Groups
Groups
Sign in
Groups
Groups
syzkaller-bugs
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–30 of many
syzbot
Dec 12
[syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_new_node
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_read include/linux/atomic
unread,
[syzbot] [kernfs?] KASAN: slab-use-after-free Read in kernfs_new_node
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_read include/linux/atomic
Dec 12
syzbot
5
Dec 11
[syzbot] [ocfs2?] KASAN: use-after-free Read in ocfs2_check_dir_entry
BUG:
KASAN
:
use
-
after
-
free
in ocfs2_check_dir_entry+0x3a0/0x480 fs/ocfs2/dir.c:318 Read of size 2 at addr ffff888052e81780 by task kworker/u8:17/3565 CPU: 1 UID: 0 PID: 3565
unread,
[syzbot] [ocfs2?] KASAN: use-after-free Read in ocfs2_check_dir_entry
BUG:
KASAN
:
use
-
after
-
free
in ocfs2_check_dir_entry+0x3a0/0x480 fs/ocfs2/dir.c:318 Read of size 2 at addr ffff888052e81780 by task kworker/u8:17/3565 CPU: 1 UID: 0 PID: 3565
Dec 11
syzbot
,
Andrew Morton
4
Nov 29
[syzbot] [mm?] [bcachefs?] KASAN: slab-use-after-free Read in list_lru_del
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65 > Read of size 8 at addr ffff88800098a080 by task syz.0.17/5483 >
unread,
[syzbot] [mm?] [bcachefs?] KASAN: slab-use-after-free Read in list_lru_del
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65 > Read of size 8 at addr ffff88800098a080 by task syz.0.17/5483 >
Nov 29
syzbot
Nov 28
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_poll_remove_entries (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irq+0xa2/0xf0
unread,
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_poll_remove_entries (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irq+0xa2/0xf0
Nov 28
syzbot
,
Edward Adam Davis
8
Nov 25
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb
:468
task_work_run
+0x1d4/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xe9/0x130 kernel
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb
:468
task_work_run
+0x1d4/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xe9/0x130 kernel
Nov 25
ALBIN BABU VARGHESE
,
syzbot
11
Nov 21
KASAN: use-after-free Read in ext4_find_extent (4)
issue:
KASAN
:
use
-
after
-
free
Read in ext4_find_extent ================================================================== BUG:
KASAN
:
use
-
after
-
free
in ext4_ext_binsearch
unread,
KASAN: use-after-free Read in ext4_find_extent (4)
issue:
KASAN
:
use
-
after
-
free
Read in ext4_find_extent ================================================================== BUG:
KASAN
:
use
-
after
-
free
in ext4_ext_binsearch
Nov 21
syzbot
,
Hillf Danton
4
Nov 14
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in bt_accept_unlink
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0x8c/0x1b4 lib/list_debug.c:62 Read of size 8 at addr ffff0000f4f2f570 by task syz-executor/10110 CPU
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in bt_accept_unlink
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_del_entry_valid_or_report+0x8c/0x1b4 lib/list_debug.c:62 Read of size 8 at addr ffff0000f4f2f570 by task syz-executor/10110 CPU
Nov 14
syzbot
, …
Edward Adam Davis
14
Nov 10
[syzbot] [ntfs3?] [usb?] general protection fault in rtlock_slowlock_locked
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irq+0xa2/0xf0
unread,
[syzbot] [ntfs3?] [usb?] general protection fault in rtlock_slowlock_locked
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irq+0xa2/0xf0
Nov 10
syzbot
,
Zhou, Yun
11
Nov 7
[syzbot] [jfs?] BUG: unable to handle kernel paging request in diUpdatePMap
issue:
KASAN
: slab-
use
-
after
-
free
Read in release_metapage ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in drop_metapage
unread,
[syzbot] [jfs?] BUG: unable to handle kernel paging request in diUpdatePMap
issue:
KASAN
: slab-
use
-
after
-
free
Read in release_metapage ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in drop_metapage
Nov 7
syzbot
2
Nov 6
Re: [syzbot] [net?] KASAN: slab-use-after-free Read in handle_tx (2)
issue:
KASAN
: slab-
use
-
after
-
free
Read in ser_release ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in ser_release
unread,
Re: [syzbot] [net?] KASAN: slab-use-after-free Read in handle_tx (2)
issue:
KASAN
: slab-
use
-
after
-
free
Read in ser_release ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in ser_release
Nov 6
syzbot
Nov 6
