Dear Kernel Maintainers, I am writing to report a potential vulnerability identified in the upstream Linux Kernel version v6.12, corresponding to the following commit in the mainline repository: Git Commit: adc218676eef25575469234709c2d87185ca223a (tag: v6.12) This issue was discovered during the testing of the Android 16 AOSP kernel, which is based on Linux kernel version 6.12, specifically from the AOSP kernel branch: AOSP kernel branch: android16-6.12 Manifest path: kernel/common.git Source URL: https://android.googlesource.com/kernel/common/+/refs/heads/android16-6.12 Although this kernel branch is used in Android 16 development, its base is aligned with the upstream Linux v6.12 release. I observed this issue while conducting stability and fuzzing tests on the Android 16 platform and identified that the root cause lies in the upstream codebase. Bug Location: blk_rq_timed_out_timer+0x40/0x58 block/blk-core.c:392 Bug Report: https://hastebin.com/share/luqeturafo.bash Entire Log: https://hastebin.com/share/oxihuwisek.perl Thank you very much for your time and attention. I sincerely apologize that I am currently unable to provide a reproducer for this issue. However, I am actively working on reproducing the problem, and I will make sure to share any findings or reproducing steps with you as soon as they are available. I greatly appreciate your efforts in maintaining the Linux kernel and your attention to this matter. Best regards, Luka
