syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1317]
Subsystems
🐞 Fixed [7177]
🐞 Invalid [18954]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

Applied filters: Label=prio:high (drop)
Extra filters: [With Repro]
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Closed Patch
KASAN: slab-out-of-bounds Read in hfsplus_bnode_read hfs prio:high 21 C error error 521 325d 1301d 24/29 never 966cb76fb285 hfs/hfsplus: fix u32 overflow in check_and_correct_requested_length
KASAN: slab-out-of-bounds Read in cache_seq_start_rcu prio:high nfs net 17 C 67 23d 59d 27/29 never ea25e3c7915b sunrpc: prevent out-of-bounds read in __cache_seq_start()
UBSAN: shift-out-of-bounds in xfrm_selector_match (3) net prio:high -1 1 5d19h 4d08h 1/29 never xfrm: validate selector family and prefixlen during match
WARNING: lock held when returning to user space in lock_vma_under_rcu prio:high mm 4 1 97d 93d 2/29 never userfaultfd: fix lock leak in mfill_get_vma()
WARNING in folio_add_new_anon_rmap prio:high mm -1 C error 14 97d 95d 2/29 never userfaultfd-introduce-struct-mfill_state-fix
KASAN: slab-out-of-bounds Read in usbtmc_interrupt usb prio:high 17 C 5 32d 307d 27/29 never 52f2ad3f7e5e usb: usbtmc: check URB actual_length for interrupt-IN notifications
KASAN: slab-use-after-free Read in ipvlan_hard_header (4) prio:high net actionable 19 2 46d 7d03h 24/29 never f4c3d89fc986 tipc: fix UAF in tipc_l2_send_msg()
WARNING: refcount bug in __inet_csk_reqsk_queue_drop net prio:high 13 9 22d 20d 26/29 never e10902df2448 tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().
KMSAN: uninit-value in hfsplus_bnode_find prio:high hfs 7 C 24 2d13h 65d 24/29 never d67aadee19ff hfs/hfsplus: zero-initialize buffer in hfs_bnode_read 3f95e2661574 hfsplus: Add a sanity check for btree node size
KASAN: use-after-free Read in jfs_lazycommit jfs prio:high 19 C error 4114 1d04h 1357d 0/29 never From 7e1a0b91e9efa8bec40fc5397ba6c4e683d72df0 Mon Sep 17 00:00:00 2001
INFO: task hung in __writeback_inodes_sb_nr (6) jfs prio:high 1 C done 4173 5d18h 1098d 1/29 never PM: hibernate: Fix block device handling in test_resume mode
UBSAN: shift-out-of-bounds in squashfs_xz_comp_opts prio:high squashfs -1 C error 4 83d 121d 2/29 never Squashfs: check xz dictionary size isn't zero
general protection fault in arp_create (4) prio:high net 2 2 34d 33d 27/29 never f80d3d98d2ff batman-adv: bla: avoid NULL-ptr deref for claim via dropped interface
KMSAN: uninit-value in bch2_alloc_sectors_start_trans (2) fs prio:high 7 syz 875 263d 428d 2/29 never bcachefs: Add missing ei_last_dirtied update
WARNING in bch2_fs_journal_start fs prio:high -1 C done 14 363d 383d 2/29 never bcachefs: Don't allow mounting with crazy numbers of dirty journal entries
WARNING in closure_put_after_sub prio:high fs -1 2 313d 337d 2/29 never bcachefs: Ensure we don't return with closure on waitlist
KASAN: slab-use-after-free Write in bch2_get_next_dev fs prio:high 22 C 1331 242d 336d 2/29 never bcachefs: Fix UAF by journal write path
KASAN: slab-use-after-free Write in bch2_do_discards prio:high fs 22 syz 137 262d 332d 2/29 never bcachefs: Fix UAF by journal write path