[syzbot] [net?] KASAN: slab-use-after-free Read in qfq_reset_qdisc (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in qfq_reset_qdisc+0xcc/0x208 net/sched/sch_qfq.c:1484 Read of size 8 at addr ffff0000ca2bfe50 by task syz.0.17/6716 CPU: 0 UID: 0 PID: 6716
unread,
[syzbot] [net?] KASAN: slab-use-after-free Read in qfq_reset_qdisc (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in qfq_reset_qdisc+0xcc/0x208 net/sched/sch_qfq.c:1484 Read of size 8 at addr ffff0000ca2bfe50 by task syz.0.17/6716 CPU: 0 UID: 0 PID: 6716
Nov 6
syzbot
Nov 6
[syzbot] [tipc?] KASAN: slab-use-after-free Read in tipc_mon_reinit_self
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irqsave
unread,
[syzbot] [tipc?] KASAN: slab-use-after-free Read in tipc_mon_reinit_self
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irqsave
Nov 6
syzbot
,
shaurya
6
Nov 7
Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
issue:
KASAN
: slab-
use
-
after
-
free
Read in l2cap_unregister_user ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
unread,
Re: [syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
issue:
KASAN
: slab-
use
-
after
-
free
Read in l2cap_unregister_user ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
Nov 7
syzbot
2
Nov 2
Re: [syzbot] [hfs?] kernel BUG in hfs_new_inode
Busy inodes
after
unmount (
use
-
after
-
free
) VFS: Busy inodes
after
unmount of loop0 (hfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:652! Oops: invalid opcode
unread,
Re: [syzbot] [hfs?] kernel BUG in hfs_new_inode
Busy inodes
after
unmount (
use
-
after
-
free
) VFS: Busy inodes
after
unmount of loop0 (hfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:652! Oops: invalid opcode
Nov 2
syzbot
, …
Sean Christopherson
11
Oct 27
[syzbot] [kvm?] KASAN: slab-use-after-free Write in kvm_gmem_release
BUG:
KASAN
: slab-
use
-
after
-
free
in kvm_gmem_release+0x176/0x440 virt/kvm/guest_memfd.c:353 Write of size 8 at addr ffff88807befa508 by task syz.0.17/6022 CPU: 0 UID: 0 PID
unread,
[syzbot] [kvm?] KASAN: slab-use-after-free Write in kvm_gmem_release
BUG:
KASAN
: slab-
use
-
after
-
free
in kvm_gmem_release+0x176/0x440 virt/kvm/guest_memfd.c:353 Write of size 8 at addr ffff88807befa508 by task syz.0.17/6022 CPU: 0 UID: 0 PID
Oct 27
syzbot
Oct 21
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_action
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irqsave
unread,
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_action
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irqsave
Oct 21
syzbot
,
Oliver Neukum
10
Oct 25
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event (2)
issue:
KASAN
:
use
-
after
-
free
Read in mcp2221_raw_event ================================================================== BUG:
KASAN
:
use
-
after
-
free
in mcp2221_raw_event
unread,
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event (2)
issue:
KASAN
:
use
-
after
-
free
Read in mcp2221_raw_event ================================================================== BUG:
KASAN
:
use
-
after
-
free
in mcp2221_raw_event
Oct 25
syzbot
,
Hillf Danton
5
Oct 12
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect_cfm+0x6e4/0x1040 net/
unread,
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect_cfm+0x6e4/0x1040 net/
Oct 12
syzbot
Oct 10
[syzbot] [bridge?] KASAN: slab-use-after-free Read in br_switchdev_fdb_notify (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in br_switchdev_fdb_populate net/bridge/br_switchdev.c:141 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in br_switchdev_fdb_notify+0x30b
unread,
[syzbot] [bridge?] KASAN: slab-use-after-free Read in br_switchdev_fdb_notify (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in br_switchdev_fdb_populate net/bridge/br_switchdev.c:141 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in br_switchdev_fdb_notify+0x30b
Oct 10
syzbot
,
Jens Axboe
9
Oct 9
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_waitid_wait
] SMP
KASAN
NOPTI
KASAN
: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 3 UID: 0 PID: 6397 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware
unread,
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_waitid_wait
] SMP
KASAN
NOPTI
KASAN
: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 3 UID: 0 PID: 6397 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware
Oct 9
syzbot
,
kerne test robot
42
Nov 13
[syzbot] [ext4?] KASAN: slab-out-of-bounds Read in ext4_search_dir
issue:
KASAN
: slab-
use
-
after
-
free
