| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <694bcb49.050a0220.35954c.001a.GAE@google.com>
Date: Wed, 24 Dec 2025 03:15:21 -0800
From: syzbot <syzbot+00e61c43eb5e4740438f@...kaller.appspotmail.com>
To: brauner@...nel.org, jack@...e.cz, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com,
viro@...iv.linux.org.uk
Subject: [syzbot] [fs?] memory leak in getname_flags
Hello,
syzbot found the following issue on:
HEAD commit: b927546677c8 Merge tag 'dma-mapping-6.19-2025-12-22' of gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=146fef1a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=d60836e327fd6756
dashboard link: https://syzkaller.appspot.com/bug?extid=00e61c43eb5e4740438f
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=153e90fc580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=126fef1a580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7c1254aadd0a/disk-b9275466.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/15b98aa2b078/vmlinux-b9275466.xz
kernel image: https://storage.googleapis.com/syzbot-assets/10a68a086ef8/bzImage-b9275466.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+00e61c43eb5e4740438f@...kaller.appspotmail.com
2025/12/24 09:11:05 executed programs: 5
BUG: memory leak
unreferenced object 0xffff8881098a2000 (size 4096):
comm "syz.0.17", pid 6087, jiffies 4294944491
hex dump (first 32 bytes):
20 20 8a 09 81 88 ff ff 40 02 00 00 00 20 00 00 ......@.... ..
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 5d427fb2):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4958 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
getname_flags.part.0+0x26/0x280 fs/namei.c:146
getname_flags+0x4b/0x90 include/linux/audit.h:345
getname include/linux/fs.h:2498 [inline]
__io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
io_init_req io_uring/io_uring.c:2234 [inline]
io_submit_sqe io_uring/io_uring.c:2281 [inline]
io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
__do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881009ea000 (size 4096):
comm "syz.0.18", pid 6090, jiffies 4294944493
hex dump (first 32 bytes):
20 a0 9e 00 81 88 ff ff 40 02 00 00 00 20 00 00 .......@.... ..
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 254b05b2):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4958 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
getname_flags.part.0+0x26/0x280 fs/namei.c:146
getname_flags+0x4b/0x90 include/linux/audit.h:345
getname include/linux/fs.h:2498 [inline]
__io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
io_init_req io_uring/io_uring.c:2234 [inline]
io_submit_sqe io_uring/io_uring.c:2281 [inline]
io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
__do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881009eb000 (size 4096):
comm "syz.0.19", pid 6092, jiffies 4294944494
hex dump (first 32 bytes):
20 b0 9e 00 81 88 ff ff 40 02 00 00 00 20 00 00 .......@.... ..
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 9f4244d8):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4958 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
getname_flags.part.0+0x26/0x280 fs/namei.c:146
getname_flags+0x4b/0x90 include/linux/audit.h:345
getname include/linux/fs.h:2498 [inline]
__io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
io_init_req io_uring/io_uring.c:2234 [inline]
io_submit_sqe io_uring/io_uring.c:2281 [inline]
io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
__do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881098a6000 (size 4096):
comm "syz.0.20", pid 6134, jiffies 4294945094
hex dump (first 32 bytes):
20 60 8a 09 81 88 ff ff 40 02 00 00 00 20 00 00 `......@.... ..
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc d8f470d9):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4958 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
getname_flags.part.0+0x26/0x280 fs/namei.c:146
getname_flags+0x4b/0x90 include/linux/audit.h:345
getname include/linux/fs.h:2498 [inline]
__io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
io_init_req io_uring/io_uring.c:2234 [inline]
io_submit_sqe io_uring/io_uring.c:2281 [inline]
io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
__do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881098a1000 (size 4096):
comm "syz.0.21", pid 6135, jiffies 4294945095
hex dump (first 32 bytes):
20 10 8a 09 81 88 ff ff 40 02 00 00 00 20 00 00 .......@.... ..
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 4828ba4d):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4958 [inline]
slab_alloc_node mm/slub.c:5263 [inline]
kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
getname_flags.part.0+0x26/0x280 fs/namei.c:146
getname_flags+0x4b/0x90 include/linux/audit.h:345
getname include/linux/fs.h:2498 [inline]
__io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
io_init_req io_uring/io_uring.c:2234 [inline]
io_submit_sqe io_uring/io_uring.c:2281 [inline]
io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
__do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Powered by blists - more mailing lists