syzbot

 sign-in | mailing list | source | docs
🐞 Open [1459]
Subsystems
🐞 Fixed [6817]
🐞 Invalid [17645]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

memory leak in getname_flags

Status: upstream: reported C repro on 2025/12/24 11:15
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+00e61c43eb5e4740438f@syzkaller.appspotmail.com
Fix commit: b14fad555302 io_uring: fix filename leak in __io_openat_prep()
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-usb]
First crash: 4d14h, last: 4d14h
Discussions (4)
Title Replies (including bot) Last reply
[PATCH v2] io_uring: fix filename leak in __io_openat_prep() 4 (4) 2025/12/25 15:18
[PATCH] io_uring: fix filename leak in __io_openat_prep() 3 (3) 2025/12/25 07:08
[syzbot] [fs?] memory leak in getname_flags 1 (3) 2025/12/25 07:03
[PATCH] io_uring: Fix filename leak in __io_openat_prep 1 (2) 2025/12/24 15:07
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/12/25 06:34 28m activprithvi@gmail.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git b927546677c876e26eba308550207c2ddf812a43 OK log
2025/12/24 14:37 23m activprithvi@gmail.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git b927546677c876e26eba308550207c2ddf812a43 OK log

Sample crash report:
2025/12/24 09:11:05 executed programs: 5
BUG: memory leak
unreferenced object 0xffff8881098a2000 (size 4096):
  comm "syz.0.17", pid 6087, jiffies 4294944491
  hex dump (first 32 bytes):
    20 20 8a 09 81 88 ff ff 40 02 00 00 00 20 00 00    ......@.... ..
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 5d427fb2):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
    getname_flags.part.0+0x26/0x280 fs/namei.c:146
    getname_flags+0x4b/0x90 include/linux/audit.h:345
    getname include/linux/fs.h:2498 [inline]
    __io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
    io_init_req io_uring/io_uring.c:2234 [inline]
    io_submit_sqe io_uring/io_uring.c:2281 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881009ea000 (size 4096):
  comm "syz.0.18", pid 6090, jiffies 4294944493
  hex dump (first 32 bytes):
    20 a0 9e 00 81 88 ff ff 40 02 00 00 00 20 00 00   .......@.... ..
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 254b05b2):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
    getname_flags.part.0+0x26/0x280 fs/namei.c:146
    getname_flags+0x4b/0x90 include/linux/audit.h:345
    getname include/linux/fs.h:2498 [inline]
    __io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
    io_init_req io_uring/io_uring.c:2234 [inline]
    io_submit_sqe io_uring/io_uring.c:2281 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881009eb000 (size 4096):
  comm "syz.0.19", pid 6092, jiffies 4294944494
  hex dump (first 32 bytes):
    20 b0 9e 00 81 88 ff ff 40 02 00 00 00 20 00 00   .......@.... ..
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 9f4244d8):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
    getname_flags.part.0+0x26/0x280 fs/namei.c:146
    getname_flags+0x4b/0x90 include/linux/audit.h:345
    getname include/linux/fs.h:2498 [inline]
    __io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
    io_init_req io_uring/io_uring.c:2234 [inline]
    io_submit_sqe io_uring/io_uring.c:2281 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881098a6000 (size 4096):
  comm "syz.0.20", pid 6134, jiffies 4294945094
  hex dump (first 32 bytes):
    20 60 8a 09 81 88 ff ff 40 02 00 00 00 20 00 00   `......@.... ..
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc d8f470d9):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
    getname_flags.part.0+0x26/0x280 fs/namei.c:146
    getname_flags+0x4b/0x90 include/linux/audit.h:345
    getname include/linux/fs.h:2498 [inline]
    __io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
    io_init_req io_uring/io_uring.c:2234 [inline]
    io_submit_sqe io_uring/io_uring.c:2281 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881098a1000 (size 4096):
  comm "syz.0.21", pid 6135, jiffies 4294945095
  hex dump (first 32 bytes):
    20 10 8a 09 81 88 ff ff 40 02 00 00 00 20 00 00   .......@.... ..
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 4828ba4d):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270
    getname_flags.part.0+0x26/0x280 fs/namei.c:146
    getname_flags+0x4b/0x90 include/linux/audit.h:345
    getname include/linux/fs.h:2498 [inline]
    __io_openat_prep+0x87/0x1a0 io_uring/openclose.c:70
    io_init_req io_uring/io_uring.c:2234 [inline]
    io_submit_sqe io_uring/io_uring.c:2281 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2434
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3280
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/24 09:11 upstream b927546677c8 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in getname_flags
* Struck through repros no longer work on HEAD.