syzbot

 sign-in | mailing list | source | docs
🐞 Open [120]
🐞 Fixed [70]
🐞 Invalid [213]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Out of 213 bugs, 174 were automatically obsoleted (27 due to revoked reproducers), 39 were invalidated by users.
Title Repro Cause bisect Fix bisect Count Last Reported
KASAN: stack-out-of-bounds Read in __xfrm_dst_hash 1 94d 94d
KASAN: use-after-free Read in exact_lock 53 72d 82d
kernel BUG in vlan_get_protocol_dgram C done 6 124d 239d
KASAN: use-after-free Read in fast_dput 14 116d 305d
SYZFAIL: iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed 4 117d 205d
SYZFAIL: ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) 81 101d 289d
KASAN: use-after-free Read in lock_get_status 4 153d 169d
BUG: corrupted list in tipc_nametbl_translate 2 156d 178d
general protection fault in cleanup_bearer C 14034 137d 140d
KASAN: out-of-bounds Read in __show_regs 1 158d 158d
BUG: soft lockup in br_multicast_group_expired (2) 1 161d 161d
BUG: Bad page map (3) 3 163d 308d
KASAN: use-after-free Write in virtio_transport_recv_pkt C inconclusive 1 215d 407d
KASAN: use-after-free Read in bdev_try_to_free_page 1 168d 168d
KASAN: use-after-free Read in binder_release_work C 154 150d 185d
BUG: soft lockup in mntput 1 187d 187d
SYZFAIL: handshake read failed 1 206d 206d
KASAN: use-after-free Write in l2tp_session_delete 2 206d 230d
kernel BUG in vlan_get_tci 2 211d 239d
SYZFAIL: netlink_send_ext: short netlink write 4 217d 306d
SYZFAIL: posix_spawn failed 9928 180d 316d
SYZFAIL: mmap of output file failed 20 205d 306d
SYZFAIL: child failed syz error error 1 229d 1237d
KASAN: use-after-free Read in ext4_convert_inline_data_nolock syz error 1 248d 381d
KASAN: use-after-free Read in __ext4_check_dir_entry C error 2 253d 371d
BUG: corrupted list in p9_fd_cancelled (4) 4 233d 343d
BUG: unable to handle kernel paging request in __raw_callee_save___kvm_vcpu_is_preempted 1 242d 242d
SYZFAIL: mkdir(syz-tmp) failed 299 204d 316d
SYZFAIL: bad allocate request 148 204d 314d
KASAN: use-after-free Read in wg_queue_enqueue_per_peer_tx 2 244d 249d
SYZFAIL: ShmemBuilder: too large output offset 51 205d 312d
general protection fault in steam_send_report 1 245d 245d
SYZFAIL: can't reallocate 1 249d 249d
SYZFAIL: SIGSEGV 841 211d 324d
KASAN: use-after-free Write in __tlb_remove_page_size 1 252d 252d
SYZFAIL: SIGFPE 2 254d 299d
general protection fault in free_swap_cache 1 263d 263d
KASAN: stack-out-of-bounds Read in __show_regs 1 265d 265d
BUG: soft lockup in br_multicast_port_group_expired 1 265d 265d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (5) 30 235d 354d
KASAN: use-after-free Read in br_multicast_port_group_expired 1 269d 269d
BUG: soft lockup in net_rx_action 2 269d 281d
BUG: soft lockup in __run_timers 2 269d 338d
BUG: soft lockup in sys_sendmmsg 2 270d 270d
KASAN: use-after-free Read in usb_udc_uevent (3) 1 271d 271d
BUG: soft lockup in __netif_receive_skb_core 1 273d 273d
KASAN: use-after-free Read in unaccount_page_cache_page (2) 1 275d 275d
KASAN: use-after-free Read in worker_thread 1 277d 277d
BUG: soft lockup in wg_expired_send_persistent_keepalive 1 281d 281d
BUG: soft lockup in br_multicast_group_expired 1 282d 282d
BUG: soft lockup in ip_list_rcv 1 282d 282d
BUG: soft lockup in run_rebalance_domains 1 283d 283d
BUG: soft lockup in ipv6_rcv 3 288d 304d
