syzbot


Applied filters: Label=subsystems:wireless (drop)
Title Repro Cause bisect Fix bisect Count Last Reported Patched Closed Patch
WARNING in _ieee80211_change_chanctx wireless 1 35d 31d 1/26 never wifi: nl80211: disallow setting special AP channel widths
WARNING in carl9170_usb_send_rx_irq_urb/usb_submit_urb usb wireless C error inconclusive 18 38d 1181d 25/26 never b6dd09b3dac8 wifi: carl9170: add a proper sanity check for endpoints
WARNING in kcov_remote_start (3) wireless 211841 38m 63d 25/26 never 19e35f24750d nfc: nci: Fix kcov check in nci_rx_work()
WARNING in ar5523_cmd/usb_submit_urb usb wireless C error 39 26d 1582d 25/26 never e120b6388d7d wifi: ar5523: enable proper endpoint verification
KMSAN: uninit-value in ieee80211_rx_handlers (2) wireless C 4 46d 65d 26/26 7d11h 7c1c73bf84c5 wifi: mac80211: check EHT/TTLM action frame length
WARNING in __rate_control_send_low wireless C inconclusive 2759 7d15h 1323d 26/26 7d12h ab9177d83c04 wifi: mac80211: don't use rate mask for scanning
KMSAN: uninit-value in ieee80211_amsdu_to_8023s wireless C 4 87d 93d 26/26 50d 9ad797485692 wifi: cfg80211: check A-MSDU format more carefully
WARNING in ieee80211_bss_info_change_notify (2) wireless C done 1392 86d 230d 26/26 64d f78c1375339a wifi: nl80211: reject iftype change with mesh ID change
WARNING: suspicious RCU usage in __cfg80211_bss_update wireless C done 92 146d 148d 26/26 120d 1184950e341c wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
WARNING in rate_control_rate_init (2) wireless C done 9 161d 332d 25/26 130d c1393c132b90 wifi: mac80211: check if the existing link config remains unchanged
WARNING in ieee80211_rfkill_poll wireless C 684 171d 203d 25/26 130d 8e2f6f236621 wifi: cfg80211: lock wiphy mutex for rfkill poll
possible deadlock in rfkill_send_events wireless C done 22 223d 233d 25/26 161d f2ac54ebf856 net: rfkill: reduce data->mtx scope in rfkill_fop_open
WARNING in ieee80211_get_ringparam wireless C done 151 247d 254d 25/26 161d 6b348f6e34ce wifi: mac80211: ethtool: always hold wiphy mutex
possible deadlock in ieee80211_change_mac wireless 1 235d 231d 25/26 161d 74a7c93f45ab wifi: mac80211: fix change_address deadlock during unregister
WARNING in ieee80211_probe_client wireless C done error 124 262d 1332d 23/26 230d 67dfa589aa88 wifi: mac80211: check for station first in client probe
WARNING in sta_info_insert_rcu (3) wireless C done 6 278d 319d 23/26 230d 5d4e04bf3a0f wifi: cfg80211: reject auth/assoc to AP with our address
KMSAN: uninit-value in hwsim_cloned_frame_received_nl wireless C 8315 274d 1344d 23/26 230d fba360a047d5 wifi: mac80211_hwsim: drop short frames
KMSAN: uninit-value in ieee80211_rx_handlers wireless C 8 276d 331d 23/26 230d 19e4a47ee747 wifi: mac80211: check S1G action frame size
WARNING in ieee80211_bss_info_change_notify wireless C done 7725 230d 1335d 23/26 230d abc76cf552e1 wifi: cfg80211: ocb: don't leave if not joined
KMSAN: uninit-value in __netif_receive_skb_core wireguard wireless C done 353 270d 2240d 23/26 230d dc644b540a2d tcx: Fix splat in ingress_destroy upon tcx_entry_free
memory leak in htc_connect_service wireless C 1 380d 461d 23/26 244d 061b0cb9327b wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
INFO: trying to register non-static key in skb_queue_tail wireless C unreliable done 171 335d 1437d 23/26 244d 061b0cb9327b wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
KMSAN: uninit-value in ath9k_wmi_ctrl_rx wireless C 45 328d 450d 23/26 244d f24292e82708 wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
memory leak in hwsim_new_radio_nl wireless C 1 384d 383d 22/26 333d 098abbd48ec1 mac80211_hwsim: fix memory leak in hwsim_new_radio_nl
general protection fault in free_percpu (2) wireless 1 503d 503d 22/26 356d 80f8a66dede0 Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
memory leak in ath9k_hif_usb_rx_cb wireless C 1 532d 528d 22/26 356d 0af54343a762 wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
