Groups
Groups
Sign in
Groups
Groups
syzkaller-bugs
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–30 of many
syzbot
2
11:46 AM
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
slab-
use
-
after
-
free
in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG: KASAN: slab-
use
-
after
-
free
in l2cap_connect_cfm+0x6e4/0x1040 net/bluetooth/
unread,
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
slab-
use
-
after
-
free
in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG: KASAN: slab-
use
-
after
-
free
in l2cap_connect_cfm+0x6e4/0x1040 net/bluetooth/
11:46 AM
syzbot
Sep 11
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hidp_session_thread (2)
slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-
use
-
after
-
free
in atomic_long_read include/linux/atomic/atomic
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hidp_session_thread (2)
slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-
use
-
after
-
free
in atomic_long_read include/linux/atomic/atomic
Sep 11
syzbot
Sep 10
[syzbot] [pm?] KASAN: slab-use-after-free Read in rpm_suspend
slab-
use
-
after
-
free
in rt_spin_lock+0x88/0x2c0 kernel/locking/spinlock_rt.c:56 Read of size 1 at addr ffff8880235c7250 by task kworker/1:1/12993 CPU: 1 UID: 0 PID: 12993 Comm
unread,
[syzbot] [pm?] KASAN: slab-use-after-free Read in rpm_suspend
slab-
use
-
after
-
free
in rt_spin_lock+0x88/0x2c0 kernel/locking/spinlock_rt.c:56 Read of size 1 at addr ffff8880235c7250 by task kworker/1:1/12993 CPU: 1 UID: 0 PID: 12993 Comm
Sep 10
syzbot
, …
Sakari Ailus
7
Sep 11
[syzbot] [media?] KASAN: slab-use-after-free Read in media_devnode_unregister
slab-
use
-
after
-
free
in media_devnode_unregister+0xe2/0xf0 drivers/media/mc/mc-devnode.c:284 Read of size 4 at addr ffff888077b7f4f0 by task kworker/0:3/5945 CPU: 0 UID
unread,
[syzbot] [media?] KASAN: slab-use-after-free Read in media_devnode_unregister
slab-
use
-
after
-
free
in media_devnode_unregister+0xe2/0xf0 drivers/media/mc/mc-devnode.c:284 Read of size 4 at addr ffff888077b7f4f0 by task kworker/0:3/5945 CPU: 0 UID
Sep 11
syzbot
Sep 8
[syzbot] [net?] KASAN: slab-use-after-free Read in xfrm_state_find
slab-
use
-
after
-
free
in xfrm_state_find+0x44cd/0x5400 net/xfrm/xfrm_state.c:1574 Read of size 1 at addr ffff88806ad62970 by task syz.5.2024/14900 CPU: 1 UID: 0 PID: 14900 Comm
unread,
[syzbot] [net?] KASAN: slab-use-after-free Read in xfrm_state_find
slab-
use
-
after
-
free
in xfrm_state_find+0x44cd/0x5400 net/xfrm/xfrm_state.c:1574 Read of size 1 at addr ffff88806ad62970 by task syz.5.2024/14900 CPU: 1 UID: 0 PID: 14900 Comm
Sep 8
syzbot
2
Aug 28
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in release_sock (2)
slab-
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] BUG: KASAN: slab-
use
-
after
-
free
in do_raw_spin_lock+0x26f/0x2b0 kernel/
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in release_sock (2)
slab-
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] BUG: KASAN: slab-
use
-
after
-
free
in do_raw_spin_lock+0x26f/0x2b0 kernel/
Aug 28
syzbot
, …
Hillf Danton
45
Aug 28
[syzbot] [net?] KASAN: slab-use-after-free Write in __xfrm_state_delete
slab-
use
-
after
-
free
Write in __xfrm_state_delete ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in __hlist_del
unread,
[syzbot] [net?] KASAN: slab-use-after-free Write in __xfrm_state_delete
slab-
use
-
after
-
free
Write in __xfrm_state_delete ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in __hlist_del
Aug 28
syzbot
,
Dave Chinner
2
Aug 25
[syzbot] [xfs?] KASAN: slab-use-after-free Write in xlog_cil_committed
