syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1350]
Subsystems
🐞 Fixed [7124]
🐞 Invalid [18842]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

WARNING in __kfence_free (4)

Status: upstream: reported on 2026/02/24 04:48
Subsystems: mm kasan
[Documentation on labels]
Reported-by: syzbot+ac1ff64591d23db965f7@syzkaller.appspotmail.com
First crash: 99d, last: 99d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
d3c12c93-8427-4b95-bc5e-35bc47e80f8d assessment-security 💥 WARNING in __kfence_free (4) 2026/05/15 06:52 2026/05/15 06:52 2026/05/15 06:53 6ccb967e465e832a7bfd7a116ad00d52a0923a5d failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128 From /app/workdir/repo/linux * branch HEAD -> FETCH_HEAD Updating files: 19% (18000/92982) Updating files: 20% (18597/92982) Updating files: 21% (19527/92982) Updating files: 22% (20457/92982) error: unable to write file arch/m68k/include/asm/atomic.h error: unable to write file arch/m68k/include/asm/bitops.h error: unable to write file arch/m68k/include/asm/blinken.h error: unable to write file arch/m68k/include/asm/bootinfo.h error: unable to write file arch/m68k/include/asm/bootstd.h error: unable to write file arch/m68k/include/asm/bug.h error: unable to write file arch/m68k/include/asm/bvme6000hw.h error: unable to write file arch/m68k/include/asm/cache.h error: unable to write file arch/m68k/include/asm/cacheflush.h error: unable to write file arch/m68k/include/asm/cacheflush_mm.h error: unable to write file arch/m68k/include/asm/cacheflush_no.h error: unable to write file arch/m68k/include/asm/cachetype.h error: unable to write file arch/m68k/include/asm/checksum.h error: unable to write file arch/m68k/include/asm/cmpxchg.h error: unable to write file arch/m68k/include/asm/coldfire.h error: unable to write file arch/m68k/include/asm/config.h error: unable to write file arch/m68k/include/asm/contregs.h error: unable to write file arch/m68k/include/asm/current.h error: unable to write file arch/m68k/include/asm/delay.h error: unable to write file arch/m68k/include/asm/div64.h error: unable to write file arch/m68k/include/asm/dma.h error: unable to write file arch/m68k/include/asm/dsp56k.h error: unable to write file arch/m68k/include/asm/dvma.h error: unable to write file arch/m68k/include/asm/elf.h error: unable to write file arch/m68k/include/asm/entry.h error: unable to write file arch/m68k/include/asm/fbio.h error: unable to write file arch/m68k/include/asm/flat.h error: unable to write file arch/m68k/include/asm/floppy.h error: unable to write file arch/m68k/include/asm/fpu.h error: unable to write file arch/m68k/include/asm/ftrace.h error: unable to write file arch/m68k/include/asm/hash.h error: unable to write file arch/m68k/include/asm/hp300hw.h error: unable to write file arch/m68k/include/asm/hwtest.h error: unable to write file arch/m68k/include/asm/idprom.h error: unable to write file arch/m68k/include/asm/intersil.h error: unable to write file arch/m68k/include/asm/io.h error: unable to write file arch/m68k/include/asm/io_mm.h error: unable to write file arch/m68k/include/asm/io_no.h error: unable to write file arch/m68k/include/asm/irq.h error: unable to write file arch/m68k/include/asm/irqflags.h error: unable to write file arch/m68k/include/asm/kexec.h error: unable to write file arch/m68k/include/asm/kmap.h error: unable to write file arch/m68k/include/asm/libgcc.h error: unable to write file arch/m68k/include/asm/linkage.h error: unable to write file arch/m68k/include/asm/m5206sim.h error: unable to write file arch/m68k/include/asm/m520xsim.h error: unable to write file arch/m68k/include/asm/m523xsim.h error: unable to write file arch/m68k/include/asm/m525xsim.h error: unable to write file arch/m68k/include/asm/m5272sim.h error: unable to write file arch/m68k/include/asm/m527xsim.h error: unable to write file arch/m68k/include/asm/m528xsim.h error: unable to write file arch/m68k/include/asm/m52xxacr.h error: unable to write file arch/m68k/include/asm/m5307sim.h error: unable to write file arch/m68k/include/asm/m53xxacr.h error: unable to write file arch/m68k/include/asm/m53xxsim.h error: unable to write file arch/m68k/include/asm/m5407sim.h error: unable to write file arch/m68k/include/asm/m5441xsim.h error: unable to write file arch/m68k/include/asm/m54xxacr.h error: unable to write file arch/m68k/include/asm/m54xxgpt.h error: unable to write file arch/m68k/include/asm/m54xxpci.h error: unable to write file arch/m68k/include/asm/m54xxsim.h error: unable to write file arch/m68k/include/asm/mac_asc.h error: unable to write file arch/m68k/include/asm/mac_baboon.h error: un
4c860957-fb19-4b29-9887-62ec549b27dc repro WARNING in __kfence_free (4) 2026/03/07 06:01 2026/03/07 06:01 2026/03/07 06:08 31e9c887f7dc24e04b3ca70d0d54fc34141844b0
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kasan?] [mm?] WARNING in __kfence_free (4) 0 (1) 2026/02/24 04:48
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in __kfence_free (2) kasan mm -1 1 1243d 1239d 0/29 auto-obsoleted due to no activity on 2023/05/02 22:23
upstream WARNING in __kfence_free kasan mm -1 4 1416d 1500d 0/29 auto-obsoleted due to no activity on 2022/11/11 05:48
upstream WARNING in __kfence_free (3) kasan mm -1 syz 92 798d 955d 0/29 auto-obsoleted due to no activity on 2024/06/01 06:35

