syzbot

 sign-in | mailing list | source | docs
🐞 Open [106]
🐞 Fixed [70]
🐞 Invalid [208]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

Out of 208 bugs, 169 were automatically obsoleted (26 due to revoked reproducers), 39 were invalidated by users.
Title Repro Cause bisect Fix bisect Count Last Reported
SYZFAIL: ebtable: socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) 81 59d 247d
KASAN: use-after-free Read in lock_get_status 4 111d 127d
BUG: corrupted list in tipc_nametbl_translate 2 113d 136d
general protection fault in cleanup_bearer C 14034 95d 98d
KASAN: out-of-bounds Read in __show_regs 1 116d 116d
BUG: soft lockup in br_multicast_group_expired (2) 1 119d 119d
BUG: Bad page map (3) 3 121d 266d
KASAN: use-after-free Write in virtio_transport_recv_pkt C inconclusive 1 173d 365d
KASAN: use-after-free Read in bdev_try_to_free_page 1 126d 126d
KASAN: use-after-free Read in binder_release_work C 154 108d 143d
BUG: soft lockup in mntput 1 145d 145d
SYZFAIL: handshake read failed 1 164d 164d
KASAN: use-after-free Write in l2tp_session_delete 2 164d 188d
kernel BUG in vlan_get_tci 2 169d 197d
SYZFAIL: netlink_send_ext: short netlink write 4 175d 264d
SYZFAIL: posix_spawn failed 9928 138d 274d
SYZFAIL: mmap of output file failed 20 162d 263d
SYZFAIL: child failed syz error error 1 187d 1195d
KASAN: use-after-free Read in ext4_convert_inline_data_nolock syz error 1 206d 339d
KASAN: use-after-free Read in __ext4_check_dir_entry C error 2 210d 329d
BUG: corrupted list in p9_fd_cancelled (4) 4 191d 301d
BUG: unable to handle kernel paging request in __raw_callee_save___kvm_vcpu_is_preempted 1 200d 200d
SYZFAIL: mkdir(syz-tmp) failed 299 161d 274d
SYZFAIL: bad allocate request 148 162d 272d
KASAN: use-after-free Read in wg_queue_enqueue_per_peer_tx 2 202d 207d
SYZFAIL: ShmemBuilder: too large output offset 51 162d 270d
general protection fault in steam_send_report 1 203d 203d
SYZFAIL: can't reallocate 1 207d 207d
SYZFAIL: SIGSEGV 841 168d 282d
KASAN: use-after-free Write in __tlb_remove_page_size 1 210d 210d
SYZFAIL: SIGFPE 2 212d 257d
general protection fault in free_swap_cache 1 221d 221d
KASAN: stack-out-of-bounds Read in __show_regs 1 222d 222d
BUG: soft lockup in br_multicast_port_group_expired 1 223d 223d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (5) 30 193d 312d
KASAN: use-after-free Read in br_multicast_port_group_expired 1 226d 226d
BUG: soft lockup in net_rx_action 2 226d 238d
BUG: soft lockup in __run_timers 2 227d 296d
BUG: soft lockup in sys_sendmmsg 2 228d 228d
KASAN: use-after-free Read in usb_udc_uevent (3) 1 229d 229d
BUG: soft lockup in __netif_receive_skb_core 1 231d 231d
KASAN: use-after-free Read in unaccount_page_cache_page (2) 1 233d 233d
KASAN: use-after-free Read in worker_thread 1 235d 235d
BUG: soft lockup in wg_expired_send_persistent_keepalive 1 239d 239d
BUG: soft lockup in br_multicast_group_expired 1 240d 240d
BUG: soft lockup in ip_list_rcv 1 240d 240d
BUG: soft lockup in run_rebalance_domains 1 241d 241d
BUG: soft lockup in ipv6_rcv 3 246d 262d
KASAN: null-ptr-deref Write in __kernfs_remove 1 249d 249d
BUG: soft lockup in vfork 1 250d 250d
BUG: soft lockup in sys_exit_group 1 257d 257d
SYZFAIL: bad thread state in completion syz error error 5 845d 1187d
