Groups
Groups
Sign in
Groups
Groups
syzkaller-bugs
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–30 of many
syzbot
, …
Sean Christopherson
11
Oct 27
[syzbot] [kvm?] KASAN: slab-use-after-free Write in kvm_gmem_release
BUG:
KASAN
: slab-
use
-
after
-
free
in kvm_gmem_release+0x176/0x440 virt/kvm/guest_memfd.c:353 Write of size 8 at addr ffff88807befa508 by task syz.0.17/6022 CPU: 0 UID: 0 PID
unread,
[syzbot] [kvm?] KASAN: slab-use-after-free Write in kvm_gmem_release
BUG:
KASAN
: slab-
use
-
after
-
free
in kvm_gmem_release+0x176/0x440 virt/kvm/guest_memfd.c:353 Write of size 8 at addr ffff88807befa508 by task syz.0.17/6022 CPU: 0 UID: 0 PID
Oct 27
syzbot
Oct 21
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_action
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irqsave
unread,
[syzbot] [sound?] KASAN: slab-use-after-free Read in snd_pcm_action
BUG:
KASAN
: slab-
use
-
after
-
free
in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _raw_spin_lock_irqsave
Oct 21
syzbot
,
Oliver Neukum
10
Oct 25
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event (2)
issue:
KASAN
:
use
-
after
-
free
Read in mcp2221_raw_event ================================================================== BUG:
KASAN
:
use
-
after
-
free
in mcp2221_raw_event
unread,
[syzbot] [input?] [usb?] KASAN: slab-out-of-bounds Read in mcp2221_raw_event (2)
issue:
KASAN
:
use
-
after
-
free
Read in mcp2221_raw_event ================================================================== BUG:
KASAN
:
use
-
after
-
free
in mcp2221_raw_event
Oct 25
syzbot
,
Hillf Danton
5
Oct 12
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect_cfm+0x6e4/0x1040 net/
unread,
[syzbot] [bluetooth?] KASAN: wild-memory-access Read in l2cap_connect_cfm
BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_conn_ready net/bluetooth/l2cap_core.c:1623 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in l2cap_connect_cfm+0x6e4/0x1040 net/
Oct 12
syzbot
Oct 10
[syzbot] [bridge?] KASAN: slab-use-after-free Read in br_switchdev_fdb_notify (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in br_switchdev_fdb_populate net/bridge/br_switchdev.c:141 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in br_switchdev_fdb_notify+0x30b
unread,
[syzbot] [bridge?] KASAN: slab-use-after-free Read in br_switchdev_fdb_notify (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in br_switchdev_fdb_populate net/bridge/br_switchdev.c:141 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in br_switchdev_fdb_notify+0x30b
Oct 10
syzbot
,
Jens Axboe
9
Oct 9
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_waitid_wait
] SMP
KASAN
NOPTI
KASAN
: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 3 UID: 0 PID: 6397 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware
unread,
[syzbot] [io-uring?] KASAN: slab-use-after-free Read in io_waitid_wait
] SMP
KASAN
NOPTI
KASAN
: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 3 UID: 0 PID: 6397 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware
Oct 9
syzbot
,
kerne test robot
38
Oct 14
[syzbot] [ext4?] KASAN: slab-out-of-bounds Read in ext4_search_dir
issue:
KASAN
: slab-
use
-
after
-
free
Read in ext4_search_dir ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in ext4_search_dir
unread,
[syzbot] [ext4?] KASAN: slab-out-of-bounds Read in ext4_search_dir
issue:
KASAN
: slab-
use
-
after
-
free
Read in ext4_search_dir ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in ext4_search_dir
Oct 14
syzbot
6
Sep 30
Re: [syzbot] [ext4?] KASAN: use-after-free Read in ext4_ext_insert_extent
issue:
KASAN
: slab-out-of-bounds Read in ext4_ext_insert_extent EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled ==================
unread,
Re: [syzbot] [ext4?] KASAN: use-after-free Read in ext4_ext_insert_extent
issue:
KASAN