KASAN: null-ptr-deref Write in __kernfs_remove 1 291d 291d
BUG: soft lockup in vfork 1 293d 293d
BUG: soft lockup in sys_exit_group 1 299d 299d
SYZFAIL: bad thread state in completion syz error error 5 887d 1229d
KASAN: use-after-free Read in dev_get_by_index_rcu 1 308d 308d
BUG: soft lockup in sys_clone 1 312d 312d
BUG: soft lockup in sys_recvmsg 4 313d 391d
SYZFAIL: control pipe read failed 1 316d 316d
SYZFAIL: too many calls in output 2 320d 321d
BUG: soft lockup in sys_bpf 2 326d 330d
BUG: unable to handle kernel paging request in swake_up_locked C inconclusive 1 344d 375d
KASAN: use-after-free Read in macsec_get_iflink syz error 2 349d 475d
KASAN: use-after-free Read in wg_packet_send_staged_packets 1 374d 374d
go runtime error 22 376d 655d
SYZFAIL: tun read failed syz error error 123 302d 1301d
SYZFAIL: proc resp pipe read failed 73 310d 325d
general protection fault in fq_codel_enqueue (2) 2 389d 391d
panic: runtime error: floating point error [recovered] 1 397d 397d
android13-5.10-lts build error 44 360d 380d
KASAN: use-after-free Read in f2fs_write_end_io 1 404d 404d
syzkaller: failed to copy syzkaller: file bin/linux_arm64/syz-fuzzer does not exist 2 326d 326d
BUG: unable to handle kernel paging request in fuse_dev_do_write (3) 1 418d 418d
KASAN: use-after-free Read in unaccount_page_cache_page 150 390d 918d
general protection fault in mnt_want_write (2) 1 456d 456d
BUG: corrupted list in p9_fd_cancelled (3) C done unreliable 38 473d 559d
KASAN: stack-out-of-bounds Read in update_stack_state 1 469d 469d
panic: replaceArg: group fields don't match: NUM/NUM 13 433d 434d
general protection fault in skb_segment C done 1 509d 523d
KASAN: use-after-free Read in key_task_permission 1 507d 507d
android13-5.10-lts test error: lost connection to test machine 1 513d 513d
BUG: unable to handle kernel paging request in fuse_dev_do_write (2) 1 538d 538d
KASAN: null-ptr-deref Write in backing_data_changed C done 3 563d 635d
general protection fault in __writeback_single_inode 1 580d 580d
BUG: Bad page map (2) 1 582d 582d
KASAN: use-after-free Read in locked_inode_to_wb_and_lock_list 2 586d 617d
general protection fault in tipc_conn_close (3) 1 609d 609d
kernel BUG in __block_commit_write 1 611d 611d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (4) 20 620d 822d
corrupted report (2) 6 621d 699d
BUG: soft lockup in wg_packet_tx_worker 5 630d 680d
BUG: soft lockup in neigh_timer_handler 2 631d 639d
BUG: soft lockup in wg_packet_handshake_send_worker 6 638d 678d
BUG: soft lockup in sys_sendto 2 639d 676d
kernel panic: EXT4-fs (device loop2): panic forced after error 1 642d 642d
BUG: soft lockup in tc_modify_qdisc C done done 314 626d 679d
BUG: soft lockup in addrconf_rs_timer 2 655d 673d
fatal error: fault 1 662d 662d
BUG: using smp_processor_id() in preemptible code in usbnet_skb_return syz error error 2 664d 1144d
fatal error: Connection to IP closed by remote host. 3 679d 802d
BUG: stack guard page was hit in corrupted (23) syz error error 1 703d 703d
KASAN: use-after-free Read in usb_udc_uevent (2) 1 700d 700d
kernel BUG in ext4_expand_extra_isize_ea C done done 5 714d 727d
BUG: unable to handle kernel paging request in fuse_dev_do_write 18 674d 739d
KASAN: global-out-of-bounds Read in f2fs_release_page 2 712d 744d
SYZFAIL: clock_gettime failed syz error error 5 719d 1244d
