506d |
e57121d08c38
crypto: chacha20poly1305 - validate the digest size
|
BUG: bad usercopy in rw_copy_check_uvector
hardening
mm
|
|
|
|
7 |
2509d |
2525d
|
3/28 |
2506d |
d76c68109f37
crypto: pcrypt - fix freeing pcrypt instances
|
general protection fault in scatterwalk_copychunks (2)
crypto
|
C |
|
|
141 |
2512d |
2538d
|
3/28 |
2506d |
e57121d08c38
crypto: chacha20poly1305 - validate the digest size
|
BUG: bad usercopy in alg_setsockopt
hardening
mm
|
|
|
|
5 |
2513d |
2511d
|
3/28 |
2506d |
d76c68109f37
crypto: pcrypt - fix freeing pcrypt instances
|
KASAN: wild-memory-access Write in scatterwalk_copychunks
crypto
|
C |
|
|
15 |
2511d |
2537d
|
3/28 |
2506d |
e57121d08c38
crypto: chacha20poly1305 - validate the digest size
|
general protection fault in skcipher_walk_done
crypto
|
C |
|
|
8 |
2508d |
2528d
|
3/28 |
2506d |
e57121d08c38
crypto: chacha20poly1305 - validate the digest size
|
BUG: unable to handle kernel NULL pointer dereference in scatterwalk_copychunks
crypto
|
C |
|
|
3 |
2532d |
2533d
|
3/28 |
2506d |
e57121d08c38
crypto: chacha20poly1305 - validate the digest size
|
KASAN: slab-out-of-bounds Read in cap_inode_getsecurity
lsm
|
C |
|
|
11 |
2511d |
2512d
|
3/28 |
2506d |
dc32b5c3e6e2
capabilities: fix buffer overread on very short xattr
|
BUG: bad usercopy in strncpy_from_user
hardening
mm
|
|
|
|
1 |
2520d |
2516d
|
3/28 |
2506d |
d76c68109f37
crypto: pcrypt - fix freeing pcrypt instances
|
KASAN: use-after-free Read in __list_del_entry_valid (2)
crypto
|
C |
|
|
11 |
2528d |
2530d
|
3/28 |
2506d |
d76c68109f37
crypto: pcrypt - fix freeing pcrypt instances
|
BUG: bad usercopy in do_syslog
hardening
mm
|
|
|
|
1 |
2515d |
2511d
|
3/28 |
2506d |
d76c68109f37
crypto: pcrypt - fix freeing pcrypt instances
|
KASAN: slab-out-of-bounds Read in cap_convert_nscap
lsm
|
C |
|
|
4148 |
2511d |
2514d
|
3/28 |
2506d |
dc32b5c3e6e2
capabilities: fix buffer overread on very short xattr
|
BUG: unable to handle kernel paging request in ipcget
kernel
|
|
|
|
2 |
2528d |
2524d
|
3/28 |
2506d |
d76c68109f37
crypto: pcrypt - fix freeing pcrypt instances
|
KASAN: use-after-free Read in handle_userfault
fs
|
C |
|
|
151 |
2518d |
2581d
|
3/28 |
2506d |
0cbb4b4f4c44
userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails
|
possible deadlock (2)
crypto
|
|
|
|
2 |
2534d |
2536d
|
3/28 |
2514d |
2b4f27c36bcd
crypto: skcipher - set walk.iv for zero-length inputs
|
BUG: unable to handle kernel paging request in kvm_arch_vcpu_ioctl_run
kvm
|
|
|
|
1 |
2541d |
2537d
|
3/28 |
2514d |
7fb983b4dd56
x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
|
BUG: unable to handle kernel paging request in __switch_to
kernel
|
|
|
|
1 |
2548d |
2544d
|
3/28 |
2514d |
7fb983b4dd56
x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
|
general protection fault in blkcipher_walk_first
crypto
|
C |
|
|
7 |
2525d |
2536d
|
3/28 |
2514d |
11edb555966e
crypto: af_alg - wait for data at beginning of recvmsg
|
BUG: unable to handle kernel paging request in __schedule
kernel
|
|
|
|
2 |
2543d |
2538d
|
3/28 |
2514d |
7fb983b4dd56
x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
|
BUG: unable to handle kernel paging request in match_subs_info
sound
|
|
|
|
1 |
2544d |
2538d
|
3/28 |
2514d |
7fb983b4dd56
x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
|
KASAN: global-out-of-bounds Read in crypto_chacha20_crypt
crypto
