Groups
Sign in
Groups
syzkaller-bugs
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–30 of many
syzbot
, …
Edward Adam Davis
10
11:28 AM
[syzbot] [netfilter?] KASAN: slab-use-after-free Read in nf_tables_trans_destroy_work
:422
task_work_run
+0x24f/0x310 kernel/task_work.c:180 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common
unread,
[syzbot] [netfilter?] KASAN: slab-use-after-free Read in nf_tables_trans_destroy_work
:422
task_work_run
+0x24f/0x310 kernel/task_work.c:180 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common
11:28 AM
syzbot
, …
James Chapman
6
6:51 PM
[syzbot] [net?] KASAN: slab-use-after-free Read in l2tp_tunnel_del_work
BUG:
KASAN
: slab-
use
-
after
-
free
in l2tp_tunnel_del_work+0xe5/0x330 net/l2tp/l2tp_core.c:1334 > Read of size 8 at addr ffff88802361a0b8 by task kworker/u8:1/12 I think
unread,
[syzbot] [net?] KASAN: slab-use-after-free Read in l2tp_tunnel_del_work
BUG:
KASAN
: slab-
use
-
after
-
free
in l2tp_tunnel_del_work+0xe5/0x330 net/l2tp/l2tp_core.c:1334 > Read of size 8 at addr ffff88802361a0b8 by task kworker/u8:1/12 I think
6:51 PM
syzbot
, …
Edward Adam Davis
11
5:52 AM
[syzbot] [net?] KASAN: slab-use-after-free Write in l2tp_session_delete
issue:
KASAN
: slab-
use
-
after
-
free
Write in l2tp_session_delete ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
unread,
[syzbot] [net?] KASAN: slab-use-after-free Write in l2tp_session_delete
issue:
KASAN
: slab-
use
-
after
-
free
Write in l2tp_session_delete ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
5:52 AM
syzbot
, …
Hillf Danton
5
Jun 25
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in sk_skb_reason_drop
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_read include/linux/atomic
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in sk_skb_reason_drop
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_read include/linux/atomic
Jun 25
syzbot
,
Ryusuke Konishi
2
Jun 23
[syzbot] [mm?] KASAN: slab-use-after-free Read in move_to_new_folio (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG:
KASAN
: slab-
use
-
after
-
free
in _test_bit include/asm-generic
unread,
[syzbot] [mm?] KASAN: slab-use-after-free Read in move_to_new_folio (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG:
KASAN
: slab-
use
-
after
-
free
in _test_bit include/asm-generic
Jun 23
syzbot
, …
Hillf Danton
36
Jun 17
[syzbot] [ntfs3?] KASAN: slab-use-after-free Read in chrdev_open
issue:
KASAN
: slab-
use
-
after
-
free
Read in chrdev_open loop0: detected capacity change from 0 to 4096 ================================================================
unread,
[syzbot] [ntfs3?] KASAN: slab-use-after-free Read in chrdev_open
issue:
KASAN
: slab-
use
-
after
-
free
Read in chrdev_open loop0: detected capacity change from 0 to 4096 ================================================================
Jun 17
syzbot
, …
Shakeel Butt
3
Jun 17
[syzbot] [mm?] KASAN: slab-use-after-free Read in folio_evictable (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG:
KASAN
: slab-
use
-
after
-
free
in _test_bit include/asm-generic
unread,
[syzbot] [mm?] KASAN: slab-use-after-free Read in folio_evictable (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG:
KASAN
: slab-
use
-
after
-
free
in _test_bit include/asm-generic
Jun 17
syzbot
, …
Ryusuke Konishi
22
Jun 23
[syzbot] [mm?] KASAN: slab-use-after-free Read in lru_add_fn
PREEMPT SMP
KASAN
NOPTI CPU: 1 PID: 5321 Comm: syz-executor Not tainted 6.10.0-rc3-syzkaller-dirty #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16
unread,
[syzbot] [mm?] KASAN: slab-use-after-free Read in lru_add_fn
PREEMPT SMP
KASAN
NOPTI CPU: 1 PID: 5321 Comm: syz-executor Not tainted 6.10.0-rc3-syzkaller-dirty #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16
Jun 23
syzbot