KASAN: slab-out-of-bounds Read in __bch2_alloc_to_v4 fs prio:high 17 20 349d 347d 2/29 never bcachefs: Fix __bch2_alloc_to_v4 copy
kernel BUG in __journal_res_get (3) prio:high fs -1 C inconclusive 175 242d 366d 2/29 never bcachefs: Fix __bch2_fs_read_write() error path
kernel panic: in transaction restart: transaction_restart_relock, last restarted by prio:high fs 2 5 323d 323d 2/29 never bcachefs: Fix incorrect transaction handling
KMSAN: uninit-value in bch2_check_subvols fs prio:high 7 C 53 263d 352d 2/29 never bcachefs: Fix missing compat code in check_subvol()
KASAN: slab-out-of-bounds Write in bch2_dirent_init_name prio:high fs 21 C error 1496 242d 367d 2/29 never bcachefs: Fix padding zeroout when creating casefolded dirents
INFO: task hung in invalidate_inode_pages2_range (3) prio:high fs 1 C done 57 10d 476d 2/29 never bcachefs: Fix readahead involved deadlock
INFO: task hung in bch2_readahead fs prio:high 1 C done 375 279d 760d 2/29 never bcachefs: Fix readahead involved deadlock
INFO: task hung in bch2_page_fault prio:high ntfs3 exfat ext4 1 syz done 42 303d 552d 2/29 never bcachefs: Fix readahead involved deadlock
INFO: task hung in bchfs_fpunch (2) mm fs prio:high 1 C done 2 315d 359d 2/29 never bcachefs: Fix readahead involved deadlock
INFO: task hung in pipe_release (6) kernfs prio:high 1 syz done 20 12d 476d 2/29 never bcachefs: Fix readahead involved deadlock
KMSAN: uninit-value in __bch2_alloc_v4_to_text prio:high fs 7 C 3 362d 367d 2/29 never bcachefs: Fix refs to undefined fields in __bch2_alloc_v4_to_text()
kernel BUG in bch2_fill_extent (2) prio:high fs -1 10 257d 339d 2/29 never bcachefs: Fix unhandled key type in fiemap_fill_extent
UBSAN: array-index-out-of-bounds in bch2_accounting_validate prio:high fs 15 C done 23 251d 319d 2/29 never bcachefs: Ignore accounting key type larger than BCH_DISK_ACCOUNTING_TYPE_NR
INFO: task hung in __closure_sync fs prio:high 1 C done 8591 249d 777d 2/29 never bcachefs: Increase BCH_MIN_NR_NBUCKETS
INFO: task hung in bch2_copygc_stop kernel prio:high 1 C done 31386 250d 749d 2/29 never bcachefs: Increase BCH_MIN_NR_NBUCKETS
INFO: task hung in __bch2_fs_stop fs prio:high 1 C done 1589 258d 734d 2/29 never bcachefs: Increase BCH_MIN_NR_NBUCKETS
kernel BUG in bch2_btree_repair_topology_recurse prio:high fs -1 C done 7 263d 323d 2/29 never bcachefs: btree_check_root_boundaries()
kernel BUG in bch2_printbuf_exit fs prio:high -1 C error 29 333d 336d 2/29 never bcachefs: convert str_hash.c to CLASS
WARNING in bch2_verify_accounting_clean prio:high fs -1 29 246d 495d 2/29 never bcachefs: do_bch2_trans_commit_to_journal_replay handles accounting
KASAN: use-after-free Read in check_extent_overbig prio:high fs 19 C done done 18 278d 560d 2/29 never bcachefs: fix check_extent_overbig() call
WARNING in bch2_prt_printf fs prio:high -1 C done error 103 265d 769d 2/29 never bcachefs: journal_entry_btree_keys_to_text() is more careful
KASAN: slab-use-after-free Read in current_time fs prio:high 19 C 2 21d 18d 23/29 never b93c55b4932d bpf: fix UAF by restoring RCU-delayed inode freeing in bpffs
