CVE-2025-38139

In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix oops in write-retry from mis-resetting the subreq iterator

Fix the resetting of the subrequest iterator in netfsretrywrite_stream() to use the iterator-reset function as the iterator may have been shortened by a previous retry. In such a case, the amount of data to be written by the subrequest is not "subreq->len" but "subreq->len - subreq->transferred".

Without this, KASAN may see an error in ioviterrevert():

BUG: KASAN: slab-out-of-bounds in ioviterrevert lib/ioviter.c:633 [inline] BUG: KASAN: slab-out-of-bounds in ioviterrevert+0x443/0x5a0 lib/ioviter.c:611 Read of size 4 at addr ffff88802912a0b8 by task kworker/u32:7/1147

CPU: 1 UID: 0 PID: 1147 Comm: kworker/u32:7 Not tainted 6.15.0-rc6-syzkaller-00052-g9f35e33144ae #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: eventsunbound netfswritecollectionworker Call Trace: <TASK> _dumpstack lib/dumpstack.c:94 [inline] dumpstacklvl+0x116/0x1f0 lib/dumpstack.c:120 printaddressdescription mm/kasan/report.c:408 [inline] printreport+0xc3/0x670 mm/kasan/report.c:521 kasanreport+0xe0/0x110 mm/kasan/report.c:634 ioviterrevert lib/ioviter.c:633 [inline] ioviterrevert+0x443/0x5a0 lib/ioviter.c:611 netfsretrywritestream fs/netfs/writeretry.c:44 [inline] netfsretrywrites+0x166d/0x1a50 fs/netfs/writeretry.c:231 netfscollectwriteresults fs/netfs/writecollect.c:352 [inline] netfswritecollectionworker+0x23fd/0x3830 fs/netfs/writecollect.c:374 processonework+0x9cf/0x1b70 kernel/workqueue.c:3238 processscheduledworks kernel/workqueue.c:3319 [inline] workerthread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:464 retfromfork+0x45/0x80 arch/x86/kernel/process.c:153 retfromforkasm+0x1a/0x30 arch/x86/entry/entry64.S:245 </TASK>