slab-
use
-
after
-
free
in instrument_atomic_write include/linux/instrumented.h:82 [inline] > BUG: KASAN: slab-
use
-
after
-
free
in set_bit include/asm-generic/bitops
unread,
[syzbot] [xfs?] KASAN: slab-use-after-free Write in xlog_cil_committed
slab-
use
-
after
-
free
in instrument_atomic_write include/linux/instrumented.h:82 [inline] > BUG: KASAN: slab-
use
-
after
-
free
in set_bit include/asm-generic/bitops
Aug 25
syzbot
Aug 25
[syzbot] [bcachefs?] KASAN: slab-use-after-free Read in __bch2_journal_key_search
slab-
use
-
after
-
free
in __journal_key_cmp fs/bcachefs/btree_journal_iter.h:63 [inline] BUG: KASAN: slab-
use
-
after
-
free
in __bch2_journal_key_search+0x57b/0x12e0 fs
unread,
[syzbot] [bcachefs?] KASAN: slab-use-after-free Read in __bch2_journal_key_search
slab-
use
-
after
-
free
in __journal_key_cmp fs/bcachefs/btree_journal_iter.h:63 [inline] BUG: KASAN: slab-
use
-
after
-
free
in __bch2_journal_key_search+0x57b/0x12e0 fs
Aug 25
syzbot
,
Hillf Danton
3
Aug 24
[syzbot] [media?] [usb?] KASAN: slab-use-after-free Read in v4l2_release (2)
slab-
use
-
after
-
free
in v4l2_release+0xbd/0x3b0 drivers/media/v4l2-core/v4l2-dev.c:455 Read of size 8 at addr ffff88803380c0c8 by task v4l_id/7890 CPU: 0 UID: 0 PID: 7890 Comm
unread,
[syzbot] [media?] [usb?] KASAN: slab-use-after-free Read in v4l2_release (2)
slab-
use
-
after
-
free
in v4l2_release+0xbd/0x3b0 drivers/media/v4l2-core/v4l2-dev.c:455 Read of size 8 at addr ffff88803380c0c8 by task v4l_id/7890 CPU: 0 UID: 0 PID: 7890 Comm
Aug 24
syzbot
Aug 21
[syzbot] [xfs?] KASAN: slab-use-after-free Read in xlog_cil_push_work
slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65 Read of size 8 at addr ffff88805f82f850 by task kworker/u8:5/1029 CPU: 1 UID: 0 PID
unread,
[syzbot] [xfs?] KASAN: slab-use-after-free Read in xlog_cil_push_work
slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65 Read of size 8 at addr ffff88805f82f850 by task kworker/u8:5/1029 CPU: 1 UID: 0 PID
Aug 21
syzbot
, …
Lorenzo Stoakes
4
Aug 16
[syzbot] [mm?] KASAN: slab-use-after-free Read in mremap
slab-
use
-
after
-
free
in vma_multi_allowed mm/mremap.c:1623 [inline] > BUG: KASAN: slab-
use
-
after
-
free
in remap_move mm/mremap.c:1884 [inline] > BUG: KASAN: slab-
use
unread,
[syzbot] [mm?] KASAN: slab-use-after-free Read in mremap
slab-
use
-
after
-
free
in vma_multi_allowed mm/mremap.c:1623 [inline] > BUG: KASAN: slab-
use
-
after
-
free
in remap_move mm/mremap.c:1884 [inline] > BUG: KASAN: slab-
use
Aug 16
syzbot
Aug 13
[syzbot] [block?] KASAN: slab-use-after-free Read in update_io_ticks (3)
slab-
use
-
after
-
free
in update_io_ticks+0x9a/0x260 block/blk-core.c:1018 Read of size 8 at addr ffff88803215e7a8 by task kworker/u4:11/3027 CPU: 0 UID: 0 PID: 3027 Comm: kworker
unread,
[syzbot] [block?] KASAN: slab-use-after-free Read in update_io_ticks (3)
slab-
use
-
after
-
free
in update_io_ticks+0x9a/0x260 block/blk-core.c:1018 Read of size 8 at addr ffff88803215e7a8 by task kworker/u4:11/3027 CPU: 0 UID: 0 PID: 3027 Comm: kworker
Aug 13
syzbot
, …
Kuniyuki Iwashima
14
Aug 13
[syzbot] [net?] BUG: unable to handle kernel paging request in nsim_queue_free
slab-
use
-
after
-
free
Read in udp_tunnel_nic_device_sync_work netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 =========================================
unread,
[syzbot] [net?] BUG: unable to handle kernel paging request in nsim_queue_free
slab-
use
-
after
-
free
Read in udp_tunnel_nic_device_sync_work netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 =========================================