general protection fault in jhash wireless C done done 15 405d 425d 22/26 356d 2bef4d1fb8b3 wifi: mac80211_hwsim: fix potential NULL deref in hwsim_pmsr_report_nl()
memory leak in ath9k_hif_usb_firmware_cb wireless C 1591 500d 1296d 22/26 356d 9b25e3985477 wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
memory leak in regulatory_hint_core wireless C 2 555d 583d 22/26 356d 399ab7fe0fa0 net: sched: fix memory leak in tcindex_set_parms
WARNING in ath6kl_htc_pipe_rx_complete usb wireless C error 2008 395d 1665d 22/26 356d 75c4a8154cb6 wifi: ath6kl: reduce WARN to dev_dbg() in callback
general protection fault in skb_dequeue (3) wireless C done 6 474d 484d 22/26 356d 33b3b041543e splice: Add a func to do a splice from an O_DIRECT file without ITER_PIPE
memory leak in __build_skb (3) wireless C 2 517d 514d 22/26 356d 9b25e3985477 wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
INFO: trying to register non-static key in ieee80211_do_stop wireless C error 70591 645d 685d 22/26 460d aa40d5a43526 wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop() wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop()
WARNING: lock held when returning to user space in ieee80211_change_mac wireless 1 610d 606d 22/26 460d ceb3d688f922 wifi: mac80211: unlock on error in ieee80211_can_powered_addr_change()
general protection fault in ath9k_hif_usb_rx_cb (2) wireless C error 1678 658d 1412d 22/26 460d 0ac4827f78c7 ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
upstream boot error: general protection fault in ieee80211_register_hw wireless 1 654d 654d 22/26 460d 9993a4f989c7 virtio: Revert "virtio: find_vqs() add arg sizes"
KASAN: use-after-free Read in ar5523_cmd_tx_cb usb wireless C inconclusive 372 556d 611d 22/26 460d b6702a942a06 wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
KMSAN: kernel-usb-infoleak in hif_usb_send wireless C 18149 768d 1387d 22/26 460d d1e0df1c57bd ath9k_htc: fix uninit value bugs
WARNING in wireless_send_event wireless C 210 577d 614d 22/26 460d e3e6e1d16a4c wifi: wext: use flex array destination for memcpy()
KMSAN: uninit-value in ath9k_htc_rx_msg wireless C 17731 471d 1389d 22/26 460d b383e8abed41 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
WARNING in ieee80211_link_info_change_notify wireless C inconclusive 1376 460d 703d 22/26 460d 591e73ee3f73 wifi: mac80211: properly skip link info driver update
general protection fault in ieee80211_subif_start_xmit (2) wireless C error 5 577d 584d 22/26 460d 780854186946 wifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit()
upstream boot error: stack segment fault in kvmalloc_node wireless 1 655d 655d 22/26 460d 9993a4f989c7 virtio: Revert "virtio: find_vqs() add arg sizes"
upstream boot error: WARNING in wiphy_register wireless 1 654d 654d 22/26 460d 9993a4f989c7 virtio: Revert "virtio: find_vqs() add arg sizes"
WARNING in wdev_chandef wireless 12 662d 704d 22/26 460d 206bbcf76121 wifi: nl80211: hold wdev mutex for tid config
WARNING in cfg80211_ch_switch_notify wireless C done 744 661d 705d 22/26 460d 77e7b6ba78ed wifi: cfg80211: handle IBSS in channel switch
WARNING in hif_usb_send/usb_submit_urb wireless C unreliable done 374 541d 1333d 22/26 460d 16ef02bad239 wifi: ath9k: verify the expected usb_endpoints are present
KASAN: use-after-free Read in ieee80211_scan_rx (3) wireless 10 657d 765d 22/26 460d 60deb9f10eec wifi: mac80211: Fix UAF in ieee80211_scan_rx()
INFO: task hung in ath6kl_usb_power_off wireless 7454 658d 1423d 22/26 460d 62ebaf2f9261 ath6kl: avoid flush_scheduled_work() usage
WARNING in ieee80211_ibss_csa_beacon wireless C error 4997 461d 1330d 22/26 460d 15bc8966b6d3 wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
general protection fault in ieee80211_chanctx_num_assigned wireless C inconclusive done 15 897d 1331d 20/26 747d 563fbefed46a cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
