syzbot


Applied filters: Label=subsystems:wireless (drop)
Title Repro Cause bisect Fix bisect Count Last Reported Patched Closed Patch
KMSAN: uninit-value in hwsim_cloned_frame_received_nl wireless C 8315 25d 1095d 22/25 never fba360a047d5 wifi: mac80211_hwsim: drop short frames
WARNING in ieee80211_probe_client net wireless C done error 124 13d 1083d 22/25 never 67dfa589aa88 wifi: mac80211: check for station first in client probe
KMSAN: uninit-value in ieee80211_rx_handlers wireless net C 8 27d 83d 22/25 never 19e4a47ee747 wifi: mac80211: check S1G action frame size
WARNING in sta_info_insert_rcu (3) wireless C done 6 29d 70d 22/25 never 5d4e04bf3a0f wifi: cfg80211: reject auth/assoc to AP with our address
WARNING in ieee80211_bss_info_change_notify net wireless C done 7595 10h18m 1086d 22/25 never abc76cf552e1 wifi: cfg80211: ocb: don't leave if not joined
memory leak in htc_connect_service wireless C 1 131d 212d 24/25 never 061b0cb9327b wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
INFO: trying to register non-static key in skb_queue_tail wireless C unreliable done 171 86d 1188d 24/25 never 061b0cb9327b wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
KMSAN: uninit-value in ath9k_wmi_ctrl_rx wireless C 45 79d 201d 24/25 never f24292e82708 wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
KMSAN: uninit-value in __netif_receive_skb_core wireguard wireless C done 353 21d 1991d 22/25 never dc644b540a2d tcx: Fix splat in ingress_destroy upon tcx_entry_free
memory leak in hwsim_new_radio_nl wireless C 1 135d 134d 24/25 84d 098abbd48ec1 mac80211_hwsim: fix memory leak in hwsim_new_radio_nl
general protection fault in free_percpu (2) net wireless 1 254d 254d 24/25 107d 80f8a66dede0 Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()"
memory leak in ath9k_hif_usb_rx_cb wireless C 1 283d 279d 24/25 107d 0af54343a762 wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
general protection fault in jhash wireless C done done 15 156d 176d 24/25 107d 2bef4d1fb8b3 wifi: mac80211_hwsim: fix potential NULL deref in hwsim_pmsr_report_nl()
memory leak in ath9k_hif_usb_firmware_cb wireless C 1591 251d 1047d 24/25 107d 9b25e3985477 wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
memory leak in regulatory_hint_core net wireless C 2 306d 334d 24/25 107d 399ab7fe0fa0 net: sched: fix memory leak in tcindex_set_parms
WARNING in ath6kl_htc_pipe_rx_complete usb wireless C error 2008 147d 1416d 24/25 107d 75c4a8154cb6 wifi: ath6kl: reduce WARN to dev_dbg() in callback
general protection fault in skb_dequeue (3) net wireless C done 6 225d 235d 24/25 107d 33b3b041543e splice: Add a func to do a splice from an O_DIRECT file without ITER_PIPE
memory leak in __build_skb (3) wireless C 2 268d 265d 24/25 107d 9b25e3985477 wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
INFO: trying to register non-static key in ieee80211_do_stop net wireless C error 70591 397d 436d 24/25 211d aa40d5a43526 wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop() wifi: mac80211: do not abuse fq.lock in ieee80211_do_stop()
WARNING: lock held when returning to user space in ieee80211_change_mac net wireless 1 361d 357d 24/25 211d ceb3d688f922 wifi: mac80211: unlock on error in ieee80211_can_powered_addr_change()
general protection fault in ath9k_hif_usb_rx_cb (2) wireless C error 1678 410d 1163d 24/25 211d 0ac4827f78c7 ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
upstream boot error: general protection fault in ieee80211_register_hw net wireless 1 405d 405d 24/25 211d 9993a4f989c7 virtio: Revert "virtio: find_vqs() add arg sizes"
