Groups
Sign in
Groups
syzkaller-bugs
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–30 of many
syzbot
Apr 27
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_recv_frame
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect net/bluetooth/l2cap_core.c:3920 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect_req net/bluetooth/l2cap_core
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_recv_frame
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect net/bluetooth/l2cap_core.c:3920 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect_req net/bluetooth/l2cap_core
Apr 27
syzbot
,
Hillf Danton
3
Apr 1
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_inc include/linux
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_inc include/linux
Apr 1
syzbot
Mar 22
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in register_lock_class+0x8d1/0x980 kernel/locking/lockdep.c:1333 Read of size 1 at addr ffff88809222f091 by task syz-executor.1/5107 CPU
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in register_lock_class+0x8d1/0x980 kernel/locking/lockdep.c:1333 Read of size 1 at addr ffff88809222f091 by task syz-executor.1/5107 CPU
Mar 22
syzbot
, …
Toke Høiland-Jørgensen
13
Mar 21
[syzbot] [wireless?] [usb?] UBSAN: array-index-out-of-bounds in htc_issue_send
issue:
KASAN
: slab-
use
-
after
-
free
Read in hif_usb_regout_cb ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in
unread,
[syzbot] [wireless?] [usb?] UBSAN: array-index-out-of-bounds in htc_issue_send
issue:
KASAN
: slab-
use
-
after
-
free
Read in hif_usb_regout_cb ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in
Mar 21
syzbot
,
Joseph Bursey
4
Feb 16
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_connect
It makes
use
of eBPF to make this race feasible. You will need to install > libbpf-dev on your host. > I have pre-compiled the eBPF program down to byte-code on Ubuntu 20.04 >
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_connect
It makes
use
of eBPF to make this race feasible. You will need to install > libbpf-dev on your host. > I have pre-compiled the eBPF program down to byte-code on Ubuntu 20.04 >
Feb 16
syzbot
, …
Vinicius Costa Gomes
6
12/16/23
[syzbot] [net?] INFO: rcu detected stall in ip_list_rcv (6)
mm/
kasan
/common.c:45 > >> kasan_set_track+0x25/0x30 mm/
kasan
/common.c:52 > >> kasan_save_free_info+0x2b/0x40 mm/
kasan
/generic.c:522 > >>
unread,
[syzbot] [net?] INFO: rcu detected stall in ip_list_rcv (6)
mm/
kasan
/common.c:45 > >> kasan_set_track+0x25/0x30 mm/
kasan
/common.c:52 > >> kasan_save_free_info+0x2b/0x40 mm/
kasan
/generic.c:522 > >>
12/16/23
syzbot
,
Filipe Manana
5
11/5/23
[syzbot] [btrfs?] KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0x2f/0x130 lib/list_debug.c:49 Read of size 8 at addr ffff888028fe7cb0 by task kworker/u4:5/741 CPU
unread,
[syzbot] [btrfs?] KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0x2f/0x130 lib/list_debug.c:49 Read of size 8 at addr ffff888028fe7cb0 by task kworker/u4:5/741 CPU
11/5/23
syzbot
2
Jan 10
[syzbot] [media?] KASAN: slab-use-after-free Read in ir_raw_event_store
BUG:
KASAN
: slab-
use
-
after
-
free
in ir_raw_event_store+0x2ea/0x370 drivers/media/rc/rc-ir-raw.c:80 Read of size 4 at addr ffff888102b7c018 by task syz-executor.0/23935
unread,
[syzbot] [media?] KASAN: slab-use-after-free Read in ir_raw_event_store
BUG:
KASAN
: slab-
use
-
after
-
free
in ir_raw_event_store+0x2ea/0x370 drivers/media/rc/rc-ir-raw.c:80 Read of size 4 at addr ffff888102b7c018 by task syz-executor.0/23935
Jan 10
syzbot
2
11/28/23
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb
BUG:
KASAN
: slab-
use
-
after
-
free
