syzbot

 sign-in | mailing list | source | docs
🐞 Open [119]
🐞 Fixed [70]
🐞 Invalid [215]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Out of 215 bugs, 176 were automatically obsoleted (27 due to revoked reproducers), 39 were invalidated by users.
Title Repro Cause bisect Fix bisect Count Last Reported
KASAN: use-after-free Read in br_multicast_port_group_expired (2) 1 99d 99d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (6) 8 103d 175d
KASAN: stack-out-of-bounds Read in __xfrm_dst_hash 1 111d 111d
KASAN: use-after-free Read in exact_lock 53 89d 99d
kernel BUG in vlan_get_protocol_dgram C done 6 141d 256d
KASAN: use-after-free Read in fast_dput 14 133d 323d
SYZFAIL: iptable checkpoint: socket(SOCK_STREAM, IPPROTO_TCP) failed 4 134d 222d
SYZFAIL: ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) 81 118d 306d
KASAN: use-after-free Read in lock_get_status 4 170d 187d
BUG: corrupted list in tipc_nametbl_translate 2 173d 195d
general protection fault in cleanup_bearer C 14034 154d 157d
KASAN: out-of-bounds Read in __show_regs 1 176d 176d
BUG: soft lockup in br_multicast_group_expired (2) 1 179d 179d
BUG: Bad page map (3) 3 180d 326d
KASAN: use-after-free Write in virtio_transport_recv_pkt C inconclusive 1 233d 425d
KASAN: use-after-free Read in bdev_try_to_free_page 1 185d 185d
KASAN: use-after-free Read in binder_release_work C 154 167d 202d
BUG: soft lockup in mntput 1 204d 204d
SYZFAIL: handshake read failed 1 223d 223d
KASAN: use-after-free Write in l2tp_session_delete 2 224d 247d
kernel BUG in vlan_get_tci 2 228d 256d
SYZFAIL: netlink_send_ext: short netlink write 4 234d 323d
SYZFAIL: posix_spawn failed 9928 197d 334d
SYZFAIL: mmap of output file failed 20 222d 323d
SYZFAIL: child failed syz error error 1 246d 1254d
KASAN: use-after-free Read in ext4_convert_inline_data_nolock syz error 1 265d 398d
KASAN: use-after-free Read in __ext4_check_dir_entry C error 2 270d 388d
BUG: corrupted list in p9_fd_cancelled (4) 4 250d 360d
BUG: unable to handle kernel paging request in __raw_callee_save___kvm_vcpu_is_preempted 1 259d 259d
SYZFAIL: mkdir(syz-tmp) failed 299 221d 333d
SYZFAIL: bad allocate request 148 221d 331d
KASAN: use-after-free Read in wg_queue_enqueue_per_peer_tx 2 262d 266d
SYZFAIL: ShmemBuilder: too large output offset 51 222d 330d
general protection fault in steam_send_report 1 263d 263d
SYZFAIL: can't reallocate 1 266d 266d
SYZFAIL: SIGSEGV 841 228d 342d
KASAN: use-after-free Write in __tlb_remove_page_size 1 269d 269d
SYZFAIL: SIGFPE 2 271d 316d
general protection fault in free_swap_cache 1 281d 281d
KASAN: stack-out-of-bounds Read in __show_regs 1 282d 282d
BUG: soft lockup in br_multicast_port_group_expired 1 283d 283d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (5) 30 252d 371d
KASAN: use-after-free Read in br_multicast_port_group_expired 1 286d 286d
BUG: soft lockup in net_rx_action 2 286d 298d
BUG: soft lockup in __run_timers 2 286d 355d
BUG: soft lockup in sys_sendmmsg 2 288d 288d
KASAN: use-after-free Read in usb_udc_uevent (3) 1 288d 288d
BUG: soft lockup in __netif_receive_skb_core 1 290d 290d
KASAN: use-after-free Read in unaccount_page_cache_page (2) 1 293d 293d
KASAN: use-after-free Read in worker_thread 1 295d 295d
BUG: soft lockup in wg_expired_send_persistent_keepalive 1 298d 298d
BUG: soft lockup in br_multicast_group_expired 1 299d 299d
BUG: soft lockup in ip_list_rcv 1 300d 300d