KASAN: use-after-free Read in ar5523_cmd_tx_cb usb wireless C inconclusive 372 307d 362d 24/25 211d b6702a942a06 wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
KMSAN: kernel-usb-infoleak in hif_usb_send wireless C 18149 519d 1138d 24/25 211d d1e0df1c57bd ath9k_htc: fix uninit value bugs
WARNING in wireless_send_event wireless net C 210 328d 365d 24/25 211d e3e6e1d16a4c wifi: wext: use flex array destination for memcpy()
KMSAN: uninit-value in ath9k_htc_rx_msg wireless C 17731 222d 1140d 24/25 211d b383e8abed41 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
WARNING in ieee80211_link_info_change_notify net wireless C inconclusive 1376 211d 454d 24/25 211d 591e73ee3f73 wifi: mac80211: properly skip link info driver update
general protection fault in ieee80211_subif_start_xmit (2) wireless C error 5 328d 335d 24/25 211d 780854186946 wifi: mac80211: fix general-protection-fault in ieee80211_subif_start_xmit()
upstream boot error: stack segment fault in kvmalloc_node wireless 1 406d 406d 24/25 211d 9993a4f989c7 virtio: Revert "virtio: find_vqs() add arg sizes"
upstream boot error: WARNING in wiphy_register net wireless 1 405d 405d 24/25 211d 9993a4f989c7 virtio: Revert "virtio: find_vqs() add arg sizes"
WARNING in wdev_chandef net wireless 12 413d 455d 24/25 211d 206bbcf76121 wifi: nl80211: hold wdev mutex for tid config
WARNING in cfg80211_ch_switch_notify net wireless C done 744 412d 456d 24/25 211d 77e7b6ba78ed wifi: cfg80211: handle IBSS in channel switch
WARNING in hif_usb_send/usb_submit_urb wireless C unreliable done 374 292d 1084d 24/25 211d 16ef02bad239 wifi: ath9k: verify the expected usb_endpoints are present
KASAN: use-after-free Read in ieee80211_scan_rx (3) wireless net 10 408d 516d 24/25 211d 60deb9f10eec wifi: mac80211: Fix UAF in ieee80211_scan_rx()
INFO: task hung in ath6kl_usb_power_off wireless 7454 409d 1174d 24/25 211d 62ebaf2f9261 ath6kl: avoid flush_scheduled_work() usage
WARNING in ieee80211_ibss_csa_beacon net wireless C error 4997 212d 1081d 24/25 211d 15bc8966b6d3 wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
general protection fault in ieee80211_chanctx_num_assigned wireless C inconclusive done 15 648d 1082d 22/25 499d 563fbefed46a cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
KASAN: out-of-bounds Read in ath9k_hif_usb_rx_cb (3) wireless usb C unreliable done 7 588d 991d 22/25 556d 6ce708f54cc8 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
memory leak in reg_copy_regd net wireless C 1 798d 794d 22/25 564d e53e9828a8d2 cfg80211: always free wiphy specific regdomain
KASAN: null-ptr-deref Write in rhashtable_free_and_destroy (2) net wireless C unreliable 38 629d 894d 22/25 564d 8b5cb7e41d9d mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
INFO: task hung in disconnect_work net wireless C inconclusive done 3 675d 949d 22/25 564d 563fbefed46a cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
INFO: trying to register non-static key in ath9k_htc_rxep wireless C unreliable 9896 619d 1192d 22/25 564d b0ec7e55fce6 ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
WARNING in rtl92cu_hw_init wireless 1 664d 660d 22/25 564d 8b144dedb928 rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
WARNING in ieee80211_parse_tx_radiotap net wireless 2 741d 739d 22/25 564d 13cb6d826e0a mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
INFO: trying to register non-static key in ath9k_wmi_event_tasklet wireless usb C unreliable 7 655d 832d 22/25 564d 8b3046abc99e ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()
