syzbot |
sign-in | mailing list | source | docs |
================================================================== BUG: KASAN: use-after-free in memcpy_from_iter lib/iov_iter.c:85 [inline] BUG: KASAN: use-after-free in iterate_bvec include/linux/iov_iter.h:123 [inline] BUG: KASAN: use-after-free in iterate_and_advance2 include/linux/iov_iter.h:306 [inline] BUG: KASAN: use-after-free in iterate_and_advance include/linux/iov_iter.h:330 [inline] BUG: KASAN: use-after-free in __copy_from_iter lib/iov_iter.c:261 [inline] BUG: KASAN: use-after-free in copy_folio_from_iter_atomic+0xb7c/0x164c lib/iov_iter.c:491 Read of size 4096 at addr ffff0000d64c3000 by task kworker/u8:7/642 CPU: 0 UID: 0 PID: 642 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025 Workqueue: loop2 loop_workfn Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 print_address_description+0xa8/0x238 mm/kasan/report.c:378 print_report+0x68/0x84 mm/kasan/report.c:482 kasan_report+0xb0/0x110 mm/kasan/report.c:595 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:200 __asan_memcpy+0x3c/0x84 mm/kasan/shadow.c:105 memcpy_from_iter lib/iov_iter.c:85 [inline] iterate_bvec include/linux/iov_iter.h:123 [inline] iterate_and_advance2 include/linux/iov_iter.h:306 [inline] iterate_and_advance include/linux/iov_iter.h:330 [inline] __copy_from_iter lib/iov_iter.c:261 [inline] copy_folio_from_iter_atomic+0xb7c/0x164c lib/iov_iter.c:491 generic_perform_write+0x4d0/0x7bc mm/filemap.c:4332 shmem_file_write_iter+0x10c/0x134 mm/shmem.c:3490 lo_rw_aio+0x8f4/0xa78 drivers/block/loop.c:-1 do_req_filebacked drivers/block/loop.c:-1 [inline] loop_handle_cmd drivers/block/loop.c:1926 [inline] loop_process_work+0x808/0x1058 drivers/block/loop.c:1961 loop_workfn+0x50/0x64 drivers/block/loop.c:1985 process_one_work+0x7c0/0x1558 kernel/workqueue.c:3257 process_scheduled_works kernel/workqueue.c:3340 [inline] worker_thread+0x958/0xed8 kernel/workqueue.c:3421 kthread+0x5fc/0x75c kernel/kthread.c:463 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844 The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x25 pfn:0x1164c3 flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000000000 fffffdffc3658c48 fffffdffc353db88 0000000000000000 raw: 0000000000000025 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000d64c2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000d64c2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff0000d64c3000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff0000d64c3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff0000d64c3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/12/25 20:48 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 8f0b4cce4481 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | KASAN: use-after-free Read in copy_folio_from_iter_atomic |