BUG: soft lockup in run_rebalance_domains 1 301d 301d
BUG: soft lockup in ipv6_rcv 3 305d 322d
KASAN: null-ptr-deref Write in __kernfs_remove 1 308d 308d
BUG: soft lockup in vfork 1 310d 310d
BUG: soft lockup in sys_exit_group 1 316d 316d
SYZFAIL: bad thread state in completion syz error error 5 904d 1246d
KASAN: use-after-free Read in dev_get_by_index_rcu 1 325d 325d
BUG: soft lockup in sys_clone 1 329d 329d
BUG: soft lockup in sys_recvmsg 4 330d 409d
SYZFAIL: control pipe read failed 1 333d 333d
SYZFAIL: too many calls in output 2 338d 338d
BUG: soft lockup in sys_bpf 2 343d 347d
BUG: unable to handle kernel paging request in swake_up_locked C inconclusive 1 361d 393d
KASAN: use-after-free Read in macsec_get_iflink syz error 2 366d 493d
KASAN: use-after-free Read in wg_packet_send_staged_packets 1 392d 392d
go runtime error 22 394d 672d
SYZFAIL: tun read failed syz error error 123 320d 1318d
SYZFAIL: proc resp pipe read failed 73 327d 343d
general protection fault in fq_codel_enqueue (2) 2 407d 408d
panic: runtime error: floating point error [recovered] 1 414d 414d
android13-5.10-lts build error 44 377d 397d
KASAN: use-after-free Read in f2fs_write_end_io 1 421d 421d
syzkaller: failed to copy syzkaller: file bin/linux_arm64/syz-fuzzer does not exist 2 343d 343d
BUG: unable to handle kernel paging request in fuse_dev_do_write (3) 1 435d 435d
KASAN: use-after-free Read in unaccount_page_cache_page 150 407d 935d
general protection fault in mnt_want_write (2) 1 473d 473d
BUG: corrupted list in p9_fd_cancelled (3) C done unreliable 38 491d 576d
KASAN: stack-out-of-bounds Read in update_stack_state 1 486d 486d
panic: replaceArg: group fields don't match: NUM/NUM 13 450d 451d
general protection fault in skb_segment C done 1 526d 540d
KASAN: use-after-free Read in key_task_permission 1 524d 524d
android13-5.10-lts test error: lost connection to test machine 1 530d 530d
BUG: unable to handle kernel paging request in fuse_dev_do_write (2) 1 555d 555d
KASAN: null-ptr-deref Write in backing_data_changed C done 3 580d 652d
general protection fault in __writeback_single_inode 1 597d 597d
BUG: Bad page map (2) 1 599d 599d
KASAN: use-after-free Read in locked_inode_to_wb_and_lock_list 2 603d 634d
general protection fault in tipc_conn_close (3) 1 626d 626d
kernel BUG in __block_commit_write 1 628d 628d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (4) 20 637d 839d
corrupted report (2) 6 638d 716d
BUG: soft lockup in wg_packet_tx_worker 5 648d 697d
BUG: soft lockup in neigh_timer_handler 2 648d 656d
BUG: soft lockup in wg_packet_handshake_send_worker 6 655d 695d
BUG: soft lockup in sys_sendto 2 656d 693d
kernel panic: EXT4-fs (device loop2): panic forced after error 1 660d 660d
BUG: soft lockup in tc_modify_qdisc C done done 314 643d 697d
BUG: soft lockup in addrconf_rs_timer 2 672d 691d
fatal error: fault 1 679d 679d
BUG: using smp_processor_id() in preemptible code in usbnet_skb_return syz error error 2 681d 1162d
fatal error: Connection to IP closed by remote host. 3 696d 819d
BUG: stack guard page was hit in corrupted (23) syz error error 1 720d 720d
KASAN: use-after-free Read in usb_udc_uevent (2) 1 718d 718d
kernel BUG in ext4_expand_extra_isize_ea C done done 5 731d 745d
BUG: unable to handle kernel paging request in fuse_dev_do_write 18 691d 756d
KASAN: global-out-of-bounds Read in f2fs_release_page 2 729d 761d