WARNING: ODEBUG bug in smpboot_thread_fn prio:high kernel -1 5 46d 46d 27/29 never 4df78ff02629 bridge: mcast: Fix a possible use-after-free when removing a bridge port
KASAN: slab-use-after-free Read in close_fs_devices prio:high btrfs 19 22 354d 358d 2/29 never btrfs: fix a use-after-free race if btrfs_open_devices() failed
INFO: task hung in btrfs_invalidate_folio (4) btrfs prio:high 1 C error 7 24d 24d 6/29 never btrfs: fix deadlock cloning inline extent when using flushoncommit
KASAN: slab-use-after-free Read in replace_file_extents actionable prio:high btrfs 19 1 31d 17d 6/29 never btrfs: fix use-after-free after relocation failure with concurrent COW
kernel BUG in replace_file_extents prio:high btrfs -1 54 12d 62d 6/29 never btrfs: validate data reloc tree file extent item members
WARNING in update_curr_idle kernel prio:high -1 166 16h22m 6d23h 0/29 never c095741713d1 sched/fair: Fix newidle vs core-sched
KASAN: slab-use-after-free Read in dma_buf_fd actionable prio:high dri media 19 21 32d 100d 27/29 never ead6680f354f dma-buf: fix UAF in dma_buf_fd() tracepoint
general protection fault in __hfsplus_setxattr prio:high hfs 2 C error 153 13d 65d 24/29 never 7a41fd2b32e5 hfsplus: Remove the duplicate attr inode dirty marking action
KASAN: slab-use-after-free Read in z_erofs_decompress_kickoff prio:high erofs 19 2 24d 47d 26/29 never 1aee05e814d2 erofs: fix use-after-free on sbi->sync_decompress
KASAN: slab-use-after-free Read in reverse_path_check_proc prio:high fs 19 C 113 11d 27d 25/29 never a1e9718b406b eventpoll: restore EP_UNACTIVE_PTR sentinel for ctx->tfile_check_list
possible deadlock in lock_two_nondirectories (2) overlayfs ext4 prio:high 4 C error 12 1d07h 14d 21/29 never c143957520c6 ext4: validate donor file superblock early in EXT4_IOC_MOVE_EXT
kernel BUG in f2fs_do_truncate_blocks (2) prio:high f2fs -1 1 48d 44d 1/29 never f2fs: fix to do sanity check on f2fs_get_node_folio_ra()
INFO: trying to register non-static key in f2fs_exist_written_data prio:high f2fs -1 C error 152 32d 41d 2/29 never f2fs: initialize ino_entry_info before checkpoint load
KASAN: null-ptr-deref Read in io_sqe_buffer_register io-uring prio:high 11 C done 54 284d 288d 2/29 never fixup: mm/gup: remove record_subpages()
KASAN: wild-memory-access Read in md5_update crypto prio:high 17 C done 8 285d 286d 2/29 never fixup: mm/gup: remove record_subpages()
KMSAN: uninit-value in __fl_lookup (3) net prio:high 7 7 1d23h 21d 2/29 never flow_dissector: check device type before reading ETH_ADDRS
KMSAN: uninit-value in ni_seek_data_or_hole ntfs3 prio:high 7 C 6 27d 24d 2/29 never fs/ntfs3: prevent potential lcn remains uninitialized
BUG: sleeping function called from invalid context in lockref_get_not_dead prio:high gfs2 5 C error 13 46d 65d 2/29 never gfs2: fix quota init duplicate scan
KASAN: slab-use-after-free Write in gfs2_qd_dealloc (3) prio:high gfs2 22 C error 146 129d 387d 2/29 never gfs2: fix use-after-free in gfs2_qd_dealloc
WARNING in dma_resv_add_fence prio:high dri media -1 C 7 38d 42d 1/29 never drm/virtio: use uninterruptible resv lock for plane updates