|
C |
|
|
74 |
2528d |
2531d
|
3/28 |
2514d |
2b4f27c36bcd
crypto: skcipher - set walk.iv for zero-length inputs
|
general protection fault in crypto_chacha20_crypt
crypto
|
C |
|
|
2374 |
2518d |
2549d
|
3/28 |
2514d |
2b4f27c36bcd
crypto: skcipher - set walk.iv for zero-length inputs
|
KASAN: use-after-free Write in aead_recvmsg
crypto
|
C |
|
|
21 |
2526d |
2543d
|
3/28 |
2514d |
d53c51357923
crypto: af_alg - fix race accessing cipher request
|
general protection fault in blkcipher_walk_done
crypto
|
C |
|
|
47 |
2514d |
2550d
|
3/28 |
2514d |
11edb555966e
crypto: af_alg - wait for data at beginning of recvmsg
|
BUG: unable to handle kernel paging request in copy_siginfo_to_user
kernel
|
|
|
|
1 |
2542d |
2537d
|
3/28 |
2514d |
7fb983b4dd56
x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
|
BUG: unable to handle kernel paging request in __put_user_8
kernel
|
|
|
|
1 |
2545d |
2538d
|
3/28 |
2514d |
7fb983b4dd56
x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
|
INFO: task hung in cleanup_net
net
|
|
|
|
1 |
2540d |
2528d
|
3/28 |
2514d |
21b594435005
net: Fix double free and memory corruption in get_net_ns_by_id()
|
KASAN: use-after-free in aead_recvmsg
crypto
|
|
|
|
2 |
2538d |
2538d
|
3/28 |
2520d |
b32a7dc8aef1
crypto: algif_aead - fix reference counting of null skcipher
|
kernel BUG at net/packet/af_packet.c:LINE! (2)
net
|
|
|
|
2 |
2544d |
2546d
|
3/28 |
2520d |
8e1611e23579
make sock_alloc_file() do sock_release() on failures
|
general protection fault in free_verifier_state
bpf
|
C |
|
|
2 |
2527d |
2527d
|
3/28 |
2520d |
8c01c4f896aa
bpf: fix verifier NULL pointer dereference
|
WARNING in refcount_dec (2)
net
|
|
|
|
1 |
2555d |
2555d
|
3/28 |
2520d |
15fe076edea7
net/packet: fix a race in packet_bind() and packet_notifier()
|
WARNING in netlink_ack
net
|
C |
|
|
6 |
2524d |
2525d
|
3/28 |
2520d |
48044eb490be
netlink: fix netlink_ack() extack race
|
WARNING in lock_release
fs
|
C |
|
|
72 |
2528d |
2561d
|
3/28 |
2525d |
ca0168e8a77c
alloc_super(): do ->s_umount initialization earlier
|
general protection fault in af_alg_free_areq_sgls
crypto
|
C |
|
|
2916 |
2531d |
2550d
|
3/28 |
2527d |
887207ed9e58
crypto: af_alg - fix NULL pointer dereference in
|
general protection fault in ___cache_free
crypto
|
|
|
|
1 |
2537d |
2532d
|
3/28 |
2527d |
ecaaab564978
crypto: salsa20 - fix blkcipher_walk API usage
|
KASAN: stack-out-of-bounds Write in sha3_update
crypto
|
C |
|
|
5 |
2553d |
2549d
|
3/28 |
2527d |
af3ff8045bbf
crypto: hmac - require that the underlying hash algorithm is unkeyed
|
general protection fault in kfree
crypto
|
|
|
|
13 |
2538d |
2546d
|
3/28 |
2527d |
ecaaab564978
crypto: salsa20 - fix blkcipher_walk API usage
|
general protection fault in strcmp
crypto
keyrings
|
|
|
|
1 |
2547d |
2547d
|
3/28 |
2527d |
18026d866801
KEYS: reject NULL restriction string when type is specified
|
KASAN: use-after-free Read in aead_recvmsg
crypto
|
C |
|
|
4338 |
2531d |
2550d
|
3/28 |
2527d |
b32a7dc8aef1
crypto: algif_aead - fix reference counting of null skcipher
|
WARNING in initialize_timer
sound
|
|
|
|
2 |
2547d |
2548d
|
3/28 |
2527d |
43a354287032
ALSA: seq: Remove spurious WARN_ON() at timer check
|
WARNING: suspicious RCU usage (3)
mm
|
|
|
|
16 |
2548d |
2549d
|
3/28 |
2527d |
ecaaab564978
crypto: salsa20 - fix blkcipher_walk API usage
|
kernel BUG at net/core/dev.c:LINE!