SYZFAIL: clock_gettime failed syz error error 5 736d 1262d
KASAN: use-after-free Read in f2fs_remove_dirty_inode C error error 4 750d 807d
general protection fault in do_swap_page 246 720d 1157d
kernel panic: EXT4-fs (device loop3): panic forced after error 1 774d 774d
general protection fault in kernfs_name_hash (6) C error error 22 804d 970d
kernel panic: EXT4-fs (device loop4): panic forced after error 1 777d 777d
android12-5.10-lts build error (2) 220 760d 861d
VFS: Busy inodes after unmount (use-after-free) C done inconclusive 1 828d 828d
general protection fault in filp_close 1 801d 801d
BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster erofs C error error 3 845d 943d
BUG: Bad page map 1 818d 818d
KASAN: use-after-free Read in hci_cmd_timeout 1 825d 825d
syzkaller: make host failed: failed to run ["make" "host" "ci"]: exit status 2 2 829d 829d
kernel panic: corrupted stack end in sys_sendmmsg syz error error 14 843d 869d
KASAN: use-after-free Read in fuse_copy_one C error inconclusive 1 930d 930d
kernel BUG in jbd2_journal_get_create_access syz error error 1 937d 937d
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 883d 883d
BUG: scheduling while atomic in f2fs_register_inmem_page C error inconclusive 1 809d 809d
KASAN: use-after-free Read in usb_udc_uevent 2 843d 866d
general protection fault in f2fs_release_page f2fs 3 859d 901d
general protection fault in tipc_conn_close (2) 6 900d 986d
KASAN: use-after-free Read in xpad_presence_work 1 945d 945d
kernel panic: EXT4-fs (device loop0): panic forced after error ext4 C 1 891d 891d
divide error in netem_enqueue (2) 1 991d 991d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields (2) 1 1010d 1010d
panic: runtime error: floating point error 1 1014d 1014d
KASAN: use-after-free Read in __cgroup_bpf_attach (3) 1 1029d 1029d
KASAN: use-after-free Read in __tcf_qdisc_find 1 1030d 1030d
KASAN: invalid-free in selinux_tun_dev_free_security 14 1023d 1033d
general protection fault in fq_codel_enqueue 1 1041d 1041d
BUG: corrupted list in pwq_dec_nr_in_flight (2) 1 1044d 1044d
general protection fault in tcp_sk_exit (2) 1 1051d 1051d
KASAN: use-after-free Read in css_free_rwork_fn (2) 2 1056d 1140d
android12-5.10-lts-superproject build error 24 1064d 1090d
panic: bad group arg size NUM, should be <= NUM for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2de, dir:0x0}, Inner:[ 23 977d 978d
general protection fault in ext4_xattr_set_entry C error 2 984d 998d
kernel BUG in ext4_es_cache_extent C error 1 1009d 1009d
BUG: unable to handle kernel paging request in reuseport_select_sock 1 1083d 1083d
BUG: stack guard page was hit in corrupted (22) syz done done 1 1120d 1120d
kernel panic: corrupted stack end in sys_futex syz error error 1 1147d 1147d
KASAN: use-after-free Read in f2fs_available_free_memory syz error error 7 1206d 1306d
BUG: unable to handle kernel NULL pointer dereference in ipv6_rcv syz 1 1149d 1149d
divide error in netem_enqueue 2 1099d 1110d
general protection fault in tipc_conn_close 1 1115d 1115d
BUG: stack guard page was hit in file_open (11) 4 1117d 1120d
BUG: stack guard page was hit in sys_mkdir (5) 1 1119d 1119d
BUG: stack guard page was hit in sys_creat (10) 1 1120d 1120d
kernel BUG in collapse_huge_page 1 1126d 1126d
general protection fault in __device_attach 1 1129d 1129d
kernel BUG in blk_mq_dispatch_rq_list C error 16 1048d 1247d
