syzbot

 sign-in | mailing list | source | docs
🐞 Open [116]
🐞 Fixed [70]
🐞 Invalid [212]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Out of 212 bugs, 173 were automatically obsoleted (27 due to revoked reproducers), 39 were invalidated by users.
Title Repro Cause bisect Fix bisect Count Last Reported
KASAN: use-after-free Read in exact_lock 53 62d 72d
kernel BUG in vlan_get_protocol_dgram C done 6 114d 229d
KASAN: use-after-free Read in fast_dput 14 106d 296d
SYZFAIL: iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed 4 107d 195d
SYZFAIL: ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) 81 91d 279d
KASAN: use-after-free Read in lock_get_status 4 143d 160d
BUG: corrupted list in tipc_nametbl_translate 2 146d 168d
general protection fault in cleanup_bearer C 14034 127d 130d
KASAN: out-of-bounds Read in __show_regs 1 149d 149d
BUG: soft lockup in br_multicast_group_expired (2) 1 151d 151d
BUG: Bad page map (3) 3 153d 298d
KASAN: use-after-free Write in virtio_transport_recv_pkt C inconclusive 1 206d 397d
KASAN: use-after-free Read in bdev_try_to_free_page 1 158d 158d
KASAN: use-after-free Read in binder_release_work C 154 140d 175d
BUG: soft lockup in mntput 1 177d 177d
SYZFAIL: handshake read failed 1 196d 196d
KASAN: use-after-free Write in l2tp_session_delete 2 197d 220d
kernel BUG in vlan_get_tci 2 201d 229d
SYZFAIL: netlink_send_ext: short netlink write 4 207d 296d
SYZFAIL: posix_spawn failed 9928 170d 307d
SYZFAIL: mmap of output file failed 20 195d 296d
SYZFAIL: child failed syz error error 1 219d 1227d
KASAN: use-after-free Read in ext4_convert_inline_data_nolock syz error 1 238d 371d
KASAN: use-after-free Read in __ext4_check_dir_entry C error 2 243d 361d
BUG: corrupted list in p9_fd_cancelled (4) 4 223d 333d
BUG: unable to handle kernel paging request in __raw_callee_save___kvm_vcpu_is_preempted 1 232d 232d
SYZFAIL: mkdir(syz-tmp) failed 299 194d 306d
SYZFAIL: bad allocate request 148 194d 304d
KASAN: use-after-free Read in wg_queue_enqueue_per_peer_tx 2 235d 239d
SYZFAIL: ShmemBuilder: too large output offset 51 195d 303d
general protection fault in steam_send_report 1 236d 236d
SYZFAIL: can't reallocate 1 239d 239d
SYZFAIL: SIGSEGV 841 201d 315d
KASAN: use-after-free Write in __tlb_remove_page_size 1 242d 242d
SYZFAIL: SIGFPE 2 244d 289d
general protection fault in free_swap_cache 1 253d 253d
KASAN: stack-out-of-bounds Read in __show_regs 1 255d 255d
BUG: soft lockup in br_multicast_port_group_expired 1 256d 256d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (5) 30 225d 344d
KASAN: use-after-free Read in br_multicast_port_group_expired 1 259d 259d
BUG: soft lockup in net_rx_action 2 259d 271d
BUG: soft lockup in __run_timers 2 259d 328d
BUG: soft lockup in sys_sendmmsg 2 260d 260d
KASAN: use-after-free Read in usb_udc_uevent (3) 1 261d 261d
BUG: soft lockup in __netif_receive_skb_core 1 263d 263d
KASAN: use-after-free Read in unaccount_page_cache_page (2) 1 266d 266d
KASAN: use-after-free Read in worker_thread 1 268d 268d
BUG: soft lockup in wg_expired_send_persistent_keepalive 1 271d 271d
BUG: soft lockup in br_multicast_group_expired 1 272d 272d
BUG: soft lockup in ip_list_rcv 1 273d 273d
BUG: soft lockup in run_rebalance_domains 1 274d 274d
BUG: soft lockup in ipv6_rcv 3 278d 295d
KASAN: null-ptr-deref Write in __kernfs_remove 1 281d 281d