KASAN: use-after-free Read in dev_get_by_index_rcu 1 266d 266d
BUG: soft lockup in sys_clone 1 270d 270d
BUG: soft lockup in sys_recvmsg 4 271d 349d
SYZFAIL: control pipe read failed 1 273d 273d
SYZFAIL: too many calls in output 2 278d 279d
BUG: soft lockup in sys_bpf 2 284d 288d
BUG: unable to handle kernel paging request in swake_up_locked C inconclusive 1 302d 333d
KASAN: use-after-free Read in macsec_get_iflink syz error 2 307d 433d
KASAN: use-after-free Read in wg_packet_send_staged_packets 1 332d 332d
go runtime error 22 334d 613d
SYZFAIL: tun read failed syz error error 123 260d 1259d
SYZFAIL: proc resp pipe read failed 73 268d 283d
general protection fault in fq_codel_enqueue (2) 2 347d 349d
panic: runtime error: floating point error [recovered] 1 355d 355d
android13-5.10-lts build error 44 318d 338d
KASAN: use-after-free Read in f2fs_write_end_io 1 362d 362d
syzkaller: failed to copy syzkaller: file bin/linux_arm64/syz-fuzzer does not exist 2 284d 284d
BUG: unable to handle kernel paging request in fuse_dev_do_write (3) 1 376d 376d
KASAN: use-after-free Read in unaccount_page_cache_page 150 347d 876d
general protection fault in mnt_want_write (2) 1 414d 414d
BUG: corrupted list in p9_fd_cancelled (3) C done unreliable 38 431d 516d
KASAN: stack-out-of-bounds Read in update_stack_state 1 427d 427d
panic: replaceArg: group fields don't match: NUM/NUM 13 391d 391d
general protection fault in skb_segment C done 1 466d 480d
KASAN: use-after-free Read in key_task_permission 1 465d 465d
android13-5.10-lts test error: lost connection to test machine 1 471d 471d
BUG: unable to handle kernel paging request in fuse_dev_do_write (2) 1 496d 496d
KASAN: null-ptr-deref Write in backing_data_changed C done 3 521d 593d
general protection fault in __writeback_single_inode 1 538d 538d
BUG: Bad page map (2) 1 540d 540d
KASAN: use-after-free Read in locked_inode_to_wb_and_lock_list 2 544d 575d
general protection fault in tipc_conn_close (3) 1 567d 567d
kernel BUG in __block_commit_write 1 569d 569d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (4) 20 578d 780d
corrupted report (2) 6 579d 656d
BUG: soft lockup in wg_packet_tx_worker 5 588d 638d
BUG: soft lockup in neigh_timer_handler 2 589d 597d
BUG: soft lockup in wg_packet_handshake_send_worker 6 596d 636d
BUG: soft lockup in sys_sendto 2 597d 633d
kernel panic: EXT4-fs (device loop2): panic forced after error 1 600d 600d
BUG: soft lockup in tc_modify_qdisc C done done 314 584d 637d
BUG: soft lockup in addrconf_rs_timer 2 613d 631d
fatal error: fault 1 620d 620d
BUG: using smp_processor_id() in preemptible code in usbnet_skb_return syz error error 2 622d 1102d
fatal error: Connection to IP closed by remote host. 3 637d 760d
BUG: stack guard page was hit in corrupted (23) syz error error 1 661d 661d
KASAN: use-after-free Read in usb_udc_uevent (2) 1 658d 658d
kernel BUG in ext4_expand_extra_isize_ea C done done 5 671d 685d
BUG: unable to handle kernel paging request in fuse_dev_do_write 18 632d 697d
KASAN: global-out-of-bounds Read in f2fs_release_page 2 670d 702d
SYZFAIL: clock_gettime failed syz error error 5 677d 1202d
KASAN: use-after-free Read in f2fs_remove_dirty_inode C error error 4 691d 747d
general protection fault in do_swap_page 246 661d 1098d
kernel panic: EXT4-fs (device loop3): panic forced after error 1 714d 714d