KASAN: out-of-bounds Read in ath9k_hif_usb_rx_cb (3) wireless usb C unreliable done 7 837d 1240d 20/26 805d 6ce708f54cc8 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
memory leak in reg_copy_regd wireless C 1 1047d 1043d 20/26 813d e53e9828a8d2 cfg80211: always free wiphy specific regdomain
KASAN: null-ptr-deref Write in rhashtable_free_and_destroy (2) wireless C unreliable 38 878d 1143d 20/26 813d 8b5cb7e41d9d mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
INFO: task hung in disconnect_work wireless C inconclusive done 3 924d 1198d 20/26 813d 563fbefed46a cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
INFO: trying to register non-static key in ath9k_htc_rxep wireless C unreliable 9896 868d 1441d 20/26 813d b0ec7e55fce6 ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
WARNING in rtl92cu_hw_init wireless 1 913d 909d 20/26 813d 8b144dedb928 rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
WARNING in ieee80211_parse_tx_radiotap wireless 2 990d 988d 20/26 813d 13cb6d826e0a mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
INFO: trying to register non-static key in ath9k_wmi_event_tasklet wireless usb C unreliable 7 904d 1080d 20/26 813d 8b3046abc99e ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()
KMSAN: uninit-value in ieee80211_sta_tx_notify (2) wireless 283 831d 921d 20/26 813d d5e568c3a4ec mac80211: track only QoS data frames for admission control
WARNING in ieee80211_vif_release_channel (2) wireless C done 5 888d 892d 20/26 813d 87a270625a89 mac80211: fix locking in ieee80211_start_ap error path
INFO: rcu detected stall in ieee80211_tasklet_handler wireless C error done 74 977d 1257d 20/26 813d 313bbd1990b6 mac80211-hwsim: fix late beacon hrtimer handling
general protection fault in ieee80211_assign_vif_chanctx wireless C inconclusive 4 951d 1209d 20/26 813d 563fbefed46a cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
KMSAN: uninit-value in _ieee802_11_parse_elems_crc wireless 1 908d 901d 20/26 813d 768c0b19b506 mac80211: validate extended element ID is present
memory leak in __ieee80211_beacon_get wireless syz 14 1087d 1208d 20/26 932d bd18de517923 mac80211_hwsim: drop pending frames on stop
WARNING in ieee80211_free_ack_frame wireless syz done 117 936d 1331d 20/26 932d bd18de517923 mac80211_hwsim: drop pending frames on stop
WARNING in ieee80211_get_sband wireless C done 7 1100d 1325d 20/26 932d 0ee4d55534f8 mac80211: remove warning in ieee80211_get_sband()
KMSAN: uninit-value in validate_beacon_head wireless C 284 1051d 1278d 20/26 932d 9a6847ba1747 nl80211: fix beacon head validation
INFO: task hung in register_netdevice_notifier (2) can wireless syz done 10555 1076d 1681d 20/26 932d 8d0caedb7596 can: bcm/raw/isotp: use per module netdevice notifier
KASAN: invalid-free in ieee80211_ibss_leave wireless C inconclusive 1 1176d 1204d 20/26 932d 3bd801b14e0c mac80211: fix double free in ibss_leave
WARNING in cfg80211_inform_single_bss_frame_data wireless C done 1 1121d 1214d 20/26 932d e298aa358f0c mac80211: fix skb length check in ieee80211_scan_rx()
possible deadlock in cfg80211_netdev_notifier_call (2) wireless 2 1104d 1115d 20/26 932d d5befb224edb mac80211: fix deadlock in AP/VLAN handling
WARNING in init_timer_key wireless C done 2 1102d 1209d 20/26 932d a64b6a25dd9f cfg80211: call cfg80211_leave_ocb when switching away from OCB
possible deadlock in cfg80211_netdev_notifier_call wireless syz done 13 1148d 1214d 20/26 1146d 40c575d1ec71 cfg80211: fix netdev registration deadlock
linux-next test error: possible deadlock in cfg80211_netdev_notifier_call wireless 6 1218d 1218d 20/26 1146d 38ec7c6b6bd6 virt_wifi: fix deadlock on RTNL
WARNING in cfg80211_change_iface wireless C inconclusive 4 1213d 1217d 20/26 1146d bae173563cbf wext: call cfg80211_change_iface() with wiphy lock held
WARNING in cfg80211_dev_rename wireless C inconclusive 22 1212d 1217d 20/26 1146d 0391a45c8007 nl80211: call cfg80211_dev_rename() under RTNL
