Groups
Sign in
Groups
syzkaller-bugs
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–30 of many
syzbot
Apr 27
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_recv_frame
slab-
use
-
after
-
free
in l2cap_connect net/bluetooth/l2cap_core.c:3920 [inline] BUG: KASAN: slab-
use
-
after
-
free
in l2cap_connect_req net/bluetooth/l2cap_core.c:4061
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_recv_frame
slab-
use
-
after
-
free
in l2cap_connect net/bluetooth/l2cap_core.c:3920 [inline] BUG: KASAN: slab-
use
-
after
-
free
in l2cap_connect_req net/bluetooth/l2cap_core.c:4061
Apr 27
syzbot
,
Hillf Danton
3
Apr 1
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups (2)
slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-
use
-
after
-
free
in atomic_inc include/linux/atomic/atomic
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups (2)
slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-
use
-
after
-
free
in atomic_inc include/linux/atomic/atomic
Apr 1
syzbot
Mar 22
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb (2)
slab-
use
-
after
-
free
in register_lock_class+0x8d1/0x980 kernel/locking/lockdep.c:1333 Read of size 1 at addr ffff88809222f091 by task syz-executor.1/5107 CPU: 1 PID: 5107
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb (2)
slab-
use
-
after
-
free
in register_lock_class+0x8d1/0x980 kernel/locking/lockdep.c:1333 Read of size 1 at addr ffff88809222f091 by task syz-executor.1/5107 CPU: 1 PID: 5107
Mar 22
syzbot
, …
Toke Høiland-Jørgensen
13
Mar 21
[syzbot] [wireless?] [usb?] UBSAN: array-index-out-of-bounds in htc_issue_send
slab-
use
-
after
-
free
Read in hif_usb_regout_cb ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in instrument_atomic_read
unread,
[syzbot] [wireless?] [usb?] UBSAN: array-index-out-of-bounds in htc_issue_send
slab-
use
-
after
-
free
Read in hif_usb_regout_cb ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in instrument_atomic_read
Mar 21
syzbot
,
Joseph Bursey
4
Feb 16
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_connect
It makes
use
of eBPF to make this race feasible. You will need to install > libbpf-dev on your host. > I have pre-compiled the eBPF program down to byte-code on Ubuntu 20.04 >
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_connect
It makes
use
of eBPF to make this race feasible. You will need to install > libbpf-dev on your host. > I have pre-compiled the eBPF program down to byte-code on Ubuntu 20.04 >
Feb 16
syzbot
, …
Vinicius Costa Gomes
6
12/16/23
[syzbot] [net?] INFO: rcu detected stall in ip_list_rcv (6)
On Fri, Dec 15, 2023 at 10:37 PM Vinicius Costa Gomes wrote: > > Eric Dumazet writes: > > > On Mon, Dec 4, 2023 at 10:45 AM syzbot >
unread,
[syzbot] [net?] INFO: rcu detected stall in ip_list_rcv (6)
On Fri, Dec 15, 2023 at 10:37 PM Vinicius Costa Gomes wrote: > > Eric Dumazet writes: > > > On Mon, Dec 4, 2023 at 10:45 AM syzbot >
12/16/23
syzbot
,
Filipe Manana
5
11/5/23
[syzbot] [btrfs?] KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent
slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0x2f/0x130 lib/list_debug.c:49 Read of size 8 at addr ffff888028fe7cb0 by task kworker/u4:5/741 CPU: 0 PID: 741 Comm
unread,
[syzbot] [btrfs?] KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent
slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0x2f/0x130 lib/list_debug.c:49 Read of size 8 at addr ffff888028fe7cb0 by task kworker/u4:5/741 CPU: 0 PID: 741 Comm
11/5/23
syzbot
2
Jan 10
[syzbot] [media?] KASAN: slab-use-after-free Read in ir_raw_event_store
slab-
use
-
after
-
free
in ir_raw_event_store+0x2ea/0x370 drivers/media/rc/rc-ir-raw.c:80 Read of size 4 at addr ffff888102b7c018 by task syz-executor.0/23935 CPU: 0 PID: 23935
unread,
[syzbot] [media?] KASAN: slab-use-after-free Read in ir_raw_event_store
slab-
use
-
after
-
free
in ir_raw_event_store+0x2ea/0x370 drivers/media/rc/rc-ir-raw.c:80 Read of size 4 at addr ffff888102b7c018 by task syz-executor.0/23935 CPU: 0 PID: 23935
Jan 10
syzbot
2
8/23/23
[syzbot] [kernel?] KASAN: slab-use-after-free Write in expire_timers
Auto-closing this bug as obsolete. Crashes did not happen for a while, no reproducer and no activity.
unread,
[syzbot] [kernel?] KASAN: slab-use-after-free Write in expire_timers
Auto-closing this bug as obsolete. Crashes did not happen for a while, no reproducer and no activity.