: slab-out-of-bounds Read in ext4_ext_insert_extent EXT4-fs (loop4): stripe (1570) is not aligned with cluster size (16), stripe is disabled ==================
Sep 30
syzbot
3
Oct 1
[syzbot] [isofs?] VFS: Busy inodes after unmount (use-after-free) (3)
Busy inodes
after
unmount of loop0 (iso9660) ------------[ cut here ]------------ kernel BUG at fs/super.c:653! Oops: invalid opcode: 0000 [#1] SMP
KASAN
PTI CPU: 1 UID: 0 PID: 5985
unread,
[syzbot] [isofs?] VFS: Busy inodes after unmount (use-after-free) (3)
Busy inodes
after
unmount of loop0 (iso9660) ------------[ cut here ]------------ kernel BUG at fs/super.c:653! Oops: invalid opcode: 0000 [#1] SMP
KASAN
PTI CPU: 1 UID: 0 PID: 5985
Oct 1
syzbot
Sep 29
[syzbot] [jfs?] KASAN: slab-use-after-free Read in lbmIODone
BUG:
KASAN
: slab-
use
-
after
-
free
in lbmIODone+0xf68/0x12e8 fs/jfs/jfs_logmgr.c:2184 Read of size 4 at addr ffff0000fa465408 by task ksoftirqd/1/23 CPU: 1 UID: 0 PID: 23 Comm:
unread,
[syzbot] [jfs?] KASAN: slab-use-after-free Read in lbmIODone
BUG:
KASAN
: slab-
use
-
after
-
free
in lbmIODone+0xf68/0x12e8 fs/jfs/jfs_logmgr.c:2184 Read of size 4 at addr ffff0000fa465408 by task ksoftirqd/1/23 CPU: 1 UID: 0 PID: 23 Comm:
Sep 29
syzbot
Sep 25
[syzbot] [hams?] KASAN: slab-use-after-free Write in rose_t0timer_expiry
BUG:
KASAN
: slab-
use
-
after
-
free
in rose_t0timer_expiry+0x114/0x150 net/rose/rose_link.c:85 Write of size 1 at addr ffff8880569e3435 by task syz.3.1212/10695 CPU: 0 UID: 0
unread,
[syzbot] [hams?] KASAN: slab-use-after-free Write in rose_t0timer_expiry
BUG:
KASAN
: slab-
use
-
after
-
free
in rose_t0timer_expiry+0x114/0x150 net/rose/rose_link.c:85 Write of size 1 at addr ffff8880569e3435 by task syz.3.1212/10695 CPU: 0 UID: 0
Sep 25
syzbot ci
, …
Vlastimil Babka
5
Sep 26
[syzbot ci] Re: rust: zpool: add API for C and Rust
zswap_store *
KASAN
: slab-out-of-bounds Read in zpool_get_total_pages *
KASAN
: slab-out-of-bounds Read in zswap_store *
KASAN
: slab-
use
-
after
-
free
Read in zpool_get_total_pages
unread,
[syzbot ci] Re: rust: zpool: add API for C and Rust
zswap_store *
KASAN
: slab-out-of-bounds Read in zpool_get_total_pages *
KASAN
: slab-out-of-bounds Read in zswap_store *
KASAN
: slab-
use
-
after
-
free
Read in zpool_get_total_pages
Sep 26
syzbot ci
Sep 20
[syzbot ci] Re: udp: remove busylock and add per NUMA queues
issue:
KASAN
: slab-
use
-
after
-
free
Read in __udp_enqueue_schedule_skb Full report is available here: https://ci.syzbot.org/series/9921e6c6-67ac-435d-a76a-a9cfb67b2f12
unread,
[syzbot ci] Re: udp: remove busylock and add per NUMA queues
issue:
KASAN
: slab-
use
-
after
-
free
Read in __udp_enqueue_schedule_skb Full report is available here: https://ci.syzbot.org/series/9921e6c6-67ac-435d-a76a-a9cfb67b2f12
Sep 20
syzbot
Sep 15
[syzbot] [iommu?] KASAN: slab-use-after-free Write in iommufd_eventq_fops_release
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_fetch_sub_release
unread,
[syzbot] [iommu?] KASAN: slab-use-after-free Write in iommufd_eventq_fops_release
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read_write include/linux/instrumented.h:96 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_fetch_sub_release
Sep 15
syzbot
Sep 11
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hidp_session_thread (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_long_read include/linux
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in hidp_session_thread (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in atomic_long_read include/linux
Sep 11
syzbot
, …
Christoph Hellwig
3
Sep 3
[syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
BUG:
KASAN
: slab-
use
-
after
-
free
in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in rht_head_hashfn include/linux/rhashtable
unread,
[syzbot] [xfs?] KASAN: slab-use-after-free Read in xfs_buf_rele (4)
BUG:
KASAN
: slab-
use
-
after
-
free
in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in rht_head_hashfn include/linux/rhashtable
