Hello, syzbot found the following issue on: HEAD commit: ca72d58361ee Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=14a882f3480000 kernel config: https://syzkaller.appspot.com/x/.config?x=f3e78232c1ed2b43 dashboard link: https://syzkaller.appspot.com/bug?extid=cdd9922704fc75e03ffc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1203777b480000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124c1ea3480000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/e2c91688b4cd/disk-ca72d583.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/af105438bee6/vmlinux-ca72d583.xz kernel image: https://storage.googleapis.com/syzbot-assets/4a28ec4f8f7e/Image-ca72d583.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+cdd9922704fc75e03ffc@xxxxxxxxxxxxxxxxxxxxxxxxx usercopy: Kernel memory overwrite attempt detected to SLUB object 'pid' (offset 24, size 24)! ------------[ cut here ]------------ kernel BUG at mm/usercopy.c:102! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 4411 Comm: syz-executor101 Not tainted 6.2.0-rc6-syzkaller-17549-gca72d58361ee #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usercopy_abort+0x90/0x94 lr : usercopy_abort+0x90/0x94 sp : ffff80000fb8bb90 x29: ffff80000fb8bba0 x28: 000000000000001c x27: ffff0000c76d1a00 x26: 00000000200000c0 x25: ffff80000cf42000 x24: fffffc0000000000 x23: 05ffc00000000200 x22: fffffc0003250440 x21: ffff0000c9411618 x20: 0000000000000000 x19: 0000000000000018 x18: 0000000000002bee x17: 63656a626f204255 x16: ffff0000c76d23f8 x15: ffff80000dbc2118 x14: ffff0000c76d1a00 x13: 00000000ffffffff x12: ffff0000c76d1a00 x11: ff808000081bbb4c x10: 0000000000000000 x9 : 295e44a4d7b9f900 x8 : 295e44a4d7b9f900 x7 : ffff80000bf60b80 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000 x2 : ffff0001fefbef08 x1 : 0000000100000000 x0 : 000000000000005d Call trace: usercopy_abort+0x90/0x94 __check_heap_object+0xa8/0x100 __check_object_size+0x208/0x6b8 io_openat2_prep+0xcc/0x2b8 io_submit_sqes+0x338/0xbb8 __arm64_sys_io_uring_enter+0x168/0x1308 invoke_syscall+0x64/0x178 el0_svc_common+0xbc/0x180 do_el0_svc+0x48/0x110 el0_svc+0x58/0x14c el0t_64_sync_handler+0x84/0xf0 el0t_64_sync+0x190/0x194 Code: 9133a800 aa0903e1 f90003e8 94e6c80f (d4210000) ---[ end trace 0000000000000000 ]--- --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