memory leak in path_openat (3) prio:high io-uring 3 C 1 6d19h 6d16h 1/29 never io_uring/nop: fix file reference leak with IOSQE_FIXED_FILE
KASAN: slab-use-after-free Read in ip6gre_tunnel_xmit net prio:high 19 C error error 33 168d 576d 0/29 never ip6_gre: use skb_vlan_inet_prepare() instead of pskb_inet_may_pull()
KASAN: slab-use-after-free Read in fib_rules_lookup net prio:high 19 37 1d12h 3d03h 24/29 never d954a67a7dfa ipv4: fib_rule: Move fib4_rules_exit() to ->exit(). 46762cefe7f4 net: serialize netif_running() check in enqueue_to_backlog()
WARNING in ip_rt_bug (3) prio:high net -1 C error 54 20d 30d 27/29 never 7eb72c1e3984 ipv4: icmp: reject broadcast/multicast routes
KASAN: slab-use-after-free Read in ipv6_chk_acast_addr net prio:high 19 1 29d 21d 26/29 never f723ccaff2fb ipv6: anycast: insert aca into global hash under idev->lock
KASAN: slab-use-after-free Write in __ipv6_dev_ac_dec prio:high net 22 1 43d 43d 26/29 never f723ccaff2fb ipv6: anycast: insert aca into global hash under idev->lock
KASAN: slab-use-after-free Read in sit_tunnel_xmit net prio:high 19 1 13d 12d 25/29 never f0e42f0c4337 ipv6: sit: reload inner IPv6 header after GSO offloads
general protection fault in jbd2_journal_dirty_metadata (2) prio:high ext4 2 C error 28 4d15h 45d 21/29 never 8fc197cf366b jbd2: check for aborted handle in jbd2_journal_dirty_metadata()
WARNING: suspicious RCU usage in kernfs_put prio:high kernfs 4 1 73d 69d 25/29 never 0fdde3f2aead kernfs: fix suspicious RCU usage in kernfs_put()
general protection fault in remove_waiter prio:high kernel 2 syz 6 40d 51d 26/29 never 40a25d59e85b locking/rtmutex: Skip remove_waiter() when waiter is not enqueued
WARNING: ODEBUG bug in i2c_device_remove (2) prio:high i2c usb -1 C 3 45d 59d 21/29 never 680daf40a82d media: rtl2832: fix use-after-free in rtl2832_remove()
general protection fault in vidtv_psi_ts_psi_write_into media prio:high 8 78 21h04m 158d 21/29 never 7d8bf3d8f910 media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si
KASAN: slab-use-after-free Read in do_sync_mmap_readahead prio:high mm 19 C done 3 362d 366d 2/29 never mm-filemap-allow-arch-to-request-folio-size-for-exec-memory-fix
WARNING in page_counter_uncharge (2) prio:high cgroups mm -1 C error 10 3d04h 83d 2/29 never mm/hugetlb: fix hugetlb cgroup rsvd charge/uncharge mismatch
kernel BUG in swap_cgroup_record (2) prio:high mm cgroups -1 C error 227 157d 161d 2/29 never mm/swap_cgroup: fix kernel BUG in swap_cgroup_record
WARNING in folio_lruvec_lock cgroups mm prio:high -1 1 369d 365d 2/29 never mm/vma: correctly invoke late KSM check after mmap hook
kernel BUG in __get_vm_area_node prio:high bridge -1 2 44d 40d 27/29 never 04aa71da5f35 mm/vmalloc: do not trigger BUG() on BH disabled context
KASAN: wild-memory-access Read in lookup_swap_cgroup_id (2) cgroups mm prio:high 17 4 70d 133d 2/29 never mm: swap_cgroup: fix NULL deref in lookup_swap_cgroup_id on swapless host
KMSAN: uninit-value in mptcp_established_options prio:high mptcp 7 syz 3191 14d 49d 26/29 never 5e939544f9d2 mptcp: fix uninit-value in mptcp_established_options
