syzbot

 sign-in | mailing list | source | docs
🐞 Open [137]
🐞 Fixed [2]
🐞 Invalid [244]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

KASAN: use-after-free Read in rcu_cblist_dequeue

Status: upstream: reported C repro on 2026/06/11 16:19
Reported-by: syzbot+9da04cc1c19a8165b176@syzkaller.appspotmail.com
First crash: 3d17h, last: 2h53m
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in rcu_cblist_dequeue kernel 19 1 2985d 2985d 0/29 closed as invalid on 2018/04/12 23:01
android-5-10 KASAN: use-after-free Read in rcu_cblist_dequeue 19 1 1691d 1685d 0/2 auto-closed as invalid on 2022/02/24 12:16
upstream BUG: unable to handle kernel paging request in rcu_cblist_dequeue rcu 8 6 286d 290d 0/29 auto-obsoleted due to no activity on 2025/12/10 12:07
upstream KASAN: slab-use-after-free Read in rcu_cblist_dequeue crypto 19 1 168d 164d 0/29 auto-obsoleted due to no activity on 2026/03/28 00:06

Sample crash report:
==================================================================
BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x6c/0xb0 kernel/rcu/rcu_segcblist.c:75
Read of size 8 at addr ffff88810cfccd90 by task ksoftirqd/0/13

CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Call Trace:
 <TASK>
 __dump_stack+0x21/0x24 lib/dump_stack.c:88
 dump_stack_lvl+0x110/0x170 lib/dump_stack.c:106
 print_address_description+0x71/0x200 mm/kasan/report.c:316
 print_report+0x4a/0x60 mm/kasan/report.c:420
 kasan_report+0x122/0x150 mm/kasan/report.c:524
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351
 rcu_cblist_dequeue+0x6c/0xb0 kernel/rcu/rcu_segcblist.c:75
 rcu_do_batch+0x4bb/0xbc0 kernel/rcu/tree.c:2285
 rcu_core+0x5c3/0xe80 kernel/rcu/tree.c:2557
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2574
 handle_softirqs+0x1d7/0x600 kernel/softirq.c:642

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/11 16:07 android14-6.1 bf32db543281 d93a6ab6 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 16:50 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 16:23 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 15:26 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 15:25 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 10:27 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 09:45 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 09:08 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 07:45 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 01:48 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 01:35 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 01:35 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 01:34 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 01:34 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/14 01:17 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/13 23:02 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/13 20:07 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/13 20:06 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/13 20:06 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/13 20:05 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/13 20:05 android14-6.1 f17c14b8ada7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/12 15:19 android14-6.1 bf32db543281 e93da63e .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/12 07:57 android14-6.1 bf32db543281 e93da63e .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 23:34 android14-6.1 bf32db543281 d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 21:16 android14-6.1 bf32db543281 d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 15:11 android14-6.1 bf32db543281 d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 15:09 android14-6.1 bf32db543281 d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 11:37 android14-6.1 bf32db543281 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 03:09 android14-6.1 bf32db543281 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 03:07 android14-6.1 bf32db543281 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 03:06 android14-6.1 bf32db543281 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 03:01 android14-6.1 bf32db543281 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 02:13 android14-6.1 bf32db543281 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 02:13 android14-6.1 bf32db543281 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
2026/06/11 02:03 android14-6.1 bf32db543281 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 KASAN: use-after-free Read in rcu_cblist_dequeue
* Struck through repros no longer work on HEAD.