general protection fault in kernfs_name_hash (6) C error error 22 745d 910d
kernel panic: EXT4-fs (device loop4): panic forced after error 1 718d 718d
android12-5.10-lts build error (2) 220 701d 801d
VFS: Busy inodes after unmount (use-after-free) C done inconclusive 1 768d 768d
general protection fault in filp_close 1 741d 741d
BUG: unable to handle kernel paging request in z_erofs_decompress_pcluster erofs C error error 3 786d 884d
BUG: Bad page map 1 758d 758d
KASAN: use-after-free Read in hci_cmd_timeout 1 765d 765d
syzkaller: make host failed: failed to run ["make" "host" "ci"]: exit status 2 2 769d 769d
kernel panic: corrupted stack end in sys_sendmmsg syz error error 14 784d 809d
KASAN: use-after-free Read in fuse_copy_one C error inconclusive 1 871d 871d
kernel BUG in jbd2_journal_get_create_access syz error error 1 878d 878d
KASAN: stack-out-of-bounds Read in xfrm_state_find (2) syz error error 1 824d 824d
BUG: scheduling while atomic in f2fs_register_inmem_page C error inconclusive 1 750d 750d
KASAN: use-after-free Read in usb_udc_uevent 2 783d 807d
general protection fault in f2fs_release_page f2fs 3 799d 841d
general protection fault in tipc_conn_close (2) 6 841d 927d
KASAN: use-after-free Read in xpad_presence_work 1 886d 886d
kernel panic: EXT4-fs (device loop0): panic forced after error ext4 C 1 831d 831d
divide error in netem_enqueue (2) 1 932d 932d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields (2) 1 951d 951d
panic: runtime error: floating point error 1 955d 955d
KASAN: use-after-free Read in __cgroup_bpf_attach (3) 1 970d 970d
KASAN: use-after-free Read in __tcf_qdisc_find 1 971d 971d
KASAN: invalid-free in selinux_tun_dev_free_security 14 964d 974d
general protection fault in fq_codel_enqueue 1 981d 981d
BUG: corrupted list in pwq_dec_nr_in_flight (2) 1 984d 984d
general protection fault in tcp_sk_exit (2) 1 992d 992d
KASAN: use-after-free Read in css_free_rwork_fn (2) 2 996d 1081d
android12-5.10-lts-superproject build error 24 1004d 1031d
panic: bad group arg size NUM, should be <= NUM for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2de, dir:0x0}, Inner:[ 23 918d 919d
general protection fault in ext4_xattr_set_entry C error 2 924d 939d
kernel BUG in ext4_es_cache_extent C error 1 950d 950d
BUG: unable to handle kernel paging request in reuseport_select_sock 1 1024d 1024d
BUG: stack guard page was hit in corrupted (22) syz done done 1 1060d 1060d
kernel panic: corrupted stack end in sys_futex syz error error 1 1088d 1088d
KASAN: use-after-free Read in f2fs_available_free_memory syz error error 7 1147d 1247d
BUG: unable to handle kernel NULL pointer dereference in ipv6_rcv syz 1 1090d 1090d
divide error in netem_enqueue 2 1040d 1051d
general protection fault in tipc_conn_close 1 1056d 1056d
BUG: stack guard page was hit in file_open (11) 4 1058d 1060d
BUG: stack guard page was hit in sys_mkdir (5) 1 1060d 1060d
BUG: stack guard page was hit in sys_creat (10) 1 1060d 1060d
kernel BUG in collapse_huge_page 1 1067d 1067d
general protection fault in __device_attach 1 1069d 1069d
kernel BUG in blk_mq_dispatch_rq_list C error 16 988d 1188d
KASAN: use-after-free Read in __cgroup_bpf_attach (2) 1 1077d 1077d
KASAN: use-after-free Read in vcs_write 1 1078d 1078d