Aug 13
syzbot
,
Hillf Danton
7
Aug 12
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event:
Use
of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event:
Use
of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
Aug 12
syzbot
, …
Hillf Danton
9
Aug 12
[syzbot] [wireless?] KASAN: slab-use-after-free Read in cmp_bss
slab-
use
-
after
-
free
Read in cmp_bss ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in cmp_bss+0xd4d/0xe80 net
unread,
[syzbot] [wireless?] KASAN: slab-use-after-free Read in cmp_bss
slab-
use
-
after
-
free
Read in cmp_bss ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in cmp_bss+0xd4d/0xe80 net
Aug 12
syzbot
, …
Sven Stegemann
8
Aug 9
[syzbot] [net?] WARNING: ODEBUG bug in __sk_destruct (3)
slab-
use
-
after
-
free
Read in __lock_sock ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in __raw_spin_lock_bh
unread,
[syzbot] [net?] WARNING: ODEBUG bug in __sk_destruct (3)
slab-
use
-
after
-
free
Read in __lock_sock ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in __raw_spin_lock_bh
Aug 9
syzbot
Aug 4
[syzbot] [mm?] [gfs2?] KASAN: slab-use-after-free Read in lru_add (2)
slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-
use
-
after
-
free
in _test_bit include/asm-generic/bitops/instrumented
unread,
[syzbot] [mm?] [gfs2?] KASAN: slab-use-after-free Read in lru_add (2)
slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-
use
-
after
-
free
in _test_bit include/asm-generic/bitops/instrumented
Aug 4
syzbot
Aug 4
[syzbot] [raid?] WARNING: refcount bug in trace_suspend_resume
underflow;
use
-
after
-
free
. Modules linked in: Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 0 UID: 0 PID: 3065 Comm: kworker/0:3 Not tainted 6.16.0-syzkaller #
unread,
[syzbot] [raid?] WARNING: refcount bug in trace_suspend_resume
underflow;
use
-
after
-
free
. Modules linked in: Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 0 UID: 0 PID: 3065 Comm: kworker/0:3 Not tainted 6.16.0-syzkaller #
Aug 4
syzbot
Aug 2
[syzbot] [raid?] WARNING: refcount bug in mddev_delayed_delete
underflow;
use
-
after
-
free
. WARNING: CPU: 1 PID: 962 at lib/refcount.c:28 refcount_warn_saturate+0x138/0x19c lib/refcount.c:28 Modules linked in: CPU: 1 UID: 0 PID: 962 Comm
unread,
[syzbot] [raid?] WARNING: refcount bug in mddev_delayed_delete
underflow;
use
-
after
-
free
. WARNING: CPU: 1 PID: 962 at lib/refcount.c:28 refcount_warn_saturate+0x138/0x19c lib/refcount.c:28 Modules linked in: CPU: 1 UID: 0 PID: 962 Comm
Aug 2
syzbot
2
Aug 9
[syzbot] [fuse?] WARNING: refcount bug in process_one_work
underflow;
use
-
after
-
free
. WARNING: CPU: 3 PID: 34 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28 Modules linked in: CPU: 3 UID: 0 PID: 34 Comm:
unread,
[syzbot] [fuse?] WARNING: refcount bug in process_one_work
underflow;
use
-
after
-
free
. WARNING: CPU: 3 PID: 34 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28 Modules linked in: CPU: 3 UID: 0 PID: 34 Comm:
Aug 9
syzbot
,
Hillf Danton
7
Jul 30
[syzbot] [fuse?] WARNING: refcount bug in process_scheduled_works
underflow;
use
-
after
-
free
. WARNING: CPU: 1 PID: 24 at lib/refcount.c:28 refcount_warn_saturate+0x11a/0x1d0 lib/refcount.c:28 Modules linked in: CPU: 1 UID: 0 PID: 24 Comm:
unread,
[syzbot] [fuse?] WARNING: refcount bug in process_scheduled_works
underflow;
use
-
after
-
free
. WARNING: CPU: 1 PID: 24 at lib/refcount.c:28 refcount_warn_saturate+0x11a/0x1d0 lib/refcount.c:28 Modules linked in: CPU: 1 UID: 0 PID: 24 Comm:
Jul 30
syzbot
, …
Edward Adam Davis
