syzbot

 sign-in | mailing list | source | docs
🐞 Open [119]
🐞 Fixed [70]
🐞 Invalid [213]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Out of 213 bugs, 174 were automatically obsoleted (27 due to revoked reproducers), 39 were invalidated by users.
Title Repro Cause bisect Fix bisect Count Last Reported
KASAN: stack-out-of-bounds Read in __xfrm_dst_hash 1 90d 90d
KASAN: use-after-free Read in exact_lock 53 69d 78d
kernel BUG in vlan_get_protocol_dgram C done 6 121d 236d
KASAN: use-after-free Read in fast_dput 14 113d 302d
SYZFAIL: iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed 4 113d 201d
SYZFAIL: ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) 81 98d 286d
KASAN: use-after-free Read in lock_get_status 4 150d 166d
BUG: corrupted list in tipc_nametbl_translate 2 152d 175d
general protection fault in cleanup_bearer C 14034 134d 136d
KASAN: out-of-bounds Read in __show_regs 1 155d 155d
BUG: soft lockup in br_multicast_group_expired (2) 1 158d 158d
BUG: Bad page map (3) 3 160d 305d
KASAN: use-after-free Write in virtio_transport_recv_pkt C inconclusive 1 212d 404d
KASAN: use-after-free Read in bdev_try_to_free_page 1 165d 165d
KASAN: use-after-free Read in binder_release_work C 154 147d 182d
BUG: soft lockup in mntput 1 183d 183d
SYZFAIL: handshake read failed 1 203d 203d
KASAN: use-after-free Write in l2tp_session_delete 2 203d 227d
kernel BUG in vlan_get_tci 2 208d 236d
SYZFAIL: netlink_send_ext: short netlink write 4 213d 303d
SYZFAIL: posix_spawn failed 9928 176d 313d
SYZFAIL: mmap of output file failed 20 201d 302d
SYZFAIL: child failed syz error error 1 226d 1234d
KASAN: use-after-free Read in ext4_convert_inline_data_nolock syz error 1 244d 378d
KASAN: use-after-free Read in __ext4_check_dir_entry C error 2 249d 368d
BUG: corrupted list in p9_fd_cancelled (4) 4 230d 340d
BUG: unable to handle kernel paging request in __raw_callee_save___kvm_vcpu_is_preempted 1 239d 239d
SYZFAIL: mkdir(syz-tmp) failed 299 200d 313d
SYZFAIL: bad allocate request 148 201d 311d
KASAN: use-after-free Read in wg_queue_enqueue_per_peer_tx 2 241d 245d
SYZFAIL: ShmemBuilder: too large output offset 51 201d 309d
general protection fault in steam_send_report 1 242d 242d
SYZFAIL: can't reallocate 1 246d 246d
SYZFAIL: SIGSEGV 841 207d 321d
KASAN: use-after-free Write in __tlb_remove_page_size 1 249d 249d
SYZFAIL: SIGFPE 2 251d 295d
general protection fault in free_swap_cache 1 260d 260d
KASAN: stack-out-of-bounds Read in __show_regs 1 261d 261d
BUG: soft lockup in br_multicast_port_group_expired 1 262d 262d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (5) 30 232d 351d
KASAN: use-after-free Read in br_multicast_port_group_expired 1 265d 265d
BUG: soft lockup in net_rx_action 2 265d 277d
BUG: soft lockup in __run_timers 2 266d 334d
BUG: soft lockup in sys_sendmmsg 2 267d 267d
KASAN: use-after-free Read in usb_udc_uevent (3) 1 268d 268d
BUG: soft lockup in __netif_receive_skb_core 1 269d 269d
KASAN: use-after-free Read in unaccount_page_cache_page (2) 1 272d 272d
KASAN: use-after-free Read in worker_thread 1 274d 274d
BUG: soft lockup in wg_expired_send_persistent_keepalive 1 278d 278d
BUG: soft lockup in br_multicast_group_expired 1 279d 279d
BUG: soft lockup in ip_list_rcv 1 279d 279d
BUG: soft lockup in run_rebalance_domains 1 280d 280d
BUG: soft lockup in ipv6_rcv 3 284d 301d