KMSAN: uninit-value in ieee80211_sta_tx_notify (2) net wireless 283 583d 672d 22/25 564d d5e568c3a4ec mac80211: track only QoS data frames for admission control
WARNING in ieee80211_vif_release_channel (2) net wireless C done 5 640d 643d 22/25 564d 87a270625a89 mac80211: fix locking in ieee80211_start_ap error path
INFO: rcu detected stall in ieee80211_tasklet_handler net wireless C error done 74 728d 1008d 22/25 564d 313bbd1990b6 mac80211-hwsim: fix late beacon hrtimer handling
general protection fault in ieee80211_assign_vif_chanctx wireless C inconclusive 4 702d 960d 22/25 564d 563fbefed46a cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
KMSAN: uninit-value in _ieee802_11_parse_elems_crc net wireless 1 659d 652d 22/25 564d 768c0b19b506 mac80211: validate extended element ID is present
memory leak in __ieee80211_beacon_get wireless syz 14 838d 959d 22/25 683d bd18de517923 mac80211_hwsim: drop pending frames on stop
WARNING in ieee80211_free_ack_frame wireless syz done 117 687d 1082d 22/25 683d bd18de517923 mac80211_hwsim: drop pending frames on stop
WARNING in ieee80211_get_sband net wireless C done 7 851d 1076d 22/25 683d 0ee4d55534f8 mac80211: remove warning in ieee80211_get_sband()
KMSAN: uninit-value in validate_beacon_head wireless net C 284 802d 1029d 22/25 683d 9a6847ba1747 nl80211: fix beacon head validation
INFO: task hung in register_netdevice_notifier (2) can wireless syz done 10555 827d 1432d 22/25 683d 8d0caedb7596 can: bcm/raw/isotp: use per module netdevice notifier
KASAN: invalid-free in ieee80211_ibss_leave wireless C inconclusive 1 927d 955d 22/25 683d 3bd801b14e0c mac80211: fix double free in ibss_leave
WARNING in cfg80211_inform_single_bss_frame_data wireless C done 1 872d 965d 22/25 683d e298aa358f0c mac80211: fix skb length check in ieee80211_scan_rx()
possible deadlock in cfg80211_netdev_notifier_call (2) net wireless 2 855d 866d 22/25 683d d5befb224edb mac80211: fix deadlock in AP/VLAN handling
WARNING in init_timer_key wireless C done 2 853d 960d 22/25 683d a64b6a25dd9f cfg80211: call cfg80211_leave_ocb when switching away from OCB
possible deadlock in cfg80211_netdev_notifier_call net wireless syz done 13 899d 965d 22/25 897d 40c575d1ec71 cfg80211: fix netdev registration deadlock
linux-next test error: possible deadlock in cfg80211_netdev_notifier_call net wireless 6 969d 969d 22/25 897d 38ec7c6b6bd6 virt_wifi: fix deadlock on RTNL
WARNING in cfg80211_change_iface net wireless C inconclusive 4 964d 968d 22/25 897d bae173563cbf wext: call cfg80211_change_iface() with wiphy lock held
WARNING in cfg80211_dev_rename net wireless C inconclusive 22 963d 968d 22/25 897d 0391a45c8007 nl80211: call cfg80211_dev_rename() under RTNL
WARNING in _cfg80211_unregister_wdev net wireless C inconclusive 48 963d 968d 22/25 897d 776a39b8196d cfg80211: call cfg80211_destroy_ifaces() with wiphy lock held
BUG: sleeping function called from invalid context in corrupted net wireless syz done 18 1024d 1048d 21/25 928d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
bpf test error: BUG: sleeping function called from invalid context in sta_info_move_state net wireless 6 1038d 1044d 21/25 928d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
KASAN: null-ptr-deref Write in rhashtable_free_and_destroy net wireless 11 947d 1024d 21/25 928d 905b2032fa42 mac80211: mesh: fix mesh_pathtbl_init() error path
general protection fault in ieee80211_subif_start_xmit wireless C unreliable 29 968d 1035d 21/25 928d 054c9939b480 mac80211: pause TX while changing interface type