May 31
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_sock_ready_cb
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_sock_ready_cb+0xd7/0x140 net/bluetooth/l2cap_sock.c:1662 Read of size 8 at addr ffff88806c4de188 by task kworker/1:1/17633 CPU
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_sock_ready_cb
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_sock_ready_cb+0xd7/0x140 net/bluetooth/l2cap_sock.c:1662 Read of size 8 at addr ffff88806c4de188 by task kworker/1:1/17633 CPU
May 31
syzbot
May 27
[syzbot] [pm?] INFO: trying to register non-static key in netdev_unregister_kobject
object before
use
? turning off the locking correctness validator. CPU: 1 PID: 5076 Comm: kbnepd bnep0 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine
unread,
[syzbot] [pm?] INFO: trying to register non-static key in netdev_unregister_kobject
object before
use
? turning off the locking correctness validator. CPU: 1 PID: 5076 Comm: kbnepd bnep0 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine
May 27
syzbot
May 27
Re: [syzbot] [ntfs3?] KASAN: slab-use-after-free Read in chrdev_open
issue:
KASAN
: slab-
use
-
after
-
free
Read in chrdev_open loop0: detected capacity change from 0 to 4096 ================================================================
unread,
Re: [syzbot] [ntfs3?] KASAN: slab-use-after-free Read in chrdev_open
issue:
KASAN
: slab-
use
-
after
-
free
Read in chrdev_open loop0: detected capacity change from 0 to 4096 ================================================================
May 27
syzbot
2
Jun 1
[syzbot] [bpf?] KASAN: slab-use-after-free Read in bpf_link_free (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in bpf_link_free+0x234/0x2d0 kernel/bpf/syscall.c:3078 Read of size 8 at addr ffff888011469b10 by task syz-executor.1/6398 CPU: 0 PID: 6398
unread,
[syzbot] [bpf?] KASAN: slab-use-after-free Read in bpf_link_free (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in bpf_link_free+0x234/0x2d0 kernel/bpf/syscall.c:3078 Read of size 8 at addr ffff888011469b10 by task syz-executor.1/6398 CPU: 0 PID: 6398
Jun 1
syzbot
,
asma...@codewreck.org
2
May 23
[syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_fd_request
?]
KASAN
: slab-
use
-
after
-
free
Read in p9_client_destroy > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image
unread,
[syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_fd_request
?]
KASAN
: slab-
use
-
after
-
free
Read in p9_client_destroy > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image
May 23
syzbot
, …
asma...@codewreck.org
21
May 23
[syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_fid_destroy
still in
use
------------[ cut here ]------------ refcount_t: underflow;
use
-
after
-
free
. WARNING: CPU: 3 PID: 5345 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
unread,
[syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_fid_destroy
still in
use
------------[ cut here ]------------ refcount_t: underflow;
use
-
after
-
free
. WARNING: CPU: 3 PID: 5345 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
May 23
syzbot
May 17
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in skb_queue_purge_reason (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_empty_lockless include/linux/skbuff.h:1840 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_purge_reason+0xb9/0x500
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in skb_queue_purge_reason (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_empty_lockless include/linux/skbuff.h:1840 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_purge_reason+0xb9/0x500
May 17
syzbot
May 13
[syzbot] [bcachefs?] KASAN: slab-use-after-free Read in evict_inodes
BUG:
KASAN
: slab-
use
-
after
-
free