KASAN: use-after-free Read in __cgroup_bpf_attach (2) 1 1137d 1137d
KASAN: use-after-free Read in vcs_write 1 1138d 1138d
SYZFAIL: failed to mkdtemp 15 1138d 1306d
BUG: corrupted list in pwq_dec_nr_in_flight 1 1139d 1139d
corrupted report 289 1117d 1266d
BUG: corrupted list in p9_fd_cancelled (2) 3 1148d 1183d
general protection fault in tcp_sk_exit 1 1151d 1151d
SYZFAIL: tun: ioctl(TUNSETIFF) failed 7 1151d 1310d
kernel panic: corrupted stack end in file_open 1 1154d 1154d
general protection fault in icmpv6_sk_exit 1 1160d 1160d
general protection fault in mnt_want_write 1 1166d 1166d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (3) 3 1078d 1078d
general protection fault in del_gendisk (3) C done 1 1107d 1107d
KASAN: use-after-free Read in io_uring_cancel_task_requests 1 1193d 1193d
KASAN: slab-out-of-bounds Read in fuse_inode_eq 5 1193d 1201d
KASAN: use-after-free Write in dir_mkdir 1 1200d 1200d
KASAN: null-ptr-deref Write in incfs_fresh_pending_reads_exist 1 1207d 1207d
general protection fault in kernfs_name_hash C done 2 1141d 1141d
kernel BUG in notify_change (2) C error 2 1135d 1135d
general protection fault in del_gendisk (2) C error 2 1132d 1132d
SYZFAIL: sandbox fork failed 3 1215d 1298d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields 1 1254d 1254d
SYZFAIL: bad thread state in schedule 1 1234d 1234d
KASAN: stack-out-of-bounds Read in iov_iter_revert C error 10 1163d 1316d
SYZFAIL: invalid syscall number 2 1253d 1275d
kernel BUG in ext4_free_blocks 3 1267d 1300d
general protection fault in io_prep_async_work 1 1236d 1236d
KASAN: use-after-free Read in io_kill_linked_timeout C error 14 1185d 1233d
KASAN: use-after-free Read in __fdget_raw C error error 1 1228d 1228d
KASAN: invalid-free in io_dismantle_req C error 7 1195d 1189d
general protection fault in del_gendisk C error 1 1195d 1302d
BUG: corrupted list in p9_fd_cancelled 1 1275d 1275d
KASAN: use-after-free Read in task_work_run 2 1309d 1308d
KASAN: use-after-free Write in chroot_fs_refs 2 1306d 1308d
BUG: stack guard page was hit in sys_fsetxattr 1 1219d 1219d
BUG: stack guard page was hit in sys_lsetxattr C error inconclusive 2 1225d 1225d
BUG: stack guard page was hit in sys_setxattr C error 6 1222d 1245d
BUG: stack guard page was hit in corrupted C error 3 1210d 1245d
BUG: stack guard page was hit in sys_unlink 2 1245d 1245d
BUG: stack guard page was hit in sys_creat C error done 7 1192d 1257d
BUG: stack guard page was hit in sys_lchown C error 4 1213d 1262d
BUG: stack guard page was hit in sys_chdir 5 1191d 1262d
KASAN: use-after-free Read in css_free_rwork_fn 1 1282d 1282d
KASAN: use-after-free Read in rcu_cblist_dequeue 1 1314d 1308d
BUG: workqueue lockup C error 25 1219d 1317d
KASAN: use-after-free Read in __cgroup_bpf_attach 2 1288d 1290d
KASAN: use-after-free Read in dev_uevent 1 1292d 1292d
general protection fault in bdev_read_page 1 1294d 1294d
SYZFAIL: out of opened kcov threads 47 1269d 1270d
SYZFAIL: tun: can't open /dev/net/tun 1 1303d 1303d
KASAN: use-after-free Read in compute_effective_progs 1 1299d 1299d
KASAN: stack-out-of-bounds Read in xfrm_state_find 1 1303d 1303d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (2) 1 1225d 1225d
android12-5.10-lts test error: UBSAN: object-size-mismatch in wg_xmit 69 1279d 1306d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 1 1298d 1298d
android12-5.10-lts build error 1 1320d 1320d