lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <691672a5.a70a0220.3124cb.0039.GAE@google.com>
Date: Thu, 13 Nov 2025 16:07:01 -0800
From: syzbot <syzbot+ad45f827c88778ff7df6@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org, mehdi.benhadjkhelifa@...il.com, 
	syzkaller-bugs@...glegroups.com, syzkaller@...glegroups.com
Subject: Re: [syzbot] [hfs?] memory leak in hfs_init_fs_context

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

ocol family
[   12.356386][    T1] 9pnet: Installing 9P2000 support
[   12.357387][    T1] NET: Registered PF_CAIF protocol family
[   12.359598][    T1] NET: Registered PF_IEEE802154 protocol family
[   12.360820][    T1] Key type dns_resolver registered
[   12.362055][    T1] Key type ceph registered
[   12.362972][    T1] libceph: loaded (mon/osd proto 15/24)
[   12.364812][    T1] batman_adv: B.A.T.M.A.N. advanced 2025.4 (compatibility version 15) loaded
[   12.366182][    T1] openvswitch: Open vSwitch switching datapath
[   12.367782][    T1] NET: Registered PF_VSOCK protocol family
[   12.368848][    T1] mpls_gso: MPLS GSO support
[   12.392435][    T1] IPI shorthand broadcast: enabled
[   12.628894][    T1] sched_clock: Marking stable (12590011719, 31029087)->(12629106451, -8065645)
[   12.638998][    T1] registered taskstats version 1
[   12.648379][    T1] Loading compiled-in X.509 certificates
[   12.699133][    T1] Loaded X.509 cert 'Build time autogenerated kernel key: d488cbc2e071d1aa06eea7feaf70de2187f78c53'
[   12.744621][    T1] zswap: loaded using pool 842
[   12.749914][    T1] Demotion targets for Node 0: null
[   12.755145][    T1] Demotion targets for Node 1: null
[   12.760384][    T1] kmemleak: Kernel memory leak detector initialized (mem pool available: 15732)
[   12.769760][    T1] Key type .fscrypt registered
[   12.774552][    T1] Key type fscrypt-provisioning registered
[   12.781620][    T1] kAFS: Red Hat AFS client v0.1 registering.
[   12.790548][    T1] Btrfs loaded, assert=on, zoned=yes, fsverity=yes
[   12.797582][    T1] Key type big_key registered
[   12.802295][    T1] Key type encrypted registered
[   12.807171][    T1] AppArmor: AppArmor sha256 policy hashing enabled
[   12.813703][    T1] ima: No TPM chip found, activating TPM-bypass!
[   12.820129][    T1] Loading compiled-in module X.509 certificates
[   12.870006][    T1] Loaded X.509 cert 'Build time autogenerated kernel key: d488cbc2e071d1aa06eea7feaf70de2187f78c53'
[   12.880814][    T1] ima: Allocated hash algorithm: sha256
[   12.886586][    T1] ima: No architecture policies found
[   12.892082][    T1] evm: Initialising EVM extended attributes:
[   12.898045][    T1] evm: security.selinux (disabled)
[   12.903188][    T1] evm: security.SMACK64 (disabled)
[   12.908308][    T1] evm: security.SMACK64EXEC (disabled)
[   12.913772][    T1] evm: security.SMACK64TRANSMUTE (disabled)
[   12.919669][    T1] evm: security.SMACK64MMAP (disabled)
[   12.925137][    T1] evm: security.apparmor
[   12.929367][    T1] evm: security.ima
[   12.933210][    T1] evm: security.capability
[   12.937621][    T1] evm: HMAC attrs: 0x1
[   12.942363][    T1] PM:   Magic number: 1:891:1009
[   12.947794][    T1] netconsole: network logging started
[   12.953395][    T1] gtp: GTP module loaded (pdp ctx size 128 bytes)
[   12.961366][    T1] rdma_rxe: loaded
[   12.965484][    T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[   12.975828][    T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[   12.983699][    T1] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[   12.992052][ T3096] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   13.001170][    T1] clk: Disabling unused clocks
[   13.001625][ T3096] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   13.006350][    T1] ALSA device list:
[   13.018837][    T1]   #0: Dummy 1
[   13.022303][    T1]   #1: Loopback 1
[   13.026009][    T1]   #2: Virtual MIDI Card 1
[   13.031911][    T1] check access for rdinit=/init failed: -2, ignoring
[   13.038581][    T1] md: Waiting for all devices to be available before autodetect
[   13.046224][    T1] md: If you don't use raid, use raid=noautodetect
[   13.052720][    T1] md: Autodetecting RAID arrays.