WARNING in _cfg80211_unregister_wdev wireless C inconclusive 48 1211d 1217d 20/26 1146d 776a39b8196d cfg80211: call cfg80211_destroy_ifaces() with wiphy lock held
BUG: sleeping function called from invalid context in corrupted wireless syz done 18 1273d 1297d 19/26 1177d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
bpf test error: BUG: sleeping function called from invalid context in sta_info_move_state wireless 6 1287d 1293d 19/26 1177d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
KASAN: null-ptr-deref Write in rhashtable_free_and_destroy wireless 11 1196d 1273d 19/26 1177d 905b2032fa42 mac80211: mesh: fix mesh_pathtbl_init() error path
general protection fault in ieee80211_subif_start_xmit wireless C unreliable 29 1217d 1284d 19/26 1177d 054c9939b480 mac80211: pause TX while changing interface type
WARNING: suspicious RCU usage in get_wiphy_regdom wireless C done 5031 1228d 1260d 19/26 1177d 51d62f2f2c50 cfg80211: Save the regulatory domain with a lock
KASAN: use-after-free Write in rtl_fw_do_work (2) wireless 4 1262d 1267d 19/26 1177d 4dfde294b979 rtlwifi: rise completion at the last step of firmware callback
upstream test error: BUG: sleeping function called from invalid context in sta_info_move_state wireless 53 1287d 1296d 19/26 1177d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
linux-next test error: BUG: sleeping function called from invalid context in sta_info_move_state wireless 3 1297d 1301d 19/26 1177d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
net test error: BUG: sleeping function called from invalid context in sta_info_move_state wireless 4 1294d 1301d 19/26 1177d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
net-next test error: BUG: sleeping function called from invalid context in sta_info_move_state wireless 12 1287d 1296d 19/26 1177d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
WARNING: suspicious RCU usage in wiphy_apply_custom_regulatory wireless C done 28 1260d 1257d 19/26 1177d 51d62f2f2c50 cfg80211: Save the regulatory domain with a lock
WARNING in rhashtable_free_and_destroy wireless C error 3 1273d 1366d 19/26 1177d 905b2032fa42 mac80211: mesh: fix mesh_pathtbl_init() error path
BUG: sleeping function called from invalid context in sta_info_move_state wireless C done 39248 1272d 1303d 19/26 1177d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
bpf-next test error: BUG: sleeping function called from invalid context in sta_info_move_state wireless 13 1272d 1292d 19/26 1177d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
UBSAN: array-index-out-of-bounds in ieee80211_del_key (2) wireless C error 3 1268d 1276d 19/26 1177d 2d9463083ce9 nl80211: validate key indexes for cfg80211_registered_device
general protection fault in wext_handle_ioctl wireless C inconclusive 9 1220d 1309d 19/26 1177d 5122565188ba wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
memory leak in ieee80211_check_fast_xmit wireless C 983 1300d 1344d 15/26 1290d dcd479e10a05 mac80211: always wind down STA state
WARNING in ieee80211_s1g_channel_width wireless C done 3 1333d 1333d 15/26 1290d c1cd35c60601 cfg80211: only allow S1G channels on S1G band
KMSAN: uninit-value in ieee80211_skb_resize wireless C 5 1319d 1344d 15/26 1290d 14f46c1e5108 mac80211: fix use of skb payload instead of header
KASAN: use-after-free Read in ath9k_hif_usb_rx_cb wireless C 2849 1291d 1525d 15/26 1290d 03fb92a432ea ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
general protection fault in ieee80211_key_free wireless C done 3 1326d 1331d 15/26 1290d 3dc289f8f139 net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
UBSAN: array-index-out-of-bounds in ieee80211_del_key wireless C done 685 1300d 1344d 15/26 1290d 3dc289f8f139 net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
INFO: trying to register non-static key in del_timer_sync (2) wireless usb C 1206 1822d 1874d 15/26 1290d 621a3a8b1c0e mwifiex: don't call del_timer_sync() on uninitialized timer
