Groups
Groups
Sign in
Groups
Groups
syzkaller-bugs
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–30 of many
syzbot
Sep 15
[syzbot] [iommu?] KASAN: slab-use-after-free Write in iommufd_eventq_fops_release
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_fetch_sub_release
unread,
[syzbot] [iommu?] KASAN: slab-use-after-free Write in iommufd_eventq_fops_release
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_fetch_sub_release
Sep 15
syzbot
,
Hillf Danton
4
Sep 13
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect_cfm+0x6e4/0x1040 net/
unread,
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect_cfm+0x6e4/0x1040 net/
Sep 13
syzbot
Sep 11
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hidp_session_thread (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_long_read include/linux
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hidp_session_thread (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_long_read include/linux
Sep 11
syzbot
, …
Christoph Hellwig
3
Sep 3
[syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
BUG:
KASAN
: slab-
use
-
after
-
free
in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in rht_head_hashfn include/linux/rhashtable
unread,
[syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
BUG:
KASAN
: slab-
use
-
after
-
free
in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in rht_head_hashfn include/linux/rhashtable
Sep 3
syzbot
2
Sep 2
[syzbot] [bcachefs?] [mm?] BUG: corrupted list in list_lru_add
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_add_valid_or_report+0x6a/0x130 lib/list_debug.c:32 Read of size 8 at addr ffff888051ac9708 by task syz-executor/5975 CPU: 1 UID
unread,
[syzbot] [bcachefs?] [mm?] BUG: corrupted list in list_lru_add
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_add_valid_or_report+0x6a/0x130 lib/list_debug.c:32 Read of size 8 at addr ffff888051ac9708 by task syz-executor/5975 CPU: 1 UID
Sep 2
syzbot
2
Aug 28
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in release_sock (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in do_raw_spin_lock+0x26f/0x2b0
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in release_sock (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in do_raw_spin_lock+0x26f/0x2b0
Aug 28
syzbot
, …
Hillf Danton
19
Aug 25
[syzbot] [net?] unregister_netdevice: waiting for DEV to become free (8)
issue:
KASAN
:
use
-
after
-
free
Read in j1939_netdev_stop ================================================================== BUG:
KASAN
:
use
-
after
-
free
in netdev_get_ml_priv
unread,
[syzbot] [net?] unregister_netdevice: waiting for DEV to become free (8)
issue:
KASAN
:
use
-
after
-
free
Read in j1939_netdev_stop ================================================================== BUG:
KASAN
:
use
-
after
-
free
in netdev_get_ml_priv
Aug 25
syzbot
Aug 13
[syzbot] [block?] KASAN: slab-use-after-free Read in update_io_ticks (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in update_io_ticks+0x9a/0x260 block/blk-core.c:1018 Read of size 8 at addr ffff88803215e7a8 by task kworker/u4:11/3027 CPU: 0 UID: 0 PID: 3027
unread,
[syzbot] [block?] KASAN: slab-use-after-free Read in update_io_ticks (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in update_io_ticks+0x9a/0x260 block/blk-core.c:1018 Read of size 8 at addr ffff88803215e7a8 by task kworker/u4:11/3027 CPU: 0 UID: 0 PID: 3027
Aug 13
syzbot
,
Hillf Danton
7
Aug 12
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event:
Use
of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event:
Use
of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
Aug 12
syzbot
Aug 5
[syzbot] [perf?] KASAN: slab-use-after-free Read in __task_pid_nr_ns
BUG:
KASAN
: slab-
use
-
after
-
free
in __task_pid_nr_ns+0x1da/0x470 kernel/pid.c:517 Read of size 8 at addr ffff888066bbaa28 by task syz.5.936/10344 CPU: 0 UID: 0 PID: 10344 Comm
unread,
[syzbot] [perf?] KASAN: slab-use-after-free Read in __task_pid_nr_ns
BUG:
KASAN
: slab-
use
-
after
-
free
in __task_pid_nr_ns+0x1da/0x470 kernel/pid.c:517 Read of size 8 at addr ffff888066bbaa28 by task syz.5.936/10344 CPU: 0 UID: 0 PID: 10344 Comm
Aug 5
syzbot
Aug 4
[syzbot] [mm?] [gfs2?] KASAN: slab-use-after-free Read in lru_add (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _test_bit include/asm-generic
unread,
[syzbot] [mm?] [gfs2?] KASAN: slab-use-after-free Read in lru_add (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _test_bit include/asm-generic
Aug 4
syzbot
, …
Arnaud Lecomte
7
Jul 30
[syzbot] [fuse?] [block?] KASAN: slab-use-after-free Read in disk_add_events
BUG:
KASAN
: slab-
use
-
after
-
free
in >> __list_add_valid_or_report+0x151/0x190 lib/list_debug.c:32 >> Read of size 8 at addr ffff888036fa1400 by task syz.2.1231
unread,
[syzbot] [fuse?] [block?] KASAN: slab-use-after-free Read in disk_add_events
BUG:
KASAN
: slab-
use
-
after
-
free
in >> __list_add_valid_or_report+0x151/0x190 lib/list_debug.c:32 >> Read of size 8 at addr ffff888036fa1400 by task syz.2.1231
Jul 30
syzbot
14
Jul 20
[syzbot] [fs?] KASAN: use-after-free Read in hpfs_get_ea
?]
KASAN
:
use
-
after
-
free
Read in hpfs_get_ea Author: kapoorarnav43@gmail.com #syz test From: Arnav Kapoor Date: Fri, 18 Jul 2025 12:00:00 +0000 Subject: [PATCH] hpfs: fix
use
-
unread,
[syzbot] [fs?] KASAN: use-after-free Read in hpfs_get_ea
?]
KASAN
:
use
-
after
-
free
Read in hpfs_get_ea Author: kapoorarnav43@gmail.com #syz test From: Arnav Kapoor Date: Fri, 18 Jul 2025 12:00:00 +0000 Subject: [PATCH] hpfs: fix
use
-
Jul 20
syzbot
, …
Ivan Pravdin
10
Jul 21
[syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work
BUG:
KASAN
: slab-
use
-
after
-
free
in hci_uart_write_work+0x2ca/0x550 drivers/bluetooth/hci_ldisc.c:165 Read of size 8 at addr ffff8880555a35d8 by task kworker/0:7/5631 CPU
unread,
[syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work
BUG:
KASAN
: slab-
use
-
after
-
free
in hci_uart_write_work+0x2ca/0x550 drivers/bluetooth/hci_ldisc.c:165 Read of size 8 at addr ffff8880555a35d8 by task kworker/0:7/5631 CPU
Jul 21
syzbot
, …
Hillf Danton
12
Jul 4
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in force_devcd_write
issue:
KASAN
: slab-
use
-
after
-
free
Read in force_devcd_write ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in force_devcd_write
issue:
KASAN
: slab-
use
-
after
-
free
Read in force_devcd_write ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in
Jul 4
syzbot
5
Jul 3
[syzbot] [ext4?] KASAN: slab-use-after-free Read in __ext4_check_dir_entry
BUG:
KASAN
: slab-
use
-
after
-
free
in __ext4_check_dir_entry+0x708/0x8a0 fs/ext4/dir.c:85 Read of size 2 at addr ffff8880601f4003 by task syz.1.21/6095 CPU: 0 UID: 0 PID: 6095
unread,
[syzbot] [ext4?] KASAN: slab-use-after-free Read in __ext4_check_dir_entry
BUG:
KASAN
: slab-
use
-
after
-
free
in __ext4_check_dir_entry+0x708/0x8a0 fs/ext4/dir.c:85 Read of size 2 at addr ffff8880601f4003 by task syz.1.21/6095 CPU: 0 UID: 0 PID: 6095
Jul 3