[   13.057648][    T1] md: autorun ...
[   13.061368][    T1] md: ... autorun DONE.
[   13.182345][    T1] EXT4-fs (sda1): orphan cleanup on readonly fs
[   13.191140][    T1] EXT4-fs (sda1): mounted filesystem 4f91c6db-4997-4bb4-91b8-7e83a20c1bf1 ro with ordered data mode. Quota mode: none.
[   13.203709][    T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[   13.212657][    T1] devtmpfs: mounted
[   13.222294][    T1] Freeing unused kernel image (initmem) memory: 16140K
[   13.230584][    T1] Write protecting the kernel read-only data: 94208k
[   13.240931][    T1] Freeing unused kernel image (text/rodata gap) memory: 1156K
[   13.249727][    T1] Freeing unused kernel image (rodata/data gap) memory: 964K
[   13.408312][    T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[   13.416107][    T1] x86/mm: Checking user space page tables
[   13.559233][    T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[   13.566791][    T1] Failed to set sysctl parameter 'kernel.hung_task_all_cpu_backtrace=1': parameter not found
[   13.579439][    T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[   13.588985][    T1] Run /sbin/init as init process
[   13.928520][    T1] kmemleak: Cannot insert 0xffff8881098de400 into the object search tree (overlaps existing)
[   13.928535][    T1] CPU: 1 UID: 0 PID: 1 Comm: init Not tainted syzkaller #0 PREEMPT(full) 
[   13.928553][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   13.928561][    T1] Call Trace:
[   13.928565][    T1]  <TASK>
[   13.928569][    T1]  dump_stack_lvl+0xab/0xe0
[   13.928613][    T1]  __link_object+0x194/0x210
[   13.928634][    T1]  __create_object+0x48/0x80
[   13.928658][    T1]  __kmalloc_cache_noprof+0x3a6/0x5b0
[   13.928688][    T1]  ? ima_add_digest_entry+0x32/0x1c0
[   13.928719][    T1]  ? ima_add_digest_entry+0x32/0x1c0
[   13.928740][    T1]  ima_add_digest_entry+0x32/0x1c0
[   13.928763][    T1]  ima_add_template_entry+0x28a/0x340
[   13.928788][    T1]  ima_store_template+0x7f/0xd0
[   13.928814][    T1]  ima_store_measurement+0x134/0x290
[   13.928841][    T1]  process_measurement+0x11a2/0x12d0
[   13.928868][    T1]  ima_file_check+0x66/0x90
[   13.928890][    T1]  security_file_post_open+0x8e/0x210
[   13.928907][    T1]  path_openat+0x9c0/0x1eb0
[   13.928923][    T1]  ? nd_jump_root+0x60/0x1b0
[   13.928948][    T1]  do_filp_open+0x102/0x1f0
[   13.928966][    T1]  do_sys_openat2+0xc1/0x140
[   13.928988][    T1]  __x64_sys_openat+0xb2/0x100
[   13.929010][    T1]  do_syscall_64+0xa4/0xfa0
[   13.929032][    T1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   13.929048][    T1] RIP: 0033:0x7f697b4470ba
[   13.929059][    T1] Code: 41 89 f2 48 89 54 24 e0 41 83 e2 40 75 2a 89 f0 f7 d0 a9 00 00 41 00 74 1f 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 77 2e c3 0f 1f 44 00 00 48 8d 44 24 08 c7 44 24
[   13.929074][    T1] RSP: 002b:00007ffef00e24a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000101
[   13.929087][    T1] RAX: ffffffffffffffda RBX: 00007ffef00e2520 RCX: 00007f697b4470ba
[   13.929099][    T1] RDX: 0000000000080000 RSI: 00007ffef00e2520 RDI: 00000000ffffff9c
[   13.929108][    T1] RBP: 00007ffef00e2510 R08: 00007ffef00e2717 R09: 0000000000000000
[   13.929117][    T1] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000001b