Read in ext4_search_dir ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in ext4_search_dir
unread,
[syzbot] [ext4?] KASAN: slab-out-of-bounds Read in ext4_search_dir
issue:
KASAN
: slab-
use
-
after
-
free
Read in ext4_search_dir ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in ext4_search_dir
Nov 13
syzbot
6
Sep 30
Re: [syzbot] [ext4?] KASAN: use-after-free Read in ext4_ext_insert_extent
issue:
KASAN
: slab-out-of-bounds Read in ext4_ext_insert_extent EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled ==================
unread,
Re: [syzbot] [ext4?] KASAN: use-after-free Read in ext4_ext_insert_extent
issue:
KASAN
: slab-out-of-bounds Read in ext4_ext_insert_extent EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled ==================
Sep 30
syzbot
3
Oct 1
[syzbot] [isofs?] VFS: Busy inodes after unmount (use-after-free) (3)
Busy inodes
after
unmount of loop0 (iso9660) ------------[ cut here ]------------ kernel BUG at fs/super.c:653! Oops: invalid opcode: 0000 [#1] SMP
KASAN
PTI CPU: 1 UID: 0 PID: 5985
unread,
[syzbot] [isofs?] VFS: Busy inodes after unmount (use-after-free) (3)
Busy inodes
after
unmount of loop0 (iso9660) ------------[ cut here ]------------ kernel BUG at fs/super.c:653! Oops: invalid opcode: 0000 [#1] SMP
KASAN
PTI CPU: 1 UID: 0 PID: 5985
Oct 1
syzbot
Sep 29
[syzbot] [jfs?] KASAN: slab-use-after-free Read in lbmIODone
BUG:
KASAN
: slab-
use
-
after
-
free
in lbmIODone+0xf68/0x12e8 fs/jfs/jfs_logmgr.c:2184 Read of size 4 at addr ffff0000fa465408 by task ksoftirqd/1/23 CPU: 1 UID: 0 PID: 23 Comm:
unread,
[syzbot] [jfs?] KASAN: slab-use-after-free Read in lbmIODone
BUG:
KASAN
: slab-
use
-
after
-
free
in lbmIODone+0xf68/0x12e8 fs/jfs/jfs_logmgr.c:2184 Read of size 4 at addr ffff0000fa465408 by task ksoftirqd/1/23 CPU: 1 UID: 0 PID: 23 Comm:
Sep 29
syzbot
Sep 25
[syzbot] [hams?] KASAN: slab-use-after-free Write in rose_t0timer_expiry
BUG:
KASAN
: slab-
use
-
after
-
free
in rose_t0timer_expiry+0x114/0x150 net/rose/rose_link.c:85 Write of size 1 at addr ffff8880569e3435 by task syz.3.1212/10695 CPU: 0 UID: 0
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Write in rose_t0timer_expiry
BUG:
KASAN
: slab-
use
-
after
-
free
in rose_t0timer_expiry+0x114/0x150 net/rose/rose_link.c:85 Write of size 1 at addr ffff8880569e3435 by task syz.3.1212/10695 CPU: 0 UID: 0
Sep 25
syzbot ci
, …
Vlastimil Babka
5
Sep 26
[syzbot ci] Re: rust: zpool: add API for C and Rust
zswap_store *
KASAN
: slab-out-of-bounds Read in zpool_get_total_pages *
KASAN
: slab-out-of-bounds Read in zswap_store *
KASAN
: slab-
use
-
after
-
free
Read in zpool_get_total_pages
unread,
[syzbot ci] Re: rust: zpool: add API for C and Rust
zswap_store *
KASAN
: slab-out-of-bounds Read in zpool_get_total_pages *
KASAN
: slab-out-of-bounds Read in zswap_store *
KASAN
: slab-
use
-
after
-
free
Read in zpool_get_total_pages
Sep 26
syzbot ci
Sep 20
[syzbot ci] Re: udp: remove busylock and add per NUMA queues
issue:
KASAN
: slab-
use
-
after
-
free
Read in __udp_enqueue_schedule_skb Full report is available here: https://ci.syzbot.org/series/9921e6c6-67ac-435d-a76a-a9cfb67b2f12
unread,
[syzbot ci] Re: udp: remove busylock and add per NUMA queues
issue:
KASAN
: slab-
use
-
after
-
free
Read in __udp_enqueue_schedule_skb Full report is available here: https://ci.syzbot.org/series/9921e6c6-67ac-435d-a76a-a9cfb67b2f12
Sep 20
syzbot
Sep 15
[syzbot] [iommu?] KASAN: slab-use-after-free Write in iommufd_eventq_fops_release
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_fetch_sub_release
unread,
[syzbot] [iommu?] KASAN: slab-use-after-free Write in iommufd_eventq_fops_release
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_fetch_sub_release
Sep 15
syzbot
Sep 11
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hidp_session_thread (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_long_read include/linux
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hidp_session_thread (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_long_read include/linux
Sep 11
syzbot
, …
Christoph Hellwig
3
Sep 3
[syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
BUG:
KASAN
: slab-
use
-
after
-
free
in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in rht_head_hashfn include/linux/rhashtable
unread,
[syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
BUG:
KASAN
: slab-
use
-
after
-
free
in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in rht_head_hashfn include/linux/rhashtable
Sep 3
