syzbot

 sign-in | mailing list | source | docs
🐞 Open [132]
🐞 Fixed [69]
🐞 Invalid [284]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Out of 284 bugs, 239 were automatically obsoleted (43 due to revoked reproducers), 45 were invalidated by users.
Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported
KASAN: use-after-free Read in ipt_do_table 19 4 92d 141d
SYZFAIL: SIGILL -1 9 95d 431d
KASAN: use-after-free Read in seq_printf (2) 19 1 96d 96d
SYZFAIL: event already set -1 syz error error 35 99d 1587d
BUG: soft lockup in sys_bpf (2) 1 1 99d 99d
KASAN: wild-memory-access Read in page_add_file_rmap 17 1 100d 100d
KASAN: use-after-free Write in l2tp_session_delete (3) 22 5 102d 218d
KASAN: wild-memory-access Read in page_remove_rmap 17 syz error 3 103d 139d
BUG: soft lockup in sys_clone3 1 1 103d 103d
KASAN: use-after-free Read in fast_dput (3) 19 27 95d 238d
BUG: soft lockup in bpf_prog_release 1 1 140d 140d
syzkaller: make host failed: failed to run ["make" "host" "ci" "agent"]: exit status 2 -1 2 74d 74d
BUG: soft lockup in sys_recvmsg (2) 1 C error 2 183d 363d
KASAN: use-after-free Read in hci_uart_write_work 19 2 173d 186d
KASAN: use-after-free Read in f2fs_release_page 19 2 175d 184d
BUG: soft lockup in rcu_core_si 1 1 178d 178d
KASAN: null-ptr-deref Write in incfs_kill_sb 12 1 187d 187d
SYZFAIL: failed to recv rpc -1 syz 1264 111d 652d
general protection fault in ip6_create_rt_rcu (2) 2 1 200d 200d
general protection fault in inherit_task_group 2 C 48 213d 794d
KASAN: use-after-free Read in seq_printf 19 15 209d 316d
KASAN: use-after-free Read in steam_send_report 19 3 210d 221d
BUG: soft lockup in sys_openat 1 1 211d 211d
KASAN: use-after-free Write in __ip6_del_rt 22 syz 11 213d 363d
KASAN: use-after-free Read in fib_flush 19 7 216d 317d
BUG: soft lockup in sys_clone (2) 1 1 226d 226d
BUG: soft lockup in sys_bind 1 1 231d 231d
SYZFAIL: mount(tmpfs) failed -1 1 233d 233d
general protection fault in nexthop_get_nhc_lookup 2 syz 20 204d 285d
general protection fault in find_match 2 50 202d 381d
KASAN: use-after-free Read in f2fs_inode_dirtied 19 C done 3 254d 304d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (9) -1 2 155d 155d
SYZFAIL: SIGSEGV (2) -1 3 246d 340d
kernel BUG in ext4_create_inline_data -1 C done 2 262d 323d
KASAN: slab-out-of-bounds Read in mon_bin_event 17 C done 60 238d 293d
BUG: scheduling while atomic in futex_wait_queue_me 5 1 264d 264d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (8) -1 2 186d 186d
KASAN: slab-out-of-bounds Write in try_module_get 21 11 281d 352d
BUG: soft lockup in sock_read_iter 1 2 283d 295d
KASAN: use-after-free Write in u32_destroy_key 22 1 287d 287d
general protection fault in lo_ioctl 2 1 299d 299d
KASAN: use-after-free Read in ext4_xattr_inode_dec_ref_all 19 C done 3 361d 390d
KASAN: use-after-free Read in tw_timer_handler 19 syz 10 281d 314d
SYZFAIL: SIGFPE (2) -1 8 313d 489d
KASAN: use-after-free Read in exact_lock (2) 19 172 281d 360d
KASAN: use-after-free Read in tcp_net_metrics_exit_batch 19 613 281d 319d
KASAN: use-after-free Read in inet_twsk_purge 19 74 283d 318d
general protection fault in tipc_conn_close (4) 2 2 326d 393d
general protection fault in __rt6_nh_dev_match 2 2 331d 343d
KASAN: slab-out-of-bounds Read in dentry_revalidate 17 2 336d 415d
BUG: using smp_processor_id() in preemptible code in usbnet_skb_return (2) 4 C error 2 351d 542d
general protection fault in ip6_create_rt_rcu 2 1 343d 343d
SYZFAIL: netlink_send_ext: short netlink write (2) -1 2 344d 410d
KASAN: use-after-free Write in l2tp_session_delete (2) 22 3 345d 446d
BUG: soft lockup in cleanup_net 1 1 347d 347d
BUG: soft lockup in input_repeat_key 1 C error 3 401d 909d