Sep 3
syzbot
2
Sep 2
[syzbot] [bcachefs?] [mm?] BUG: corrupted list in list_lru_add
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_add_valid_or_report+0x6a/0x130 lib/list_debug.c:32 Read of size 8 at addr ffff888051ac9708 by task syz-executor/5975 CPU: 1 UID
unread,
[syzbot] [bcachefs?] [mm?] BUG: corrupted list in list_lru_add
BUG:
KASAN
: slab-
use
-
after
-
free
in __list_add_valid_or_report+0x6a/0x130 lib/list_debug.c:32 Read of size 8 at addr ffff888051ac9708 by task syz-executor/5975 CPU: 1 UID
Sep 2
syzbot
2
Aug 28
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in release_sock (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in do_raw_spin_lock+0x26f/0x2b0
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in release_sock (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in do_raw_spin_lock+0x26f/0x2b0
Aug 28
syzbot
, …
Hillf Danton
19
Aug 25
[syzbot] [net?] unregister_netdevice: waiting for DEV to become free (8)
issue:
KASAN
:
use
-
after
-
free
Read in j1939_netdev_stop ================================================================== BUG:
KASAN
:
use
-
after
-
free
in netdev_get_ml_priv
unread,
[syzbot] [net?] unregister_netdevice: waiting for DEV to become free (8)
issue:
KASAN
:
use
-
after
-
free
Read in j1939_netdev_stop ================================================================== BUG:
KASAN
:
use
-
after
-
free
in netdev_get_ml_priv
Aug 25
syzbot
Aug 13
[syzbot] [block?] KASAN: slab-use-after-free Read in update_io_ticks (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in update_io_ticks+0x9a/0x260 block/blk-core.c:1018 Read of size 8 at addr ffff88803215e7a8 by task kworker/u4:11/3027 CPU: 0 UID: 0 PID: 3027
unread,
[syzbot] [block?] KASAN: slab-use-after-free Read in update_io_ticks (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in update_io_ticks+0x9a/0x260 block/blk-core.c:1018 Read of size 8 at addr ffff88803215e7a8 by task kworker/u4:11/3027 CPU: 0 UID: 0 PID: 3027
Aug 13
syzbot
,
Hillf Danton
7
Aug 12
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event:
Use
of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in l2cap_unregister_user
hci_event:
Use
of a function table to handle Command Complete bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14d538c4580000 final oops: https://syzkaller
Aug 12
syzbot
Aug 5
[syzbot] [perf?] KASAN: slab-use-after-free Read in __task_pid_nr_ns
BUG:
KASAN
: slab-
use
-
after
-
free
in __task_pid_nr_ns+0x1da/0x470 kernel/pid.c:517 Read of size 8 at addr ffff888066bbaa28 by task syz.5.936/10344 CPU: 0 UID: 0 PID: 10344 Comm
unread,
[syzbot] [perf?] KASAN: slab-use-after-free Read in __task_pid_nr_ns
BUG:
KASAN
: slab-
use
-
after
-
free
in __task_pid_nr_ns+0x1da/0x470 kernel/pid.c:517 Read of size 8 at addr ffff888066bbaa28 by task syz.5.936/10344 CPU: 0 UID: 0 PID: 10344 Comm
Aug 5
syzbot
Aug 4
[syzbot] [mm?] [gfs2?] KASAN: slab-use-after-free Read in lru_add (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _test_bit include/asm-generic
unread,
[syzbot] [mm?] [gfs2?] KASAN: slab-use-after-free Read in lru_add (2)
BUG:
KASAN
: slab-
use
-
after
-
free
in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in _test_bit include/asm-generic
Aug 4
syzbot
, …
Arnaud Lecomte
7
Jul 30
[syzbot] [fuse?] [block?] KASAN: slab-use-after-free Read in disk_add_events
BUG:
KASAN
: slab-
use
-
after
-
free
in >> __list_add_valid_or_report+0x151/0x190 lib/list_debug.c:32 >> Read of size 8 at addr ffff888036fa1400 by task syz.2.1231
unread,
[syzbot] [fuse?] [block?] KASAN: slab-use-after-free Read in disk_add_events
BUG:
KASAN
: slab-
use
-
after
-
free
in >> __list_add_valid_or_report+0x151/0x190 lib/list_debug.c:32 >> Read of size 8 at addr ffff888036fa1400 by task syz.2.1231
Jul 30
syzbot
15
Oct 14
[syzbot] [fs?] KASAN: use-after-free Read in hpfs_get_ea
?]