net
|
C |
|
|
5 |
2551d |
2555d
|
3/28 |
2540d |
15fe076edea7
net-backports: net/packet: fix a race in packet_bind() and packet_notifier()
|
kernel panic: softlockup: hung tasks
|
|
|
|
2 |
2620d |
2590d
|
3/28 |
2540d |
4ba161a793d5
SUNRPC: Allow connect to return EHOSTUNREACH
|
general protection fault in fanout_demux_rollover
net
|
|
|
|
3 |
2553d |
2572d
|
3/28 |
2540d |
57f015f5eccf
packet: fix crash in fanout_demux_rollover()
|
general protection fault in scatterwalk_copychunks
crypto
|
C |
|
|
414 |
2540d |
2549d
|
3/28 |
2540d |
8e1fa89aa8bc
crypto: algif_aead - skip SGL entries with NULL page
|
possible deadlock in blk_trace_remove
block
trace
|
|
|
|
5 |
2551d |
2558d
|
3/28 |
2540d |
2967acbb257a
blktrace: fix trace mutex deadlock
|
kernel BUG at net/key/af_key.c:LINE!
|
C |
|
|
63 |
2592d |
2584d
|
3/28 |
2543d |
0e74aa1d79a5
xfrm: Copy policy family in clone_policy
|
general protection fault in dax_alloc_inode
cxl
nvdimm
|
|
|
|
1 |
2570d |
2563d
|
3/28 |
2543d |
9f586fff6574
dax: fix general protection fault in dax_alloc_inode
|
KASAN: use-after-free Read in mpi_free
crypto
|
C |
|
|
27 |
2560d |
2568d
|
3/28 |
2550d |
12d41a023efb
crypto: dh - Fix double free of ctx->p
|
BUG: unable to handle kernel paging request in vsock_diag_dump
net
virt
|
C |
|
|
6 |
2581d |
2584d
|
3/28 |
2550d |
c1eef220c176
vsock: always call vsock_init_tables()
|
WARNING in snd_timer_user_info_compat
sound
|
C |
|
|
174 |
2553d |
2556d
|
3/28 |
2550d |
3d4e8303f2c7
ALSA: timer: Remove kernel warning at compat ioctl error paths
|
KASAN: use-after-free Read in free_netdev
net
|
C |
|
|
42 |
2567d |
2590d
|
3/28 |
2550d |
aec72f3392b1
net-tun: fix panics at dismantle time
|
general protection fault in hrtimer_active
kernel
|
C |
|
|
669 |
2567d |
2590d
|
3/28 |
2550d |
aec72f3392b1
net-tun: fix panics at dismantle time
|
INFO: trying to register non-static key. (2)
net
|
C |
|
|
8624 |
2568d |
2570d
|
3/28 |
2550d |
9eba9353388d
tcp: fix a lockdep issue in tcp_fastopen_reset_cipher()
|
KASAN: use-after-free Read in tipc_send_group_bcast
tipc
|
|
|
|
4 |
2584d |
2575d
|
3/28 |
2550d |
e233df01576b
tipc: fix a dangling pointer
|
general protection fault in iov_iter_fault_in_readable
fs
|
|
|
|
5 |
2567d |
2575d
|
3/28 |
2550d |
ee74d9967b82
tun: do not arm flow_gc_timer in tun_flow_init()
|
WARNING in free_kthread_struct
kernel
|
C |
|
|
136405 |
2567d |
2570d
|
3/28 |
2550d |
e10237cc76ef
kthread: zero the kthread data structure
|
general protection fault in bpf_check
bpf
|
|
|
|
3 |
2570d |
2575d
|
3/28 |
2550d |
8c01c4f896aa
bpf: fix verifier NULL pointer dereference
|
KASAN: use-after-free Read in fsnotify
fs
|
|
|
|
1 |
2610d |
2574d
|
3/28 |
2550d |
b3a006600582
dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
|
kernel BUG at fs/notify/dnotify/dnotify.c:LINE!
