1–30 of many
syzbot's profile photo
syzbotHillf Danton7
Aug 12
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event: Use of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event: Use of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
Aug 12
syzbot's profile photo
syzbot2
Sep 5
[syzbot] [batman?] KASAN: slab-use-after-free Write in batadv_forw_packet_steal
slab-use-after-free in __hlist_del include/linux/list.h:980 [inline] BUG: KASAN: slab-use-after-free in hlist_del_init include/linux/list.h:1008 [inline] BUG: KASAN
unread,
[syzbot] [batman?] KASAN: slab-use-after-free Write in batadv_forw_packet_steal
slab-use-after-free in __hlist_del include/linux/list.h:980 [inline] BUG: KASAN: slab-use-after-free in hlist_del_init include/linux/list.h:1008 [inline] BUG: KASAN
Sep 5
syzbot's profile photo
syzbotCharalampos Mitrodimas3
May 26
[syzbot] [tipc?] WARNING: refcount bug in tipc_crypto_xmit
slab-use-after-free Read in tipc_aead_encrypt_done > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10018df4580000 > final oops: https://syzkaller
unread,
[syzbot] [tipc?] WARNING: refcount bug in tipc_crypto_xmit
slab-use-after-free Read in tipc_aead_encrypt_done > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10018df4580000 > final oops: https://syzkaller
May 26
syzbot's profile photo
syzbot
May 19
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_timer_expiry (3)
slab-use-after-free in rose_timer_expiry+0x471/0x4b0 net/rose/rose_timer.c:183 Read of size 2 at addr ffff888030b0ac2a by task syz-executor/10726 CPU: 1 UID: 0 PID: 10726
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_timer_expiry (3)
slab-use-after-free in rose_timer_expiry+0x471/0x4b0 net/rose/rose_timer.c:183 Read of size 2 at addr ffff888030b0ac2a by task syz-executor/10726 CPU: 1 UID: 0 PID: 10726
May 19
syzbot's profile photo
syzbotHillf Danton7
May 9
[syzbot] [sound?] [usb?] WARNING: ODEBUG bug in snd_rawmidi_free
slab-use-after-free Read in snd_usbmidi_error_timer ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read
unread,
[syzbot] [sound?] [usb?] WARNING: ODEBUG bug in snd_rawmidi_free
slab-use-after-free Read in snd_usbmidi_error_timer ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read
May 9
syzbot's profile photo
syzbot2
Aug 9
[syzbot] [batman?] KASAN: slab-use-after-free Write in batadv_forw_packet_queue
slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline] BUG: KASAN: slab-use-after-free in batadv_forw_packet_queue+0x187/0x260 net/batman-adv/send
unread,
[syzbot] [batman?] KASAN: slab-use-after-free Write in batadv_forw_packet_queue
slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline] BUG: KASAN: slab-use-after-free in batadv_forw_packet_queue+0x187/0x260 net/batman-adv/send
Aug 9
syzbot's profile photo
syzbot2
Jul 15
[syzbot] [sctp?] WARNING: refcount bug in sctp_generate_timeout_event
0; use-after-free. WARNING: CPU: 0 PID: 6783 at lib/refcount.c:25 refcount_warn_saturate+0x13a/0x1d0 lib/refcount.c:25 Modules linked in: CPU: 0 UID: 0 PID: 6783 Comm: syz.
unread,
[syzbot] [sctp?] WARNING: refcount bug in sctp_generate_timeout_event
0; use-after-free. WARNING: CPU: 0 PID: 6783 at lib/refcount.c:25 refcount_warn_saturate+0x13a/0x1d0 lib/refcount.c:25 Modules linked in: CPU: 0 UID: 0 PID: 6783 Comm: syz.
