syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1331]
Subsystems
🐞 Fixed [7147]
🐞 Invalid [18896]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in kcov_remote_start

Status: upstream: reported on 2025/10/05 04:26
Subsystems: usb
Labels: prio:normal
[Documentation on labels]
Reported-by: syzbot+8a173e13208949931dc7@syzkaller.appspotmail.com
First crash: 251d, last: 54m
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
4a93e1b2-5dbe-4aa4-aa4c-12062719945b assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ KASAN: vmalloc-out-of-bounds Read in kcov_remote_start 2026/05/23 06:13 2026/05/23 06:13 2026/05/23 07:07 c69befb30ac10e158cc9d1557b508ee3f0eca1de
Discussions (7)
Title Replies (including bot) Last reply
[PATCH] kcov: fix potential kcov_mode corruption under CONFIG_PREEMPT_RT 5 (5) 2026/05/21 08:38
[syzbot] Monthly usb report (May 2026) 0 (1) 2026/05/02 12:32
[syzbot] Monthly bluetooth report (May 2026) 0 (1) 2026/05/02 12:32
[syzbot] Monthly bluetooth report (Apr 2026) 0 (1) 2026/04/01 07:42
[syzbot] Monthly bluetooth report (Jan 2026) 0 (1) 2026/01/28 22:38
[syzbot] Monthly bluetooth report (Dec 2025) 0 (1) 2025/12/29 08:12
[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_start 0 (1) 2025/10/05 04:26

Sample crash report:
pvrusb2: **********
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
Read of size 8 at addr ffffc900046f1008 by task kworker/0:5/5753

CPU: 0 UID: 0 PID: 5753 Comm: kworker/0:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description+0x55/0x1e0 mm/kasan/report.c:378
 print_report+0x58/0x70 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:246 [inline]
 list_del include/linux/list.h:260 [inline]
 kcov_remote_area_get kernel/kcov.c:143 [inline]
 kcov_remote_start+0x2af/0x710 kernel/kcov.c:920
 kcov_remote_start_usb include/linux/kcov.h:55 [inline]
 hub_event+0x150/0x4f60 drivers/usb/core/hub.c:5889
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3397
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a 0-page vmalloc region starting at 0xffffc900046f1000 allocated at kcov_ioctl+0x58/0x640 kernel/kcov.c:726
Memory state around the buggy address:
 ffffc900046f0f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc900046f0f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc900046f1000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                      ^
 ffffc900046f1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc900046f1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (2503):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/09 02:23 upstream 4549871118cf 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/08 14:53 upstream 4549871118cf 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/08 13:53 upstream 4549871118cf cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/08 08:57 upstream c68691dc1dca cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/07 23:06 upstream c68691dc1dca cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/07 11:45 upstream 979c294509f9 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/07 10:06 upstream 979c294509f9 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/07 02:05 upstream 8e65320d91cd cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/05 20:17 upstream ddd664bbff63 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/22 20:33 upstream 45255ea1ca09 e16cf9f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/03/09 04:48 upstream 014441d1e4b2 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/05 02:43 upstream d104e3d17f7b 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/01 04:17 upstream 50c19e20ed2e 65a0eece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/09 05:02 linux-next a87737435cfa 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/08 10:38 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/08 03:24 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/07 07:12 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/07 03:10 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/07 00:31 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/06 07:53 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/05 20:33 linux-next f7af91adc230 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/05 10:28 linux-next f7af91adc230 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/05 06:35 linux-next f7af91adc230 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/09 19:45 upstream 2d3090a8aeb5 c36c07f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/09 18:43 upstream 2d3090a8aeb5 c36c07f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/09 17:15 upstream 2d3090a8aeb5 c36c07f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/09 12:35 upstream 2d3090a8aeb5 c36c07f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/06/08 22:50 upstream 4549871118cf 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/08 19:50 upstream 4549871118cf 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/08 07:55 upstream c68691dc1dca cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/08 07:19 upstream c68691dc1dca cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/06/08 04:29 upstream c68691dc1dca cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/07 19:06 upstream 979c294509f9 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/07 05:23 upstream 8e65320d91cd cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/07 04:00 upstream 8e65320d91cd cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/06 22:56 upstream 8e65320d91cd cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/06 17:33 upstream c10130c234c8 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/06 16:08 upstream c10130c234c8 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/06 00:36 upstream ddd664bbff63 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/06/05 16:30 upstream ddd664bbff63 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/05 12:37 upstream ddd664bbff63 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/06/09 20:55 linux-next 49e02880ec0a c36c07f6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/09 03:44 linux-next a87737435cfa 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_start
2026/06/08 17:53 linux-next a87737435cfa 656e94c6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/08 02:21 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/06/08 00:17 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/07 20:34 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/06/06 21:46 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/06 11:55 linux-next f7af91adc230 cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/05 17:44 linux-next f7af91adc230 48b6c3fa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/05 08:30 linux-next f7af91adc230 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/05 04:45 linux-next f7af91adc230 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
* Struck through repros no longer work on HEAD.