[   13.929126][    T1] R13: 00007f697b41b050 R14: 00007ffef00e2730 R15: 0000000000000000
[   13.929137][    T1]  </TASK>
[   13.929148][    T1] kmemleak: Kernel memory leak detector disabled
[   13.929153][    T1] kmemleak: Object 0xffff8881098de400 (size 64):
[   13.929161][    T1] kmemleak:   comm "init", pid 1, jiffies 4294938627
[   13.929169][    T1] kmemleak:   min_count = 1
[   13.929173][    T1] kmemleak:   count = 0
[   13.929177][    T1] kmemleak:   flags = 0x1
[   13.929181][    T1] kmemleak:   checksum = 0
[   13.929186][    T1] kmemleak:   backtrace:
[   13.929189][    T1]  __kmalloc_noprof+0x3e3/0x6b0
[   13.929203][    T1]  ima_write_template_field_data+0x56/0x150
[   13.929221][    T1]  ima_eventdigest_init_common+0x10a/0x270
[   13.929238][    T1]  ima_alloc_init_template+0x16d/0x250
[   13.929264][    T1]  ima_store_measurement+0x100/0x290
[   13.929289][    T1]  process_measurement+0x11a2/0x12d0
[   13.929310][    T1]  ima_file_check+0x66/0x90
[   13.929330][    T1]  security_file_post_open+0x8e/0x210
[   13.929345][    T1]  path_openat+0x9c0/0x1eb0
[   13.929358][    T1]  do_filp_open+0x102/0x1f0
[   13.929372][    T1]  do_sys_openat2+0xc1/0x140
[   13.929391][    T1]  __x64_sys_openat+0xb2/0x100
[   13.929412][    T1]  do_syscall_64+0xa4/0xfa0
[   13.929432][    T1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   14.289664][ T5148] mount (5148) used greatest stack depth: 12432 bytes left
[   14.338066][ T5149] Oops: general protection fault, probably for non-canonical address 0x8c9f1f3bd28c4867: 0000 [#1] SMP PTI
[   14.349450][ T5149] CPU: 1 UID: 0 PID: 5149 Comm: init Not tainted syzkaller #0 PREEMPT(full) 
[   14.358203][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   14.368256][ T5149] RIP: 0010:__kmalloc_cache_noprof+0x422/0x5b0
[   14.374496][ T5149] Code: c1 e9 3a 48 0f a3 48 08 0f 83 4f 01 00 00 48 85 ff 0f 84 5c fe ff ff 41 ba ff ff ff ff 41 8b 44 24 30 49 8b 34 24 48 8d 4a 08 <48> 8b 1c 07 48 89 f8 65 48 0f c7 0e 0f 85 f7 fd ff ff 41 8b 44 24
[   14.394091][ T5149] RSP: 0018:ffffc90002257cd0 EFLAGS: 00010246
[   14.400158][ T5149] RAX: 0000000000000020 RBX: ffffea0004263780 RCX: 000000000001ac01
[   14.408215][ T5149] RDX: 000000000001abf9 RSI: ffffffff8946da20 RDI: 8c9f1f3bd28c4847
[   14.416264][ T5149] RBP: ffffc90002257d30 R08: 0000000000000040 R09: 0000000000000000
[   14.424232][ T5149] R10: 00000000ffffffff R11: 00322e6f732e3436 R12: ffff888100041700
[   14.432333][ T5149] R13: 0000000000000c00 R14: 0000000000000040 R15: 0000000000000cc0
[   14.440345][ T5149] FS:  00007f697b0b0c80(0000) GS:ffff8881b26c2000(0000) knlGS:0000000000000000
[   14.449272][ T5149] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   14.455856][ T5149] CR2: 00007f697b11aa10 CR3: 0000000109c5e000 CR4: 00000000003526f0
[   14.463913][ T5149] Call Trace:
[   14.467185][ T5149]  <TASK>
[   14.470105][ T5149]  ? load_elf_binary+0x2fc/0x27a0
[   14.475121][ T5149]  ? load_elf_binary+0x2fc/0x27a0
[   14.480147][ T5149]  load_elf_binary+0x2fc/0x27a0
[   14.484985][ T5149]  ? load_misc_binary+0x3b5/0x600
[   14.489996][ T5149]  bprm_execve+0x3f7/0x830
[   14.494403][ T5149]  do_execveat_common.isra.0+0x262/0x2e0
[   14.500026][ T5149]  __x64_sys_execve+0x3d/0x50
[   14.504778][ T5149]  do_syscall_64+0xa4/0xfa0
[   14.509377][ T5149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   14.515266][ T5149] RIP: 0033:0x7f697b24b107
