Problems in Linux Kernel
This section contains information about problems in Linux kernel found within Linux Driver Verification program.
Click on a problem number for detailed description. Click on a column header to change the sorting order.
| No. | Type | Brief | Added on | Accepted | Status |
| L0055 | Crash | mei: missed unlock dev->device_lock mutex on error path in mei_open() | 2011-11-08 | https://lkml.org/lkml/2011/8/30/367 commit |
Fixed in kernel 3.2-rc1 |
| L0054 | Crash | lirc_sasem: разыменование нулевого указателя в sasem_probe() | 2011-11-08 | https://lkml.org/lkml/2011/10/26/104 commit |
Fixed in kernel 3.2-rc1 |
| L0053 | Crash | lirc: mismatch in mutex lock-unlock in imon_probe | 2011-11-08 | https://lkml.org/lkml/2011/8/29/395 commit |
Fixed in kernel 3.2-rc1 |
| L0052 | Crash | staging/easycap: mismatch in easycap_poll() mutex lock-unlock | 2011-11-08 | https://lkml.org/lkml/2011/8/29/334 commit |
Fixed in kernel 3.2-rc1 |
| L0051 | Crash | serqt_usb2: fix sleeping with spinlock held | 2011-11-08 | https://lkml.org/lkml/2011/8/9/23 commit |
Fixed in kernel 3.2-rc1 |
| L0050 | Crash | carl9170: unlock of unheld mutex in carl9170_op_set_key | 2011-08-30 | https://lkml.org/lkml/2011/8/23/380 commit |
Fixed in kernel 3.1-rc5 |
| K0009 | Leak | (ath5k) sc->ah is allocated in ath5k_init_softc() but is not freed | 2011-08-08 | Kernel Bug Tracker, bug #37592 | Fixed in the kernel 3.1-rc1 |
| L0049 | Crash | hfsplus: Fix double iput of the same inode in hfsplus_fill_super() | 2011-06-24 | https://lkml.org/lkml/2011/6/23/675 commit |
Fixed in kernel 3.0 |
| L0048 | Crash | hfsplus: add error checking for hfs_find_init() | 2011-06-24 | https://lkml.org/lkml/2011/7/5/500 commit |
Fixed in kernel 3.1-rc1 |
| L0047 | Leak | drivers/video/hecubafb.c: absence of module_put on an error path in hecubafb_probe() | 2011-06-20 | https://lkml.org/lkml/2011/6/17/267 commit |
Fixed in kernel 3.0-rc6 |
| L0046 | Leak | gigaset: absence of call module_put before restart of if_open() | 2011-06-20 | https://lkml.org/lkml/2011/6/17/321 commit 2f9381e | Fixed in kernel 3.0-rc4 |
| L0045 | Leak | drivers/net/wan/farsync.c: module_get() without module_put() on an error path in fst_open() | 2011-06-20 | https://lkml.org/lkml/2011/6/17/320 commit d0fd64c | Fixed in kernel 3.0-rc4 |
| L0044 | Crash | drivers/usb/gadget/inode.c: lack of unlock data->lock mutex on error path in ep_write() | 2011-06-08 | https://lkml.org/lkml/2011/5/26/58 commit |
Fixed in kernel 3.0-rc3 |
| L0042 | Leak | drivers/media/radio/si470x/radio-si470x-usb.c: memory leak in si470x_usb_driver_probe() | 2011-06-08 | https://lkml.org/lkml/2011/5/31/483 commit |
Fixed in kernel 3.1-rc1 |
| L0041 | Deadlock | drivers/net/usb/catc.c: potential deadlock in catc_ctrl_run() | 2011-06-07 | https://lkml.org/lkml/2011/5/31/504 commit |
Fixed in kernel 3.0-rc2 |
| L0040 | Crash | drivers/media/dvb/dvb-usb/lmedm04.c: Do not unlock mutex if mutex_lock_interruptible failed | 2011-06-01 | https://lkml.org/lkml/2011/4/15/306 commit |
Fixed in kernel 3.0-rc1 |
| K0005 | Leak | (ath5k) Not all elements of chinfo[pier].pd_curves[] are freed | 2011-04-05 | Kernel Bug Tracker, bug #32942 | Fixed in the kernel 3.0 |
| K0004 | Leak | (ath5k) Memory kcalloc'ed in ath5k_eeprom_convert_pcal_info_* is not always kfree'd | 2011-04-05 | Kernel Bug Tracker, bug #32722 | Fixed in the kernel 3.0 |