KASAN: use-after-free Read in f2fs_remove_dirty_inode C error error 4 733d 789d
general protection fault in do_swap_page 246 703d 1140d
kernel panic: EXT4-fs (device loop3): panic forced after error 1 757d 757d
general protection fault in kernfs_name_hash (6) C error error 22 787d 952d
kernel panic: EXT4-fs (device loop4): panic forced after error 1 760d 760d
android12-5.10-lts build error (2) 220 743d 844d
VFS: Busy inodes after unmount (use-after-free) C done inconclusive 1 810d 810d
general protection fault in filp_close 1 783d 783d
BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster erofs C error error 3 828d 926d
BUG: Bad page map 1 801d 801d
KASAN: use-after-free Read in hci_cmd_timeout 1 807d 807d
syzkaller: make host failed: failed to run ["make" "host" "ci"]: exit status 2 2 811d 811d
kernel panic: corrupted stack end in sys_sendmmsg syz error error 14 826d 851d
KASAN: use-after-free Read in fuse_copy_one C error inconclusive 1 913d 913d
kernel BUG in jbd2_journal_get_create_access syz error error 1 920d 920d
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 866d 866d
BUG: scheduling while atomic in f2fs_register_inmem_page C error inconclusive 1 792d 792d
KASAN: use-after-free Read in usb_udc_uevent 2 825d 849d
general protection fault in f2fs_release_page f2fs 3 842d 883d
general protection fault in tipc_conn_close (2) 6 883d 969d
KASAN: use-after-free Read in xpad_presence_work 1 928d 928d
kernel panic: EXT4-fs (device loop0): panic forced after error ext4 C 1 873d 873d
divide error in netem_enqueue (2) 1 974d 974d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields (2) 1 993d 993d
panic: runtime error: floating point error 1 997d 997d
KASAN: use-after-free Read in __cgroup_bpf_attach (3) 1 1012d 1012d
KASAN: use-after-free Read in __tcf_qdisc_find 1 1013d 1013d
KASAN: invalid-free in selinux_tun_dev_free_security 14 1006d 1016d
general protection fault in fq_codel_enqueue 1 1023d 1023d
BUG: corrupted list in pwq_dec_nr_in_flight (2) 1 1026d 1026d
general protection fault in tcp_sk_exit (2) 1 1034d 1034d
KASAN: use-after-free Read in css_free_rwork_fn (2) 2 1038d 1123d
android12-5.10-lts-superproject build error 24 1047d 1073d
panic: bad group arg size NUM, should be <= NUM for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2de, dir:0x0}, Inner:[ 23 960d 961d
general protection fault in ext4_xattr_set_entry C error 2 967d 981d
kernel BUG in ext4_es_cache_extent C error 1 992d 992d
BUG: unable to handle kernel paging request in reuseport_select_sock 1 1066d 1066d
BUG: stack guard page was hit in corrupted (22) syz done done 1 1102d 1102d
kernel panic: corrupted stack end in sys_futex syz error error 1 1130d 1130d
KASAN: use-after-free Read in f2fs_available_free_memory syz error error 7 1189d 1289d
BUG: unable to handle kernel NULL pointer dereference in ipv6_rcv syz 1 1132d 1132d
divide error in netem_enqueue 2 1082d 1093d
general protection fault in tipc_conn_close 1 1098d 1098d
BUG: stack guard page was hit in file_open (11) 4 1100d 1102d
BUG: stack guard page was hit in sys_mkdir (5) 1 1102d 1102d
BUG: stack guard page was hit in sys_creat (10) 1 1102d 1102d
kernel BUG in collapse_huge_page 1 1109d 1109d
general protection fault in __device_attach 1 1111d 1111d
kernel BUG in blk_mq_dispatch_rq_list C error 16 1030d 1230d
KASAN: use-after-free Read in __cgroup_bpf_attach (2) 1 1119d 1119d
