syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1344]
Subsystems
🐞 Fixed [7090]
🐞 Invalid [18710]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in kcov_remote_start

Status: upstream: reported on 2025/10/05 04:26
Subsystems: usb bluetooth
[Documentation on labels]
Reported-by: syzbot+8a173e13208949931dc7@syzkaller.appspotmail.com
First crash: 226d, last: 7m
Discussions (7)
Title Replies (including bot) Last reply
[PATCH] kcov: fix potential kcov_mode corruption under CONFIG_PREEMPT_RT 4 (4) 2026/05/15 07:10
[syzbot] Monthly usb report (May 2026) 0 (1) 2026/05/02 12:32
[syzbot] Monthly bluetooth report (May 2026) 0 (1) 2026/05/02 12:32
[syzbot] Monthly bluetooth report (Apr 2026) 0 (1) 2026/04/01 07:42
[syzbot] Monthly bluetooth report (Jan 2026) 0 (1) 2026/01/28 22:38
[syzbot] Monthly bluetooth report (Dec 2025) 0 (1) 2025/12/29 08:12
[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_start 0 (1) 2025/10/05 04:26

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
Read of size 8 at addr ffffc9001d819008 by task kworker/1:3/4982

CPU: 1 UID: 0 PID: 4982 Comm: kworker/1:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description+0x55/0x1e0 mm/kasan/report.c:378
 print_report+0x58/0x70 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del include/linux/list.h:237 [inline]
 kcov_remote_area_get kernel/kcov.c:143 [inline]
 kcov_remote_start+0x2af/0x710 kernel/kcov.c:920
 kcov_remote_start_usb include/linux/kcov.h:55 [inline]
 hub_event+0x150/0x4f60 drivers/usb/core/hub.c:5889
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3397
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc9001d818f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9001d818f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc9001d819000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                      ^
 ffffc9001d819080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9001d819100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (2005):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/05/15 04:14 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/15 02:06 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/15 00:50 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/14 21:37 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/14 11:12 upstream e1914add2799 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/14 06:54 upstream e1914add2799 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/13 02:45 upstream c21b90f77687 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/12 00:48 upstream 50897c955902 d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/11 17:39 upstream 5d6919055dec e6eb7c0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/11 05:06 upstream aa54b1d27fe0 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/11 02:56 upstream aa54b1d27fe0 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/03/09 04:48 upstream 014441d1e4b2 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/05 02:43 upstream d104e3d17f7b 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/01 04:17 upstream 50c19e20ed2e 65a0eece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/14 08:23 linux-next e98d21c170b0 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/13 09:40 linux-next e98d21c170b0 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/13 05:32 linux-next e98d21c170b0 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/13 01:32 linux-next e98d21c170b0 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/11 23:44 linux-next e98d21c170b0 d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/11 15:48 linux-next e98d21c170b0 e6eb7c0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/15 07:15 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/05/15 06:35 upstream 66182ca873a4 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/14 10:05 upstream e1914add2799 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/05/14 03:22 upstream e1914add2799 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/13 23:36 upstream e1914add2799 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/13 20:56 upstream 1d5dcaa3bd65 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/13 13:12 upstream 1d5dcaa3bd65 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/13 03:59 upstream c21b90f77687 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/05/12 13:08 upstream 50897c955902 d5b1a17d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/12 08:07 upstream 50897c955902 d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/11 14:25 upstream 5d6919055dec e6eb7c0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/11 06:07 upstream aa54b1d27fe0 29233ece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/15 08:28 linux-next e98d21c170b0 9cd3beaa .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/14 20:32 linux-next e98d21c170b0 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/14 13:13 linux-next e98d21c170b0 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel paging request in kcov_remote_start
2026/05/14 08:15 linux-next e98d21c170b0 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/14 01:21 linux-next e98d21c170b0 6ccb967e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/13 16:55 linux-next e98d21c170b0 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/13 12:00 linux-next e98d21c170b0 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/13 10:48 linux-next e98d21c170b0 fec2a7ee .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel paging request in kcov_remote_start
2026/05/12 22:52 linux-next e98d21c170b0 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel paging request in kcov_remote_start
2026/05/12 21:44 linux-next e98d21c170b0 a0949470 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/05/12 19:01 linux-next e98d21c170b0 d5b1a17d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/12 16:48 linux-next e98d21c170b0 d5b1a17d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/12 15:23 linux-next e98d21c170b0 d5b1a17d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/12 11:54 linux-next e98d21c170b0 d5b1a17d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/12 06:33 linux-next e98d21c170b0 d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/12 04:50 linux-next e98d21c170b0 d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/11 20:38 linux-next e98d21c170b0 d168f260 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_start
2026/05/11 19:24 linux-next e98d21c170b0 e6eb7c0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/11 13:08 linux-next e98d21c170b0 e6eb7c0b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
* Struck through repros no longer work on HEAD.