WARNING: suspicious RCU usage in get_wiphy_regdom net wireless C done 5031 979d 1011d 21/25 928d 51d62f2f2c50 cfg80211: Save the regulatory domain with a lock
KASAN: use-after-free Write in rtl_fw_do_work (2) wireless 4 1013d 1018d 21/25 928d 4dfde294b979 rtlwifi: rise completion at the last step of firmware callback
upstream test error: BUG: sleeping function called from invalid context in sta_info_move_state net wireless 53 1038d 1047d 21/25 928d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
linux-next test error: BUG: sleeping function called from invalid context in sta_info_move_state net wireless 3 1049d 1052d 21/25 928d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
net test error: BUG: sleeping function called from invalid context in sta_info_move_state net wireless 4 1045d 1052d 21/25 928d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
net-next test error: BUG: sleeping function called from invalid context in sta_info_move_state net wireless 12 1038d 1047d 21/25 928d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
WARNING: suspicious RCU usage in wiphy_apply_custom_regulatory net wireless C done 28 1011d 1008d 21/25 928d 51d62f2f2c50 cfg80211: Save the regulatory domain with a lock
WARNING in rhashtable_free_and_destroy net wireless C error 3 1024d 1117d 21/25 928d 905b2032fa42 mac80211: mesh: fix mesh_pathtbl_init() error path
BUG: sleeping function called from invalid context in sta_info_move_state net wireless C done 39248 1023d 1054d 21/25 928d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
bpf-next test error: BUG: sleeping function called from invalid context in sta_info_move_state net wireless 13 1023d 1043d 21/25 928d 7bc40aedf24d mac80211: free sta in sta_info_insert_finish() on errors
UBSAN: array-index-out-of-bounds in ieee80211_del_key (2) net wireless C error 3 1019d 1027d 21/25 928d 2d9463083ce9 nl80211: validate key indexes for cfg80211_registered_device
general protection fault in wext_handle_ioctl net wireless C inconclusive 9 971d 1060d 21/25 928d 5122565188ba wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
memory leak in ieee80211_check_fast_xmit net wireless C 983 1051d 1095d 17/25 1041d dcd479e10a05 mac80211: always wind down STA state
WARNING in ieee80211_s1g_channel_width net wireless C done 3 1084d 1084d 17/25 1041d c1cd35c60601 cfg80211: only allow S1G channels on S1G band
KMSAN: uninit-value in ieee80211_skb_resize net wireless C 5 1070d 1095d 17/25 1041d 14f46c1e5108 mac80211: fix use of skb payload instead of header
KASAN: use-after-free Read in ath9k_hif_usb_rx_cb wireless C 2849 1042d 1277d 17/25 1041d 03fb92a432ea ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
general protection fault in ieee80211_key_free net wireless C done 3 1077d 1082d 17/25 1041d 3dc289f8f139 net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
UBSAN: array-index-out-of-bounds in ieee80211_del_key net wireless C done 685 1051d 1095d 17/25 1041d 3dc289f8f139 net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
INFO: trying to register non-static key in del_timer_sync (2) wireless usb C 1206 1574d 1625d 17/25 1041d 621a3a8b1c0e mwifiex: don't call del_timer_sync() on uninitialized timer
KASAN: use-after-free Write in ath9k_htc_rx_msg wireless C 93 1199d 1277d 17/25 1163d e4ff08a4d727 ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
KASAN: stack-out-of-bounds Write in ath9k_hif_usb_rx_cb wireless C 57 1199d 1272d 17/25 1163d 19d6c375d671 ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
KASAN: use-after-free Read in htc_connect_service wireless C 41041 1198d 1277d 17/25 1163d ced21a4c726b ath9k: Fix use-after-free Read in htc_connect_service
