syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1347]
Subsystems
🐞 Fixed [7126]
🐞 Invalid [18862]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in kcov_remote_start

Status: upstream: reported on 2025/10/05 04:26
Subsystems: usb
Labels: prio:normal
[Documentation on labels]
Reported-by: syzbot+8a173e13208949931dc7@syzkaller.appspotmail.com
First crash: 244d, last: 2h16m
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
4a93e1b2-5dbe-4aa4-aa4c-12062719945b assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ KASAN: vmalloc-out-of-bounds Read in kcov_remote_start 2026/05/23 06:13 2026/05/23 06:13 2026/05/23 07:07 c69befb30ac10e158cc9d1557b508ee3f0eca1de
Discussions (7)
Title Replies (including bot) Last reply
[PATCH] kcov: fix potential kcov_mode corruption under CONFIG_PREEMPT_RT 5 (5) 2026/05/21 08:38
[syzbot] Monthly usb report (May 2026) 0 (1) 2026/05/02 12:32
[syzbot] Monthly bluetooth report (May 2026) 0 (1) 2026/05/02 12:32
[syzbot] Monthly bluetooth report (Apr 2026) 0 (1) 2026/04/01 07:42
[syzbot] Monthly bluetooth report (Jan 2026) 0 (1) 2026/01/28 22:38
[syzbot] Monthly bluetooth report (Dec 2025) 0 (1) 2025/12/29 08:12
[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_start 0 (1) 2025/10/05 04:26

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
Read of size 8 at addr ffffc90004a91008 by task kworker/u9:1/4920

CPU: 0 UID: 0 PID: 4920 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description+0x55/0x1e0 mm/kasan/report.c:378
 print_report+0x58/0x70 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __list_del_entry_valid_or_report+0xb5/0x190 lib/list_debug.c:65
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:246 [inline]
 list_del include/linux/list.h:260 [inline]
 kcov_remote_area_get kernel/kcov.c:143 [inline]
 kcov_remote_start+0x2af/0x710 kernel/kcov.c:920
 kcov_remote_start_common include/linux/kcov.h:50 [inline]
 hci_rx_work+0x10f/0x1040 net/bluetooth/hci_core.c:4003
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3397
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc90004a90f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90004a90f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc90004a91000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                      ^
 ffffc90004a91080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc90004a91100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (2392):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/02 09:41 upstream 6f3ed7fec72f 1095583b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 23:01 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 17:31 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 12:25 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/30 11:08 upstream 9215e74f228f 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/29 21:14 upstream 8fde5d1d47f6 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/22 20:33 upstream 45255ea1ca09 e16cf9f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/03/09 04:48 upstream 014441d1e4b2 5cb44a80 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/05 02:43 upstream d104e3d17f7b 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2025/10/01 04:17 upstream 50c19e20ed2e 65a0eece .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/02 02:14 linux-next f7af91adc230 1095583b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/01 22:41 linux-next f7af91adc230 1095583b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/01 19:05 linux-next f7af91adc230 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/01 17:46 linux-next f7af91adc230 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/01 15:25 linux-next f7af91adc230 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/01 14:10 linux-next f7af91adc230 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/01 11:53 linux-next f7af91adc230 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 18:31 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 16:22 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 15:09 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 07:47 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 06:43 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/31 05:15 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/30 05:38 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/05/30 03:32 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_start
2026/06/02 06:38 upstream e43ffb69e043 1095583b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/06/01 16:12 upstream e43ffb69e043 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/01 04:41 upstream 8d9c51eac648 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/31 20:56 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/31 03:18 upstream 174914ea5513 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/31 01:38 upstream f5e5d3509bff 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_start
2026/05/30 14:13 upstream f5e5d3509bff 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/30 08:34 upstream 9215e74f228f 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/05/30 06:52 upstream 9215e74f228f 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/06/01 13:05 linux-next f7af91adc230 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/01 09:45 linux-next f7af91adc230 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_start
2026/06/01 08:05 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/01 07:03 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/01 06:03 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/06/01 01:39 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/31 20:13 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_start
2026/05/31 13:47 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/31 11:24 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/30 23:09 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_start
2026/05/30 21:41 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/30 19:11 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/30 17:23 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
2026/05/30 10:07 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/05/30 02:01 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_start
2026/05/30 00:29 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel paging request in kcov_remote_start
2026/05/29 23:09 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in kcov_remote_start
* Struck through repros no longer work on HEAD.