KASAN
:
use
-
after
-
free
Read in hpfs_get_ea Author: kapoorarnav43@gmail.com #syz test From: Arnav Kapoor Date: Fri, 18 Jul 2025 12:00:00 +0000 Subject: [PATCH] hpfs: fix
use
-
unread,
[syzbot] [fs?] KASAN: use-after-free Read in hpfs_get_ea
?]
KASAN
:
use
-
after
-
free
Read in hpfs_get_ea Author: kapoorarnav43@gmail.com #syz test From: Arnav Kapoor Date: Fri, 18 Jul 2025 12:00:00 +0000 Subject: [PATCH] hpfs: fix
use
-
Oct 14
syzbot
, …
Ivan Pravdin
10
Jul 21
[syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work
BUG:
KASAN
: slab-
use
-
after
-
free
in hci_uart_write_work+0x2ca/0x550 drivers/bluetooth/hci_ldisc.c:165 Read of size 8 at addr ffff8880555a35d8 by task kworker/0:7/5631 CPU
unread,
[syzbot] [bluetooth?] [bcachefs?] KASAN: slab-use-after-free Read in hci_uart_write_work
BUG:
KASAN
: slab-
use
-
after
-
free
in hci_uart_write_work+0x2ca/0x550 drivers/bluetooth/hci_ldisc.c:165 Read of size 8 at addr ffff8880555a35d8 by task kworker/0:7/5631 CPU
Jul 21
syzbot
, …
Hillf Danton
12
Jul 4
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in force_devcd_write
issue:
KASAN
: slab-
use
-
after
-
free
Read in force_devcd_write ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in force_devcd_write
issue:
KASAN
: slab-
use
-
after
-
free
Read in force_devcd_write ================================================================== BUG:
KASAN
: slab-
use
-
after
-
free
in
Jul 4
syzbot
6
Sep 27
[syzbot] [ext4?] KASAN: slab-use-after-free Read in __ext4_check_dir_entry
BUG:
KASAN
: slab-
use
-
after
-
free
in __ext4_check_dir_entry+0x708/0x8a0 fs/ext4/dir.c:85 Read of size 2 at addr ffff8880601f4003 by task syz.1.21/6095 CPU: 0 UID: 0 PID: 6095
unread,
[syzbot] [ext4?] KASAN: slab-use-after-free Read in __ext4_check_dir_entry
BUG:
KASAN
: slab-
use
-
after
-
free
in __ext4_check_dir_entry+0x708/0x8a0 fs/ext4/dir.c:85 Read of size 2 at addr ffff8880601f4003 by task syz.1.21/6095 CPU: 0 UID: 0 PID: 6095
Sep 27
syzbot
Jun 16
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in skb_queue_purge_reason (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_purge_reason+0x99/0x360
unread,
[syzbot] [bluetooth?] KASAN: slab-use-after-free Read in skb_queue_purge_reason (3)
BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_empty_lockless include/linux/skbuff.h:1891 [inline] BUG:
KASAN
: slab-
use
-
after
-
free
in skb_queue_purge_reason+0x99/0x360
Jun 16
syzbot
,
Hillf Danton
6
Jun 10
[syzbot] [net?] KASAN: use-after-free Read in __linkwatch_run_queue
T3436]
task_work_run
+0x78/0xd4 [ 190.178605][ T3436] do_exit+0x24c/0x930 [ 190.178605][ T3436] do_group_exit+0x34/0x90 [ 190.178605][ T3436] pid_child_should_wake+0x0
unread,
[syzbot] [net?] KASAN: use-after-free Read in __linkwatch_run_queue
T3436]
task_work_run
+0x78/0xd4 [ 190.178605][ T3436] do_exit+0x24c/0x930 [ 190.178605][ T3436] do_group_exit+0x34/0x90 [ 190.178605][ T3436] pid_child_should_wake+0x0
Jun 10
