syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1327]
Subsystems
🐞 Fixed [7156]
🐞 Invalid [18922]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in kcov_remote_start

Status: upstream: reported on 2025/10/05 04:26
Subsystems: usb
Labels: prio:normal
[Documentation on labels]
Reported-by: syzbot+8a173e13208949931dc7@syzkaller.appspotmail.com
First crash: 256d, last: 51m
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
4a93e1b2-5dbe-4aa4-aa4c-12062719945b assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ KASAN: vmalloc-out-of-bounds Read in kcov_remote_start 2026/05/23 06:13 2026/05/23 06:13 2026/05/23 07:07 c69befb30ac10e158cc9d1557b508ee3f0eca1de
Discussions (7)
Title Replies (including bot) Last reply
[PATCH] kcov: fix potential kcov_mode corruption under CONFIG_PREEMPT_RT 5 (5) 2026/05/21 08:38
[syzbot] Monthly usb report (May 2026) 0 (1) 2026/05/02 12:32
[syzbot] Monthly bluetooth report (May 2026) 0 (1) 2026/05/02 12:32
[syzbot] Monthly bluetooth report (Apr 2026) 0 (1) 2026/04/01 07:42
[syzbot] Monthly bluetooth report (Jan 2026) 0 (1) 2026/01/28 22:38
[syzbot] Monthly bluetooth report (Dec 2025) 0 (1) 2025/12/29 08:12
[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_start 0 (1) 2025/10/05 04:26

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
Read of size 8 at addr ffffc9001d7a9008 by task kworker/u8:5/8087

CPU: 1 UID: 0 PID: 8087 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: events_unbound cfg80211_wiphy_work
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description+0x55/0x1e0 mm/kasan/report.c:378
 print_report+0x58/0x70 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:246 [inline]
 list_del include/linux/list.h:260 [inline]
 kcov_remote_area_get kernel/kcov.c:143 [inline]
 kcov_remote_start+0x295/0x6f0 kernel/kcov.c:920
 kcov_remote_start_common include/linux/kcov.h:50 [inline]
 ieee80211_iface_work+0x1ed/0x13f0 net/mac80211/iface.c:1844
 cfg80211_wiphy_work+0x2e1/0x490 net/wireless/core.c:513
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xa8e/0x14e0 kernel/workqueue.c:3397
 worker_thread+0xa47/0xfb0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc9001d7a8f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9001d7a8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc9001d7a9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                      ^
 ffffc9001d7a9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9001d7a9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (2597):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/14 15:47 upstream e21ee273e6fa 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/14 08:59 upstream 2b07ea76fd28 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/14 06:48 upstream 2b07ea76fd28 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/13 15:19 upstream 062871f1371b 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/12 19:48 upstream 1dadb7e7eb5a 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/12 17:45 upstream 1dadb7e7eb5a 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/12 16:39 upstream 2b414a95b8f7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/12 15:35 upstream 2b414a95b8f7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/11 20:51 upstream 9716c086c8e8 d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/11 07:21 upstream 9716c086c8e8 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/10 22:32 upstream acb7500801e9 f79bac11 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/22 20:33 upstream 45255ea1ca09 e16cf9f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/03/09 04:48 upstream 014441d1e4b2 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/05 02:43 upstream d104e3d17f7b 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/01 04:17 upstream 50c19e20ed2e 65a0eece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/14 04:50 linux-next ec039126b7fa 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/14 00:30 linux-next c425609d6ac4 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/13 19:56 linux-next ec039126b7fa 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/13 06:08 linux-next ec039126b7fa 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/13 00:56 linux-next ec039126b7fa 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/12 23:46 linux-next c425609d6ac4 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/12 07:19 linux-next ec039126b7fa e93da63e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/12 00:18 linux-next ec039126b7fa d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/11 17:46 linux-next ec039126b7fa d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/11 01:10 linux-next abe651837cb3 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/10 23:46 linux-next abe651837cb3 f79bac11 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/10 12:24 linux-next 49e02880ec0a f79bac11 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/14 03:33 upstream 2b07ea76fd28 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/14 01:44 upstream 2b07ea76fd28 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/13 22:24 upstream 2b07ea76fd28 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/13 18:54 upstream 062871f1371b 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/13 13:59 upstream 062871f1371b 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/06/13 11:37 upstream 062871f1371b 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/13 08:33 upstream 062871f1371b 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/13 04:33 upstream 1dadb7e7eb5a 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/13 03:00 upstream 1dadb7e7eb5a 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/12 22:00 upstream 1dadb7e7eb5a 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/12 14:39 upstream 2b414a95b8f7 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/12 12:49 upstream 2b414a95b8f7 e93da63e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/12 05:22 upstream 2b414a95b8f7 e93da63e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/11 12:17 upstream 9716c086c8e8 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/06/11 06:04 upstream 9716c086c8e8 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/10 18:01 upstream acb7500801e9 f79bac11 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/10 15:34 upstream acb7500801e9 f79bac11 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/14 13:38 linux-next ec039126b7fa 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/14 11:03 linux-next ec039126b7fa 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/06/14 07:55 linux-next c425609d6ac4 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_start
2026/06/13 17:47 linux-next c425609d6ac4 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_start
2026/06/12 20:58 linux-next ec039126b7fa 1d2f3589 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/06/11 22:43 linux-next ec039126b7fa d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/11 16:24 linux-next ec039126b7fa d93a6ab6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/11 03:45 linux-next abe651837cb3 b754d2d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/10 13:36 linux-next 49e02880ec0a f79bac11 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel paging request in kcov_remote_start
* Struck through repros no longer work on HEAD.