syzbot


KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop

Status: upstream: reported on 2025/10/07 03:33
Subsystems: usb
Labels: prio:normal
[Documentation on labels]
Reported-by: syzbot+90984d3713722683112e@syzkaller.appspotmail.com
First crash: 275d, last: 1h17m
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
a76087d1-d48e-4a2a-990d-fb4762242508 assessment-security DenialOfService: ❌ Exploitable: ❌ FilesystemTrigger: ❌ NetworkTrigger: ❌ PeripheralTrigger: ❌ RemoteTrigger: ❌ Unprivileged: ❌ UserNamespace: ❌ VMGuestTrigger: ❌ VMHostTrigger: ❌ KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop 2026/05/22 00:27 2026/05/22 00:27 2026/05/22 01:29 d57425845dbe663f86e1e54a4997e95bd557b624

			
		
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] kcov: fix potential kcov_mode corruption under CONFIG_PREEMPT_RT 5 (5) 2026/05/21 08:38
[syzbot] [usb?] KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop 0 (1) 2025/10/07 03:33
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in exit_to_user_mode_loop (3) kernel 7 C 2558 1482d 1740d 0/29 auto-closed as invalid on 2022/09/22 19:06

Sample crash report:
rc_core: IR keymap rc-dib0700-rc5 not found
Registered IR keymap rc-empty
dvb-usb: could not initialize remote control.
dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130 lib/list_debug.c:29
Read of size 8 at addr ffffc9001173f008 by task kworker/0:4/19801

CPU: 0 UID: 0 PID: 19801 Comm: kworker/0:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description+0x55/0x1e0 mm/kasan/report.c:378
 print_report+0x58/0x70 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __list_add_valid_or_report+0x4e/0x130 lib/list_debug.c:29
 __list_add_valid include/linux/list.h:96 [inline]
 __list_add include/linux/list.h:158 [inline]
 list_add include/linux/list.h:177 [inline]
 kcov_remote_area_put kernel/kcov.c:156 [inline]
 kcov_remote_stop+0x457/0x680 kernel/kcov.c:1084
 hub_event+0x4789/0x4cf0 drivers/usb/core/hub.c:5998
 process_one_work kernel/workqueue.c:3322 [inline]
 process_scheduled_works+0xa8e/0x14e0 kernel/workqueue.c:3405
 worker_thread+0xa47/0xfb0 kernel/workqueue.c:3486
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc9001173ef00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9001173ef80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc9001173f000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                      ^
 ffffc9001173f080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9001173f100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (445):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/07/05 15:19 upstream 7404ce516372 fcece630 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/05 10:56 upstream 7404ce516372 fcece630 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/04 09:03 upstream 71dfdfb0209b fcece630 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/04 00:19 upstream 71dfdfb0209b fcece630 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/03 13:42 upstream 87320be9f0d2 58bf2096 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/01 14:10 upstream 665159e24674 00a5cf1c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/01 06:41 upstream 665159e24674 00a5cf1c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/01 00:21 upstream dc59e4fea9d8 00e8b0fd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/30 20:21 upstream dc59e4fea9d8 00e8b0fd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/30 04:52 upstream dc59e4fea9d8 fff8d0a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/30 00:57 upstream dc59e4fea9d8 fff8d0a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/29 00:13 upstream 8b69c0475871 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/28 21:49 upstream 8b69c0475871 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/27 22:01 upstream 5a66900afbd6 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/27 20:56 upstream 5a66900afbd6 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/27 19:41 upstream 5a66900afbd6 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/27 17:50 upstream 5a66900afbd6 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/27 07:49 upstream 51cb1aa1250c fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/27 06:04 upstream 51cb1aa1250c fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/26 12:21 upstream 4edcdefd4083 7ff32d8b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/25 22:48 upstream ab9de95c9cf9 432fd51a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/25 18:40 upstream ab9de95c9cf9 432fd51a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/25 11:21 upstream ab9de95c9cf9 cfa969bf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/24 17:34 upstream 840ef6c78e6a c1da772e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/23 08:36 upstream 502d801f0ab0 5a630be6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/23 03:15 upstream ef0c9f75a195 5a630be6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/22 07:47 upstream 8cd8cf7a07e5 43bfcdb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/21 23:16 upstream 8cd8cf7a07e5 43bfcdb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/21 18:03 upstream 390d73adf896 43bfcdb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/05/21 03:41 upstream df685633c3db 41b8c833 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/03/10 02:37 upstream 1f318b96cc84 6972f302 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/06 23:36 upstream fd94619c4336 91305dbe .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2025/10/03 03:32 upstream 7f7072574127 49379ee0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/04 14:24 linux-next 2b763db0c276 fcece630 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/04 07:18 linux-next 2b763db0c276 fcece630 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/02 18:45 linux-next 7de6ae9e1220 2b70b115 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/02 01:18 linux-next 7de6ae9e1220 27192279 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/01 05:37 linux-next 7de6ae9e1220 00a5cf1c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/30 11:53 linux-next 7de6ae9e1220 fff8d0a0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/29 15:53 linux-next 3d5670d672ae 6a0c72dc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/29 08:41 linux-next 3d5670d672ae fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/29 05:44 linux-next 3d5670d672ae fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/28 05:55 linux-next 3d5670d672ae fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/27 02:27 linux-next 3d5670d672ae fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/25 16:50 linux-next 6c94b38b83a0 432fd51a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/25 12:34 linux-next 4e5dfb7c8401 432fd51a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/24 08:35 linux-next 4e5dfb7c8401 042555ff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-rust-kasan-gce KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/22 00:34 linux-next 3ce97bd3c4f1 43bfcdb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/06/20 19:23 linux-next 3ce97bd3c4f1 43bfcdb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: vmalloc-out-of-bounds Read in kcov_remote_stop
2026/07/01 15:13 upstream 665159e24674 27192279 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_stop
2026/06/23 09:54 upstream 502d801f0ab0 4b1d8f01 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in kcov_remote_stop
2026/06/24 10:35 linux-next 4e5dfb7c8401 c1da772e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in kcov_remote_stop
* Struck through repros no longer work on HEAD.