BUG: corrupted list in dev_deactivate_many (2) prio:high net 8 syz 8 9d19h 11d 24/29 never 8eed5519e496 net: watchdog: fix refcount tracking races net: watchdog: fix refcount tracking races
KMSAN: uninit-value in nci_dev_up (3) prio:high net nfc 7 1 36d 32d 2/29 never nfc: nci: fix use of uninitialized memory in CORE_INIT_RSP parsing
general protection fault in ocfs2_assure_trans_credits (2) prio:high ocfs2 2 12 7d12h 17d 1/29 never ocfs2: fix NULL h_transaction deref in ocfs2_assure_trans_credits
UBSAN: array-index-out-of-bounds in ocfs2_grow_tree (2) prio:high ocfs2 15 1 61d 57d 1/29 never ocfs2: fix UBSAN array-index-out-of-bounds in ocfs2_sum_rightmost_rec
UBSAN: array-index-out-of-bounds in ocfs2_dx_dir_lookup_rec prio:high ocfs2 15 1 32d 28d 2/29 never ocfs2: fix buffer head management in ocfs2_read_blocks()
possible deadlock in ocfs2_acquire_dquot prio:high ocfs2 4 C 71841 185d 627d 2/29 never ocfs2: fix circular locking dependency in ocfs2_acquire_dquot
possible deadlock in ocfs2_evict_inode prio:high ocfs2 4 C error 2694 3d22h 669d 1/29 never ocfs2: fix circular locking dependency in ocfs2_dio_end_io_write
WARNING in __ocfs2_decrease_refcount prio:high ocfs2 -1 12 3d00h 32d 2/29 never ocfs2: fix out-of-bounds write in ocfs2_remove_refcount_extent
KMSAN: uninit-value in _find_next_bit ocfs2 prio:high 7 C 30 66d 454d 2/29 never ocfs2: use kzalloc for quota recovery bitmap allocation
general protection fault in ovl_iterate overlayfs prio:high 8 C 20 12d 178d 26/29 never 1711b6ed6953 ovl: keep err zero after successful ovl_cache_get()
inconsistent lock state in __sk_receive_skb prio:high net 4 C error 147 16d 105d 27/29 never dbc81608e3a6 phonet/pep: disable BH around forwarded sk_receive_skb()
possible deadlock in __sk_receive_skb prio:high net 4 C error 80 28d 30d 27/29 never dbc81608e3a6 phonet/pep: disable BH around forwarded sk_receive_skb()
possible deadlock in rhashtable_free_and_destroy prio:high mm 4 8 38d 59d 25/29 never 060d4e94b8d4 rhashtable: give each instance its own lockdep class
KMSAN: kernel-infoleak in irqentry_exit kernel prio:high 9 6556 now 19d 26/29 never 6d99479799c6 rseq: Fix using an uninitialized stack variable in rseq_exit_user_update()
WARNING in drm_prime_destroy_file_private (3) dri prio:high -1 C error 183 34d 37d 29/29 18d dc366607c41c drm: Replace old pointer to new idr
BUG: sleeping function called from invalid context in ip_vs_conn_new lvs prio:high 5 C 2034 43d 66d 29/29 18d d493d9de1c21 ipvs: fix the spin_lock usage for RT build
WARNING: bad unlock balance in do_wp_page mm prio:high 4 8 39d 54d 29/29 22d mm: memcontrol: fix rcu unbalance in get_non_dying_memcg_end()
KCSAN: data-race in bond_3ad_get_active_agg_info / bond_3ad_state_machine_handler (3) net prio:high 6 1 52d 52d 29/29 28d c4f050ce06c5 bonding: 3ad: implement proper RCU rules for port->aggregator
KASAN: slab-use-after-free Write in rsi_91x_deinit actionable wireless prio:high 22 1 66d 60d 29/29 28d db57a1aa54ff wifi: rsi: fix kthread lifetime race between self-exit and external-stop
