1–30 of many
syzbot's profile photo
syzbotArjan van de Ven2
Apr 27
[syzbot] [hams?] KASAN: slab-use-after-free Read in ax25_send_frame (3)
slab-use-after-free in kmemdup_noprof+0x55/0x70 mm/util.c:140 Read of size 66 at addr ffff8880310ac600 by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in ax25_send_frame (3)
slab-use-after-free in kmemdup_noprof+0x55/0x70 mm/util.c:140 Read of size 66 at addr ffff8880310ac600 by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller
Apr 27
syzbot's profile photo
syzbot
Apr 22
[syzbot] [bluetooth] KASAN: slab-use-after-free Read in process_one_work (2)
slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60
unread,
[syzbot] [bluetooth] KASAN: slab-use-after-free Read in process_one_work (2)
slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:132 [inline] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60
Apr 22
syzbot's profile photo
syzbot
Apr 21
[syzbot] [sctp?] WARNING: refcount bug in sctp_association_hold
0; use-after-free. WARNING: lib/refcount.c:25 at refcount_warn_saturate+0x111/0x130 lib/refcount.c:25, CPU#0: swapper/0/0 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper
unread,
[syzbot] [sctp?] WARNING: refcount bug in sctp_association_hold
0; use-after-free. WARNING: lib/refcount.c:25 at refcount_warn_saturate+0x111/0x130 lib/refcount.c:25, CPU#0: swapper/0/0 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper
Apr 21
syzbot's profile photo
syzbot
Mar 31
[syzbot] [hams?] KASAN: slab-use-after-free Read in ax25cmp (2)
slab-use-after-free in ax25cmp+0x17b/0x1d0 net/ax25/ax25_addr.c:119 Read of size 1 at addr ffff8880589bdc08 by task syz-executor/30916 CPU: 1 UID: 0 PID: 30916 Comm: syz-executor
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in ax25cmp (2)
slab-use-after-free in ax25cmp+0x17b/0x1d0 net/ax25/ax25_addr.c:119 Read of size 1 at addr ffff8880589bdc08 by task syz-executor/30916 CPU: 1 UID: 0 PID: 30916 Comm: syz-executor
Mar 31
syzbot's profile photo
syzbot
Mar 11
[syzbot] [hams?] KASAN: slab-use-after-free Read in ax25_disconnect
slab-use-after-free in ax25_disconnect+0x19c/0x3c0 net/ax25/ax25_subr.c:283 Read of size 8 at addr ffff8880600774c0 by task ktimers/1/29 CPU: 1 UID: 0 PID: 29 Comm: ktimers
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in ax25_disconnect
slab-use-after-free in ax25_disconnect+0x19c/0x3c0 net/ax25/ax25_subr.c:283 Read of size 8 at addr ffff8880600774c0 by task ktimers/1/29 CPU: 1 UID: 0 PID: 29 Comm: ktimers
Mar 11
syzbot's profile photo
syzbot
Mar 5
[syzbot] [rds?] KASAN: slab-use-after-free Read in rds_conn_path_drop
slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:82 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic
unread,
[syzbot] [rds?] KASAN: slab-use-after-free Read in rds_conn_path_drop
slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:82 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic
Mar 5
syzbot's profile photo
syzbot
Feb 21
[syzbot] [net?] [trace?] WARNING: refcount bug in call_timer_fn (4)
underflow; use-after-free. WARNING: CPU: 1 PID: 29 at lib/refcount.c:28 refcount_warn_saturate+0x11a/0x1d0 lib/refcount.c:28 Modules linked in: CPU: 1 UID: 0 PID: 29 Comm:
unread,
[syzbot] [net?] [trace?] WARNING: refcount bug in call_timer_fn (4)
underflow; use-after-free. WARNING: CPU: 1 PID: 29 at lib/refcount.c:28 refcount_warn_saturate+0x11a/0x1d0 lib/refcount.c:28 Modules linked in: CPU: 1 UID: 0 PID: 29 Comm:
Feb 21
syzbot's profile photo
syzbot
Feb 6
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_t0timer_expiry
slab-use-after-free in rose_send_frame net/rose/rose_link.c:105 [inline] BUG: KASAN: slab-use-after-free in rose_transmit_restart_request net/rose/rose_link.c:198
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_t0timer_expiry
slab-use-after-free in rose_send_frame net/rose/rose_link.c:105 [inline] BUG: KASAN: slab-use-after-free in rose_transmit_restart_request net/rose/rose_link.c:198
Feb 6
Sam Sun's profile photo
Sam Sun
Feb 2
[Linux kernel bug] general protection fault in wg_packet_send_queued_handshake_initiation
:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers+0x6d2/0xac0 kernel/time/timer.c:2373 __run_timer_base kernel/time/timer.c:2385 [inline] __run_timer_base
unread,
[Linux kernel bug] general protection fault in wg_packet_send_queued_handshake_initiation
:1748 expire_timers kernel/time/timer.c:1799 [inline] __run_timers+0x6d2/0xac0 kernel/time/timer.c:2373 __run_timer_base kernel/time/timer.c:2385 [inline] __run_timer_base
Feb 2
syzbot's profile photo
syzbot
Jan 18
Re: Private message regarding: [syzbot] [mm?] KASAN: slab-use-after-free Read in lookup_object_or_alloc (3)
slab-use-after-free in lookup_object_or_alloc > when timer_is_static_object() accesses freed timer memory. > > #syz test > > The issue occurs when debug_object_activate
unread,
Re: Private message regarding: [syzbot] [mm?] KASAN: slab-use-after-free Read in lookup_object_or_alloc (3)
slab-use-after-free in lookup_object_or_alloc > when timer_is_static_object() accesses freed timer memory. > > #syz test > > The issue occurs when debug_object_activate
Jan 18
syzbot's profile photo
syzbot2
May 1
[syzbot] [mm?] KASAN: slab-use-after-free Read in lookup_object_or_alloc (3)
slab-use-after-free in timer_is_static_object+0x80/0x90 kernel/time/timer.c:691 Read of size 8 at addr ffff88807e5e8498 by task syz.4.6813/32052 CPU: 1 UID: 0 PID: 32052 Comm
unread,
[syzbot] [mm?] KASAN: slab-use-after-free Read in lookup_object_or_alloc (3)
slab-use-after-free in timer_is_static_object+0x80/0x90 kernel/time/timer.c:691 Read of size 8 at addr ffff88807e5e8498 by task syz.4.6813/32052 CPU: 1 UID: 0 PID: 32052 Comm
May 1
syzbot's profile photo
syzbot
Jan 15
[syzbot] [hams?] KASAN: slab-use-after-free Write in rose_send_frame
slab-use-after-free in rose_send_frame+0x131/0x220 net/rose/rose_link.c:106 Write of size 8 at addr ffff88805a57c018 by task ktimers/0/16 CPU: 0 UID: 0 PID: 16 Comm: ktimers
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Write in rose_send_frame
slab-use-after-free in rose_send_frame+0x131/0x220 net/rose/rose_link.c:106 Write of size 8 at addr ffff88805a57c018 by task ktimers/0/16 CPU: 0 UID: 0 PID: 16 Comm: ktimers
Jan 15
syzbot's profile photo
syzbot
12/23/25
[syzbot] [pm?] KASAN: slab-use-after-free Read in thermal_zone_device_check
slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:593 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1350 kernel/locking/mutex.
unread,
[syzbot] [pm?] KASAN: slab-use-after-free Read in thermal_zone_device_check
slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:593 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1350 kernel/locking/mutex.