syzbot
Jun 16
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in skb_queue_purge_reason (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_purge_reason+0x99/0x360
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in skb_queue_purge_reason (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_purge_reason+0x99/0x360
Jun 16
syzbot
,
Hillf Danton
6
Jun 10
[syzbot] [net?] KASAN: use-after-free Read in __linkwatch_run_queue
T3436]
task_work_run
+0x78/0xd4 [ 190.178605][ T3436] do_exit+0x24c/0x930 [ 190.178605][ T3436] do_group_exit+0x34/0x90 [ 190.178605][ T3436] pid_child_should_wake+0x0
unread,
[syzbot] [net?] KASAN: use-after-free Read in __linkwatch_run_queue
T3436]
task_work_run
+0x78/0xd4 [ 190.178605][ T3436] do_exit+0x24c/0x930 [ 190.178605][ T3436] do_group_exit+0x34/0x90 [ 190.178605][ T3436] pid_child_should_wake+0x0
Jun 10
syzbot
, …
Ivan Pravdin
14
Jul 17
[syzbot] [bluetooth?] KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
issue:
KASAN
: slab-
use
-
after
-
free
Read in force_devcd_write ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in
unread,
[syzbot] [bluetooth?] KASAN: vmalloc-out-of-bounds Read in hci_devcd_dump
issue:
KASAN
: slab-
use
-
after
-
free
Read in force_devcd_write ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in
Jul 17
syzbot
Jun 5
Re: [syzbot] [gfs2?] KASAN: slab-use-after-free Read in gfs2_invalidate_folio
:1417
task_work_run
+0x150/0x240 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xeb/0x110 kernel
unread,
Re: [syzbot] [gfs2?] KASAN: slab-use-after-free Read in gfs2_invalidate_folio
:1417
task_work_run
+0x150/0x240 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xeb/0x110 kernel
Jun 5
syzbot
,
Hillf Danton
4
Jun 3
[syzbot] [kernel?] KASAN: slab-use-after-free Read in task_work_run
Auto-closing this bug as obsolete. No recent activity, existing reproducers are no longer triggering the issue.
unread,
[syzbot] [kernel?] KASAN: slab-use-after-free Read in task_work_run
Auto-closing this bug as obsolete. No recent activity, existing reproducers are no longer triggering the issue.
Jun 3
syzbot
,
Ivan Pravdin
4
Sep 6
[syzbot] [usb?] KASAN: slab-use-after-free Read in raw_event_queue_add
BUG:
KASAN
: slab-
use
-
after
-
free
in raw_event_queue_add+0x1e0/0x220 drivers/usb/gadget/legacy/raw_gadget.c:81 Read of size 4 at addr ffff888064f0a978 by task kworker/0
unread,
[syzbot] [usb?] KASAN: slab-use-after-free Read in raw_event_queue_add
BUG:
KASAN
: slab-
use
-
after
-
free
in raw_event_queue_add+0x1e0/0x220 drivers/usb/gadget/legacy/raw_gadget.c:81 Read of size 4 at addr ffff888064f0a978 by task kworker/0
Sep 6
syzbot
2
Jul 27
[syzbot] [mm?] KASAN: slab-use-after-free Read in __list_lru_walk_one (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_lru_walk_one+0xfb/0x420 mm/list_lru.c:289 Read of size 8 at addr ffff88805506f078 by task syz.0.108/6383 CPU: 1 UID: 0 PID: 6383 Comm
unread,
[syzbot] [mm?] KASAN: slab-use-after-free Read in __list_lru_walk_one (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_lru_walk_one+0xfb/0x420 mm/list_lru.c:289 Read of size 8 at addr ffff88805506f078 by task syz.0.108/6383 CPU: 1 UID: 0 PID: 6383 Comm
Jul 27
syzbot
2
Aug 26
[syzbot] [fs?] KASAN: slab-use-after-free Read in send_sigio
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_read_lock_irqsave+0xaf
unread,
[syzbot] [fs?] KASAN: slab-use-after-free Read in send_sigio
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_read_lock_irqsave+0xaf