in register_lock_class+0x8ec/0x990 kernel/locking/lockdep.c:1341 Read of size 1 at addr ffff88807e3f8891 by task udevd/4469 CPU: 1 PID: 4469
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb
BUG:
KASAN
: slab-
use
-
after
-
free
in register_lock_class+0x8ec/0x990 kernel/locking/lockdep.c:1341 Read of size 1 at addr ffff88807e3f8891 by task udevd/4469 CPU: 1 PID: 4469
11/28/23
syzbot
2
Jan 20
[syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks
BUG:
KASAN
: slab-
use
-
after
-
free
in drm_atomic_helper_wait_for_vblanks.part.0+0x77a/0x860 drivers/gpu/drm/drm_atomic_helper.c:1650 Read of size 1 at addr ffff888023f61009
unread,
[syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks
BUG:
KASAN
: slab-
use
-
after
-
free
in drm_atomic_helper_wait_for_vblanks.part.0+0x77a/0x860 drivers/gpu/drm/drm_atomic_helper.c:1650 Read of size 1 at addr ffff888023f61009
Jan 20
syzbot
, …
Alan Stern
10
Feb 14
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups
PREEMPT SMP
KASAN
KASAN
: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 4415 Comm: kworker/1:2 Not tainted 6.3.0-syzkaller-11025-g89d77f71f493
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups
PREEMPT SMP
KASAN
KASAN
: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 4415 Comm: kworker/1:2 Not tainted 6.3.0-syzkaller-11025-g89d77f71f493
Feb 14
syzbot
, …
Jakub Kicinski
12
8/22/23
[syzbot] [wireguard?] KASAN: slab-use-after-free Write in enqueue_timer
BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_add_head include/linux/list.h:945 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in enqueue_timer+0xad/0x560 kernel/time/timer.c
unread,
[syzbot] [wireguard?] KASAN: slab-use-after-free Write in enqueue_timer
BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_add_head include/linux/list.h:945 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in enqueue_timer+0xad/0x560 kernel/time/timer.c
8/22/23
syzbot
2
5/19/23
[syzbot] KASAN: use-after-free Read in hiddev_disconnect (5)
BUG:
KASAN
:
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline] BUG:
KASAN
:
use
-
after
-
free
in do_raw_spin_lock+0x265/0x2b0 kernel/
unread,
[syzbot] KASAN: use-after-free Read in hiddev_disconnect (5)
BUG:
KASAN
:
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline] BUG:
KASAN
:
use
-
after
-
free
in do_raw_spin_lock+0x265/0x2b0 kernel/
5/19/23
syzbot
1/18/23
[syzbot] KASAN: use-after-free Read in do_accept
BUG:
KASAN
:
use
-
after
-
free
in do_accept+0x483/0x510 net/socket.c:1848 Read of size 8 at addr ffff88807978d398 by task syz-executor.3/5315 CPU: 0 PID: 5315 Comm: syz-executor
unread,
[syzbot] KASAN: use-after-free Read in do_accept
BUG:
KASAN
:
use
-
after
-
free
in do_accept+0x483/0x510 net/socket.c:1848 Read of size 8 at addr ffff88807978d398 by task syz-executor.3/5315 CPU: 0 PID: 5315 Comm: syz-executor
1/18/23
syzbot
2
4/13/23
[syzbot] KASAN: use-after-free Read in aa_label_sk_perm
BUG:
KASAN
:
use
-
after
-
free
in aa_label_sk_perm+0x4ec/0x530 security/apparmor/net.c:148 Read of size 8 at addr ffff88804a765480 by task syz-executor.5/12994 CPU: 0 PID: 12994
unread,
[syzbot] KASAN: use-after-free Read in aa_label_sk_perm
BUG:
KASAN
:
use
-
after
-
free
in aa_label_sk_perm+0x4ec/0x530 security/apparmor/net.c:148 Read of size 8 at addr ffff88804a765480 by task syz-executor.5/12994 CPU: 0 PID: 12994
4/13/23
syzbot
2
3/29/23
[syzbot] KASAN: use-after-free Write in rxrpc_destroy_local
BUG:
KASAN
:
use
-
after
-
free
in __hlist_del include/linux/list.h:884 [inline] BUG:
KASAN
:
use
-
after
-
free
in hlist_del_init_rcu include/linux/rculist.h:184 [inline] BUG
unread,
[syzbot] KASAN: use-after-free Write in rxrpc_destroy_local
BUG:
KASAN
:
use
-
after
-
free
