syzbot

 sign-in | mailing list | source | docs
🐞 Open [1440]
Subsystems
🐞 Fixed [6959]
🐞 Invalid [18145]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

Applied filters: Label=subsystems:can (drop)
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Closed Patch
INFO: trying to register non-static key in bcm_can_tx can -1 C error 5 5d10h 16d 3/29 never can: bcm: fix locking for bcm_op runtime updates
KMSAN: uninit-value in em_canid_match can net 7 C 7 98d 100d 29/29 57d 0c922106d7a5 net/sched: em_canid: fix uninit-value in em_canid_match
KCSAN: data-race in can_send / can_send (5) can 6 56 351d 361d 28/29 268d 80b5f90158d1 can: statistics: use atomic access in hot path
WARNING in ucan_probe can -1 C done 143 350d 381d 28/29 268d 1d22a122ffb1 can: ucan: fix out of bound read in strscpy() source
WARNING: refcount bug in sk_skb_reason_drop can 13 C done 8107 451d 518d 28/29 303d a8c695005bfe can: j1939: j1939_session_new(): fix skb reference counting
WARNING in remove_proc_entry (6) can -1 C done 377 517d 547d 28/29 499d 94b0818fa635 can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
INFO: task hung in cangw_pernet_exit_batch (3) can 1 33 604d 620d 26/29 604d d864319871b0 net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
KMSAN: kernel-infoleak in raw_recvmsg can 9 C 121 630d 678d 26/29 604d b7cdf1dd5d2a net: can: j1939: Initialize unused data in j1939_send_one()
possible deadlock in j1939_sk_queue_drop_all can 4 C error done 281 766d 1639d 25/29 709d 6cdedc18ba7b can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
possible deadlock in j1939_sk_errqueue (2) can 4 C done 24 749d 975d 25/29 709d 6cdedc18ba7b can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
possible deadlock in j1939_session_activate can 4 C done done 67 760d 1595d 25/29 709d 6cdedc18ba7b can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
KASAN: use-after-free Read in raw_release can 19 1 946d 946d 23/29 875d 11c9027c983e can: raw: fix lockdep issue in raw_release()
possible deadlock in raw_bind can 4 4535 948d 960d 23/29 875d 11c9027c983e can: raw: fix lockdep issue in raw_release()
KASAN: use-after-free Write in j1939_sock_pending_del can 22 syz done error 17 2300d 2312d 23/29 938d fd81ebfe7975 can: j1939: socket: rework socket locking for j1939_sk_release() and j1939_sk_sendmsg()
WARNING in j1939_session_deactivate_activate_next can -1 C error done 502 1066d 1472d 22/29 1001d d0553680f94c can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
possible deadlock in j1939_sk_errqueue can 4 C unreliable 227 1072d 1609d 22/29 1001d d1366b283d94 can: j1939: prevent deadlock by moving j1939_sk_errqueue()
KMSAN: uninit-value in can_send can 7 C 630 1200d 1218d 22/29 1105d 3eb3d283e857 can: j1939: j1939_send_one(): fix missing CAN header initialization
WARNING in netif_rx can -1 2 1471d 1471d 22/29 1105d 167053f8dd0e net: Correct wrong BH disable in hard-interrupt.
memory leak in gs_usb_probe can usb 3 C 1 1441d 1437d 22/29 1105d 50d34a0d151d can: gs_usb: gs_make_candev(): fix memory leak for devices with extended bit timing configuration
WARNING in mcba_usb_probe/usb_submit_urb usb can -1 C error 537 1435d 2430d 22/29 1105d 136bed0bfd3b can: mcba_usb: properly check endpoint type
WARNING in isotp_tx_timer_handler (2) can -1 C 1416 1131d 1454d 22/29 1105d 3ea566422cbd can: isotp: sanitize CAN ID checks in isotp_bind() d73497081710 can: isotp: stop timeout monitoring when no first frame was sent
BUG: unable to handle kernel paging request in can_rcv_filter can 8 C 5 1187d 1185d 22/29 1105d 0acc442309a0 can: af_can: fix NULL pointer dereference in can_rcv_filter
WARNING: refcount bug in j1939_netdev_start (2) can 13 syz error error 51 1597d 2243d 20/29 1458d d9d52a3ebd28 can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv
WARNING in isotp_tx_timer_handler can -1 C error 1553 1458d 1901d 20/29 1458d 9acf636215a6 can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()
memory leak in pcan_usb_fd_init usb can 3 C 19 1840d 1910d 20/29 1576d a0b96b4a6274 drivers: net: fix memory leak in peak_usb_create_dev
WARNING: ODEBUG bug in __sk_destruct (2) can -1 C done done 62 1586d 1783d 20/29 1576d 14a4696bc311 can: isotp: isotp_release(): omit unintended hrtimer restart on socket release
KASAN: use-after-free Read in bcm_rx_handler can 19 syz done 2 1728d 1758d 20/29 1576d d5f9023fa61e can: bcm: delay release of struct bcm_op after synchronize_rcu()
KASAN: use-after-free Write in j1939_can_recv can 22 2 1806d 1839d 20/29 1576d 22c696fed25c can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call sk_destruct() after RCU is done
KASAN: use-after-free Read in j1939_xtp_rx_dat_one (2) can 19 3 1690d 1753d 20/29 1576d 2030043e616c can: j1939: fix Use-after-Free, hold skb ref while in use