Aug 26
syzbot
,
Carlos Llamas
4
May 24
[syzbot] [kernel?] KASAN: slab-use-after-free Write in binder_remove_device
BUG:
KASAN
: slab-
use
-
after
-
free
in __hlist_del include/linux/list.h:982 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_del_init include/linux/list.h:1008 [inline
unread,
[syzbot] [kernel?] KASAN: slab-use-after-free Write in binder_remove_device
BUG:
KASAN
: slab-
use
-
after
-
free
in __hlist_del include/linux/list.h:982 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_del_init include/linux/list.h:1008 [inline
May 24
syzbot
May 19
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_timer_expiry (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in rose_timer_expiry+0x471/0x4b0 net/rose/rose_timer.c:183 Read of size 2 at addr ffff888030b0ac2a by task syz-executor/10726 CPU: 1 UID:
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Read in rose_timer_expiry (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in rose_timer_expiry+0x471/0x4b0 net/rose/rose_timer.c:183 Read of size 2 at addr ffff888030b0ac2a by task syz-executor/10726 CPU: 1 UID:
May 19
syzbot
,
Hillf Danton
22
Jun 3
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_complete (3)
T5428]
task_work_run
+0x1d1/0x260 [ 104.826172][ T5428] ? __pfx_task_work_run+0x10/0x10 [ 104.826190][ T5428] ? kmem_cache_free+0x192/0x3f0 [ 104.826207][ T5428] do_exit
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in mgmt_remove_adv_monitor_complete (3)
T5428]
task_work_run
+0x1d1/0x260 [ 104.826172][ T5428] ? __pfx_task_work_run+0x10/0x10 [ 104.826190][ T5428] ? kmem_cache_free+0x192/0x3f0 [ 104.826207][ T5428] do_exit
Jun 3
syzbot
,
Carlos Llamas
2
May 17
[syzbot] [kernel?] linux-next test error: KASAN: slab-use-after-free Write in binderfs_evict_inode
BUG:
KASAN
: slab-
use
-
after
-
free
in __hlist_del include/linux/list.h:982 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_del_init include/linux/list.h:1008 [inline
unread,
[syzbot] [kernel?] linux-next test error: KASAN: slab-use-after-free Write in binderfs_evict_inode
BUG:
KASAN
: slab-
use
-
after
-
free
in __hlist_del include/linux/list.h:982 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_del_init include/linux/list.h:1008 [inline
May 17
syzbot
,
Aleksandr Nogikh
2
May 5
[syzbot] [kernel?] upstream test error: KASAN: slab-use-after-free Write in binder_add_device (4)
BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_add_head include/linux/list.h:1026 [inline] > BUG:
KASAN
: slab-
use
-
after
-
free
in binder_add_device+0xf4/0xf8 drivers/android
unread,
[syzbot] [kernel?] upstream test error: KASAN: slab-use-after-free Write in binder_add_device (4)
BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_add_head include/linux/list.h:1026 [inline] > BUG:
KASAN
: slab-
use
-
after
-
free
in binder_add_device+0xf4/0xf8 drivers/android
May 5
syzbot
,
Aleksandr Nogikh
2
May 4
[syzbot] [kernel?] upstream test error: KASAN: slab-use-after-free Write in binder_add_device (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_add_head include/linux/list.h:1026 [inline] > BUG:
KASAN
: slab-
use
-
after
-
free
in binder_add_device+0xf4/0xf8 drivers/android
unread,
[syzbot] [kernel?] upstream test error: KASAN: slab-use-after-free Write in binder_add_device (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in hlist_add_head include/linux/list.h:1026 [inline] > BUG:
KASAN
: slab-
use
-
after
-
free
in binder_add_device+0xf4/0xf8 drivers/android
May 4