general protection fault in __loop_clr_fd 2 1 349d 349d
KASAN: use-after-free Read in fast_dput (2) 19 1 351d 351d
KASAN: use-after-free Write in ext4_insert_dentry 22 C done 25 364d 584d
kernel BUG in ext4_ind_map_blocks -1 2 356d 374d
BUG: soft lockup in addrconf_rs_timer (2) 1 C 265 336d 667d
kernel BUG in blk_mq_dispatch_rq_list (4) fat -1 C error 16 1023d 1275d
BUG: unable to handle kernel paging request in __gnet_stats_copy_basic 8 1 359d 359d
general protection fault in current_umask 2 C unreliable 5 370d 581d
KASAN: use-after-free Write in skb_release_data 22 1 362d 362d
KASAN: use-after-free Write in tipc_mon_reinit_self 22 1 386d 386d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (7) -1 2 307d 307d
SYZFAIL: open(/proc/self/ns/net) failed -1 1 398d 398d
BUG: soft lockup in sock_write_iter 1 1 405d 405d
KASAN: use-after-free Read in br_multicast_port_group_expired (2) 19 1 422d 422d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (6) -1 8 426d 497d
KASAN: stack-out-of-bounds Read in __xfrm_dst_hash 17 1 434d 434d
KASAN: use-after-free Read in exact_lock 19 53 412d 421d
kernel BUG in vlan_get_protocol_dgram -1 C done 6 464d 579d
KASAN: use-after-free Read in fast_dput 19 14 456d 645d
SYZFAIL: iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed -1 4 457d 544d
SYZFAIL: ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) -1 81 441d 629d
KASAN: use-after-free Read in lock_get_status 19 4 493d 509d
BUG: corrupted list in tipc_nametbl_translate 8 2 495d 518d
general protection fault in cleanup_bearer 19 C 14034 477d 479d
KASAN: out-of-bounds Read in __show_regs 17 1 498d 498d
BUG: soft lockup in br_multicast_group_expired (2) 1 1 501d 501d
BUG: Bad page map (3) -1 3 503d 648d
KASAN: use-after-free Write in virtio_transport_recv_pkt 22 C inconclusive 1 555d 747d
KASAN: use-after-free Read in bdev_try_to_free_page 19 1 508d 508d
KASAN: use-after-free Read in binder_release_work 19 C 154 490d 525d
BUG: soft lockup in mntput 1 1 526d 526d
SYZFAIL: handshake read failed -1 1 546d 546d
KASAN: use-after-free Write in l2tp_session_delete 22 2 546d 570d
kernel BUG in vlan_get_tci -1 2 551d 579d
SYZFAIL: netlink_send_ext: short netlink write -1 4 556d 646d
SYZFAIL: posix_spawn failed -1 9928 519d 656d
SYZFAIL: mmap of output file failed -1 20 544d 645d
SYZFAIL: child failed -1 syz error error 1 569d 1577d
KASAN: use-after-free Read in ext4_convert_inline_data_nolock 19 syz error 1 587d 721d
KASAN: use-after-free Read in __ext4_check_dir_entry 19 C error 2 592d 711d
BUG: corrupted list in p9_fd_cancelled (4) 8 4 573d 683d
BUG: unable to handle kernel paging request in __raw_callee_save___kvm_vcpu_is_preempted 8 1 582d 582d
SYZFAIL: mkdir(syz-tmp) failed -1 299 543d 656d
SYZFAIL: bad allocate request -1 148 544d 654d
KASAN: use-after-free Read in wg_queue_enqueue_per_peer_tx 19 2 584d 588d
SYZFAIL: ShmemBuilder: too large output offset -1 51 544d 652d
general protection fault in steam_send_report 2 1 585d 585d
SYZFAIL: can't reallocate -1 1 589d 589d
SYZFAIL: SIGSEGV -1 841 550d 664d
KASAN: use-after-free Write in __tlb_remove_page_size 22 1 592d 592d
SYZFAIL: SIGFPE -1 2 594d 638d
general protection fault in free_swap_cache 2 1 603d 603d
KASAN: stack-out-of-bounds Read in __show_regs 17 1 604d 604d
BUG: soft lockup in br_multicast_port_group_expired 1 1 605d 605d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (5) -1 30 575d 694d
KASAN: use-after-free Read in br_multicast_port_group_expired 19 1 608d 608d
BUG: soft lockup in net_rx_action 1 2 608d 620d
BUG: soft lockup in __run_timers 1 2 609d 677d
BUG: soft lockup in sys_sendmmsg 1 2 610d 610d
KASAN: use-after-free Read in usb_udc_uevent (3) 19 1 611d 611d