KASAN: null-ptr-deref Write in __kernfs_remove 1 288d 288d
BUG: soft lockup in vfork 1 289d 289d
BUG: soft lockup in sys_exit_group 1 296d 296d
SYZFAIL: bad thread state in completion syz error error 5 884d 1226d
KASAN: use-after-free Read in dev_get_by_index_rcu 1 305d 305d
BUG: soft lockup in sys_clone 1 308d 308d
BUG: soft lockup in sys_recvmsg 4 309d 388d
SYZFAIL: control pipe read failed 1 312d 312d
SYZFAIL: too many calls in output 2 317d 317d
BUG: soft lockup in sys_bpf 2 323d 327d
BUG: unable to handle kernel paging request in swake_up_locked C inconclusive 1 341d 372d
KASAN: use-after-free Read in macsec_get_iflink syz error 2 346d 472d
KASAN: use-after-free Read in wg_packet_send_staged_packets 1 371d 371d
go runtime error 22 373d 652d
SYZFAIL: tun read failed syz error error 123 299d 1298d
SYZFAIL: proc resp pipe read failed 73 306d 322d
general protection fault in fq_codel_enqueue (2) 2 386d 388d
panic: runtime error: floating point error [recovered] 1 394d 394d
android13-5.10-lts build error 44 357d 376d
KASAN: use-after-free Read in f2fs_write_end_io 1 401d 401d
syzkaller: failed to copy syzkaller: file bin/linux_arm64/syz-fuzzer does not exist 2 323d 323d
BUG: unable to handle kernel paging request in fuse_dev_do_write (3) 1 415d 415d
KASAN: use-after-free Read in unaccount_page_cache_page 150 386d 915d
general protection fault in mnt_want_write (2) 1 453d 453d
BUG: corrupted list in p9_fd_cancelled (3) C done unreliable 38 470d 555d
KASAN: stack-out-of-bounds Read in update_stack_state 1 466d 466d
panic: replaceArg: group fields don't match: NUM/NUM 13 430d 430d
general protection fault in skb_segment C done 1 505d 519d
KASAN: use-after-free Read in key_task_permission 1 504d 504d
android13-5.10-lts test error: lost connection to test machine 1 509d 509d
BUG: unable to handle kernel paging request in fuse_dev_do_write (2) 1 535d 535d
KASAN: null-ptr-deref Write in backing_data_changed C done 3 559d 632d
general protection fault in __writeback_single_inode 1 577d 577d
BUG: Bad page map (2) 1 579d 579d
KASAN: use-after-free Read in locked_inode_to_wb_and_lock_list 2 583d 613d
general protection fault in tipc_conn_close (3) 1 606d 606d
kernel BUG in __block_commit_write 1 608d 608d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (4) 20 616d 818d
corrupted report (2) 6 617d 695d
BUG: soft lockup in wg_packet_tx_worker 5 627d 676d
BUG: soft lockup in neigh_timer_handler 2 628d 636d
BUG: soft lockup in wg_packet_handshake_send_worker 6 635d 675d
BUG: soft lockup in sys_sendto 2 635d 672d
kernel panic: EXT4-fs (device loop2): panic forced after error 1 639d 639d
BUG: soft lockup in tc_modify_qdisc C done done 314 623d 676d
BUG: soft lockup in addrconf_rs_timer 2 652d 670d
fatal error: fault 1 659d 659d
BUG: using smp_processor_id() in preemptible code in usbnet_skb_return syz error error 2 660d 1141d
fatal error: Connection to IP closed by remote host. 3 675d 799d
BUG: stack guard page was hit in corrupted (23) syz error error 1 700d 700d
KASAN: use-after-free Read in usb_udc_uevent (2) 1 697d 697d
kernel BUG in ext4_expand_extra_isize_ea C done done 5 710d 724d
BUG: unable to handle kernel paging request in fuse_dev_do_write 18 670d 736d
KASAN: global-out-of-bounds Read in f2fs_release_page 2 708d 740d
SYZFAIL: clock_gettime failed syz error error 5 716d 1241d
