1–30 of many
syzbot's profile photo
syzbotHillf Danton3
Feb 3
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_stop
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56 Read of size 1 at addr ffff88803c59a200 by task syz.0.88/6375 CPU: 1 UID: 0 PID:
unread,
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_stop
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56 Read of size 1 at addr ffff88803c59a200 by task syz.0.88/6375 CPU: 1 UID: 0 PID:
Feb 3
syzbot ci's profile photo
syzbot ci
Jan 26
[syzbot ci] Re: nfc: nci: Fix race between rfkill and nci_unregister_device().
issue: KASAN: slab-use-after-free Read in nci_unregister_device Full report is available here: https://ci.syzbot.org/series/1b1f8783-f1b1-4eaf-8140-aeb610bb4b90 **
unread,
[syzbot ci] Re: nfc: nci: Fix race between rfkill and nci_unregister_device().
issue: KASAN: slab-use-after-free Read in nci_unregister_device Full report is available here: https://ci.syzbot.org/series/1b1f8783-f1b1-4eaf-8140-aeb610bb4b90 **
Jan 26
syzbot's profile photo
syzbot
Jan 20
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_post_stop
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x88/0x3e0 kernel/locking/spinlock_rt.c:56 Read of size 1 at addr ffff88802fee8170 by task syz.0.79/6271 CPU: 1 UID: 0 PID:
unread,
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_post_stop
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x88/0x3e0 kernel/locking/spinlock_rt.c:56 Read of size 1 at addr ffff88802fee8170 by task syz.0.79/6271 CPU: 1 UID: 0 PID:
Jan 20
syzbot's profile photo
syzbot, … syzbot16
Jan 19
[syzbot] Monthly xfs report (Oct 2025)
> > task_work_run+0x1dc/0x260 kernel/task_work.c:233 > > resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] > > __exit_to_user_mode_loop
unread,
[syzbot] Monthly xfs report (Oct 2025)
> > task_work_run+0x1dc/0x260 kernel/task_work.c:233 > > resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] > > __exit_to_user_mode_loop
Jan 19
syzbot's profile photo
syzbot, … Aleksandr Nogikh11
Jan 19
[syzbot] [xfs?] KASAN: use-after-free Read in hpfs_bplus_lookup
issue: KASAN: use-after-free Read in hpfs_bplus_lookup === CRASH WILL HAPPEN ON NEXT LINE IF UAF === === external[120]: about to access ffff8880545bffe0 === === CRASH WILL HAPPEN
unread,
[syzbot] [xfs?] KASAN: use-after-free Read in hpfs_bplus_lookup
issue: KASAN: use-after-free Read in hpfs_bplus_lookup === CRASH WILL HAPPEN ON NEXT LINE IF UAF === === external[120]: about to access ffff8880545bffe0 === === CRASH WILL HAPPEN
Jan 19
syzbot's profile photo
syzbotChao Yu11
Jan 7
[syzbot] [f2fs?] KASAN: use-after-free Read in f2fs_write_end_io (2)
BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG: KASAN: slab-use-after-free in atomic_read include/linux
unread,
[syzbot] [f2fs?] KASAN: use-after-free Read in f2fs_write_end_io (2)
BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] > BUG: KASAN: slab-use-after-free in atomic_read include/linux
Jan 7
syzbot's profile photo
syzbotHillf Danton5
Jan 2
[syzbot] [media?] KASAN: slab-use-after-free Write in media_request_alloc
BUG: KASAN: slab-use-after-free in vsnprintf+0x38b/0xee0 lib/vsprintf.c:2898 > Write of size 1 at addr ffff888042136c11 by task syz.4.761/7191 > > CPU: 0 UID: 0 PID:
unread,
[syzbot] [media?] KASAN: slab-use-after-free Write in media_request_alloc
BUG: KASAN: slab-use-after-free in vsnprintf+0x38b/0xee0 lib/vsprintf.c:2898 > Write of size 1 at addr ffff888042136c11 by task syz.4.761/7191 > > CPU: 0 UID: 0 PID:
Jan 2
syzbot's profile photo
syzbot3
Jan 2
[syzbot] [media?] KASAN: slab-use-after-free Write in number
BUG: KASAN: slab-use-after-free in number+0xc48/0xf60 lib/vsprintf.c:572 Write of size 1 at addr ffff88801158b60c by task syz.0.30/5548 CPU: 0 UID: 0 PID: 5548 Comm: syz.0.30
unread,
[syzbot] [media?] KASAN: slab-use-after-free Write in number
BUG: KASAN: slab-use-after-free in number+0xc48/0xf60 lib/vsprintf.c:572 Write of size 1 at addr ffff88801158b60c by task syz.0.30/5548 CPU: 0 UID: 0 PID: 5548 Comm: syz.0.30
Jan 2
syzbot's profile photo
syzbotNikola Z. Ivanov5
12/29/25
[syzbot] [jfs?] VFS: Busy inodes after unmount (use-after-free) (4)
Busy inodes after unmount of loop0 (jfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:653! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5960
unread,
[syzbot] [jfs?] VFS: Busy inodes after unmount (use-after-free) (4)
Busy inodes after unmount of loop0 (jfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:653! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5960
12/29/25
syzbot's profile photo
syzbot
12/23/25
[syzbot] [pm?] KASAN: slab-use-after-free Read in thermal_zone_device_check
BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:593 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1350 kernel/locking
unread,
[syzbot] [pm?] KASAN: slab-use-after-free Read in thermal_zone_device_check
BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:593 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1350 kernel/locking
12/23/25
syzbot's profile photo
syzbotHillf Danton3
12/21/25
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_action
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x88/0x3e0 kernel/locking/spinlock_rt.c:56 > Read of size 1 at addr ffff888034ea7200 by task syz.1.1236/9742 > >
unread,
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_action
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x88/0x3e0 kernel/locking/spinlock_rt.c:56 > Read of size 1 at addr ffff888034ea7200 by task syz.1.1236/9742 > >
12/21/25
syzbot's profile photo
syzbot2
12/18/25
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_poll_remove_entries (2)
?] KASAN: slab-use-after-free Read in io_poll_remove_entries (2) Author: axboe@kernel.dk #syz invalid On Fri, Nov 28, 2025 at 2:02 AM syzbot wrote: > > Hello, > > syzbot
unread,
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_poll_remove_entries (2)
?] KASAN: slab-use-after-free Read in io_poll_remove_entries (2) Author: axboe@kernel.dk #syz invalid On Fri, Nov 28, 2025 at 2:02 AM syzbot wrote: > > Hello, > > syzbot
12/18/25
syzbot's profile photo
syzbot
12/12/25
[syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_new_node
BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic
unread,
[syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_new_node
BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic
12/12/25
syzbot's profile photo
syzbot5
12/11/25
[syzbot] [ocfs2?] KASAN: use-after-free Read in ocfs2_check_dir_entry
BUG: KASAN: use-after-free in ocfs2_check_dir_entry+0x3a0/0x480 fs/ocfs2/dir.c:318 Read of size 2 at addr ffff888052e81780 by task kworker/u8:17/3565 CPU: 1 UID: 0 PID: 3565
unread,
[syzbot] [ocfs2?] KASAN: use-after-free Read in ocfs2_check_dir_entry
BUG: KASAN: use-after-free in ocfs2_check_dir_entry+0x3a0/0x480 fs/ocfs2/dir.c:318 Read of size 2 at addr ffff888052e81780 by task kworker/u8:17/3565 CPU: 1 UID: 0 PID: 3565
12/11/25
syzbot's profile photo
syzbotAndrew Morton5
12/30/25
[syzbot] [mm?] [bcachefs?] KASAN: slab-use-after-free Read in list_lru_del
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65 > Read of size 8 at addr ffff88800098a080 by task syz.0.17/5483 >
unread,
[syzbot] [mm?] [bcachefs?] KASAN: slab-use-after-free Read in list_lru_del
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65 > Read of size 8 at addr ffff88800098a080 by task syz.0.17/5483 >
12/30/25
syzbot's profile photo
syzbotEdward Adam Davis8
11/25/25
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb
:468 task_work_run+0x1d4/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xe9/0x130 kernel
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb
:468 task_work_run+0x1d4/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xe9/0x130 kernel
11/25/25
ALBIN BABU VARGHESE's profile photo
ALBIN BABU VARGHESEsyzbot11
11/21/25
KASAN: use-after-free Read in ext4_find_extent (4)
issue: KASAN: use-after-free Read in ext4_find_extent ================================================================== BUG: KASAN: use-after-free in ext4_ext_binsearch
unread,
KASAN: use-after-free Read in ext4_find_extent (4)
issue: KASAN: use-after-free Read in ext4_find_extent ================================================================== BUG: KASAN: use-after-free in ext4_ext_binsearch
11/21/25
syzbot's profile photo
syzbotHillf Danton4
11/14/25
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in bt_accept_unlink
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x8c/0x1b4 lib/list_debug.c:62 Read of size 8 at addr ffff0000f4f2f570 by task syz-executor/10110 CPU
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in bt_accept_unlink
BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x8c/0x1b4 lib/list_debug.c:62 Read of size 8 at addr ffff0000f4f2f570 by task syz-executor/10110 CPU
11/14/25
syzbot's profile photo
syzbot, … Edward Adam Davis14
11/10/25
[syzbot] [ntfs3?] [usb?] general protection fault in rtlock_slowlock_locked
BUG: KASAN: slab-use-after-free in __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irq+0xa2/0xf0
unread,
[syzbot] [ntfs3?] [usb?] general protection fault in rtlock_slowlock_locked
BUG: KASAN: slab-use-after-free in __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irq+0xa2/0xf0
11/10/25
syzbot's profile photo
syzbotZhou, Yun11
11/7/25
[syzbot] [jfs?] BUG: unable to handle kernel paging request in diUpdatePMap
issue: KASAN: slab-use-after-free Read in release_metapage ================================================================== BUG: KASAN: slab-use-after-free in drop_metapage
unread,
[syzbot] [jfs?] BUG: unable to handle kernel paging request in diUpdatePMap
issue: KASAN: slab-use-after-free Read in release_metapage ================================================================== BUG: KASAN: slab-use-after-free in drop_metapage