BUG: soft lockup in __netif_receive_skb_core 1 1 612d 612d
KASAN: use-after-free Read in unaccount_page_cache_page (2) 19 1 615d 615d
KASAN: use-after-free Read in worker_thread 19 1 617d 617d
BUG: soft lockup in wg_expired_send_persistent_keepalive 1 1 621d 621d
BUG: soft lockup in br_multicast_group_expired 1 1 622d 622d
BUG: soft lockup in ip_list_rcv 1 1 622d 622d
BUG: soft lockup in run_rebalance_domains 1 1 623d 623d
BUG: soft lockup in ipv6_rcv 1 3 627d 644d
KASAN: null-ptr-deref Write in __kernfs_remove 12 1 631d 631d
BUG: soft lockup in vfork 1 1 632d 632d
BUG: soft lockup in sys_exit_group 1 1 639d 639d
SYZFAIL: bad thread state in completion -1 syz error error 5 1227d 1569d
KASAN: use-after-free Read in dev_get_by_index_rcu 19 1 648d 648d
BUG: soft lockup in sys_clone 1 1 651d 651d
BUG: soft lockup in sys_recvmsg 1 4 652d 731d
SYZFAIL: control pipe read failed -1 1 655d 655d
SYZFAIL: too many calls in output -1 2 660d 660d
BUG: soft lockup in sys_bpf 1 2 666d 670d
BUG: unable to handle kernel paging request in swake_up_locked 8 C inconclusive 1 684d 715d
KASAN: use-after-free Read in macsec_get_iflink 19 syz error 2 689d 815d
KASAN: use-after-free Read in wg_packet_send_staged_packets 19 1 714d 714d
go runtime error 2 22 716d 995d
SYZFAIL: tun read failed -1 syz error error 123 642d 1641d
SYZFAIL: proc resp pipe read failed -1 73 649d 665d
general protection fault in fq_codel_enqueue (2) 2 2 729d 731d
panic: runtime error: floating point error [recovered] 2 1 737d 737d
android13-5.10-lts build error -1 44 700d 720d
KASAN: use-after-free Read in f2fs_write_end_io 19 1 744d 744d
syzkaller: failed to copy syzkaller: file bin/linux_arm64/syz-fuzzer does not exist -1 2 666d 666d
BUG: unable to handle kernel paging request in fuse_dev_do_write (3) 8 1 758d 758d
KASAN: use-after-free Read in unaccount_page_cache_page 19 150 729d 1258d
general protection fault in mnt_want_write (2) 2 1 796d 796d
BUG: corrupted list in p9_fd_cancelled (3) 8 C done unreliable 38 813d 898d
KASAN: stack-out-of-bounds Read in update_stack_state 17 1 809d 809d
panic: replaceArg: group fields don't match: NUM/NUM 2 13 773d 773d
general protection fault in skb_segment 2 C done 1 848d 862d
KASAN: use-after-free Read in key_task_permission 19 1 847d 847d
android13-5.10-lts test error: lost connection to test machine -1 1 853d 853d
BUG: unable to handle kernel paging request in fuse_dev_do_write (2) 8 1 878d 878d
KASAN: null-ptr-deref Write in backing_data_changed 12 C done 3 902d 975d
general protection fault in __writeback_single_inode 2 1 920d 920d
BUG: Bad page map (2) -1 1 922d 922d
KASAN: use-after-free Read in locked_inode_to_wb_and_lock_list 19 2 926d 956d
general protection fault in tipc_conn_close (3) 2 1 949d 949d
kernel BUG in __block_commit_write -1 1 951d 951d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (4) -1 20 959d 1161d
corrupted report (2) -1 6 960d 1038d
BUG: soft lockup in wg_packet_tx_worker 1 5 970d 1019d
BUG: soft lockup in neigh_timer_handler 1 2 971d 979d
BUG: soft lockup in wg_packet_handshake_send_worker 1 6 978d 1018d
BUG: soft lockup in sys_sendto 1 2 978d 1015d
kernel panic: EXT4-fs (device loop2): panic forced after error 2 1 982d 982d
BUG: soft lockup in tc_modify_qdisc 1 C done done 314 966d 1019d
BUG: soft lockup in addrconf_rs_timer 1 2 995d 1013d
fatal error: fault -1 1 1002d 1002d
BUG: using smp_processor_id() in preemptible code in usbnet_skb_return 4 syz error error 2 1003d 1484d
fatal error: Connection to IP closed by remote host. -1 3 1018d 1142d
BUG: stack guard page was hit in corrupted (23) -1 syz error error 1 1043d 1043d
KASAN: use-after-free Read in usb_udc_uevent (2) 19 1 1040d 1040d