Jul 15
syzbot's profile photo
syzbot, … Carlos Llamas8
Mar 24
[syzbot] [kernel?] KASAN: slab-use-after-free Write in binder_add_device
slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline] >> BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 drivers/android/binder
unread,
[syzbot] [kernel?] KASAN: slab-use-after-free Write in binder_add_device
slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline] >> BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 drivers/android/binder
Mar 24
syzbot's profile photo
syzbotHillf Danton5
Apr 27
[syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler
slab-use-after-free in corsair_void_status_work_handler+0xaa/0xb0 drivers/hid/hid-corsair-void.c:515 Read of size 8 at addr ffff8881187e6828 by task kworker/1:1/36 CPU
unread,
[syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler
slab-use-after-free in corsair_void_status_work_handler+0xaa/0xb0 drivers/hid/hid-corsair-void.c:515 Read of size 8 at addr ffff8881187e6828 by task kworker/1:1/36 CPU
Apr 27
syzbot's profile photo
syzbot, … Hillf Danton29
Jan 22
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_send_cmd
slab-use-after-free Read in l2cap_send_cmd Bluetooth: Wrong link type (-22) ================================================================== BUG: KASAN: slab-use
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_send_cmd
slab-use-after-free Read in l2cap_send_cmd Bluetooth: Wrong link type (-22) ================================================================== BUG: KASAN: slab-use
Jan 22
syzbot's profile photo
syzbot2
Aug 28
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_register_user
fjes: use ethtool string helpers git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=104d6b40580000 kernel config: https://syzkaller.appspot
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_register_user
fjes: use ethtool string helpers git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=104d6b40580000 kernel config: https://syzkaller.appspot
Aug 28
syzbot's profile photo
syzbotHillf Danton19
11/1/24
[syzbot] [pm?] KASAN: use-after-free Read in netdev_unregister_kobject
slab-use-after-free Read in netdev_unregister_kobject ================================================================== BUG: KASAN: slab-use-after-free in device_for_each_child
unread,
[syzbot] [pm?] KASAN: use-after-free Read in netdev_unregister_kobject
slab-use-after-free Read in netdev_unregister_kobject ================================================================== BUG: KASAN: slab-use-after-free in device_for_each_child
11/1/24
syzbot's profile photo
syzbot
10/13/24
[syzbot] [bpf?] [net?] KASAN: slab-use-after-free Read in page_pool_put_unrefed_netmem
slab-use-after-free in page_pool_put_unrefed_netmem+0x8b8/0x11f4 Read of size 8 at addr ffff0000c924c708 by task syz-executor/7103 CPU: 0 UID: 0 PID: 7103 Comm: syz-executor
unread,
[syzbot] [bpf?] [net?] KASAN: slab-use-after-free Read in page_pool_put_unrefed_netmem
slab-use-after-free in page_pool_put_unrefed_netmem+0x8b8/0x11f4 Read of size 8 at addr ffff0000c924c708 by task syz-executor/7103 CPU: 0 UID: 0 PID: 7103 Comm: syz-executor
10/13/24
syzbot's profile photo
syzbot2
12/14/24
[syzbot] [bluetooth?] KASAN: slab-use-after-free Write in mgmt_device_connected
slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-use-after-free in test_and_set_bit include/asm-generic
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Write in mgmt_device_connected
slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-use-after-free in test_and_set_bit include/asm-generic
12/14/24
syzbot's profile photo
syzbot, … Luiz Augusto von Dentz46
9/23/24
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_connect (2)
slab-use-after-free Read in l2cap_connect Bluetooth: Unknown BR/EDR signaling command 0x11 Bluetooth: Wrong link type (-22) ==========================================
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_connect (2)
slab-use-after-free Read in l2cap_connect Bluetooth: Unknown BR/EDR signaling command 0x11 Bluetooth: Wrong link type (-22) ==========================================
9/23/24
syzbot's profile photo
syzbot2
11/7/24
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_conn_unreliable
slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_conn_unreliable
slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:
11/7/24
syzbot's profile photo
syzbot
6/27/24
[syzbot] [bridge?] KASAN: slab-use-after-free Read in br_multicast_port_group_expired
slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861 Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699 CPU:
unread,
[syzbot] [bridge?] KASAN: slab-use-after-free Read in br_multicast_port_group_expired
slab-use-after-free in br_multicast_port_group_expired+0x4c0/0x550 net/bridge/br_multicast.c:861 Read of size 8 at addr ffff888071d6d000 by task syz.5.1232/9699 CPU:
6/27/24
syzbot's profile photo
syzbot, … Kohei Enju12
Jun 28
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_get_neigh
slab-use-after-free in rose_get_neigh+0x1b6/0x6f0 net/rose/rose_route.c:692 Read of size 1 at addr ffff88802a32b030 by task syz-executor.2/6399 CPU: 0 PID: 6399 Comm: syz
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_get_neigh
slab-use-after-free in rose_get_neigh+0x1b6/0x6f0 net/rose/rose_route.c:692 Read of size 1 at addr ffff88802a32b030 by task syz-executor.2/6399 CPU: 0 PID: 6399 Comm: syz
Jun 28
syzbot's profile photo
syzbotHillf Danton6
9/1/24
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_recv_frame