INFO: task hung in register_netdevice_notifier (2) can wireless 1 syz done 10555 1720d 2325d 20/29 1576d 8d0caedb7596 can: bcm/raw/isotp: use per module netdevice notifier
INFO: task hung in unregister_netdevice_notifier (3) can 1 syz error error 184 2388d 2573d 20/29 1576d 8d0caedb7596 can: bcm/raw/isotp: use per module netdevice notifier
general protection fault in j1939_netdev_notify (2) can 2 C done 19 1843d 1901d 20/29 1791d 4e096a18867a net: introduce CAN specific pointer in the struct net_device
BUG: receive list entry not found for dev vxcan1, id 003, mask C00007FF can -1 C unreliable 2 1926d 1926d 19/29 1821d d73ff9b7c4ea can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check
BUG: receive list entry not found for dev vcan0, id 002, mask C00007FF can -1 C unreliable 5 1925d 1925d 19/29 1821d d73ff9b7c4ea can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check
BUG: receive list entry not found for dev vcan0, id 001, mask C00007FF can -1 C unreliable 5 1929d 1928d 19/29 1821d d73ff9b7c4ea can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check
KMSAN: uninit-value in number (2) can 7 C 168 1822d 2201d 19/29 1821d c8c958a58fc6 can: af_can: prevent potential access of uninitialized member in can_rcv() 9aa9379d8f86 can: af_can: prevent potential access of uninitialized member in canfd_rcv()
BUG: receive list entry not found for dev vxcan1, id 002, mask C00007FF can -1 C unreliable 3 1926d 1928d 19/29 1821d d73ff9b7c4ea can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check
KMSAN: uninit-value in can_receive (2) can 7 C 2060 1939d 2034d 15/29 1935d e009f95b1543 can: j1935: j1939_tp_tx_dat_new(): fix missing initialization of skbcnt
KASAN: use-after-free Read in j1939_tp_txtimer can 19 C done error 5 2062d 2260d 15/29 1995d cd3b3636c99f can: j1939: transport: j1939_session_tx_dat(): fix use-after-free read in j1939_tp_txtimer()
general protection fault in j1939_netdev_start can 2 C done 8 2048d 2200d 15/29 1995d af804b782635 can: j1939: socket: j1939_sk_bind(): make sure ml_priv is allocated
KASAN: use-after-free Read in raw_notifier can 19 3 2208d 2210d 15/29 2150d 44bfa9c5e5f0 net: rtnetlink: fix bugs in rtnl_alt_ifname()
KASAN: use-after-free Read in vsscanf can 19 2 2206d 2208d 15/29 2150d e08ad80551b4 net: add strict checks in netdev_name_node_alt_destroy()
KASAN: use-after-free Read in slcan_open can 19 C done 2 2286d 2285d 15/29 2184d 9ebd796e2400 can: slcan: Fix use-after-free Read in slcan_open
KMSAN: uninit-value in can_receive can 7 C 14 2210d 2299d 15/29 2207d e7153bf70c34 can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs
KASAN: null-ptr-deref Write in queue_work_on can 12 C done error 5 2391d 2387d 15/29 2207d 0ace17d56824 can, slip: Protect tty->disc_data in write_wakeup and close with RCU
general protection fault in j1939_jsk_del (2) can 2 syz 21 2270d 2287d 15/29 2211d 00d4e14d2e4c can: j1939: j1939_sk_bind(): take priv after lock is held
KASAN: use-after-free Read in j1939_xtp_rx_abort_one can 19 C done done 11 2305d 2312d 15/29 2237d ddeeb7d4822e can: j1939: j1939_can_recv(): add priv refcounting
general protection fault in j1939_netdev_notify can 2 syz done 11 2300d 2312d 14/29 2288d c48c8c1e2e81 can: j1939: main: j1939_ndev_to_priv(): avoid crash if can_ml_priv is NULL
KASAN: use-after-free Read in j1939_sk_recv can 19 C done 2 2307d 2307d 14/29 2288d ddeeb7d4822e can: j1939: j1939_can_recv(): add priv refcounting
KASAN: use-after-free Read in j1939_session_deactivate can 19 syz done 1 2309d 2309d 14/29 2288d ddeeb7d4822e can: j1939: j1939_can_recv(): add priv refcounting
KASAN: use-after-free Read in j1939_session_get_by_addr_locked can 19 C done 1 2307d 2306d 14/29 2288d ddeeb7d4822e can: j1939: j1939_can_recv(): add priv refcounting
WARNING: refcount bug in j1939_netdev_start can 13 syz done 6 2290d 2311d 14/29 2288d fd81ebfe7975 can: j1939: socket: rework socket locking for j1939_sk_release() and j1939_sk_sendmsg()
KASAN: use-after-free Read in mcba_usb_disconnect usb can 19 C 2 2315d 2347d 14/29 2288d 4d6636498c41 can: mcba_usb: fix use-after-free on disconnect
memory leak in raw_sendmsg can 3 C 2 2455d 2466d 12/29 2429d fd704bd5ee74 can: purge socket error queue on sock destruct
INFO: task hung in unregister_netdevice_notifier (2) can 1 1 2711d 2711d 11/29 2702d 0e1d6eca5113 rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
INFO: task hung in rollback_registered_many can 1 4 2705d 2713d 11/29 2702d 0e1d6eca5113 rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
WARNING in can_rcv can -1 C 5 2971d 2970d 4/29 2964d 8cb68751c115 can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
WARNING in canfd_rcv can -1 C 4 2971d 2970d 4/29 2964d d4689846881d can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once