BUG: soft lockup in vfork 1 283d 283d
BUG: soft lockup in sys_exit_group 1 289d 289d
SYZFAIL: bad thread state in completion syz error error 5 877d 1219d
KASAN: use-after-free Read in dev_get_by_index_rcu 1 298d 298d
BUG: soft lockup in sys_clone 1 302d 302d
BUG: soft lockup in sys_recvmsg 4 303d 382d
SYZFAIL: control pipe read failed 1 306d 306d
SYZFAIL: too many calls in output 2 311d 311d
BUG: soft lockup in sys_bpf 2 316d 320d
BUG: unable to handle kernel paging request in swake_up_locked C inconclusive 1 334d 365d
KASAN: use-after-free Read in macsec_get_iflink syz error 2 339d 466d
KASAN: use-after-free Read in wg_packet_send_staged_packets 1 365d 365d
go runtime error 22 366d 645d
SYZFAIL: tun read failed syz error error 123 292d 1291d
SYZFAIL: proc resp pipe read failed 73 300d 316d
general protection fault in fq_codel_enqueue (2) 2 379d 381d
panic: runtime error: floating point error [recovered] 1 387d 387d
android13-5.10-lts build error 44 350d 370d
KASAN: use-after-free Read in f2fs_write_end_io 1 394d 394d
syzkaller: failed to copy syzkaller: file bin/linux_arm64/syz-fuzzer does not exist 2 316d 316d
BUG: unable to handle kernel paging request in fuse_dev_do_write (3) 1 408d 408d
KASAN: use-after-free Read in unaccount_page_cache_page 150 380d 908d
general protection fault in mnt_want_write (2) 1 446d 446d
BUG: corrupted list in p9_fd_cancelled (3) C done unreliable 38 464d 549d
KASAN: stack-out-of-bounds Read in update_stack_state 1 459d 459d
panic: replaceArg: group fields don't match: NUM/NUM 13 423d 424d
general protection fault in skb_segment C done 1 499d 513d
KASAN: use-after-free Read in key_task_permission 1 497d 497d
android13-5.10-lts test error: lost connection to test machine 1 503d 503d
BUG: unable to handle kernel paging request in fuse_dev_do_write (2) 1 528d 528d
KASAN: null-ptr-deref Write in backing_data_changed C done 3 553d 625d
general protection fault in __writeback_single_inode 1 570d 570d
BUG: Bad page map (2) 1 572d 572d
KASAN: use-after-free Read in locked_inode_to_wb_and_lock_list 2 576d 607d
general protection fault in tipc_conn_close (3) 1 599d 599d
kernel BUG in __block_commit_write 1 601d 601d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (4) 20 610d 812d
corrupted report (2) 6 611d 689d
BUG: soft lockup in wg_packet_tx_worker 5 620d 670d
BUG: soft lockup in neigh_timer_handler 2 621d 629d
BUG: soft lockup in wg_packet_handshake_send_worker 6 628d 668d
BUG: soft lockup in sys_sendto 2 629d 666d
kernel panic: EXT4-fs (device loop2): panic forced after error 1 633d 633d
BUG: soft lockup in tc_modify_qdisc C done done 314 616d 670d
BUG: soft lockup in addrconf_rs_timer 2 645d 663d
fatal error: fault 1 652d 652d
BUG: using smp_processor_id() in preemptible code in usbnet_skb_return syz error error 2 654d 1134d
fatal error: Connection to IP closed by remote host. 3 669d 792d
BUG: stack guard page was hit in corrupted (23) syz error error 1 693d 693d
KASAN: use-after-free Read in usb_udc_uevent (2) 1 691d 691d
kernel BUG in ext4_expand_extra_isize_ea C done done 5 704d 718d
BUG: unable to handle kernel paging request in fuse_dev_do_write 18 664d 729d
KASAN: global-out-of-bounds Read in f2fs_release_page 2 702d 734d
SYZFAIL: clock_gettime failed syz error error 5 709d 1234d
KASAN: use-after-free Read in f2fs_remove_dirty_inode C error error 4 723d 780d