12/23/25
syzbot's profile photo
syzbot2
Feb 21
[syzbot] [sctp?] WARNING: refcount bug in sctp_transport_put (5)
underflow; use-after-free. WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper
unread,
[syzbot] [sctp?] WARNING: refcount bug in sctp_transport_put (5)
underflow; use-after-free. WARNING: CPU: 0 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper
Feb 21
syzbot's profile photo
syzbot
11/13/25
[syzbot] [mptcp?] WARNING: refcount bug in mptcp_schedule_work (2)
0; use-after-free. WARNING: CPU: 0 PID: 16 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ktimers/0
unread,
[syzbot] [mptcp?] WARNING: refcount bug in mptcp_schedule_work (2)
0; use-after-free. WARNING: CPU: 0 PID: 16 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ktimers/0
11/13/25
syzbot's profile photo
syzbotshaurya6
11/7/25
Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
slab-use-after-free Read in l2cap_unregister_user ================================================================== BUG: KASAN: slab-use-after-free in __mutex_waiter_is_first
unread,
Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
slab-use-after-free Read in l2cap_unregister_user ================================================================== BUG: KASAN: slab-use-after-free in __mutex_waiter_is_first
11/7/25
syzbot's profile photo
syzbot14
10/29/25
Re: [syzbot] [ocfs2?] KASAN: slab-use-after-free Read in ocfs2_fault
:1444 expire_timers kernel/time/timer.c:1489 [inline] __run_timers+0x5d8/0x7a0 kernel/time/timer.c:1783 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1796 __do_softirq
unread,
Re: [syzbot] [ocfs2?] KASAN: slab-use-after-free Read in ocfs2_fault
:1444 expire_timers kernel/time/timer.c:1489 [inline] __run_timers+0x5d8/0x7a0 kernel/time/timer.c:1783 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1796 __do_softirq
10/29/25
syzbot's profile photo
syzbot, … Lizhi Xu19
12/9/25
[syzbot] [hams?] KASAN: slab-use-after-free Read in ax25_find_cb
slab-use-after-free in ax25_find_cb+0x3b8/0x3f0 net/ax25/af_ax25.c:237 Read of size 1 at addr ffff888059c704c0 by task syz.6.2733/17200 CPU: 1 UID: 0 PID: 17200 Comm: syz.6.2733
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in ax25_find_cb
slab-use-after-free in ax25_find_cb+0x3b8/0x3f0 net/ax25/af_ax25.c:237 Read of size 1 at addr ffff888059c704c0 by task syz.6.2733/17200 CPU: 1 UID: 0 PID: 17200 Comm: syz.6.2733
12/9/25
syzbot's profile photo
syzbot2
Jan 15
[syzbot] [sctp?] WARNING: refcount bug in sctp_generate_timeout_event (2)
bpf: Use rcu_read_lock_dont_migrate in bpf_sk.. git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=172af92f980000 kernel config: https://syzkaller
unread,
[syzbot] [sctp?] WARNING: refcount bug in sctp_generate_timeout_event (2)
bpf: Use rcu_read_lock_dont_migrate in bpf_sk.. git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=172af92f980000 kernel config: https://syzkaller
Jan 15
syzbot's profile photo
syzbotTakashi Iwai2
10/15/25
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_usbmidi_error_timer (2)
slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic
unread,
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_usbmidi_error_timer (2)
slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic
10/15/25
syzbot's profile photo
syzbot2
Feb 1
[syzbot] [hams?] KASAN: slab-use-after-free Write in rose_t0timer_expiry
slab-use-after-free in rose_t0timer_expiry+0x114/0x150 net/rose/rose_link.c:85 Write of size 1 at addr ffff8880569e3435 by task syz.3.1212/10695 CPU: 0 UID: 0 PID: 10695 Comm
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Write in rose_t0timer_expiry
slab-use-after-free in rose_t0timer_expiry+0x114/0x150 net/rose/rose_link.c:85 Write of size 1 at addr ffff8880569e3435 by task syz.3.1212/10695 CPU: 0 UID: 0 PID: 10695 Comm
Feb 1
syzbot's profile photo
syzbotHillf Danton12
Mar 7
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event: Use of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event: Use of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
Mar 7
syzbot's profile photo
syzbot2