| L0039 | Crash | drivers/usb/gadget/inode.c: lack of unlock data->lock mutex on error path in ep_read() | 2011-03-22 | https://lkml.org/lkml/2011/3/9/37 commit |
Fixed in kernel 2.6.39-rc4 |
| K0002 | Crash | (ext4) Calling kfree for uninitialized pointer in ext4_mb_init_backend | 2011-03-10 | Kernel Bug Tracker, bug #30872 | Fixed in the kernel 2.6.39-rc1 |
| L0038 | Crash | drivers/input/tablet/wacom_sys.c: lack of usb_free_urb() at error path | 2011-02-09 | https://lkml.org/lkml/2011/2/9/21 commit |
Fixed in kernel 2.6.38-rc5 |
| L0037 | Crash | drivers/media/video/tlg2300/pd-video.c: double mutex_unlock | 2011-02-04 | https://lkml.org/lkml/2011/1/25/478 commit |
Fixed in kernel 2.6.39-rc1 |
| L0036 | Crash | drivers/rtc/rtc-proc.c: have no module_put after module get on error path | 2011-02-04 | https://lkml.org/lkml/2011/1/28/103 commit |
Fixed in kernel 2.6.38-rc5 |
| L0035 | Crash | drivers/media/radio/si470x/radio-si470x-common.c: double mutex_lock in si470x_fops_read() | 2011-01-24 | https://lkml.org/lkml/2011/1/23/11 commit |
Fixed in kernel 2.6.39-rc1 |
| L0034 | Crash | pohmelfs/dir.c: unneeded mutex_unlock() in pohmelfs_rename() | 2011-01-21 | https://lkml.org/lkml/2011/1/19/334 commit |
Fixed in kernel 2.6.39-rc1 |
| K0001 | Crash | (ext4) NPD when using sb->s_fs_info during clean-up after a failed mount | 2011-01-14 | Kernel Bug Tracker, bug #26752 | Fixed in the kernel 2.6.39-rc1 |
| L0033 | Crash | drivers/net/wireless/iwlwifi/iwl3945-base.c: mutex_unlock without mutex_lock | 2010-12-14 | commit 7ada88e5e5d7b465de8d0441b4a8d890a602074f | Fixed in 2.6.35 |
| L0032 | Crash | return from function without mutex_unlock in drivers/media/video/cx231xx/cx231xx-core.c | 2010-12-13 | https://lkml.org/lkml/2010/12/13/343 | Message in LKML |
| L0030 | Crash | kernel/range.c: clean_sort_range() returns incorrect result for full array | 2010-12-10 | https://lkml.org/lkml/2010/11/5/264 commit |
Fixed in kernel 2.6.37 |
| K0003 | Crash | (fat) Memory allocation failure is not handled in fat_cache_add | 2010-12-10 | Kernel Bug Tracker, bug #24622 | Fixed in the kernel 3.0 |
| L0029 | Crash | drivers/media/radio/radio-gemtek-pci.c: mutex_lock imbalances | 2010-09-14 | commit fe643414dbf330d6d910e01edd48dd93dc6f2942, http://lkml.org/lkml/2009/7/13/320 | Fixed in kernel 2.6.32 |
| L0027 | Crash | drivers/media/radio/radio-gemtek-pci.c: Double mutex_lock | 2010-08-23 | commit 3addbb8075c00e2a2408c192bd1002dead26b2aa | Fixed in kernel 2.6.32 |
| L0026 | Crash | drivers/net/3c505.c: Get spin_lock twice | 2010-06-08 | http://lkml.org/lkml/2010/6/7/139 | Recognized as an error |
| L0025 | Crash | drivers/mtd/mtd_blkdevs.c: Unsafe use of function module_put | 2010-01-26 | http://lkml.org/lkml/2010/1/12/246, commit 048d87199566663e4edc4880df3703c04bcf41d9 | Fixed in kernel 2.6.35 |
| L0023 | Crash | drivers/usb/mos7840.c: Null dereference | 2009-12-23 | http://lkml.org/lkml/2009/12/21/140 | Fixed in kernel 2.6.35 |
| L0022 | Crash | drivers/usb/mos7840.c: Null dereference | 2009-12-23 | http://lkml.org/lkml/2009/12/21/135 | Recognized as an error. |
| L0021 | Crash | drivers/usb/mos7840.c: Null dereference | 2009-12-23 | http://lkml.org/lkml/2009/12/21/131 | Recognized as an error |
