syzbot

 sign-in | mailing list | source | docs
🐞 Open [1452]
Subsystems
🐞 Fixed [6928]
🐞 Invalid [18037]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in kcov_remote_start

Status: upstream: reported on 2025/10/05 04:26
Subsystems: bluetooth usb
[Documentation on labels]
Reported-by: syzbot+8a173e13208949931dc7@syzkaller.appspotmail.com
First crash: 140d, last: 5h39m
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] Monthly bluetooth report (Jan 2026) 0 (1) 2026/01/28 22:38
[syzbot] Monthly bluetooth report (Dec 2025) 0 (1) 2025/12/29 08:12
[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_start 0 (1) 2025/10/05 04:26

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
Read of size 8 at addr ffffc9000dc0a008 by task kworker/u9:2/17484

CPU: 1 UID: 0 PID: 17484 Comm: kworker/u9:2 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: hci1 hci_rx_work
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xba/0x230 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del include/linux/list.h:237 [inline]
 kcov_remote_area_get kernel/kcov.c:143 [inline]
 kcov_remote_start+0x2af/0x710 kernel/kcov.c:920
 kcov_remote_start_common include/linux/kcov.h:50 [inline]
 hci_rx_work+0x10f/0x1030 net/bluetooth/hci_core.c:4039
 process_one_work kernel/workqueue.c:3275 [inline]
 process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3358
 worker_thread+0xa50/0xfc0 kernel/workqueue.c:3439
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc9000dc09f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9000dc09f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc9000dc0a000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                      ^
 ffffc9000dc0a080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9000dc0a100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (968):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/18 10:20 upstream c22e26bd0906 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/18 08:04 upstream c22e26bd0906 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/18 06:59 upstream c22e26bd0906 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/18 05:02 upstream c22e26bd0906 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/17 10:28 upstream c22e26bd0906 e439b951 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/17 02:22 upstream c22e26bd0906 5d52cba5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/16 08:27 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/16 02:18 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/15 05:22 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/15 02:29 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/14 10:41 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/14 06:35 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/13 15:39 upstream c22e26bd0906 6a673c50 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/12 21:35 upstream c22e26bd0906 504cb1bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/12 06:08 upstream c22e26bd0906 76a109e2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/11 22:25 upstream 192c0159402e 75707236 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/11 18:30 upstream 192c0159402e 75707236 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/11 09:14 upstream dc855b77719f 441e25b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/11 04:05 upstream dc855b77719f 441e25b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/11 02:49 upstream dc855b77719f 441e25b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/11 01:49 upstream dc855b77719f 441e25b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/10 17:24 upstream 72c395024dac 91d776d3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/09 21:19 upstream 05f7e89ab973 df949cd9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/09 18:34 upstream 05f7e89ab973 df949cd9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/09 17:21 upstream 05f7e89ab973 df949cd9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/09 10:17 upstream 05f7e89ab973 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/05 02:43 upstream d104e3d17f7b 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/01 04:17 upstream 50c19e20ed2e 65a0eece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/02/18 11:40 upstream c22e26bd0906 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/02/18 01:04 upstream c22e26bd0906 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/02/17 23:08 upstream c22e26bd0906 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/02/17 20:23 upstream c22e26bd0906 39751c21 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/17 04:05 upstream c22e26bd0906 5d52cba5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/16 21:07 upstream c22e26bd0906 5d52cba5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/16 11:32 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/15 19:54 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/02/14 22:04 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/14 16:52 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/14 15:17 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/14 13:10 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/14 09:22 upstream c22e26bd0906 1e62d198 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/02/12 19:40 upstream c22e26bd0906 504cb1bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/12 15:58 upstream c22e26bd0906 76a109e2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/12 07:21 upstream c22e26bd0906 76a109e2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/10 10:23 upstream 8a5203c630c6 4ab09a02 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/02/10 07:58 upstream 8a5203c630c6 4ab09a02 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/10 03:13 upstream 8a5203c630c6 4ab09a02 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/09 16:17 upstream 05f7e89ab973 df949cd9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/09 12:58 upstream 05f7e89ab973 df949cd9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/02/09 08:02 upstream 05f7e89ab973 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/02/09 05:12 upstream e98f34af6116 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/02/09 00:13 upstream e98f34af6116 4c131dc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
* Struck through repros no longer work on HEAD.