in evict_inodes+0x111/0x690 Read of size 8 at addr ffff888075cc70e0 by task syz-executor647/5099 CPU: 0 PID: 5099 Comm: syz-executor647 Not tainted
unread,
[syzbot] [bcachefs?] KASAN: slab-use-after-free Read in evict_inodes
BUG:
KASAN
: slab-
use
-
after
-
free
in evict_inodes+0x111/0x690 Read of size 8 at addr ffff888075cc70e0 by task syz-executor647/5099 CPU: 0 PID: 5099 Comm: syz-executor647 Not tainted
May 13
syzbot
, …
David Howells
7
May 22
[syzbot] [v9fs?] KASAN: slab-use-after-free Write in v9fs_free_request
sun I
use
the same kernel as syzbot instance git tree: upstream ba16c1cf11c9f264b5455cb7d57267b39925409a kernel config: https://syzkaller.appspot.com/x/.config?x=6d14c12b661fb43
unread,
[syzbot] [v9fs?] KASAN: slab-use-after-free Write in v9fs_free_request
sun I
use
the same kernel as syzbot instance git tree: upstream ba16c1cf11c9f264b5455cb7d57267b39925409a kernel config: https://syzkaller.appspot.com/x/.config?x=6d14c12b661fb43
May 22
syzbot
, …
asma...@codewreck.org
3
May 16
[syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_client_destroy
sun I
use
the same kernel as syzbot instance git tree: upstream f4345f05c0dfc73c617e66f3b809edb8ddd41075 console output: https://syzkaller.appspot.com/x/log.txt?x=122bfdb8980000
unread,
[syzbot] [v9fs?] KASAN: slab-use-after-free Read in p9_client_destroy
sun I
use
the same kernel as syzbot instance git tree: upstream f4345f05c0dfc73c617e66f3b809edb8ddd41075 console output: https://syzkaller.appspot.com/x/log.txt?x=122bfdb8980000
May 16
syzbot
May 7
[syzbot] [net?] KASAN: slab-use-after-free Read in kcm_release
BUG:
KASAN
: slab-
use
-
after
-
free
in __skb_unlink include/linux/skbuff.h:2366 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in __skb_dequeue include/linux/skbuff.h:2385 [inline
unread,
[syzbot] [net?] KASAN: slab-use-after-free Read in kcm_release
BUG:
KASAN
: slab-
use
-
after
-
free
in __skb_unlink include/linux/skbuff.h:2366 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in __skb_dequeue include/linux/skbuff.h:2385 [inline
May 7
syzbot
, …
David Laight
90
May 11
[syzbot] [fs?] [io-uring?] general protection fault in __ep_remove
rc6 with
KASAN
and the following patch for easier reproducible, I got the
KASAN
bug report diff --git a/drivers/dma-buf/dma-buf.cb/drivers/dma-buf/dma-buf.c index 8fe5aa67b167
unread,
[syzbot] [fs?] [io-uring?] general protection fault in __ep_remove
rc6 with
KASAN
and the following patch for easier reproducible, I got the
KASAN
bug report diff --git a/drivers/dma-buf/dma-buf.cb/drivers/dma-buf/dma-buf.c index 8fe5aa67b167
May 11
syzbot
,
Hillf Danton
7
Apr 23
[syzbot] [pm?] KASAN: use-after-free Read in netdev_unregister_kobject
issue:
KASAN
: out-of-bounds Read in netdev_unregister_kobject ================================================================== BUG:
KASAN
: out-of-bounds in device_for_each_child
unread,
[syzbot] [pm?] KASAN: use-after-free Read in netdev_unregister_kobject
issue:
KASAN
: out-of-bounds Read in netdev_unregister_kobject ================================================================== BUG:
KASAN
: out-of-bounds in device_for_each_child
Apr 23
syzbot
, …
Fedor Pchelkin
5
May 18
[syzbot] [fs?] KASAN: slab-use-after-free Read in __fput (2)
PREEMPT SMP
KASAN
PTI
KASAN
: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 0 PID: 5113 Comm: syz-executor107 Not tainted 6.9.0-rc5-syzkaller-00007
unread,
[syzbot] [fs?] KASAN: slab-use-after-free Read in __fput (2)
PREEMPT SMP
KASAN
PTI
KASAN
: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 0 PID: 5113 Comm: syz-executor107 Not tainted 6.9.0-rc5-syzkaller-00007
May 18
syzbot
,
Jeongjun Park
6
Apr 22
[syzbot] [jffs2?] [nilfs?] KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
issue:
KASAN
: slab-
use
-
after
-
free