in __hlist_del include/linux/list.h:884 [inline] BUG:
KASAN
:
use
-
after
-
free
in hlist_del_init_rcu include/linux/rculist.h:184 [inline] BUG
3/29/23
syzbot
, …
Alan Stern
8
3/31/23
[syzbot] KASAN: use-after-free Read in __usb_hcd_giveback_urb (2)
BUG:
KASAN
:
use
-
after
-
free
in register_lock_class+0x8d2/0x9b0 kernel/locking/lockdep.c:1338 Read of size 1 at addr ffff88807a58b091 by task kworker/u4:3/46 CPU: 0 PID: 46
unread,
[syzbot] KASAN: use-after-free Read in __usb_hcd_giveback_urb (2)
BUG:
KASAN
:
use
-
after
-
free
in register_lock_class+0x8d2/0x9b0 kernel/locking/lockdep.c:1338 Read of size 1 at addr ffff88807a58b091 by task kworker/u4:3/46 CPU: 0 PID: 46
3/31/23
syzbot
,
Dmitry Vyukov
2
11/24/22
[syzbot] KASAN: use-after-free Write in collect_expired_timers
dup:
KASAN
:
use
-
after
-
free
Write in
expire_timers
+Krzysztof, Bongsu > ================================================================== > BUG:
KASAN
:
use
-
after
unread,
[syzbot] KASAN: use-after-free Write in collect_expired_timers
dup:
KASAN
:
use
-
after
-
free
Write in
expire_timers
+Krzysztof, Bongsu > ================================================================== > BUG:
KASAN
:
use
-
after
11/24/22
syzbot
, …
Dmitry Vyukov
5
3/20/23
[syzbot] KASAN: use-after-free Write in expire_timers
BUG:
KASAN
:
use
-
after
-
free
in __hlist_del include/linux/list.h:885 [inline] > BUG:
KASAN
:
use
-
after
-
free
in detach_timer kernel/time/timer.c:880 [inline] > BUG:
KASAN
unread,
[syzbot] KASAN: use-after-free Write in expire_timers
BUG:
KASAN
:
use
-
after
-
free
in __hlist_del include/linux/list.h:885 [inline] > BUG:
KASAN
:
use
-
after
-
free
in detach_timer kernel/time/timer.c:880 [inline] > BUG:
KASAN
3/20/23
syzbot
,
Dmitry Vyukov
2
11/15/22
[syzbot] KASAN: use-after-free Write in enqueue_timer
BUG:
KASAN
:
use
-
after
-
free
in hlist_add_head include/linux/list.h:929 [inline] > BUG:
KASAN
:
use
-
after
-
free
in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605 >
unread,
[syzbot] KASAN: use-after-free Write in enqueue_timer
BUG:
KASAN
:
use
-
after
-
free
in hlist_add_head include/linux/list.h:929 [inline] > BUG:
KASAN
:
use
-
after
-
free
in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605 >
11/15/22
syzbot
2
4/5/23
[syzbot] KASAN: use-after-free Read in drm_gem_handle_delete
BUG:
KASAN
:
use
-
after
-
free
in drm_gem_object_release_handle drivers/gpu/drm/drm_gem.c:239 [inline] BUG:
KASAN
:
use
-
after
-
free
in drm_gem_handle_delete+0x149/0x160
unread,
[syzbot] KASAN: use-after-free Read in drm_gem_handle_delete
BUG:
KASAN
:
use
-
after
-
free
in drm_gem_object_release_handle drivers/gpu/drm/drm_gem.c:239 [inline] BUG:
KASAN
:
use
-
after
-
free
in drm_gem_handle_delete+0x149/0x160
4/5/23
syzbot
,
Hillf Danton
8
10/23/22
[syzbot] KASAN: use-after-free Read in kernfs_add_one
:3893
call_timer_fn
+0xf6/0x210 kernel/time/timer.c:1421
expire_timers
kernel/time/timer.c:1466 [inline] __run_timers+0x685/0x7e0 kernel/time/timer.c:1734 run_timer_softirq
unread,
[syzbot] KASAN: use-after-free Read in kernfs_add_one
:3893
call_timer_fn
+0xf6/0x210 kernel/time/timer.c:1421
expire_timers
kernel/time/timer.c:1466 [inline] __run_timers+0x685/0x7e0 kernel/time/timer.c:1734 run_timer_softirq
10/23/22
syzbot
10/1/22
[syzbot] KASAN: use-after-free Read in usb_anchor_resume_wakeups (4)
BUG:
KASAN
:
use
-
after
-
free
in register_lock_class+0xe6a/0x1120 kernel/locking/lockdep.c:1336 Read of size 1 at addr ffff88801ebd7891 by task kswapd1/128 CPU: 1 PID: 128 Comm
unread,
[syzbot] KASAN: use-after-free Read in usb_anchor_resume_wakeups (4)
BUG:
KASAN
:
use
-
after
-
free
in register_lock_class+0xe6a/0x1120 kernel/locking/lockdep.c:1336 Read of size 1 at addr ffff88801ebd7891 by task kswapd1/128 CPU: 1 PID: 128 Comm