8/23/23
syzbot
2
11/28/23
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb
slab-
use
-
after
-
free
in register_lock_class+0x8ec/0x990 kernel/locking/lockdep.c:1341 Read of size 1 at addr ffff88807e3f8891 by task udevd/4469 CPU: 1 PID: 4469 Comm: udevd
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb
slab-
use
-
after
-
free
in register_lock_class+0x8ec/0x990 kernel/locking/lockdep.c:1341 Read of size 1 at addr ffff88807e3f8891 by task udevd/4469 CPU: 1 PID: 4469 Comm: udevd
11/28/23
syzbot
2
Jan 20
[syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks
slab-
use
-
after
-
free
in drm_atomic_helper_wait_for_vblanks.part.0+0x77a/0x860 drivers/gpu/drm/drm_atomic_helper.c:1650 Read of size 1 at addr ffff888023f61009 by task
unread,
[syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks
slab-
use
-
after
-
free
in drm_atomic_helper_wait_for_vblanks.part.0+0x77a/0x860 drivers/gpu/drm/drm_atomic_helper.c:1650 Read of size 1 at addr ffff888023f61009 by task
Jan 20
syzbot
, …
Alan Stern
10
Feb 14
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups
:1700
expire_timers
+0x29b/0x4b0 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups
:1700
expire_timers
+0x29b/0x4b0 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq
Feb 14
syzbot
, …
Jakub Kicinski
12
8/22/23
[syzbot] [wireguard?] KASAN: slab-use-after-free Write in enqueue_timer
slab-
use
-
after
-
free
in hlist_add_head include/linux/list.h:945 [inline] BUG: KASAN: slab-
use
-
after
-
free
in enqueue_timer+0xad/0x560 kernel/time/timer.c:605 Write of
unread,
[syzbot] [wireguard?] KASAN: slab-use-after-free Write in enqueue_timer
slab-
use
-
after
-
free
in hlist_add_head include/linux/list.h:945 [inline] BUG: KASAN: slab-
use
-
after
-
free
in enqueue_timer+0xad/0x560 kernel/time/timer.c:605 Write of
8/22/23
syzbot
, …
Dmitry Vyukov
5
3/20/23
[syzbot] KASAN: use-after-free Write in expire_timers
Auto-closing this bug as obsolete. Crashes did not happen for a while, no reproducer and no activity.
unread,
[syzbot] KASAN: use-after-free Write in expire_timers
Auto-closing this bug as obsolete. Crashes did not happen for a while, no reproducer and no activity.
3/20/23
syzbot
2
5/19/23
[syzbot] KASAN: use-after-free Read in hiddev_disconnect (5)
KASAN:
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline] BUG: KASAN:
use
-
after
-
free
in do_raw_spin_lock+0x265/0x2b0 kernel/locking
unread,
[syzbot] KASAN: use-after-free Read in hiddev_disconnect (5)
KASAN:
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:85 [inline] BUG: KASAN:
use
-
after
-
free
in do_raw_spin_lock+0x265/0x2b0 kernel/locking
5/19/23
syzbot
1/18/23
[syzbot] KASAN: use-after-free Read in do_accept
KASAN:
use
-
after
-
free
in do_accept+0x483/0x510 net/socket.c:1848 Read of size 8 at addr ffff88807978d398 by task syz-executor.3/5315 CPU: 0 PID: 5315 Comm: syz-executor.3 Not
unread,
[syzbot] KASAN: use-after-free Read in do_accept
KASAN:
use
-
after
-
free
in do_accept+0x483/0x510 net/socket.c:1848 Read of size 8 at addr ffff88807978d398 by task syz-executor.3/5315 CPU: 0 PID: 5315 Comm: syz-executor.3 Not
1/18/23
syzbot
2
4/13/23
[syzbot] KASAN: use-after-free Read in aa_label_sk_perm
KASAN:
use
-
after
-
free
in aa_label_sk_perm+0x4ec/0x530 security/apparmor/net.c:148 Read of size 8 at addr ffff88804a765480 by task syz-executor.5/12994 CPU: 0 PID: 12994 Comm
unread,
[syzbot] KASAN: use-after-free Read in aa_label_sk_perm
KASAN:
use
-
after
-
free
in aa_label_sk_perm+0x4ec/0x530 security/apparmor/net.c:148 Read of size 8 at addr ffff88804a765480 by task syz-executor.5/12994 CPU: 0 PID: 12994 Comm
4/13/23
syzbot
2
3/29/23
[syzbot] KASAN: use-after-free Write in rxrpc_destroy_local
KASAN:
use
-
after
-
free
in __hlist_del include/linux/list.h:884 [inline] BUG: KASAN:
use
-
after
-
free
in hlist_del_init_rcu include/linux/rculist.h:184 [inline] BUG: KASAN
unread,
[syzbot] KASAN: use-after-free Write in rxrpc_destroy_local
KASAN:
use
-
after
-
free
in __hlist_del include/linux/list.h:884 [inline] BUG: KASAN:
use
-
after
-
free
in hlist_del_init_rcu include/linux/rculist.h:184 [inline] BUG: KASAN
3/29/23
syzbot
, …
Alan Stern
8
3/31/23
[syzbot] KASAN: use-after-free Read in __usb_hcd_giveback_urb (2)
KASAN:
use
-
after
-
free
in register_lock_class+0x8d2/0x9b0 kernel/locking/lockdep.c:1338 Read of size 1 at addr ffff88807a58b091 by task kworker/u4:3/46 CPU: 0 PID: 46 Comm
unread,
[syzbot] KASAN: use-after-free Read in __usb_hcd_giveback_urb (2)
KASAN:
use
-
after
-
free
in register_lock_class+0x8d2/0x9b0 kernel/locking/lockdep.c:1338 Read of size 1 at addr ffff88807a58b091 by task kworker/u4:3/46 CPU: 0 PID: 46 Comm
3/31/23
syzbot
,
Dmitry Vyukov
2
11/24/22
[syzbot] KASAN: use-after-free Write in collect_expired_timers
KASAN:
use
-
after
-
free
Write in
expire_timers
+Krzysztof, Bongsu > ================================================================== > BUG: KASAN:
use
-
after
-
unread,
[syzbot] KASAN: use-after-free Write in collect_expired_timers
KASAN:
use
-
after
-
free
Write in
expire_timers
+Krzysztof, Bongsu > ================================================================== > BUG: KASAN:
use
-
after
-
11/24/22
syzbot
,
Dmitry Vyukov
2
11/15/22
[syzbot] KASAN: use-after-free Write in enqueue_timer
KASAN:
use
-
after
-
free
in hlist_add_head include/linux/list.h:929 [inline] > BUG: KASAN:
use
-
after
-
free
in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605 > Write
unread,
[syzbot] KASAN: use-after-free Write in enqueue_timer
KASAN:
use
-
after
-
free
in hlist_add_head include/linux/list.h:929 [inline] > BUG: KASAN:
use
-
after
-
free
in enqueue_timer+0x18/0xa4 kernel/time/timer.c:605 > Write
11/15/22
syzbot
2
4/5/23
[syzbot] KASAN: use-after-free Read in drm_gem_handle_delete
KASAN:
use
-
after
-
free
in drm_gem_object_release_handle drivers/gpu/drm/drm_gem.c:239 [inline] BUG: KASAN:
use
-
after
-
free
in drm_gem_handle_delete+0x149/0x160 drivers
unread,
[syzbot] KASAN: use-after-free Read in drm_gem_handle_delete
KASAN:
use
-
after
-
free
in drm_gem_object_release_handle drivers/gpu/drm/drm_gem.c:239 [inline] BUG: KASAN:
use
-
after
-
free
in drm_gem_handle_delete+0x149/0x160 drivers
4/5/23
syzbot
,
Hillf Danton
8
10/23/22
[syzbot] KASAN: use-after-free Read in kernfs_add_one
:1421
expire_timers
kernel/time/timer.c:1466 [inline] __run_timers+0x685/0x7e0 kernel/time/timer.c:1734 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1747 __do_softirq
unread,
[syzbot] KASAN: use-after-free Read in kernfs_add_one
:1421
expire_timers
kernel/time/timer.c:1466 [inline] __run_timers+0x685/0x7e0 kernel/time/timer.c:1734 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1747 __do_softirq
10/23/22
syzbot
10/1/22
[syzbot] KASAN: use-after-free Read in usb_anchor_resume_wakeups (4)
KASAN:
use
-
after
-
free
in register_lock_class+0xe6a/0x1120 kernel/locking/lockdep.c:1336 Read of size 1 at addr ffff88801ebd7891 by task kswapd1/128 CPU: 1 PID: 128 Comm: kswapd1