SYZFAIL: failed to mkdtemp 15 1079d 1247d
BUG: corrupted list in pwq_dec_nr_in_flight 1 1079d 1079d
corrupted report 289 1058d 1207d
BUG: corrupted list in p9_fd_cancelled (2) 3 1089d 1124d
general protection fault in tcp_sk_exit 1 1092d 1092d
SYZFAIL: tun: ioctl(TUNSETIFF) failed 7 1092d 1250d
kernel panic: corrupted stack end in file_open 1 1094d 1094d
general protection fault in icmpv6_sk_exit 1 1100d 1100d
general protection fault in mnt_want_write 1 1107d 1107d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (3) 3 1019d 1019d
general protection fault in del_gendisk (3) C done 1 1048d 1048d
KASAN: use-after-free Read in io_uring_cancel_task_requests 1 1134d 1134d
KASAN: slab-out-of-bounds Read in fuse_inode_eq 5 1134d 1142d
KASAN: use-after-free Write in dir_mkdir 1 1141d 1141d
KASAN: null-ptr-deref Write in incfs_fresh_pending_reads_exist 1 1147d 1147d
general protection fault in kernfs_name_hash C done 2 1082d 1082d
kernel BUG in notify_change (2) C error 2 1076d 1076d
general protection fault in del_gendisk (2) C error 2 1072d 1073d
SYZFAIL: sandbox fork failed 3 1155d 1239d
KASAN: vmalloc-out-of-bounds Read in init_srcu_struct_fields 1 1194d 1194d
SYZFAIL: bad thread state in schedule 1 1174d 1174d
KASAN: stack-out-of-bounds Read in iov_iter_revert C error 10 1104d 1256d
SYZFAIL: invalid syscall number 2 1194d 1215d
kernel BUG in ext4_free_blocks 3 1208d 1240d
general protection fault in io_prep_async_work 1 1177d 1177d
KASAN: use-after-free Read in io_kill_linked_timeout C error 14 1125d 1173d
KASAN: use-after-free Read in __fdget_raw C error error 1 1169d 1169d
KASAN: invalid-free in io_dismantle_req C error 7 1136d 1130d
general protection fault in del_gendisk C error 1 1136d 1242d
BUG: corrupted list in p9_fd_cancelled 1 1216d 1216d
KASAN: use-after-free Read in task_work_run 2 1249d 1249d
KASAN: use-after-free Write in chroot_fs_refs 2 1247d 1249d
BUG: stack guard page was hit in sys_fsetxattr 1 1160d 1160d
BUG: stack guard page was hit in sys_lsetxattr C error inconclusive 2 1166d 1166d
BUG: stack guard page was hit in sys_setxattr C error 6 1163d 1185d
BUG: stack guard page was hit in corrupted C error 3 1150d 1186d
BUG: stack guard page was hit in sys_unlink 2 1185d 1186d
BUG: stack guard page was hit in sys_creat C error done 7 1133d 1197d
BUG: stack guard page was hit in sys_lchown C error 4 1153d 1202d
BUG: stack guard page was hit in sys_chdir 5 1131d 1203d
KASAN: use-after-free Read in css_free_rwork_fn 1 1222d 1222d
KASAN: use-after-free Read in rcu_cblist_dequeue 1 1255d 1249d
BUG: workqueue lockup C error 25 1159d 1258d
KASAN: use-after-free Read in __cgroup_bpf_attach 2 1228d 1231d
KASAN: use-after-free Read in dev_uevent 1 1233d 1233d
general protection fault in bdev_read_page 1 1234d 1234d
SYZFAIL: out of opened kcov threads 47 1210d 1211d
SYZFAIL: tun: can't open /dev/net/tun 1 1244d 1244d
KASAN: use-after-free Read in compute_effective_progs 1 1240d 1240d
KASAN: stack-out-of-bounds Read in xfrm_state_find 1 1244d 1244d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 (2) 1 1165d 1165d
android12-5.10-lts test error: UBSAN: object-size-mismatch in wg_xmit 69 1220d 1246d
syzkaller: testing failed: failed to run ["go" "test" "-short" "./..."]: exit status 1 1 1238d 1238d
android12-5.10-lts build error 1 1261d 1261d