KASAN: use-after-free Write in ath9k_htc_rx_msg wireless C 93 1448d 1525d 15/26 1412d e4ff08a4d727 ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
KASAN: stack-out-of-bounds Write in ath9k_hif_usb_rx_cb wireless C 57 1448d 1521d 15/26 1412d 19d6c375d671 ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
KASAN: use-after-free Read in htc_connect_service wireless C 41041 1447d 1525d 15/26 1412d ced21a4c726b ath9k: Fix use-after-free Read in htc_connect_service
general protection fault in cfg80211_dev_rename wireless 1 1482d 1478d 15/26 1412d 0bbab5f03015 cfg80211: fix debugfs rename crash
KASAN: use-after-free Read in ath9k_wmi_ctrl_rx wireless C 1 1525d 1524d 15/26 1412d abeaa85054ff ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
general protection fault in ath9k_hif_usb_rx_cb wireless C 913 1412d 1525d 15/26 1412d 2bbcaaee1fcb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
WARNING in hwsim_new_radio_nl wireless C done 3 1508d 1510d 15/26 1441d 7ea862048317 mac80211_hwsim: Use kstrndup() in place of kasprintf()
WARNING in set_precision (2) wireless C done 117 1503d 1601d 15/26 1441d 7ea862048317 mac80211_hwsim: Use kstrndup() in place of kasprintf()
BUG: unable to handle kernel NULL pointer dereference in cfg80211_wext_siwrts wireless 3 1592d 1601d 15/26 1562d 24953de0a5e3 cfg80211: check for set_wiphy_params
KASAN: use-after-free Read in rsi_rx_done_handler wireless 8 1601d 1730d 15/26 1562d e93cd35101b6 rsi: fix use-after-free on failed probe and unbind
BUG: unable to handle kernel NULL pointer dereference in cfg80211_wext_siwfrag wireless C done 8 1593d 1605d 15/26 1562d 24953de0a5e3 cfg80211: check for set_wiphy_params
WARNING: ODEBUG bug in rsi_probe usb wireless C 10487 1577d 1872d 15/26 1562d 92aafe77123a rsi: fix use-after-free on probe errors
KASAN: invalid-free in rsi_91x_deinit usb wireless C 109 1716d 1863d 13/26 1644d 8b51dc729147 rsi: fix a double free bug in rsi_91x_deinit()
general protection fault in ath6kl_usb_alloc_urb_from_pipe usb wireless C 1160 1714d 1874d 13/26 1688d 39d170b3cb62 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
WARNING in zd_mac_clear usb wireless C 13194 1714d 1874d 13/26 1688d 7a2eb7367fde zd1211rw: remove false assertion from zd_mac_clear()
INFO: trying to register non-static key in rtl_c2hcmd_launcher usb wireless C 48950 1766d 1874d 12/26 1759d 6c0ed66f1a5b rtlwifi: rtl8192cu: fix error handle when usb probe failed
KASAN: use-after-free Read in p54u_load_firmware_cb wireless usb syz 40 1767d 1850d 12/26 1759d 6e41e2257f10 p54usb: Fix race between disconnect and firmware loading
WARNING in wiphy_register (4) wireless syz error 3 1873d 1902d 12/26 1829d 45fcef8b727b mac80211_hwsim: calculate if_combination.max_interfaces
general protection fault in ieee80211_debugfs_rename_netdev wireless 8 1858d 1872d 12/26 1829d 517879147493 mac80211: don't attempt to rename ERR_PTR() debugfs dirs
KASAN: global-out-of-bounds Read in validate_nla wireless C 14 1947d 1952d 11/26 1912d a8b5c6d69261 nl80211: fix NLA_POLICY_NESTED() arguments
WARNING in wiphy_register (3) wireless syz 31 1947d 1978d 11/26 1912d 9c5d3afac436 mac80211_hwsim: check that n_limits makes sense
WARNING in wiphy_register (2) wireless C 8 2113d 2114d 10/26 2088d 484004339d45 mac80211_hwsim: require at least one channel
WARNING in add_uevent_var wireless C 5 2250d 2250d 5/26 2205d a7cfebcb7594 cfg80211: limit wiphy names to 128 bytes
KASAN: use-after-free Read in mac80211_hwsim_del_radio wireless 11 2252d 2282d 5/26 2213d 8cfd36a0b53a mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
WARNING in check_flush_dependency wireless C 2205 2286d 2319d 4/26 2284d ce162bfbc0b6 mac80211_hwsim: don't use WQ_MEM_RECLAIM
WARNING in wiphy_register wireless C 15 2326d 2328d 4/26 2319d 51a1aaa631c9 mac80211_hwsim: validate number of different channels
WARNING in rfkill_alloc wireless C 6 2327d 2328d 4/26 2319d 59b179b48ce2 cfg80211: check dev_set_name() return value