unread,
[syzbot] KASAN: use-after-free Read in usb_anchor_resume_wakeups (4)
KASAN:
use
-
after
-
free
in register_lock_class+0xe6a/0x1120 kernel/locking/lockdep.c:1336 Read of size 1 at addr ffff88801ebd7891 by task kswapd1/128 CPU: 1 PID: 128 Comm: kswapd1
10/1/22
syzbot
9/26/22
[syzbot] KASAN: use-after-free Read in ar5523_cmd_tx_cb
KASAN:
use
-
after
-
free
in ar5523_cmd_tx_cb+0x220/0x240 drivers/net/wireless/ath/ar5523/ar5523.c:228 Read of size 8 at addr ffff88801f6533f0 by task syz-executor407/3622
unread,
[syzbot] KASAN: use-after-free Read in ar5523_cmd_tx_cb
KASAN:
use
-
after
-
free
in ar5523_cmd_tx_cb+0x220/0x240 drivers/net/wireless/ath/ar5523/ar5523.c:228 Read of size 8 at addr ffff88801f6533f0 by task syz-executor407/3622
9/26/22
syzbot
2
9/23/22
[syzbot] KASAN: use-after-free Write in io_sendrecv_fail
KASAN:
use
-
after
-
free
in io_sendrecv_fail+0x3b0/0x3e0 io_uring/net.c:1221 Write of size 8 at addr ffff8880771b4080 by task syz-executor.3/30199 CPU: 1 PID: 30199 Comm: syz
unread,
[syzbot] KASAN: use-after-free Write in io_sendrecv_fail
KASAN:
use
-
after
-
free
in io_sendrecv_fail+0x3b0/0x3e0 io_uring/net.c:1221 Write of size 8 at addr ffff8880771b4080 by task syz-executor.3/30199 CPU: 1 PID: 30199 Comm: syz
9/23/22
syzbot
2
9/17/22
[syzbot] KASAN: use-after-free Read in powermate_config_complete (4)
KASAN:
use
-
after
-
free
in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4923 Read of size 8 at addr ffff88811c320858 by task ksoftirqd/0/13 CPU: 0 PID: 13 Comm: ksoftirqd
unread,
[syzbot] KASAN: use-after-free Read in powermate_config_complete (4)
KASAN:
use
-
after
-
free
in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4923 Read of size 8 at addr ffff88811c320858 by task ksoftirqd/0/13 CPU: 0 PID: 13 Comm: ksoftirqd
9/17/22
syzbot
, …
Christian Schoenebeck
6
9/4/22
[syzbot] KASAN: use-after-free Read in p9_req_put
KASAN:
use
-
after
-
free
in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4923 Read of size 8 at addr ffff888022724c18 by task kworker/u16:6/9419 CPU: 0 PID: 9419 Comm
unread,
[syzbot] KASAN: use-after-free Read in p9_req_put
KASAN:
use
-
after
-
free
in __lock_acquire+0x3ee7/0x56d0 kernel/locking/lockdep.c:4923 Read of size 8 at addr ffff888022724c18 by task kworker/u16:6/9419 CPU: 0 PID: 9419 Comm
9/4/22
syzbot
, …
Dmitry Vyukov
5
12/9/22
[syzbot] KASAN: use-after-free Read in sock_has_perm
KASAN:
use
-
after
-
free
in sock_has_perm+0x258/0x280 security/selinux/hooks.c:4532 Read of size 8 at addr ffff88807630e480 by task syz-executor.0/8123 CPU: 1 PID: 8123 Comm
unread,
[syzbot] KASAN: use-after-free Read in sock_has_perm
KASAN:
use
-
after
-
free
in sock_has_perm+0x258/0x280 security/selinux/hooks.c:4532 Read of size 8 at addr ffff88807630e480 by task syz-executor.0/8123 CPU: 1 PID: 8123 Comm
12/9/22
syzbot
2
7/5/22
Re: [syzbot] BUG: unable to handle kernel NULL pointer dereference in __tcp_transmit_skb
KASAN:
use
-
after
-
free
Read in tcp_write_timer_handler ================================================================== BUG: KASAN:
use
-
after
-
free
in tcp_probe_timer
unread,
Re: [syzbot] BUG: unable to handle kernel NULL pointer dereference in __tcp_transmit_skb
KASAN:
use
-
after
-
free
Read in tcp_write_timer_handler ================================================================== BUG: KASAN:
use
-
after
-
free
in tcp_probe_timer
7/5/22