| L0020 | Crash | drivers/net/hamradio/bpqether.c: Null dereference | 2009-12-23 | http://kerneltrap.org/mailarchive/linux-netdev/2009/12/15/6264106 | Message in LKML |
| L0019 | Crash | drivers/net/3c507.c: Null dereference | 2009-12-22 | http://lkml.org/lkml/2009/12/21/120 | Recognized as an error |
| L0018 | Crash | drivers/isdn/icn/icn.c: Null dereference | 2009-12-22 | http://lkml.org/lkml/2009/12/15/219 | Recognized as an error |
| L0017 | Crash | drivers/message/fusion/mptscsih.c: Null dereference | 2009-12-22 | http://kerneltrap.org/mailarchive/linux-scsi/2009/12/14/6643693/ | Send message to LKML |
| L0016 | Crash | drivers/ata/sata_mv.c: Null dereference | 2009-12-22 | http://lkml.org/lkml/2009/12/14/237, commit 0535f2bc170bc0779ac471faff39f633ca19ab59 | Fixed in kernel 2.6.33 |
| L0015 | Crash | drivers/input/input.c: Possible mutex_lock without mutex_unlock | 2009-10-14 | http://lkml.org/lkml/2009/10/13/353, commit 1572ca2a842a839b78780d9074d2f140b31907cc | Fixed in kernel 2.6.32 |
| L0014 | Crash | drivers/hid/hidraw.c: Double mutex_lock | 2009-10-13 | http://lkml.org/lkml/2009/10/12/101, commit b0e14951ee0f6c29abc64b92ec7075a159ede37c | Fixed in kernel 2.6.35 |
| L0012 | Crash | drivers/net/irda/ali-ircc.c: Get spin_lock twice | 2009-10-08 | http://lkml.org/lkml/2009/10/8/113 | Message sent |
| L0011 | Crash | drivers/net/znet.c: Sleeping function called from invalid context | 2009-10-08 | http://lkml.org/lkml/2009/10/7/317, commit 879e9304134bb6214fb52377ac1e01e1910f4916 | Fixed in kernel 2.6.32 |
| L0010 | Crash | drivers/media/video/usbvideo/konicawc.c: Possible buffer overflow while use strncat | 2009-10-08 | http://lkml.org/lkml/2009/10/7/218, commit caac970f91f39f67b5e48680840605e24896ff99 | Fixed in kernel 2.6.33-rc1 |
| L0009 | Crash | drivers/char/isicom.c: Sleeping function called from invalid context | 2009-10-08 | http://lkml.org/lkml/2009/10/7/246, commit 2493c0c166565e36831196446af594eb07892daf | Fixed in kernel 2.6.33-rc1 |
| L0008 | Crash | drivers/media/video/usbvideo/quickcam_messenger.c: Possible buffer overflow while use strncat with wrong 3rd parameter. | 2009-10-07 | http://lkml.org/lkml/2009/10/7/217 commit |
Fixed in kernel 2.6.33-rc1 |
| L0006 | Crash | drivers/scsi/scsi_lib.c: Function might_sleep used in critical section: spin_lock/spin_unlock | 2009-09-22 | http://lkml.org/lkml/2009/9/24/537 | It is discussed |
| L0005 | Crash | drivers/gpu/drm/drm_gem.c: Potential BUG_ON assertion fails in drm_gem_object_free | 2009-09-18 | http://bugzilla.kernel.org/show_bug.cgi?id=13227 commit |
Fixed in kernel 2.6.34-rc1 |
| L0004 | Leak | security/selinux/hooks.c: Memory leak in inode_doinit_with_dentry() | 2009-09-14 | http://lkml.org/lkml/2009/8/10/119, commit 314dabb83a547ec4da819e8cbc78fac9cec605cd | Fixed in kernel 2.6.31 |
| L0003 | Crash | drivers/media/video/hdpvr/hdpvr-core.c(hdpvr-video.c): Mutex imbalances | 2009-09-14 | http://lkml.org/lkml/2009/6/19/274, commit 00c1e2167e3163d2e193644b7d768f06d2a8c279 | Fixed in kernel 2.6.32 |
| L0002 | Leak | fs/cifs/cifsencrypt.c: Memory leakage | 2009-09-14 | http://lkml.org/lkml/2009/8/11/210, commit 1b3859bc9e20d764316346665fc93ecea2d2b176 | Fixed in kernel 2.6.32 |
| L0001 | Crash | drivers/media/video/cafe_ccic.c: Mutex lock imbalances in function cafe_pci_probe | 2009-09-10 | http://lkml.org/lkml/2009/9/10/167, commit 0faf6f6b892aeb25934c9adc7fe328350d2d25cc | Fixed in kernel 2.6.34 |