Read in jffs2_garbage_collect_pass ================================================================== BUG:
KASAN
: slab-
use
-
after
unread,
[syzbot] [jffs2?] [nilfs?] KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
issue:
KASAN
: slab-
use
-
after
-
free
Read in jffs2_garbage_collect_pass ================================================================== BUG:
KASAN
: slab-
use
-
after
Apr 22
Pengfei Xu
,
Andrii Nakryiko
2
Apr 18
Re: [PATCH v3 bpf-next 2/5] bpf: pass whole link instead of prog when triggering raw tracepoint
found "
KASAN
: > slab-
use
-
after
-
free
Read in bpf_trace_run4" problem. > > Bisected and found related commit: > d4dfc5700e86 bpf: pass whole link instead
unread,
Re: [PATCH v3 bpf-next 2/5] bpf: pass whole link instead of prog when triggering raw tracepoint
found "
KASAN
: > slab-
use
-
after
-
free
Read in bpf_trace_run4" problem. > > Bisected and found related commit: > d4dfc5700e86 bpf: pass whole link instead
Apr 18
syzbot
, …
Lizhi Xu
15
Apr 14
[syzbot] [gfs2?] KASAN: slab-use-after-free Read in gfs2_invalidate_folio
:1267
task_work_run
+0x14e/0x250 kernel/task_work.c:180 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/
unread,
[syzbot] [gfs2?] KASAN: slab-use-after-free Read in gfs2_invalidate_folio
:1267
task_work_run
+0x14e/0x250 kernel/task_work.c:180 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/
Apr 14
syzbot
, …
Hillf Danton
26
Apr 16
[syzbot] [ext4?] KASAN: slab-use-after-free Read in fsnotify
issue:
KASAN
: slab-
use
-
after
-
free
Read in fsnotify Quota error (device loop0): do_check_range: Getting block 0 out of range 1-5 EXT4-fs error (device loop0): ext4_release_dquot
unread,
[syzbot] [ext4?] KASAN: slab-use-after-free Read in fsnotify
issue:
KASAN
: slab-
use
-
after
-
free
Read in fsnotify Quota error (device loop0): do_check_range: Getting block 0 out of range 1-5 EXT4-fs error (device loop0): ext4_release_dquot
Apr 16
syzbot
, …
Vishal Moola
18
Apr 19
[syzbot] [mm?] KASAN: slab-use-after-free Read in __vma_reservation_common
BUG:
KASAN
: slab-
use
-
after
-
free
in is_vm_hugetlb_page include/linux/hugetlb_inline.h:11 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in vma_resv_map mm/hugetlb.c:1150 [
unread,
[syzbot] [mm?] KASAN: slab-use-after-free Read in __vma_reservation_common
BUG:
KASAN
: slab-
use
-
after
-
free
in is_vm_hugetlb_page include/linux/hugetlb_inline.h:11 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in vma_resv_map mm/hugetlb.c:1150 [
Apr 19
syzbot
,
lee bruce
2
Apr 9
[syzbot] [jffs2?] KASAN: slab-use-after-free Read in jffs2_erase_pending_blocks
sun I
use
the same kernel as syzbot instance: https://syzkaller.appspot.com/bug?extid=5a281fe8aadf8f11230d Kernel Commit: upstream fe46a7dd189e25604716c03576d05ac8a5209743
unread,
[syzbot] [jffs2?] KASAN: slab-use-after-free Read in jffs2_erase_pending_blocks
sun I
use
the same kernel as syzbot instance: https://syzkaller.appspot.com/bug?extid=5a281fe8aadf8f11230d Kernel Commit: upstream fe46a7dd189e25604716c03576d05ac8a5209743
Apr 9
syzbot
, …
Aleksandr Nogikh
4
Apr 13
[syzbot] [bpf?] KASAN: slab-use-after-free Read in bpf_link_free
BUG:
KASAN
: slab-
use
-
after
-
free
in bpf_link_free+0x234/0x2d0 kernel/bpf/syscall.c:3065 > Read of size 8 at addr ffff88802e688c10 by task syz-executor.3/5206 > syz fix
unread,
[syzbot] [bpf?] KASAN: slab-use-after-free Read in bpf_link_free
BUG:
KASAN
: slab-
use
-
after
-
free
in bpf_link_free+0x234/0x2d0 kernel/bpf/syscall.c:3065 > Read of size 8 at addr ffff88802e688c10 by task syz-executor.3/5206 > syz fix
Apr 13
syzbot
,
Hillf Danton
3
Apr 1
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_inc include/linux
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Write in usb_anchor_suspend_wakeups (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_inc include/linux
Apr 1