KASAN: use-after-free Read in vcs_write 1 1120d 1120d
SYZFAIL: failed to mkdtemp 15 1121d 1289d
BUG: corrupted list in pwq_dec_nr_in_flight 1 1121d 1121d
corrupted report 289 1100d 1249d
BUG: corrupted list in p9_fd_cancelled (2) 3 1131d 1166d
general protection fault in tcp_sk_exit 1 1134d 1134d
SYZFAIL: tun: ioctl(TUNSETIFF) failed 7 1134d 1292d
kernel panic: corrupted stack end in file_open 1 1136d 1136d
general protection fault in icmpv6_sk_exit 1 1142d 1142d
general protection fault in mnt_want_write 1 1149d 1149d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (3) 3 1061d 1061d
general protection fault in del_gendisk (3) C done 1 1090d 1090d
KASAN: use-after-free Read in io_uring_cancel_task_requests 1 1176d 1176d
KASAN: slab-out-of-bounds Read in fuse_inode_eq 5 1176d 1184d
KASAN: use-after-free Write in dir_mkdir 1 1183d 1183d
KASAN: null-ptr-deref Write in incfs_fresh_pending_reads_exist 1 1189d 1189d
general protection fault in kernfs_name_hash C done 2 1124d 1124d
kernel BUG in notify_change (2) C error 2 1118d 1118d
general protection fault in del_gendisk (2) C error 2 1114d 1115d
SYZFAIL: sandbox fork failed 3 1197d 1281d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields 1 1236d 1236d
SYZFAIL: bad thread state in schedule 1 1216d 1216d
KASAN: stack-out-of-bounds Read in iov_iter_revert C error 10 1146d 1298d
SYZFAIL: invalid syscall number 2 1236d 1257d
kernel BUG in ext4_free_blocks 3 1250d 1282d
general protection fault in io_prep_async_work 1 1219d 1219d
KASAN: use-after-free Read in io_kill_linked_timeout C error 14 1168d 1216d
KASAN: use-after-free Read in __fdget_raw C error error 1 1211d 1211d
KASAN: invalid-free in io_dismantle_req C error 7 1178d 1172d
general protection fault in del_gendisk C error 1 1178d 1284d
BUG: corrupted list in p9_fd_cancelled 1 1258d 1258d
KASAN: use-after-free Read in task_work_run 2 1292d 1291d
KASAN: use-after-free Write in chroot_fs_refs 2 1289d 1291d
BUG: stack guard page was hit in sys_fsetxattr 1 1202d 1202d
BUG: stack guard page was hit in sys_lsetxattr C error inconclusive 2 1208d 1208d
BUG: stack guard page was hit in sys_setxattr C error 6 1205d 1227d
BUG: stack guard page was hit in corrupted C error 3 1193d 1228d
BUG: stack guard page was hit in sys_unlink 2 1227d 1228d
BUG: stack guard page was hit in sys_creat C error done 7 1175d 1239d
BUG: stack guard page was hit in sys_lchown C error 4 1196d 1244d
BUG: stack guard page was hit in sys_chdir 5 1173d 1245d
KASAN: use-after-free Read in css_free_rwork_fn 1 1264d 1264d
KASAN: use-after-free Read in rcu_cblist_dequeue 1 1297d 1291d
BUG: workqueue lockup C error 25 1201d 1300d
KASAN: use-after-free Read in __cgroup_bpf_attach 2 1271d 1273d
KASAN: use-after-free Read in dev_uevent 1 1275d 1275d
general protection fault in bdev_read_page 1 1276d 1276d
SYZFAIL: out of opened kcov threads 47 1252d 1253d
SYZFAIL: tun: can't open /dev/net/tun 1 1286d 1286d
KASAN: use-after-free Read in compute_effective_progs 1 1282d 1282d
KASAN: stack-out-of-bounds Read in xfrm_state_find 1 1286d 1286d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (2) 1 1207d 1207d
android12-5.10-lts test error: UBSAN: object-size-mismatch in wg_xmit 69 1262d 1288d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 1 1281d 1281d
android12-5.10-lts build error 1 1303d 1303d