general protection fault in cfg80211_dev_rename net wireless 1 1233d 1229d 17/25 1163d 0bbab5f03015 cfg80211: fix debugfs rename crash
KASAN: use-after-free Read in ath9k_wmi_ctrl_rx wireless C 1 1276d 1275d 17/25 1163d abeaa85054ff ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
general protection fault in ath9k_hif_usb_rx_cb wireless C 913 1163d 1277d 17/25 1163d 2bbcaaee1fcb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
WARNING in hwsim_new_radio_nl wireless C done 3 1259d 1261d 17/25 1192d 7ea862048317 mac80211_hwsim: Use kstrndup() in place of kasprintf()
WARNING in set_precision (2) wireless C done 117 1254d 1352d 17/25 1192d 7ea862048317 mac80211_hwsim: Use kstrndup() in place of kasprintf()
BUG: unable to handle kernel NULL pointer dereference in cfg80211_wext_siwrts net wireless 3 1343d 1352d 16/25 1313d 24953de0a5e3 cfg80211: check for set_wiphy_params
KASAN: use-after-free Read in rsi_rx_done_handler wireless 8 1352d 1481d 16/25 1313d e93cd35101b6 rsi: fix use-after-free on failed probe and unbind
BUG: unable to handle kernel NULL pointer dereference in cfg80211_wext_siwfrag net wireless C done 8 1344d 1356d 16/25 1313d 24953de0a5e3 cfg80211: check for set_wiphy_params
WARNING: ODEBUG bug in rsi_probe usb wireless C 10487 1328d 1623d 16/25 1313d 92aafe77123a rsi: fix use-after-free on probe errors
KASAN: invalid-free in rsi_91x_deinit usb wireless C 109 1467d 1614d 14/25 1395d 8b51dc729147 rsi: fix a double free bug in rsi_91x_deinit()
general protection fault in ath6kl_usb_alloc_urb_from_pipe usb wireless C 1160 1466d 1625d 14/25 1439d 39d170b3cb62 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
WARNING in zd_mac_clear usb wireless C 13194 1465d 1626d 14/25 1439d 7a2eb7367fde zd1211rw: remove false assertion from zd_mac_clear()
INFO: trying to register non-static key in rtl_c2hcmd_launcher usb wireless C 48950 1517d 1626d 13/25 1510d 6c0ed66f1a5b rtlwifi: rtl8192cu: fix error handle when usb probe failed
KASAN: use-after-free Read in p54u_load_firmware_cb wireless usb syz 40 1518d 1602d 13/25 1510d 6e41e2257f10 p54usb: Fix race between disconnect and firmware loading
WARNING in wiphy_register (4) net wireless syz error 3 1624d 1653d 13/25 1580d 45fcef8b727b mac80211_hwsim: calculate if_combination.max_interfaces
general protection fault in ieee80211_debugfs_rename_netdev wireless net 8 1609d 1623d 13/25 1580d 517879147493 mac80211: don't attempt to rename ERR_PTR() debugfs dirs
KASAN: global-out-of-bounds Read in validate_nla net wireless C 14 1698d 1703d 12/25 1663d a8b5c6d69261 nl80211: fix NLA_POLICY_NESTED() arguments
WARNING in wiphy_register (3) net wireless syz 31 1698d 1729d 12/25 1663d 9c5d3afac436 mac80211_hwsim: check that n_limits makes sense
WARNING in wiphy_register (2) net wireless C 8 1864d 1865d 11/25 1839d 484004339d45 mac80211_hwsim: require at least one channel
WARNING in add_uevent_var net wireless C 5 2001d 2001d 6/25 1956d a7cfebcb7594 cfg80211: limit wiphy names to 128 bytes
KASAN: use-after-free Read in mac80211_hwsim_del_radio wireless 11 2003d 2033d 6/25 1964d 8cfd36a0b53a mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
WARNING in check_flush_dependency wireless net C 2205 2037d 2070d 4/25 2035d ce162bfbc0b6 mac80211_hwsim: don't use WQ_MEM_RECLAIM
WARNING in wiphy_register net wireless C 15 2077d 2079d 4/25 2070d 51a1aaa631c9 mac80211_hwsim: validate number of different channels
WARNING in rfkill_alloc net wireless C 6 2078d 2079d 4/25 2070d 59b179b48ce2 cfg80211: check dev_set_name() return value