general protection fault in do_swap_page 246 693d 1130d
kernel panic: EXT4-fs (device loop3): panic forced after error 1 747d 747d
general protection fault in kernfs_name_hash (6) C error error 22 777d 943d
kernel panic: EXT4-fs (device loop4): panic forced after error 1 750d 750d
android12-5.10-lts build error (2) 220 733d 834d
VFS: Busy inodes after unmount (use-after-free) C done inconclusive 1 800d 800d
general protection fault in filp_close 1 773d 773d
BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster erofs C error error 3 818d 916d
BUG: Bad page map 1 791d 791d
KASAN: use-after-free Read in hci_cmd_timeout 1 798d 798d
syzkaller: make host failed: failed to run ["make" "host" "ci"]: exit status 2 2 802d 802d
kernel panic: corrupted stack end in sys_sendmmsg syz error error 14 816d 842d
KASAN: use-after-free Read in fuse_copy_one C error inconclusive 1 903d 903d
kernel BUG in jbd2_journal_get_create_access syz error error 1 910d 910d
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 856d 856d
BUG: scheduling while atomic in f2fs_register_inmem_page C error inconclusive 1 782d 782d
KASAN: use-after-free Read in usb_udc_uevent 2 816d 839d
general protection fault in f2fs_release_page f2fs 3 832d 874d
general protection fault in tipc_conn_close (2) 6 873d 959d
KASAN: use-after-free Read in xpad_presence_work 1 918d 918d
kernel panic: EXT4-fs (device loop0): panic forced after error ext4 C 1 864d 864d
divide error in netem_enqueue (2) 1 964d 964d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields (2) 1 983d 983d
panic: runtime error: floating point error 1 987d 987d
KASAN: use-after-free Read in __cgroup_bpf_attach (3) 1 1002d 1002d
KASAN: use-after-free Read in __tcf_qdisc_find 1 1003d 1003d
KASAN: invalid-free in selinux_tun_dev_free_security 14 996d 1006d
general protection fault in fq_codel_enqueue 1 1014d 1014d
BUG: corrupted list in pwq_dec_nr_in_flight (2) 1 1016d 1016d
general protection fault in tcp_sk_exit (2) 1 1024d 1024d
KASAN: use-after-free Read in css_free_rwork_fn (2) 2 1029d 1113d
android12-5.10-lts-superproject build error 24 1037d 1063d
panic: bad group arg size NUM, should be <= NUM for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2de, dir:0x0}, Inner:[ 23 950d 951d
general protection fault in ext4_xattr_set_entry C error 2 957d 971d
kernel BUG in ext4_es_cache_extent C error 1 982d 982d
BUG: unable to handle kernel paging request in reuseport_select_sock 1 1056d 1056d
BUG: stack guard page was hit in corrupted (22) syz done done 1 1093d 1093d
kernel panic: corrupted stack end in sys_futex syz error error 1 1120d 1120d
KASAN: use-after-free Read in f2fs_available_free_memory syz error error 7 1179d 1279d
BUG: unable to handle kernel NULL pointer dereference in ipv6_rcv syz 1 1122d 1122d
divide error in netem_enqueue 2 1072d 1083d
general protection fault in tipc_conn_close 1 1088d 1088d
BUG: stack guard page was hit in file_open (11) 4 1090d 1092d
BUG: stack guard page was hit in sys_mkdir (5) 1 1092d 1092d
BUG: stack guard page was hit in sys_creat (10) 1 1093d 1093d
kernel BUG in collapse_huge_page 1 1099d 1099d
general protection fault in __device_attach 1 1102d 1102d
kernel BUG in blk_mq_dispatch_rq_list C error 16 1021d 1220d
KASAN: use-after-free Read in __cgroup_bpf_attach (2) 1 1110d 1110d