fs
|
|
|
|
19 |
2566d |
2578d
|
3/28 |
2550d |
b3a006600582
dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
|
general protection fault in do_raw_spin_lock
tipc
|
|
|
|
8 |
2582d |
2586d
|
3/28 |
2550d |
87b1af8dcc08
net-backports: ipv6: add ip6_null_entry check in rt6_select()
|
general protection fault in tun_flow_cleanup
|
|
|
|
1 |
2621d |
2590d
|
3/28 |
2550d |
ee74d9967b82
tun: do not arm flow_gc_timer in tun_flow_init()
|
possible deadlock in generic_file_write_iter
|
C |
|
|
61506 |
2550d |
2572d
|
3/28 |
2550d |
e319e1fbd9d4
block, locking/lockdep: Assign a lock_class per gendisk used for wait_for_completion()
|
KASAN: use-after-free Read in tipc_group_self
tipc
|
C |
|
|
2942 |
2567d |
2584d
|
3/28 |
2550d |
e233df01576b
tipc: fix a dangling pointer
|
KASAN: slab-out-of-bounds Read in tipc_nametbl_lookup_dst_nodes
|
C |
|
|
22388 |
2561d |
2584d
|
3/28 |
2550d |
f65163fed0e7
tipc: eliminate KASAN warning
|
KASAN: use-after-free Write in detach_if_pending
net
|
C |
|
|
4169 |
2586d |
2581d
|
3/28 |
2550d |
ee74d9967b82
tun: do not arm flow_gc_timer in tun_flow_init()
|
WARNING in fib6_add
net
|
C |
|
|
8225 |
2567d |
2590d
|
3/28 |
2550d |
2ea2352ede9d
ipv6: prevent user from adding cached routes
|
KASAN: use-after-free Read in tcp_ack
net
|
|
|
|
68 |
2563d |
2564d
|
3/28 |
2550d |
50895b9de1d3
net-backports: tcp: highest_sack fix
|
WARNING in tun_get_user
net
|
C |
|
|
17398 |
2567d |
2591d
|
3/28 |
2550d |
010f245b9dd7
net-backports: tun: relax check on eth_get_headlen() return value
|
BUG: sleeping function called from invalid context at net/core/sock.c:LINE
crypto
|
C |
|
|
407 |
2550d |
2590d
|
3/28 |
2550d |
829385f08ae9
strparser: Use delayed work instead of timer for msg timeout
|
KASAN: use-after-free Read in snd_timer_user_info_compat
sound
|
syz |
|
|
2 |
2592d |
2581d
|
3/28 |
2556d |
79fb0518fec8
ALSA: timer: Add missing mutex lock for compat ioctls
|
WARNING in tcp_update_reordering
net
|
|
|
|
748 |
2560d |
2557d
|
3/28 |
2556d |
0eb96bf754d7
tcp: fix tcp_fastretrans_alert warning
|
KASAN: stack-out-of-bounds Read in xfrm_state_find (2)
net
|
C |
|
|
93 |
2568d |
2576d
|
3/28 |
2560d |
c9f3f813d462
xfrm: Fix stack-out-of-bounds read in xfrm_state_find.