[   14.519691][ T5149] Code: 0f 00 64 c7 00 07 00 00 00 b8 ff ff ff ff c9 c3 0f 1f 00 48 8b 05 a9 ee 0f 00 48 8b 10 e9 01 00 00 00 90 b8 3b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c1 ec 0f 00 f7 d8 64 89 01 48
[   14.539376][ T5149] RSP: 002b:00007ffef00e3208 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
[   14.547775][ T5149] RAX: ffffffffffffffda RBX: 00007ffef00e3310 RCX: 00007f697b24b107
[   14.555732][ T5149] RDX: 0000562c23324480 RSI: 00007ffef00e3280 RDI: 00007ffef00e3310
[   14.563778][ T5149] RBP: 00007ffef00e3270 R08: 0000000000000000 R09: 0000000000000001
[   14.571747][ T5149] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffef00e3280
[   14.579709][ T5149] R13: 0000562c23324480 R14: 0000000000000001 R15: 0000000000000001
[   14.587668][ T5149]  </TASK>
[   14.590674][ T5149] Modules linked in:
[   14.594597][ T5149] ---[ end trace 0000000000000000 ]---
[   14.600083][ T5149] RIP: 0010:__kmalloc_cache_noprof+0x422/0x5b0
[   14.606318][ T5149] Code: c1 e9 3a 48 0f a3 48 08 0f 83 4f 01 00 00 48 85 ff 0f 84 5c fe ff ff 41 ba ff ff ff ff 41 8b 44 24 30 49 8b 34 24 48 8d 4a 08 <48> 8b 1c 07 48 89 f8 65 48 0f c7 0e 0f 85 f7 fd ff ff 41 8b 44 24
[   14.625968][ T5149] RSP: 0018:ffffc90002257cd0 EFLAGS: 00010246
[   14.632056][ T5149] RAX: 0000000000000020 RBX: ffffea0004263780 RCX: 000000000001ac01
[   14.640024][ T5149] RDX: 000000000001abf9 RSI: ffffffff8946da20 RDI: 8c9f1f3bd28c4847
[   14.648028][ T5149] RBP: ffffc90002257d30 R08: 0000000000000040 R09: 0000000000000000
[   14.656008][ T5149] R10: 00000000ffffffff R11: 00322e6f732e3436 R12: ffff888100041700
[   14.663982][ T5149] R13: 0000000000000c00 R14: 0000000000000040 R15: 0000000000000cc0
[   14.672296][ T5149] FS:  00007f697b0b0c80(0000) GS:ffff8881b25c2000(0000) knlGS:0000000000000000
[   14.681247][ T5149] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   14.687849][ T5149] CR2: 00007f022521ae9c CR3: 0000000109c5e000 CR4: 00000000003526f0
[   14.695952][ T5149] Kernel panic - not syncing: Fatal exception
[   14.702417][ T5149] Kernel Offset: disabled
[   14.706729][ T5149] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2273466794=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at 4e1406b4def
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4e1406b4defac0e2a9d9424c70706f79a7750cf3 -X github.com/google/syzkaller/prog.gitRevisionDate=20251106-151142"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4e1406b4defac0e2a9d9424c70706f79a7750cf3 -X github.com/google/syzkaller/prog.gitRevisionDate=20251106-151142"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=4e1406b4defac0e2a9d9424c70706f79a7750cf3 -X github.com/google/syzkaller/prog.gitRevisionDate=20251106-151142"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"4e1406b4defac0e2a9d9424c70706f79a7750cf3\"
/usr/bin/ld: /tmp/cc4VJZ8z.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=16b8c212580000


Tested on:

commit:         9b9e4370 Merge tag 'slab-for-6.18-rc6' of git://git.ke..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=cb128cd5cb439809
dashboard link: https://syzkaller.appspot.com/bug?extid=ad45f827c88778ff7df6
compiler:       gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=132cb532580000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