Sample crash report:
soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
------------[ cut here ]------------
WARNING: mm/kfence/core.c:1224 at __kfence_free+0x60/0x100 mm/kfence/core.c:1244, CPU#1: syz-executor/3322
Modules linked in:
CPU: 1 UID: 0 PID: 3322 Comm: syz-executor Not tainted syzkaller #0 PREEMPT 
Hardware name: linux,dummy-virt (DT)
pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : __kfence_free+0x60/0x100 mm/kfence/core.c:1224
lr : kfence_free include/linux/kfence.h:187 [inline]
lr : slab_free_hook mm/slub.c:2625 [inline]
lr : slab_free mm/slub.c:6124 [inline]
lr : kfree+0x3bc/0x3f4 mm/slub.c:6442
sp : ffff800089acbab0
x29: ffff800089acbab0 x28: fbf0000005fa0000 x27: 0000000000000000
x26: 0000000000084008 x25: ffff800082a81000 x24: 0000000000000000
x23: f6f0000003412e00 x22: ffff80008033b784 x21: ffffc1ffc1ffc000
x20: 5eaf80008033b784 x19: fff000007d89df78 x18: 0000000000000002
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 000000000006f7ec x12: 0000000000000001
x11: 0000000000000400 x10: 0000000000006400 x9 : 00000000000000b0
x8 : f3f000000622c45c x7 : 0000000000000024 x6 : 0000000000000024
x5 : 000000000000003c x4 : fff000007d87a000 x3 : ffff800082a81000
x2 : ffff800082a815e0 x1 : f4f0000005ff0c80 x0 : fff000007ff00000
Call trace:
 __kfence_free+0x60/0x100 mm/kfence/core.c:1244 (P)
 kfence_free include/linux/kfence.h:187 [inline]
 slab_free_hook mm/slub.c:2625 [inline]
 slab_free mm/slub.c:6124 [inline]
 kfree+0x3bc/0x3f4 mm/slub.c:6442
 kvfree+0x3c/0x58 mm/slub.c:6760
 xt_free_table_info+0x80/0x90 net/netfilter/x_tables.c:1213
 __do_replace+0x250/0x310 net/ipv4/netfilter/ip_tables.c:1084
 do_replace net/ipv6/netfilter/ip6_tables.c:1158 [inline]
 do_ip6t_set_ctl+0x374/0x418 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x68/0xb0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x90/0xe4 net/ipv6/ipv6_sockglue.c:978
 tcp_setsockopt+0x20/0x3c net/ipv4/tcp.c:4217
 sock_common_setsockopt+0x1c/0x28 net/core/sock.c:3973
 do_sock_setsockopt+0xa4/0x198 net/socket.c:2322
 __sys_setsockopt+0x7c/0x100 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2353 [inline]
 __se_sys_setsockopt net/socket.c:2350 [inline]
 __arm64_sys_setsockopt+0x28/0x40 net/socket.c:2350
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x48/0x104 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151
 el0_svc+0x34/0x124 arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0xa0/0xf0 arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:596
---[ end trace 0000000000000000 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/20 04:43 upstream 8bf22c33e7a1 17d780d6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte WARNING in __kfence_free
* Struck through repros no longer work on HEAD.