slab-use-after-free in l2cap_connect net/bluetooth/l2cap_core.c:3920 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect_req net/bluetooth/l2cap_core.c:4061
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_recv_frame
slab-use-after-free in l2cap_connect net/bluetooth/l2cap_core.c:3920 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect_req net/bluetooth/l2cap_core.c:4061
9/1/24
syzbot's profile photo
syzbotHillf Danton3
4/1/24
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups (2)
slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-use-after-free in atomic_inc include/linux/atomic/atomic
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups (2)
slab-use-after-free in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-use-after-free in atomic_inc include/linux/atomic/atomic
4/1/24
syzbot's profile photo
syzbot
3/22/24
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb (2)
slab-use-after-free in register_lock_class+0x8d1/0x980 kernel/locking/lockdep.c:1333 Read of size 1 at addr ffff88809222f091 by task syz-executor.1/5107 CPU: 1 PID: 5107
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb (2)
slab-use-after-free in register_lock_class+0x8d1/0x980 kernel/locking/lockdep.c:1333 Read of size 1 at addr ffff88809222f091 by task syz-executor.1/5107 CPU: 1 PID: 5107
3/22/24
syzbot's profile photo
syzbot, … Toke Høiland-Jørgensen18
Feb 28
[syzbot] [wireless?] [usb?] UBSAN: array-index-out-of-bounds in htc_issue_send
slab-use-after-free Read in hif_usb_regout_cb ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read
unread,
[syzbot] [wireless?] [usb?] UBSAN: array-index-out-of-bounds in htc_issue_send
slab-use-after-free Read in hif_usb_regout_cb ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read
Feb 28
syzbot's profile photo
syzbotJoseph Bursey4
2/16/24
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_connect
It makes use of eBPF to make this race feasible. You will need to install > libbpf-dev on your host. > I have pre-compiled the eBPF program down to byte-code on Ubuntu 20.04 >
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_connect
It makes use of eBPF to make this race feasible. You will need to install > libbpf-dev on your host. > I have pre-compiled the eBPF program down to byte-code on Ubuntu 20.04 >
2/16/24
syzbot's profile photo
syzbot, … Vinicius Costa Gomes7
9/14/24
[syzbot] [net?] INFO: rcu detected stall in ip_list_rcv (6)
On Fri, Dec 15, 2023 at 10:37 PM Vinicius Costa Gomes wrote: > > Eric Dumazet writes: > > > On Mon, Dec 4, 2023 at 10:45 AM syzbot >
unread,
[syzbot] [net?] INFO: rcu detected stall in ip_list_rcv (6)
On Fri, Dec 15, 2023 at 10:37 PM Vinicius Costa Gomes wrote: > > Eric Dumazet writes: > > > On Mon, Dec 4, 2023 at 10:45 AM syzbot >
9/14/24
syzbot's profile photo
syzbotFilipe Manana5
11/5/23
[syzbot] [btrfs?] KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent
slab-use-after-free in __list_del_entry_valid_or_report+0x2f/0x130 lib/list_debug.c:49 Read of size 8 at addr ffff888028fe7cb0 by task kworker/u4:5/741 CPU: 0 PID: 741 Comm
unread,
[syzbot] [btrfs?] KASAN: slab-use-after-free Read in btrfs_qgroup_account_extent
slab-use-after-free in __list_del_entry_valid_or_report+0x2f/0x130 lib/list_debug.c:49 Read of size 8 at addr ffff888028fe7cb0 by task kworker/u4:5/741 CPU: 0 PID: 741 Comm
11/5/23
syzbot's profile photo
syzbot2
1/10/24
[syzbot] [media?] KASAN: slab-use-after-free Read in ir_raw_event_store
slab-use-after-free in ir_raw_event_store+0x2ea/0x370 drivers/media/rc/rc-ir-raw.c:80 Read of size 4 at addr ffff888102b7c018 by task syz-executor.0/23935 CPU: 0 PID: 23935
unread,
[syzbot] [media?] KASAN: slab-use-after-free Read in ir_raw_event_store
slab-use-after-free in ir_raw_event_store+0x2ea/0x370 drivers/media/rc/rc-ir-raw.c:80 Read of size 4 at addr ffff888102b7c018 by task syz-executor.0/23935 CPU: 0 PID: 23935
1/10/24
syzbot's profile photo
syzbot2
8/23/23
[syzbot] [kernel?] KASAN: slab-use-after-free Write in expire_timers
Auto-closing this bug as obsolete. Crashes did not happen for a while, no reproducer and no activity.
unread,
[syzbot] [kernel?] KASAN: slab-use-after-free Write in expire_timers
Auto-closing this bug as obsolete. Crashes did not happen for a while, no reproducer and no activity.
8/23/23
syzbot's profile photo
syzbot2
11/28/23
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb
slab-use-after-free in register_lock_class+0x8ec/0x990 kernel/locking/lockdep.c:1341 Read of size 1 at addr ffff88807e3f8891 by task udevd/4469 CPU: 1 PID: 4469 Comm: udevd
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Read in __usb_hcd_giveback_urb
slab-use-after-free in register_lock_class+0x8ec/0x990 kernel/locking/lockdep.c:1341 Read of size 1 at addr ffff88807e3f8891 by task udevd/4469 CPU: 1 PID: 4469 Comm: udevd
11/28/23
syzbot's profile photo
syzbot2
1/20/24
[syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks
slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x77a/0x860 drivers/gpu/drm/drm_atomic_helper.c:1650 Read of size 1 at addr ffff888023f61009 by task
unread,
[syzbot] [dri?] KASAN: slab-use-after-free Read in drm_atomic_helper_wait_for_vblanks
slab-use-after-free in drm_atomic_helper_wait_for_vblanks.part.0+0x77a/0x860 drivers/gpu/drm/drm_atomic_helper.c:1650 Read of size 1 at addr ffff888023f61009 by task
1/20/24
syzbot's profile photo
syzbot, … Alan Stern10
2/14/24
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups
:1700 expire_timers+0x29b/0x4b0 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups
:1700 expire_timers+0x29b/0x4b0 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq
2/14/24