KASAN: vmalloc-out-of-bounds Read in kcov_remote

Title	Replies (including bot)	Last reply
[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop	0 (1)	2025/10/07 03:33

Title

Replies (including bot)

Last reply

[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop

0 (1)

2025/10/07 03:33

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	KMSAN: uninit-value in exit_to_user_mode_loop (3) kernel	7	C			2558	1210d	1469d	0/29	auto-closed as invalid on 2022/09/22 19:06

usb 5-1: config 0 descriptor?? appletouch 5-1:0.85: Failed to read mode from device. appletouch 5-1:0.85: probe with driver appletouch failed with error -5 usb 5-1: USB disconnect, device number 31 ================================================================== BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130 lib/list_debug.c:29 Read of size 8 at addr ffffc9000ffa1008 by task kworker/1:1/44 CPU: 1 UID: 0 PID: 44 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 __list_add_valid_or_report+0x4e/0x130 lib/list_debug.c:29 __list_add_valid include/linux/list.h:96 [inline] __list_add include/linux/list.h:158 [inline] list_add include/linux/list.h:177 [inline] kcov_remote_area_put kernel/kcov.c:156 [inline] kcov_remote_stop+0x52d/0x660 kernel/kcov.c:1060 hub_event+0x45d2/0x4a20 drivers/usb/core/hub.c:5997 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> The buggy address belongs to a vmalloc virtual mapping Memory state around the buggy address: ffffc9000ffa0f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc9000ffa0f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc9000ffa1000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc9000ffa1080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc9000ffa1100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ==================================================================

Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2025/10/06 23:36	upstream	fd94619c4336	91305dbe	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/04 22:51	upstream	cbf33b8e0b36	49379ee0	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/04 14:56	upstream	cbf33b8e0b36	49379ee0	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/03 22:18	upstream	9b0d551bcc05	49379ee0	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/03 04:55	upstream	e406d57be7bd	49379ee0	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/03 03:32	upstream	7f7072574127	49379ee0	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/06 14:32	upstream	fd94619c4336	91305dbe	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	BUG: corrupted list in kcov_remote_stop