11
Jul 25
[syzbot] [rdma?] KASAN: slab-use-after-free Read in ucma_create_uevent
slab-
use
-
after
-
free
Write in ucma_create_uevent ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in instrument_atomic_read_write
unread,
[syzbot] [rdma?] KASAN: slab-use-after-free Read in ucma_create_uevent
slab-
use
-
after
-
free
Write in ucma_create_uevent ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in instrument_atomic_read_write
Jul 25
Moon Hee Lee
,
Johannes Berg
3
Jul 24
[PATCH wireless-next] wifi: mac80211: fix use-after-free risk in sta debugfs removal
:435
process_one_work
kernel/workqueue.c:3238 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue
unread,
[PATCH wireless-next] wifi: mac80211: fix use-after-free risk in sta debugfs removal
:435
process_one_work
kernel/workqueue.c:3238 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue
Jul 24
syzbot
, …
Al Viro
20
Jul 31
[syzbot] [fs?] [wireless?] general protection fault in simple_recursive_removal (5)
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main
unread,
[syzbot] [fs?] [wireless?] general protection fault in simple_recursive_removal (5)
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git main
Jul 31
syzbot
, …
Aleksandr Nogikh
26
Jul 23
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_poll_remove_entries
slab-
use
-
after
-
free
in __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] > >> BUG: KASAN: slab-
use
-
after
-
free
in _raw_spin_lock_irq+0x36/
unread,
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_poll_remove_entries
slab-
use
-
after
-
free
in __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] > >> BUG: KASAN: slab-
use
-
after
-
free
in _raw_spin_lock_irq+0x36/
Jul 23
syzbot
Jul 23
[syzbot] [net?] WARNING: refcount bug in nsim_fib_event_nb (2)
0;
use
-
after
-
free
. WARNING: CPU: 1 PID: 6193 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25 Modules linked in: CPU: 1 UID: 0 PID: 6193 Comm: kworker
unread,
[syzbot] [net?] WARNING: refcount bug in nsim_fib_event_nb (2)
0;
use
-
after
-
free
. WARNING: CPU: 1 PID: 6193 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25 Modules linked in: CPU: 1 UID: 0 PID: 6193 Comm: kworker
Jul 23
syzbot
, …
Ivan Pravdin
10
Jul 21
[syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work
slab-
use
-
after
-
free
Read in hci_uart_write_work ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in hci_uart_write_work
unread,
[syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work
slab-
use
-
after
-
free
Read in hci_uart_write_work ================================================================== BUG: KASAN: slab-
use
-
after
-
free
in hci_uart_write_work
Jul 21
syzbot
,
Kent Overstreet
2
Jul 21
[syzbot] [bcachefs?] KASAN: slab-use-after-free Write in bch2_do_discards
slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-
use
-
after
-
free
in atomic_long_inc_return include/linux
unread,
[syzbot] [bcachefs?] KASAN: slab-use-after-free Write in bch2_do_discards
slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-
use
-
after
-
free
in atomic_long_inc_return include/linux
Jul 21
syzbot
, …
Aleksandr Nogikh
12
Jul 23
[syzbot] [bcachefs?] KASAN: slab-use-after-free Write in bch2_get_next_dev
slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-
use
-
after
-
free
in atomic_long_inc_return include/linux
unread,
[syzbot] [bcachefs?] KASAN: slab-use-after-free Write in bch2_get_next_dev
slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG: KASAN: slab-
use
-
after
-
free
in atomic_long_inc_return include/linux
Jul 23