kernel BUG in ext4_expand_extra_isize_ea -1 C done done 5 1053d 1067d
BUG: unable to handle kernel paging request in fuse_dev_do_write 8 18 1013d 1079d
KASAN: global-out-of-bounds Read in f2fs_release_page 19 2 1051d 1083d
SYZFAIL: clock_gettime failed -1 syz error error 5 1059d 1584d
KASAN: use-after-free Read in f2fs_remove_dirty_inode 19 C error error 4 1073d 1129d
general protection fault in do_swap_page 2 246 1043d 1480d
kernel panic: EXT4-fs (device loop3): panic forced after error 2 1 1096d 1096d
general protection fault in kernfs_name_hash (6) 2 C error error 22 1126d 1292d
kernel panic: EXT4-fs (device loop4): panic forced after error 2 1 1100d 1100d
android12-5.10-lts build error (2) -1 220 1083d 1183d
VFS: Busy inodes after unmount (use-after-free) 2 C done inconclusive 1 1150d 1150d
general protection fault in filp_close 2 1 1123d 1123d
BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster erofs 8 C error error 3 1168d 1266d
BUG: Bad page map -1 1 1140d 1140d
KASAN: use-after-free Read in hci_cmd_timeout 19 1 1147d 1147d
syzkaller: make host failed: failed to run ["make" "host" "ci"]: exit status 2 -1 2 1151d 1151d
kernel panic: corrupted stack end in sys_sendmmsg 2 syz error error 14 1165d 1191d
KASAN: use-after-free Read in fuse_copy_one 19 C error inconclusive 1 1253d 1253d
kernel BUG in jbd2_journal_get_create_access -1 syz error error 1 1260d 1260d
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) 17 syz error error 1 1206d 1206d
BUG: scheduling while atomic in f2fs_register_inmem_page 5 C error inconclusive 1 1132d 1132d
KASAN: use-after-free Read in usb_udc_uevent 19 2 1165d 1189d
general protection fault in f2fs_release_page f2fs 19 3 1181d 1223d
general protection fault in tipc_conn_close (2) 2 6 1223d 1309d
KASAN: use-after-free Read in xpad_presence_work 19 1 1268d 1268d
kernel panic: EXT4-fs (device loop0): panic forced after error ext4 2 C 1 1213d 1213d
divide error in netem_enqueue (2) 2 1 1314d 1314d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields (2) 17 1 1332d 1332d
panic: runtime error: floating point error 2 1 1337d 1337d
KASAN: use-after-free Read in __cgroup_bpf_attach (3) 19 1 1352d 1352d
KASAN: use-after-free Read in __tcf_qdisc_find 19 1 1352d 1352d
KASAN: invalid-free in selinux_tun_dev_free_security 24 14 1346d 1355d
general protection fault in fq_codel_enqueue 2 1 1363d 1363d
BUG: corrupted list in pwq_dec_nr_in_flight (2) 8 1 1366d 1366d
general protection fault in tcp_sk_exit (2) 2 1 1374d 1374d
KASAN: use-after-free Read in css_free_rwork_fn (2) 19 2 1378d 1463d
android12-5.10-lts-superproject build error -1 24 1386d 1412d
panic: bad group arg size NUM, should be <= NUM for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2de, dir:0x0}, Inner:[ 2 23 1299d 1301d
general protection fault in ext4_xattr_set_entry 2 C error 2 1306d 1320d
kernel BUG in ext4_es_cache_extent -1 C error 1 1332d 1332d
BUG: unable to handle kernel paging request in reuseport_select_sock 8 1 1406d 1406d
BUG: stack guard page was hit in corrupted (22) -1 syz done done 1 1442d 1442d
kernel panic: corrupted stack end in sys_futex 2 syz error error 1 1469d 1469d
KASAN: use-after-free Read in f2fs_available_free_memory 19 syz error error 7 1529d 1629d
BUG: unable to handle kernel NULL pointer dereference in ipv6_rcv 10 syz 1 1472d 1472d
divide error in netem_enqueue 2 2 1422d 1433d
general protection fault in tipc_conn_close 2 1 1438d 1438d
BUG: stack guard page was hit in file_open (11) -1 4 1440d 1442d
BUG: stack guard page was hit in sys_mkdir (5) -1 1 1441d 1441d
BUG: stack guard page was hit in sys_creat (10) -1 1 1442d 1442d
kernel BUG in collapse_huge_page -1 1 1449d 1449d