KASAN: use-after-free Read in f2fs_remove_dirty_inode C error error 4 730d 786d
general protection fault in do_swap_page 246 700d 1137d
kernel panic: EXT4-fs (device loop3): panic forced after error 1 753d 753d
general protection fault in kernfs_name_hash (6) C error error 22 783d 949d
kernel panic: EXT4-fs (device loop4): panic forced after error 1 757d 757d
android12-5.10-lts build error (2) 220 740d 840d
VFS: Busy inodes after unmount (use-after-free) C done inconclusive 1 807d 807d
general protection fault in filp_close 1 780d 780d
BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster erofs C error error 3 825d 923d
BUG: Bad page map 1 797d 797d
KASAN: use-after-free Read in hci_cmd_timeout 1 804d 804d
syzkaller: make host failed: failed to run ["make" "host" "ci"]: exit status 2 2 808d 808d
kernel panic: corrupted stack end in sys_sendmmsg syz error error 14 822d 848d
KASAN: use-after-free Read in fuse_copy_one C error inconclusive 1 910d 910d
kernel BUG in jbd2_journal_get_create_access syz error error 1 917d 917d
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 863d 863d
BUG: scheduling while atomic in f2fs_register_inmem_page C error inconclusive 1 789d 789d
KASAN: use-after-free Read in usb_udc_uevent 2 822d 846d
general protection fault in f2fs_release_page f2fs 3 838d 880d
general protection fault in tipc_conn_close (2) 6 880d 966d
KASAN: use-after-free Read in xpad_presence_work 1 925d 925d
kernel panic: EXT4-fs (device loop0): panic forced after error ext4 C 1 870d 870d
divide error in netem_enqueue (2) 1 971d 971d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields (2) 1 989d 989d
panic: runtime error: floating point error 1 994d 994d
KASAN: use-after-free Read in __cgroup_bpf_attach (3) 1 1009d 1009d
KASAN: use-after-free Read in __tcf_qdisc_find 1 1009d 1009d
KASAN: invalid-free in selinux_tun_dev_free_security 14 1003d 1012d
general protection fault in fq_codel_enqueue 1 1020d 1020d
BUG: corrupted list in pwq_dec_nr_in_flight (2) 1 1023d 1023d
general protection fault in tcp_sk_exit (2) 1 1031d 1031d
KASAN: use-after-free Read in css_free_rwork_fn (2) 2 1035d 1120d
android12-5.10-lts-superproject build error 24 1043d 1069d
panic: bad group arg size NUM, should be <= NUM for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2de, dir:0x0}, Inner:[ 23 956d 958d
general protection fault in ext4_xattr_set_entry C error 2 963d 977d
kernel BUG in ext4_es_cache_extent C error 1 989d 989d
BUG: unable to handle kernel paging request in reuseport_select_sock 1 1063d 1063d
BUG: stack guard page was hit in corrupted (22) syz done done 1 1099d 1099d
kernel panic: corrupted stack end in sys_futex syz error error 1 1126d 1126d
KASAN: use-after-free Read in f2fs_available_free_memory syz error error 7 1186d 1286d
BUG: unable to handle kernel NULL pointer dereference in ipv6_rcv syz 1 1129d 1129d
divide error in netem_enqueue 2 1079d 1089d
general protection fault in tipc_conn_close 1 1095d 1095d
BUG: stack guard page was hit in file_open (11) 4 1097d 1099d
BUG: stack guard page was hit in sys_mkdir (5) 1 1098d 1098d
BUG: stack guard page was hit in sys_creat (10) 1 1099d 1099d
kernel BUG in collapse_huge_page 1 1106d 1106d
general protection fault in __device_attach 1 1108d 1108d
kernel BUG in blk_mq_dispatch_rq_list C error 16 1027d 1227d
KASAN: use-after-free Read in __cgroup_bpf_attach (2) 1 1116d 1116d