10/1/22
syzbot
9/26/22
[syzbot] KASAN: use-after-free Read in ar5523_cmd_tx_cb
BUG:
KASAN
:
use
-
after
-
free
in ar5523_cmd_tx_cb+0x220/0x240 drivers/net/wireless/ath/ar5523/ar5523.c:228 Read of size 8 at addr ffff88801f6533f0 by task syz-executor407
unread,
[syzbot] KASAN: use-after-free Read in ar5523_cmd_tx_cb
BUG:
KASAN
:
use
-
after
-
free
in ar5523_cmd_tx_cb+0x220/0x240 drivers/net/wireless/ath/ar5523/ar5523.c:228 Read of size 8 at addr ffff88801f6533f0 by task syz-executor407
9/26/22
syzbot
2
9/23/22
[syzbot] KASAN: use-after-free Write in io_sendrecv_fail
BUG:
KASAN
:
use
-
after
-
free
in io_sendrecv_fail+0x3b0/0x3e0 io_uring/net.c:1221 Write of size 8 at addr ffff8880771b4080 by task syz-executor.3/30199 CPU: 1 PID: 30199 Comm
unread,
[syzbot] KASAN: use-after-free Write in io_sendrecv_fail
BUG:
KASAN
:
use
-
after
-
free
in io_sendrecv_fail+0x3b0/0x3e0 io_uring/net.c:1221 Write of size 8 at addr ffff8880771b4080 by task syz-executor.3/30199 CPU: 1 PID: 30199 Comm
9/23/22
syzbot
2
9/17/22
[syzbot] KASAN: use-after-free Read in powermate_config_complete (4)
BUG:
KASAN
:
use
-
after
-
free
in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4923 Read of size 8 at addr ffff88811c320858 by task ksoftirqd/0/13 CPU: 0 PID: 13 Comm
unread,
[syzbot] KASAN: use-after-free Read in powermate_config_complete (4)
BUG:
KASAN
:
use
-
after
-
free
in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4923 Read of size 8 at addr ffff88811c320858 by task ksoftirqd/0/13 CPU: 0 PID: 13 Comm
9/17/22
syzbot
, …
Christian Schoenebeck
6
9/4/22
[syzbot] KASAN: use-after-free Read in p9_req_put
BUG:
KASAN
:
use
-
after
-
free
in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4923 Read of size 8 at addr ffff888022724c18 by task kworker/u16:6/9419 CPU: 0 PID: 9419
unread,
[syzbot] KASAN: use-after-free Read in p9_req_put
BUG:
KASAN
:
use
-
after
-
free
in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4923 Read of size 8 at addr ffff888022724c18 by task kworker/u16:6/9419 CPU: 0 PID: 9419
9/4/22
syzbot
, …
Dmitry Vyukov
5
12/9/22
[syzbot] KASAN: use-after-free Read in sock_has_perm
BUG:
KASAN
:
use
-
after
-
free
in sock_has_perm+0x258/0x280 security/selinux/hooks.c:4532 Read of size 8 at addr ffff88807630e480 by task syz-executor.0/8123 CPU: 1 PID: 8123
unread,
[syzbot] KASAN: use-after-free Read in sock_has_perm
BUG:
KASAN
:
use
-
after
-
free
in sock_has_perm+0x258/0x280 security/selinux/hooks.c:4532 Read of size 8 at addr ffff88807630e480 by task syz-executor.0/8123 CPU: 1 PID: 8123
12/9/22
syzbot
2
7/5/22
Re: [syzbot] BUG: unable to handle kernel NULL pointer dereference in __tcp_transmit_skb
issue:
KASAN
:
use
-
after
-
free
Read in tcp_write_timer_handler ================================================================== BUG:
KASAN
:
use
-
after
-
free
in tcp_probe_timer
unread,
Re: [syzbot] BUG: unable to handle kernel NULL pointer dereference in __tcp_transmit_skb
issue:
KASAN
:
use
-
after
-
free
Read in tcp_write_timer_handler ================================================================== BUG:
KASAN
:
use
-
after
-
free
in tcp_probe_timer
7/5/22
syzbot
,
Paul Moore
3
11/12/22
[syzbot] KASAN: use-after-free Read in selinux_socket_recvmsg
BUG:
KASAN
:
use
-
after
-
free
in sock_has_perm security/selinux/hooks.c:4535 [inline] > BUG:
KASAN
:
use
-
after
-
free
in selinux_socket_recvmsg+0x278/0x2b0 security/selinux
unread,
[syzbot] KASAN: use-after-free Read in selinux_socket_recvmsg
BUG:
KASAN
:
use
-
after
-
free
in sock_has_perm security/selinux/hooks.c:4535 [inline] > BUG:
KASAN
:
use
-
after
-
free
in selinux_socket_recvmsg+0x278/0x2b0 security/selinux
11/12/22