KASAN: use-after-free Read in vcs_write 1 1111d 1111d
SYZFAIL: failed to mkdtemp 15 1111d 1279d
BUG: corrupted list in pwq_dec_nr_in_flight 1 1111d 1111d
corrupted report 289 1090d 1239d
BUG: corrupted list in p9_fd_cancelled (2) 3 1121d 1156d
general protection fault in tcp_sk_exit 1 1124d 1124d
SYZFAIL: tun: ioctl(TUNSETIFF) failed 7 1124d 1282d
kernel panic: corrupted stack end in file_open 1 1127d 1127d
general protection fault in icmpv6_sk_exit 1 1133d 1133d
general protection fault in mnt_want_write 1 1139d 1139d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (3) 3 1051d 1051d
general protection fault in del_gendisk (3) C done 1 1080d 1080d
KASAN: use-after-free Read in io_uring_cancel_task_requests 1 1166d 1166d
KASAN: slab-out-of-bounds Read in fuse_inode_eq 5 1166d 1174d
KASAN: use-after-free Write in dir_mkdir 1 1173d 1173d
KASAN: null-ptr-deref Write in incfs_fresh_pending_reads_exist 1 1180d 1180d
general protection fault in kernfs_name_hash C done 2 1114d 1114d
kernel BUG in notify_change (2) C error 2 1108d 1108d
general protection fault in del_gendisk (2) C error 2 1105d 1105d
SYZFAIL: sandbox fork failed 3 1187d 1271d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields 1 1227d 1227d
SYZFAIL: bad thread state in schedule 1 1207d 1207d
KASAN: stack-out-of-bounds Read in iov_iter_revert C error 10 1136d 1289d
SYZFAIL: invalid syscall number 2 1226d 1248d
kernel BUG in ext4_free_blocks 3 1240d 1273d
general protection fault in io_prep_async_work 1 1209d 1209d
KASAN: use-after-free Read in io_kill_linked_timeout C error 14 1158d 1206d
KASAN: use-after-free Read in __fdget_raw C error error 1 1201d 1201d
KASAN: invalid-free in io_dismantle_req C error 7 1168d 1162d
general protection fault in del_gendisk C error 1 1168d 1275d
BUG: corrupted list in p9_fd_cancelled 1 1248d 1248d
KASAN: use-after-free Read in task_work_run 2 1282d 1281d
KASAN: use-after-free Write in chroot_fs_refs 2 1279d 1281d
BUG: stack guard page was hit in sys_fsetxattr 1 1192d 1192d
BUG: stack guard page was hit in sys_lsetxattr C error inconclusive 2 1198d 1198d
BUG: stack guard page was hit in sys_setxattr C error 6 1195d 1218d
BUG: stack guard page was hit in corrupted C error 3 1183d 1218d
BUG: stack guard page was hit in sys_unlink 2 1218d 1218d
BUG: stack guard page was hit in sys_creat C error done 7 1165d 1229d
BUG: stack guard page was hit in sys_lchown C error 4 1186d 1235d
BUG: stack guard page was hit in sys_chdir 5 1163d 1235d
KASAN: use-after-free Read in css_free_rwork_fn 1 1255d 1255d
KASAN: use-after-free Read in rcu_cblist_dequeue 1 1287d 1281d
BUG: workqueue lockup C error 25 1192d 1290d
KASAN: use-after-free Read in __cgroup_bpf_attach 2 1261d 1263d
KASAN: use-after-free Read in dev_uevent 1 1265d 1265d
general protection fault in bdev_read_page 1 1266d 1266d
SYZFAIL: out of opened kcov threads 47 1242d 1243d
SYZFAIL: tun: can't open /dev/net/tun 1 1276d 1276d
KASAN: use-after-free Read in compute_effective_progs 1 1272d 1272d
KASAN: stack-out-of-bounds Read in xfrm_state_find 1 1276d 1276d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (2) 1 1198d 1198d
android12-5.10-lts test error: UBSAN: object-size-mismatch in wg_xmit 69 1252d 1279d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 1 1271d 1271d
android12-5.10-lts build error 1 1293d 1293d