|
general protection fault in asn1_ber_decoder
crypto
keyrings
|
C |
|
|
5009 |
2567d |
2571d
|
3/28 |
2560d |
624f5ab8720b
KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
|
BUG: soft lockup
|
C |
|
|
466 |
2563d |
2576d
|
3/28 |
2560d |
9b7d869ee5a7
ALSA: timer: Limit max instances per timer
|
BUG: unable to handle kernel paging request in snd_seq_oss_readq_puts
|
C |
|
|
389 |
2570d |
2576d
|
3/28 |
2560d |
132d358b183a
ALSA: seq: Fix OSS sysex delivery in OSS emulation
|
WARNING in refcount_add_not_zero
net
|
|
|
|
70 |
2560d |
2577d
|
3/28 |
2560d |
7ec318feeed1
tcp: gso: avoid refcount_t warning from tcp_gso_segment()
|
WARNING in get_pi_state
kernel
|
C |
|
|
42 |
2576d |
2578d
|
3/28 |
2567d |
153fbd1226fb
futex: Fix more put_pi_state() vs. exit_pi_state_list() races
|
BUG: workqueue lockup
|
C |
|
|
172 |
2567d |
2577d
|
3/28 |
2567d |
93161922c658
tun/tap: sanitize TUNSETSNDBUF input
|
KASAN: use-after-free Read in ip_queue_xmit
net
|
|
|
|
1 |
2592d |
2592d
|
3/28 |
2567d |
c92e8c02fe66
net-backports: tcp/dccp: fix ireq->opt races
|
KASAN: use-after-free Read in do_raw_spin_unlock
kernel
|
syz |
|
|
3 |
2576d |
2577d
|
3/28 |
2567d |
153fbd1226fb
futex: Fix more put_pi_state() vs. exit_pi_state_list() races
|
KASAN: use-after-free Write in __run_timers
|
|
|
|
6144 |
2586d |
2646d
|
3/28 |
2567d |
0ad646c81b21
net-backports: tun: call dev_get_valid_name() before register_netdevice()
|
general protection fault in __list_del_entry_valid
|
C |
|
|
72 |
2570d |
2584d
|
3/28 |
2567d |
1137b5e2529a
ipsec: Fix aborted xfrm policy dump crash
|
WARNING in kmalloc_slab (2)
block
trace
|
C |
|
|
2478 |
2567d |
2584d
|
3/28 |
2567d |
864e2a1f8aac
ipv6: flowlabel: do not leave opt->tot_len with garbage
|
general protection fault in ip6_setup_cork
net
|
|
|
|
56 |
2581d |
2590d
|
3/28 |
2567d |
864e2a1f8aac
net-backports: ipv6: flowlabel: do not leave opt->tot_len with garbage
|
WARNING in refcount_dec
net
|
|
|
|
9 |
2567d |
2590d
|
3/28 |
2567d |
e669b8694547
ipv6: addrconf: increment ifp refcount before ipv6_del_addr()
|
WARNING in reuseport_alloc
net
|
C |
|
|
408 |
2567d |
2590d
|
3/28 |
2567d |
1b5f962e71bf
soreuseport: fix initialization race
|
KASAN: use-after-free Read in packet_getsockopt (2)
net
|
syz |
|
|
12 |
2580d |
2589d
|
3/28 |
2567d |
509c7a1ecc86
packet: avoid panic in packet_getsockopt()
|
INFO: rcu detected stall (2)
net
|
C |
|
|
56 |
2567d |
2578d
|
3/28 |
2567d |
93161922c658
net-backports: tun/tap: sanitize TUNSETSNDBUF input
|
KASAN: slab-out-of-bounds Read in asn1_ber_decoder
keyrings
crypto
|
C |
|
|
17 |
2567d |
2572d
|
3/28 |
2567d |
2eb9eabf1e86
KEYS: fix out-of-bounds read during ASN.1 parsing
|
KASAN: use-after-free Read in __lock_acquire
kernel
|
syz |
|
|
894 |
2567d |
2576d
|
3/28 |
2567d |
153fbd1226fb
futex: Fix more put_pi_state() vs. exit_pi_state_list() races
|
WARNING in sk_stream_kill_queues
|
syz |
|
|
96 |
2654d |
2657d
|
3/28 |
2570d |
7749d4ff88d3
net-backports: dccp: purge write queue in dccp_destroy_sock()
|
kernel BUG at net/ipv4/tcp_output.c:LINE!
|
|
|
|
37 |
2626d |
2639d
|
3/28 |
2570d |
b1ed4c4fa9a5
tcp: add an ability to dump and restore window parameters
|
general protection fault in refcount_sub_and_test
|
|
|
|
1 |
2671d |
2655d
|
3/28 |
2571d |
12d94a804946
ipv6: fix NULL dereference in ip6_route_dev_notify()
|
BUG: unable to handle kernel NULL pointer dereference in free_fib_info_rcu
|
|
|
|
3 |
2655d |
2655d
|
3/28 |
2571d |
187e5b3ac84d
ipv4: fix NULL dereference in free_fib_info_rcu()
|
KASAN: use-after-free Read in dev_queue_xmit_nit
|
C |
|
|
13 |
2614d |
2625d
|
3/28 |
2571d |
008ba2a13f2d
packet: hold bind lock when rebinding to fanout hook
|
KASAN: double-free or invalid-free in selinux_tun_dev_free_security
|
C |
|
|
12033 |
2647d |
2658d
|
3/28 |
2571d |
ff244c6b29b1
tun: handle register_netdevice() failures properly
|
KASAN: use-after-free Read in ccid2_hc_tx_rto_expire
|
|
|
|
5 |
2649d |
2654d
|
3/28 |
2571d |
120e9dabaf55
dccp: defer ccid_hc_tx_delete() at dismantle time
|
WARNING in fib6_del
|
|
|
|
24 |
2632d |
2646d
|
3/28 |
2571d |
7483cea79957
ipv6: fib: Unlink replaced routes from their nodes
|
kernel BUG at net/core/skbuff.c:LINE!