KASAN: use-after-free Read in vcs_write 1 1117d 1117d
SYZFAIL: failed to mkdtemp 15 1118d 1286d
BUG: corrupted list in pwq_dec_nr_in_flight 1 1118d 1118d
corrupted report 289 1097d 1246d
BUG: corrupted list in p9_fd_cancelled (2) 3 1128d 1163d
general protection fault in tcp_sk_exit 1 1130d 1130d
SYZFAIL: tun: ioctl(TUNSETIFF) failed 7 1130d 1289d
kernel panic: corrupted stack end in file_open 1 1133d 1133d
general protection fault in icmpv6_sk_exit 1 1139d 1139d
general protection fault in mnt_want_write 1 1145d 1145d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (3) 3 1058d 1058d
general protection fault in del_gendisk (3) C done 1 1087d 1087d
KASAN: use-after-free Read in io_uring_cancel_task_requests 1 1173d 1173d
KASAN: slab-out-of-bounds Read in fuse_inode_eq 5 1173d 1180d
KASAN: use-after-free Write in dir_mkdir 1 1179d 1179d
KASAN: null-ptr-deref Write in incfs_fresh_pending_reads_exist 1 1186d 1186d
general protection fault in kernfs_name_hash C done 2 1121d 1121d
kernel BUG in notify_change (2) C error 2 1114d 1114d
general protection fault in del_gendisk (2) C error 2 1111d 1112d
SYZFAIL: sandbox fork failed 3 1194d 1278d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields 1 1233d 1233d
SYZFAIL: bad thread state in schedule 1 1213d 1213d
KASAN: stack-out-of-bounds Read in iov_iter_revert C error 10 1143d 1295d
SYZFAIL: invalid syscall number 2 1233d 1254d
kernel BUG in ext4_free_blocks 3 1247d 1279d
general protection fault in io_prep_async_work 1 1216d 1216d
KASAN: use-after-free Read in io_kill_linked_timeout C error 14 1164d 1212d
KASAN: use-after-free Read in __fdget_raw C error error 1 1208d 1208d
KASAN: invalid-free in io_dismantle_req C error 7 1175d 1169d
general protection fault in del_gendisk C error 1 1174d 1281d
BUG: corrupted list in p9_fd_cancelled 1 1255d 1255d
KASAN: use-after-free Read in task_work_run 2 1288d 1287d
KASAN: use-after-free Write in chroot_fs_refs 2 1286d 1287d
BUG: stack guard page was hit in sys_fsetxattr 1 1199d 1199d
BUG: stack guard page was hit in sys_lsetxattr C error inconclusive 2 1205d 1205d
BUG: stack guard page was hit in sys_setxattr C error 6 1201d 1224d
BUG: stack guard page was hit in corrupted C error 3 1189d 1224d
BUG: stack guard page was hit in sys_unlink 2 1224d 1224d
BUG: stack guard page was hit in sys_creat C error done 7 1172d 1236d
BUG: stack guard page was hit in sys_lchown C error 4 1192d 1241d
BUG: stack guard page was hit in sys_chdir 5 1170d 1242d
KASAN: use-after-free Read in css_free_rwork_fn 1 1261d 1261d
KASAN: use-after-free Read in rcu_cblist_dequeue 1 1293d 1287d
BUG: workqueue lockup C error 25 1198d 1296d
KASAN: use-after-free Read in __cgroup_bpf_attach 2 1267d 1270d
KASAN: use-after-free Read in dev_uevent 1 1272d 1272d
general protection fault in bdev_read_page 1 1273d 1273d
SYZFAIL: out of opened kcov threads 47 1249d 1250d
SYZFAIL: tun: can't open /dev/net/tun 1 1283d 1283d
KASAN: use-after-free Read in compute_effective_progs 1 1278d 1278d
KASAN: stack-out-of-bounds Read in xfrm_state_find 1 1282d 1282d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (2) 1 1204d 1204d
android12-5.10-lts test error: UBSAN: object-size-mismatch in wg_xmit 69 1259d 1285d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 1 1277d 1277d
android12-5.10-lts build error 1 1299d 1299d