9/5/25
[syzbot] [batman?] KASAN: slab-use-after-free Write in batadv_forw_packet_steal
slab-use-after-free in __hlist_del include/linux/list.h:980 [inline] BUG: KASAN: slab-use-after-free in hlist_del_init include/linux/list.h:1008 [inline] BUG: KASAN
unread,
[syzbot] [batman?] KASAN: slab-use-after-free Write in batadv_forw_packet_steal
slab-use-after-free in __hlist_del include/linux/list.h:980 [inline] BUG: KASAN: slab-use-after-free in hlist_del_init include/linux/list.h:1008 [inline] BUG: KASAN
9/5/25
syzbot's profile photo
syzbotCharalampos Mitrodimas3
5/26/25
[syzbot] [tipc?] WARNING: refcount bug in tipc_crypto_xmit
slab-use-after-free Read in tipc_aead_encrypt_done > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10018df4580000 > final oops: https://syzkaller
unread,
[syzbot] [tipc?] WARNING: refcount bug in tipc_crypto_xmit
slab-use-after-free Read in tipc_aead_encrypt_done > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10018df4580000 > final oops: https://syzkaller
5/26/25
syzbot's profile photo
syzbot
5/19/25
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_timer_expiry (3)
slab-use-after-free in rose_timer_expiry+0x471/0x4b0 net/rose/rose_timer.c:183 Read of size 2 at addr ffff888030b0ac2a by task syz-executor/10726 CPU: 1 UID: 0 PID: 10726
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_timer_expiry (3)
slab-use-after-free in rose_timer_expiry+0x471/0x4b0 net/rose/rose_timer.c:183 Read of size 2 at addr ffff888030b0ac2a by task syz-executor/10726 CPU: 1 UID: 0 PID: 10726
5/19/25
syzbot's profile photo
syzbotHillf Danton7
5/9/25
[syzbot] [sound?] [usb?] WARNING: ODEBUG bug in snd_rawmidi_free
slab-use-after-free Read in snd_usbmidi_error_timer ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read
unread,
[syzbot] [sound?] [usb?] WARNING: ODEBUG bug in snd_rawmidi_free
slab-use-after-free Read in snd_usbmidi_error_timer ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read
5/9/25
syzbot's profile photo
syzbot2
8/9/25
[syzbot] [batman?] KASAN: slab-use-after-free Write in batadv_forw_packet_queue
slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline] BUG: KASAN: slab-use-after-free in batadv_forw_packet_queue+0x187/0x260 net/batman-adv/send
unread,
[syzbot] [batman?] KASAN: slab-use-after-free Write in batadv_forw_packet_queue
slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline] BUG: KASAN: slab-use-after-free in batadv_forw_packet_queue+0x187/0x260 net/batman-adv/send
8/9/25
syzbot's profile photo
syzbot2
7/15/25
[syzbot] [sctp?] WARNING: refcount bug in sctp_generate_timeout_event
0; use-after-free. WARNING: CPU: 0 PID: 6783 at lib/refcount.c:25 refcount_warn_saturate+0x13a/0x1d0 lib/refcount.c:25 Modules linked in: CPU: 0 UID: 0 PID: 6783 Comm: syz.
unread,
[syzbot] [sctp?] WARNING: refcount bug in sctp_generate_timeout_event
0; use-after-free. WARNING: CPU: 0 PID: 6783 at lib/refcount.c:25 refcount_warn_saturate+0x13a/0x1d0 lib/refcount.c:25 Modules linked in: CPU: 0 UID: 0 PID: 6783 Comm: syz.
7/15/25
syzbot's profile photo
syzbot, … Carlos Llamas8
3/24/25
[syzbot] [kernel?] KASAN: slab-use-after-free Write in binder_add_device
slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline] >> BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 drivers/android/binder
unread,
[syzbot] [kernel?] KASAN: slab-use-after-free Write in binder_add_device
slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline] >> BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 drivers/android/binder
3/24/25
syzbot's profile photo
syzbotHillf Danton5
4/27/25
[syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler
slab-use-after-free in corsair_void_status_work_handler+0xaa/0xb0 drivers/hid/hid-corsair-void.c:515 Read of size 8 at addr ffff8881187e6828 by task kworker/1:1/36 CPU
unread,
[syzbot] [input?] [usb?] KASAN: slab-use-after-free Read in corsair_void_status_work_handler
slab-use-after-free in corsair_void_status_work_handler+0xaa/0xb0 drivers/hid/hid-corsair-void.c:515 Read of size 8 at addr ffff8881187e6828 by task kworker/1:1/36 CPU
4/27/25