sctp
|
|
|
|
5 |
2584d |
2655d
|
3/28 |
2581d |
c780a049f9bf
ipv4: better IP_MAX_MTU enforcement
|
KASAN: use-after-free Read in __list_add_valid
|
syz |
|
|
26 |
2588d |
2635d
|
3/28 |
2584d |
008ba2a13f2d
packet: hold bind lock when rebinding to fanout hook
|
general protection fault in kvm_cpuid
|
C |
|
|
20 |
2613d |
2632d
|
3/28 |
2584d |
d1cd3ce90044
KVM: MMU: check guest CR3 reserved bits based on its physical address width.
|
general protection fault in skb_clone
|
syz |
|
|
3 |
2653d |
2653d
|
3/28 |
2584d |
0bbd7dad34f8
tun: make tun_build_skb() thread safe
|
BUG: unable to handle kernel paging request in skb_release_data
|
syz |
|
|
15 |
2653d |
2654d
|
3/28 |
2584d |
0bbd7dad34f8
tun: make tun_build_skb() thread safe
|
WARNING in __switch_to
kernel
|
C |
|
|
535 |
2612d |
2658d
|
3/28 |
2584d |
814fb7bb7db5
x86/fpu: Don't let userspace set bogus xcomp_bv
|
WARNING: kernel stack regs has bad 'bp' value
|
C |
|
|
66131 |
2613d |
2658d
|
3/28 |
2584d |
d3dfbfe2e6e7
crypto: x86/sha256-avx2 - Fix RBP usage
|
kernel BUG at lib/string.c:LINE!
netfilter
|
C |
|
|
73 |
2599d |
2615d
|
3/28 |
2584d |
e466af75c074
netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
|
WARNING in __local_bh_enable_ip
|
|
|
|
22 |
2615d |
2622d
|
3/28 |
2584d |
930651a75bf1
bpf: do not disable/enable BH in bpf_map_free_id()
|
general protection fault in __skb_flow_dissect
|
C |
|
|
37 |
2654d |
2657d
|
3/28 |
2584d |
7324157b8af1
dsa: fix flow disector null pointer
|
KASAN: use-after-free Read in free_ldt_struct
|
C |
|
|
109 |
2641d |
2656d
|
3/28 |
2584d |
ccd5b3235180
x86/mm: Fix use-after-free of ldt_struct
|
kernel BUG at mm/slab.c:LINE!
