syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1330]
Subsystems
🐞 Fixed [7140]
🐞 Invalid [18880]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop

Status: upstream: reported on 2025/10/07 03:33
Subsystems: usb
Labels: prio:normal
[Documentation on labels]
Reported-by: syzbot+90984d3713722683112e@syzkaller.appspotmail.com
First crash: 245d, last: 16h53m
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
a76087d1-d48e-4a2a-990d-fb4762242508 assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop 2026/05/22 00:27 2026/05/22 00:27 2026/05/22 01:29 d57425845dbe663f86e1e54a4997e95bd557b624
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] kcov: fix potential kcov_mode corruption under CONFIG_PREEMPT_RT 5 (5) 2026/05/21 08:38
[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop 0 (1) 2025/10/07 03:33
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in exit_to_user_mode_loop (3) kernel 7 C 2558 1452d 1710d 0/29 auto-closed as invalid on 2022/09/22 19:06

Sample crash report:
usb 2-1: USB disconnect, device number 50
ch341 2-1:0.0: device disconnected
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130 lib/list_debug.c:29
Read of size 8 at addr ffffc9000e341008 by task kworker/0:6/5741

CPU: 0 UID: 0 PID: 5741 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description+0x55/0x1e0 mm/kasan/report.c:378
 print_report+0x58/0x70 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __list_add_valid_or_report+0x4e/0x130 lib/list_debug.c:29
 __list_add_valid include/linux/list.h:96 [inline]
 __list_add include/linux/list.h:158 [inline]
 list_add include/linux/list.h:177 [inline]
 kcov_remote_area_put kernel/kcov.c:156 [inline]
 kcov_remote_stop+0x457/0x680 kernel/kcov.c:1074
 hub_event+0x49d8/0x4f60 drivers/usb/core/hub.c:5998
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xb5d/0x1860 kernel/workqueue.c:3397
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc9000e340f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9000e340f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc9000e341000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                      ^
 ffffc9000e341080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9000e341100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (346):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/04 11:29 upstream ba3e43a9e601 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/04 08:46 upstream ba3e43a9e601 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/03 19:10 upstream ba3e43a9e601 234057e5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/29 07:31 upstream 8fde5d1d47f6 4624854e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/28 20:40 upstream eb3f4b7426cf 9a5a7e5e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/28 04:46 upstream eb3f4b7426cf 4c36e7e5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/27 03:23 upstream d60ec36cab33 2b01f00e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/24 20:04 upstream 4cbfe4502e3d c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/24 12:47 upstream 4cbfe4502e3d c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/23 11:45 upstream 79bd2dded182 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/22 16:15 upstream 6779b50faa56 e16cf9f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/22 08:46 upstream 6779b50faa56 e195359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/21 03:41 upstream df685633c3db 41b8c833 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/20 09:10 upstream 27fa82620cba 0909d65f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/19 12:06 upstream ab5fce87a778 223544dc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/18 18:23 upstream 5200f5f493f7 55156e84 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/16 18:57 upstream 6916d5703ddf a15a64a6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/03/10 02:37 upstream 1f318b96cc84 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/06 23:36 upstream fd94619c4336 91305dbe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/03 03:32 upstream 7f7072574127 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/04 20:55 linux-next f7af91adc230 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/04 05:02 linux-next f7af91adc230 197909be .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/03 08:37 linux-next f7af91adc230 3c0d2131 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/02 16:41 linux-next f7af91adc230 62fe1528 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/01 18:59 linux-next f7af91adc230 8d8eeb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/01 04:48 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/31 19:15 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/31 10:44 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/31 01:46 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/27 18:21 linux-next e7d700e14934 769cbc61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/27 15:21 linux-next e7e28506af98 769cbc61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/27 07:47 linux-next e7e28506af98 2b01f00e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/26 03:03 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/25 16:40 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/25 10:03 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/24 15:24 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/24 09:40 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/24 07:26 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/23 18:37 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/23 10:28 linux-next c1ecb239fa34 c69befb3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/21 18:19 linux-next 550604d6c9b9 e195359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/21 13:19 linux-next 687da68900cd e195359d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/21 09:44 linux-next 687da68900cd 41b8c833 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/21 06:19 linux-next 687da68900cd 41b8c833 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/20 23:14 linux-next 687da68900cd 41b8c833 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/20 14:37 linux-next 687da68900cd 62fb93a2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/20 08:06 linux-next 6a50ba100ace 0909d65f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/20 05:34 linux-next 6a50ba100ace 0909d65f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/17 21:07 linux-next e98d21c170b0 de5aae85 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/16 01:43 linux-next e98d21c170b0 81fb92f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/03 10:05 linux-next f7af91adc230 3c0d2131 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_stop
2026/05/30 02:42 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce BUG: corrupted list in kcov_remote_stop
2026/05/30 01:38 linux-next f7af91adc230 6b4a8443 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_stop
2026/05/16 03:35 linux-next e98d21c170b0 81fb92f3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_stop
* Struck through repros no longer work on HEAD.