WARNING in vma_mark_detached prio:high mm -1 C error 8 37d 59d 29/29 28d 619eab23e1ce mm/vma: do not try to unmap a VMA if mmap_prepare() invoked from mmap()
INFO: task hung in lbs_remove_card usb libertas prio:high 1 C 14933 30d 309d 29/29 28d 4a142520d166 wifi: libertas: notify firmware load wait on disconnect
general protection fault in task_work_cancel lsm prio:high 2 syz error 15 84d 104d 29/29 28d 929553bbb4cd landlock: Fully release unused TSYNC work entries
general protection fault in task_work_cancel_match prio:high kernel 2 10 90d 119d 29/29 28d 929553bbb4cd landlock: Fully release unused TSYNC work entries
BUG: stack guard page was hit in addrconf_rs_timer prio:high net -1 1 97d 97d 29/29 29d b7405dcf7385 bonding: prevent potential infinite loop in bond_header_parse()
KMSAN: uninit-value in fuse_dentry_revalidate (2) fuse prio:high 7 C 261 65d 124d 29/29 29d 5a6baf204610 fuse: fix uninit-value in fuse_dentry_revalidate()
WARNING in attr_data_get_block_locked prio:high ntfs3 -1 C 12 44d 116d 29/29 29d d7ea8495fd30 fs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()
WARNING in filename_mkdirat gfs2 prio:high -1 C 84 39d 122d 29/29 29d 2ff7cf7e0640 gfs2: Call unlock_new_inode before d_instantiate
KASAN: use-after-free Write in ocfs2_write_end_nolock actionable ocfs2 prio:high 22 26 40d 78d 29/29 29d 7bc5da4842be ocfs2: fix out-of-bounds write in ocfs2_write_end_inline
KASAN: stack-out-of-bounds Read in l2cap_send_cmd bluetooth prio:high 17 C 174 85d 97d 29/29 29d 9d87cb22195b Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req
inconsistent lock state in igrab xfs prio:high 4 C error 521 45d 125d 29/29 29d f621324dfb3d iomap: fix lockdep complaint when reads fail
BUG: sleeping function called from invalid context in usb_tx_block usb libertas prio:high 5 C 780 60d 114d 29/29 29d 7c5c2b661bdb wifi: libertas: don't kill URBs in interrupt context
memory leak in run_add_entry (2) prio:high ntfs3 3 C 1 76d 90d 29/29 29d 87ac077d6ea8 ntfs3: fix memory leak in indx_create_allocate()
KMSAN: uninit-value in ntfs_iomap_begin ntfs3 prio:high 7 C 191 66d 117d 29/29 29d e98266e823a1 fs/ntfs3: prevent uninitialized lcn caused by zero len
KMSAN: uninit-value in bpf_prog_test_run_skb bpf prio:high 7 C 4 89d 170d 29/29 29d 12bec2bd4b76 bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
general protection fault in f2fs_in_warm_node_list prio:high f2fs 2 C error 11247 58d 121d 29/29 29d 2d9c4a4ed4ee f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
KASAN: slab-use-after-free Read in rds_conn_path_drop rds prio:high 19 1 106d 106d 29/29 29d ebf71dd4aff4 net/rds: Restrict use of RDS/IB to the initial network namespace
INFO: task hung in btrfs_invalidate_folio (3) prio:high btrfs 1 C error 9 79d 92d 29/29 29d b48c980b6a7e btrfs: fix deadlock between reflink and transaction commit when using flushoncommit
general protection fault in rwsem_mark_wake mm prio:high 2 C error 9235 91d 94d 29/29 29d 68bcd8b6e0b1 locking/rwsem: Fix logic error in rwsem_del_waiter()
possible deadlock in ocfs2_extend_dir ocfs2 prio:high 4 1 110d 106d 29/29 29d b02da26a992d ocfs2: fix possible deadlock between unlink and dio_end_io_write