|
C |
|
|
860 |
2632d |
2635d
|
3/28 |
2584d |
96e5ae4e76f1
bpf: fix numa_node validation
|
possible deadlock in kcm_sendpage
|
syz |
|
|
14 |
2637d |
2639d
|
3/28 |
2584d |
351050ecd652
kcm: do not attach PF_KCM sockets to avoid deadlock
|
WARNING in kmalloc_slab
net
|
C |
|
|
22353 |
2584d |
2657d
|
3/28 |
2584d |
81fbfe8adaf3
ptr_ring: use kmalloc_array()
|
general protection fault in perf_trace_block_get_rq
|
C |
|
|
180 |
2625d |
2634d
|
3/28 |
2584d |
f8e9ec16611b
block: tolerate tracing of NULL bio
|
KASAN: slab-out-of-bounds Read in skb_release_data
|
|
|
|
1 |
2653d |
2653d
|
3/28 |
2584d |
0bbd7dad34f8
tun: make tun_build_skb() thread safe
|
KASAN: use-after-free Read in get_mm_exe_file
|
C |
|
|
2 |
2648d |
2653d
|
3/28 |
2584d |
2b7e8665b4ff
fork: fix incorrect fput of ->exe_file causing use-after-free
|
general protection fault in __lock_acquire
selinux
|
|
|
|
5 |
2595d |
2646d
|
3/28 |
2584d |
383143f31d7d
ipv6: reset fn->rr_ptr when replacing route
|
KASAN: use-after-free Read in ip6_pol_route
|
|
|
|
249 |
2648d |
2656d
|
3/28 |
2584d |
383143f31d7d
ipv6: reset fn->rr_ptr when replacing route
|
suspicious RCU usage at ./include/linux/kvm_host.h:LINE
|
C |
|
|
103402 |
2613d |
2658d
|
3/28 |
2584d |
021086e383fa
KVM: fix rcu warning on VM_CREATE errors
|
KASAN: use-after-free Read in skb_push
|
|
|
|
4 |
2649d |
2655d
|
3/28 |
2584d |
5bfd37b4de5c
tipc: fix use-after-free
|
BUG: unable to handle kernel NULL pointer dereference at ADDR
|
C |
|
|
63 |
2641d |
2656d
|
3/28 |
2584d |
3fd871270732
strparser: initialize all callbacks
|
BUG: Bad page state
|
C |
|
|
2 |
2654d |
2655d
|
3/28 |
2584d |
263630e8d176
mm/madvise.c: fix freeing of locked page with MADV_FREE
|
general protection fault in fib_dump_info
|
C |
|
|
428 |
2647d |
2658d
|
3/28 |
2584d |
bc3aae2bbac4
net: check and errout if res->fi is NULL when RTM_F_FIB_MATCH is set
|
general protection fault in fib6_add
|
|
|
|
18 |
2649d |
2655d
|
3/28 |
2584d |
348a4002729c
ipv6: repair fib6 tree in failure case
|
general protection fault in SyS_bpf
|
C |
|
|
10 |
2644d |
2644d
|
3/28 |
2584d |
ae2b27b859a1
bpf: fix a return in sockmap_get_from_fd()
|
WARNING in idr_replace
|
C |
|
|
1209 |
2625d |
2657d
|
3/28 |
2584d |
a47f68d6a944
idr: remove WARN_ON_ONCE() when trying to replace negative ID
|
general protection fault in skb_release_data
|
syz |
|
|
198 |
2652d |
2654d
|
3/28 |
2584d |
0bbd7dad34f8
tun: make tun_build_skb() thread safe
|
KASAN: wild-memory-access Read in skb_copy_ubufs
|
C |
|
|
23 |
2653d |
2654d
|
3/28 |
2584d |
0bbd7dad34f8
tun: make tun_build_skb() thread safe
|
WARNING in refcount_inc
|
|
|
|
7 |
2638d |
2646d
|
3/28 |
2584d |
551143d8d954
net_sched: fix a refcount_t issue with noop_qdisc
|
general protection fault in __ip_options_echo (2)
|
C |
|
|
2 |
2633d |
2633d
|
3/28 |
2584d |
ca2c1418efe9
udp: drop head states only when all skb references are gone
|
KASAN: use-after-free Read in skb_release_data
|
syz |
|
|
7 |
2654d |
2654d
|
3/28 |
2584d |
0bbd7dad34f8
tun: make tun_build_skb() thread safe
|
INFO: task hung
|
C |
|
|
13878 |
2613d |
2678d
|
3/28 |
2613d |
bd9dfc54e392
tcp: fix hang in tcp_sendpage_locked()
|
WARNING in kvm_arch_vcpu_ioctl_run
|
C |
|
|
20284 |
2613d |
2678d
|
3/28 |
2613d |
bbeac2830f4d
KVM: X86: Fix residual mmio emulation request to userspace
|
BUG: sleeping function called from invalid context at mm/slab.h:LINE
|
C |
|
|
8 |
2655d |
2658d
|
2/28 |
2633d |
36f41f8fc6d8
af_key: do not use GFP_KERNEL in atomic contexts
|
inconsistent lock state in sk_clone_lock
|
C |
|
|
16 |
2654d |
2658d
|
2/28 |
2633d |
d624d276d1dd
tcp: fix possible deadlock in TCP stack vs BPF filter
|
kernel BUG at mm/usercopy.c:LINE!
|
C |
|
|
23 |
2654d |
2658d
|
2/28 |
2633d |
fd851ba9caa9
udp: harden copy_linear_skb()
|