general protection fault in __device_attach 2 1 1451d 1451d
kernel BUG in blk_mq_dispatch_rq_list -1 C error 16 1370d 1570d
KASAN: use-after-free Read in __cgroup_bpf_attach (2) 19 1 1459d 1459d
KASAN: use-after-free Read in vcs_write 19 1 1460d 1460d
SYZFAIL: failed to mkdtemp -1 15 1461d 1629d
BUG: corrupted list in pwq_dec_nr_in_flight 8 1 1461d 1461d
corrupted report -1 289 1440d 1589d
BUG: corrupted list in p9_fd_cancelled (2) 8 3 1471d 1506d
general protection fault in tcp_sk_exit 2 1 1473d 1473d
SYZFAIL: tun: ioctl(TUNSETIFF) failed -1 7 1473d 1632d
kernel panic: corrupted stack end in file_open 2 1 1476d 1476d
general protection fault in icmpv6_sk_exit 2 1 1482d 1482d
general protection fault in mnt_want_write 2 1 1489d 1489d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (3) -1 3 1401d 1401d
general protection fault in del_gendisk (3) 2 C done 1 1430d 1430d
KASAN: use-after-free Read in io_uring_cancel_task_requests 19 1 1516d 1516d
KASAN: slab-out-of-bounds Read in fuse_inode_eq 17 5 1516d 1523d
KASAN: use-after-free Write in dir_mkdir 22 1 1522d 1522d
KASAN: null-ptr-deref Write in incfs_fresh_pending_reads_exist 12 1 1529d 1529d
general protection fault in kernfs_name_hash 2 C done 2 1464d 1464d
kernel BUG in notify_change (2) -1 C error 2 1457d 1457d
general protection fault in del_gendisk (2) 2 C error 2 1454d 1455d
SYZFAIL: sandbox fork failed -1 3 1537d 1621d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields 17 1 1576d 1576d
SYZFAIL: bad thread state in schedule -1 1 1556d 1556d
KASAN: stack-out-of-bounds Read in iov_iter_revert 17 C error 10 1486d 1638d
SYZFAIL: invalid syscall number -1 2 1576d 1597d
kernel BUG in ext4_free_blocks -1 3 1590d 1622d
general protection fault in io_prep_async_work 2 1 1559d 1559d
KASAN: use-after-free Read in io_kill_linked_timeout 19 C error 14 1507d 1555d
KASAN: use-after-free Read in __fdget_raw 19 C error error 1 1551d 1551d
KASAN: invalid-free in io_dismantle_req 24 C error 7 1518d 1512d
general protection fault in del_gendisk 2 C error 1 1517d 1624d
BUG: corrupted list in p9_fd_cancelled 8 1 1598d 1598d
KASAN: use-after-free Read in task_work_run 19 2 1631d 1630d
KASAN: use-after-free Write in chroot_fs_refs 22 2 1629d 1630d
BUG: stack guard page was hit in sys_fsetxattr -1 1 1542d 1542d
BUG: stack guard page was hit in sys_lsetxattr -1 C error inconclusive 2 1548d 1548d
BUG: stack guard page was hit in sys_setxattr -1 C error 6 1544d 1567d
BUG: stack guard page was hit in corrupted -1 C error 3 1532d 1568d
BUG: stack guard page was hit in sys_unlink -1 2 1567d 1568d
BUG: stack guard page was hit in sys_creat -1 C error done 7 1515d 1579d
BUG: stack guard page was hit in sys_lchown -1 C error 4 1535d 1584d
BUG: stack guard page was hit in sys_chdir -1 5 1513d 1585d
KASAN: use-after-free Read in css_free_rwork_fn 19 1 1604d 1604d
KASAN: use-after-free Read in rcu_cblist_dequeue 19 1 1636d 1630d
BUG: workqueue lockup -1 C error 25 1541d 1639d
KASAN: use-after-free Read in __cgroup_bpf_attach 19 2 1610d 1613d
KASAN: use-after-free Read in dev_uevent 19 1 1615d 1615d
general protection fault in bdev_read_page 2 1 1616d 1616d
SYZFAIL: out of opened kcov threads -1 47 1592d 1593d
SYZFAIL: tun: can't open /dev/net/tun -1 1 1626d 1626d
KASAN: use-after-free Read in compute_effective_progs 19 1 1621d 1621d
KASAN: stack-out-of-bounds Read in xfrm_state_find 17 1 1625d 1625d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (2) -1 1 1547d 1547d
android12-5.10-lts test error: UBSAN: object-size-mismatch in wg_xmit -1 69 1602d 1628d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 -1 1 1620d 1620d
android12-5.10-lts build error -1 1 1642d 1642d