11/7/25
syzbot's profile photo
syzbot2
11/6/25
Re: [syzbot] [net?] KASAN: slab-use-after-free Read in handle_tx (2)
issue: KASAN: slab-use-after-free Read in ser_release ================================================================== BUG: KASAN: slab-use-after-free in ser_release
unread,
Re: [syzbot] [net?] KASAN: slab-use-after-free Read in handle_tx (2)
issue: KASAN: slab-use-after-free Read in ser_release ================================================================== BUG: KASAN: slab-use-after-free in ser_release
11/6/25
syzbot's profile photo
syzbot
11/6/25
[syzbot] [net?] KASAN: slab-use-after-free Read in qfq_reset_qdisc (2)
BUG: KASAN: slab-use-after-free in qfq_reset_qdisc+0xcc/0x208 net/sched/sch_qfq.c:1484 Read of size 8 at addr ffff0000ca2bfe50 by task syz.0.17/6716 CPU: 0 UID: 0 PID: 6716
unread,
[syzbot] [net?] KASAN: slab-use-after-free Read in qfq_reset_qdisc (2)
BUG: KASAN: slab-use-after-free in qfq_reset_qdisc+0xcc/0x208 net/sched/sch_qfq.c:1484 Read of size 8 at addr ffff0000ca2bfe50 by task syz.0.17/6716 CPU: 0 UID: 0 PID: 6716
11/6/25
syzbot's profile photo
syzbot
11/6/25
[syzbot] [tipc?] KASAN: slab-use-after-free Read in tipc_mon_reinit_self
BUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave
unread,
[syzbot] [tipc?] KASAN: slab-use-after-free Read in tipc_mon_reinit_self
BUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave
11/6/25
syzbot's profile photo
syzbotshaurya6
11/7/25
Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
issue: KASAN: slab-use-after-free Read in l2cap_unregister_user ================================================================== BUG: KASAN: slab-use-after-free
unread,
Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
issue: KASAN: slab-use-after-free Read in l2cap_unregister_user ================================================================== BUG: KASAN: slab-use-after-free
11/7/25
syzbot's profile photo
syzbot2
11/2/25
Re: [syzbot] [hfs?] kernel BUG in hfs_new_inode
Busy inodes after unmount (use-after-free) VFS: Busy inodes after unmount of loop0 (hfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:652! Oops: invalid opcode
unread,
Re: [syzbot] [hfs?] kernel BUG in hfs_new_inode
Busy inodes after unmount (use-after-free) VFS: Busy inodes after unmount of loop0 (hfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:652! Oops: invalid opcode
11/2/25
syzbot's profile photo
syzbot, … Sean Christopherson11
10/27/25
[syzbot] [kvm?] KASAN: slab-use-after-free Write in kvm_gmem_release
BUG: KASAN: slab-use-after-free in kvm_gmem_release+0x176/0x440 virt/kvm/guest_memfd.c:353 Write of size 8 at addr ffff88807befa508 by task syz.0.17/6022 CPU: 0 UID: 0 PID
unread,
[syzbot] [kvm?] KASAN: slab-use-after-free Write in kvm_gmem_release
BUG: KASAN: slab-use-after-free in kvm_gmem_release+0x176/0x440 virt/kvm/guest_memfd.c:353 Write of size 8 at addr ffff88807befa508 by task syz.0.17/6022 CPU: 0 UID: 0 PID
10/27/25
syzbot's profile photo
syzbotOliver Neukum10
10/25/25
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event (2)
issue: KASAN: use-after-free Read in mcp2221_raw_event ================================================================== BUG: KASAN: use-after-free in mcp2221_raw_event
unread,
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event (2)
issue: KASAN: use-after-free Read in mcp2221_raw_event ================================================================== BUG: KASAN: use-after-free in mcp2221_raw_event
10/25/25
syzbot's profile photo
syzbotHillf Danton5
10/12/25
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
BUG: KASAN: slab-use-after-free in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6e4/0x1040 net/
unread,
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
BUG: KASAN: slab-use-after-free in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6e4/0x1040 net/
10/12/25
syzbot's profile photo
syzbot2
Jan 20
[syzbot] [bridge?] KASAN: slab-use-after-free Read in br_switchdev_fdb_notify (2)
BUG: KASAN: slab-use-after-free in br_switchdev_fdb_populate net/bridge/br_switchdev.c:141 [inline] BUG: KASAN: slab-use-after-free in br_switchdev_fdb_notify+0x30b
unread,
[syzbot] [bridge?] KASAN: slab-use-after-free Read in br_switchdev_fdb_notify (2)
BUG: KASAN: slab-use-after-free in br_switchdev_fdb_populate net/bridge/br_switchdev.c:141 [inline] BUG: KASAN: slab-use-after-free in br_switchdev_fdb_notify+0x30b
Jan 20
syzbot's profile photo
syzbotJens Axboe9
10/9/25
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_waitid_wait
] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 3 UID: 0 PID: 6397 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware
unread,
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_waitid_wait
] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 3 UID: 0 PID: 6397 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware
10/9/25