syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1333]
Subsystems
🐞 Fixed [7146]
🐞 Invalid [18894]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

memory leak in fbcon_set_font (3)

Status: upstream: reported C repro on 2023/05/25 11:17
Subsystems: fbdev
[Documentation on labels]
Reported-by: syzbot+6fda7f092994bd03fad1@syzkaller.appspotmail.com
First crash: 1115d, last: 62d
✨ AI Jobs (2)
ID Workflow Result Correct Bug Created Started Finished Revision Error
aa1ec564-7065-47bf-bec9-7045c4f80556 assessment-security 💥 memory leak in fbcon_set_font (3) 2026/06/02 11:22 2026/06/02 11:22 2026/06/02 11:43 1095583bae1d2729a3b4be301cb6ddc85ced9e38 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/833d73ea7d9d32a86d135e64d3c998e10e2d3665" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: scripts/clang-tools/gen_compile_commands.py:173: SyntaxWarning: invalid escape sequence '\#' ld.lld: error: undefined symbol: wcslen * * Restart config... * * * Mitigations for speculative execution vulnerabilities * Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS) [Y/n/?] y Remove the kernel mapping in user mode (PAGE_TABLE_ISOLATION) [N/y/?] n Avoid speculative indirect branches in kernel (RETPOLINE) [N/y/?] n Enable IBPB on kernel entry (CPU_IBPB_ENTRY) [Y/n/?] y Enable IBRS on kernel entry (CPU_IBRS_ENTRY) [Y/n/?] y Mitigate Straight-Line-Speculation (SLS) [N/y/?] (NEW) Error in reading or end of file. * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Memory initialization * Initialize kernel stack variables at function entry > 1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE) 2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) (NEW) 3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) (NEW) choice[1-3?]: Error in reading or end of file. Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [Y/n/?] y Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] (NEW) Error in reading or end of file. * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors
29ef04b2-90f1-49c6-ad24-f6fc15f39ee8 assessment-security 💥 memory leak in fbcon_set_font (3) 2026/05/24 14:14 2026/05/24 14:14 2026/05/24 14:39 c69befb30ac10e158cc9d1557b508ee3f0eca1de failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/833d73ea7d9d32a86d135e64d3c998e10e2d3665" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: scripts/clang-tools/gen_compile_commands.py:173: SyntaxWarning: invalid escape sequence '\#' ld.lld: error: undefined symbol: wcslen * * Restart config... * * * Mitigations for speculative execution vulnerabilities * Mitigations for speculative execution vulnerabilities (SPECULATION_MITIGATIONS) [Y/n/?] y Remove the kernel mapping in user mode (PAGE_TABLE_ISOLATION) [N/y/?] n Avoid speculative indirect branches in kernel (RETPOLINE) [N/y/?] n Enable IBPB on kernel entry (CPU_IBPB_ENTRY) [Y/n/?] y Enable IBRS on kernel entry (CPU_IBRS_ENTRY) [Y/n/?] y Mitigate Straight-Line-Speculation (SLS) [N/y/?] (NEW) Error in reading or end of file. * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Memory initialization * Initialize kernel stack variables at function entry > 1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE) 2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) (NEW) 3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) (NEW) choice[1-3?]: Error in reading or end of file. Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [Y/n/?] y Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] (NEW) Error in reading or end of file. * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] Monthly fbdev report (Apr 2026) 0 (1) 2026/04/20 07:05
[syzbot] [fbdev?] memory leak in fbcon_set_font (3) 0 (1) 2023/05/25 11:17
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream memory leak in fbcon_set_font fbdev 3 C 1 1973d 1973d 0/29 auto-obsoleted due to no activity on 2022/10/03 19:40
upstream memory leak in fbcon_set_font (2) fbdev 3 C 1 1282d 1282d 22/29 fixed on 2023/02/24 13:50
Last patch testing requests (10)
Created Duration User Patch Repo Result
2026/04/07 15:31 18m retest repro upstream report log
2026/01/27 14:19 12m retest repro upstream report log
2025/11/18 13:46 17m retest repro upstream report log
2025/09/09 08:53 11m retest repro upstream report log
2025/07/01 07:45 42m retest repro upstream report log
2025/04/22 05:40 16m retest repro upstream report log
2025/02/11 05:12 20m retest repro upstream report log
2024/12/03 03:45 24m retest repro upstream report log
2024/09/23 00:14 11m retest repro upstream report log
2024/07/14 18:24 12m retest repro upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff88810eb60000 (size 26640):
  comm "syz-executor100", pid 4988, jiffies 4294944215 (age 14.910s)
  hex dump (first 32 bytes):
    03 cc 4b ef 00 00 00 00 00 68 00 00 01 00 00 00  ..K......h......
    0d e4 73 70 56 3e d4 50 e7 4f ba 9e e1 5c c0 c3  ..spV>.P.O...\..
  backtrace:
    [<ffffffff815460d7>] __do_kmalloc_node mm/slab_common.c:954 [inline]
    [<ffffffff815460d7>] __kmalloc+0xb7/0x120 mm/slab_common.c:979
    [<ffffffff826405bd>] kmalloc include/linux/slab.h:563 [inline]
    [<ffffffff826405bd>] fbcon_set_font+0x1ed/0x4a0 drivers/video/fbdev/core/fbcon.c:2502
    [<ffffffff8278ad5e>] con_font_set drivers/tty/vt/vt.c:4626 [inline]
    [<ffffffff8278ad5e>] con_font_op+0x5ae/0x730 drivers/tty/vt/vt.c:4673
    [<ffffffff82774b78>] vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline]
    [<ffffffff82774b78>] vt_ioctl+0x468/0x1d90 drivers/tty/vt/vt_ioctl.c:752
    [<ffffffff82757161>] tty_ioctl+0x4c1/0xd00 drivers/tty/tty_io.c:2777
    [<ffffffff8167fa80>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff8167fa80>] __do_sys_ioctl fs/ioctl.c:870 [inline]
    [<ffffffff8167fa80>] __se_sys_ioctl fs/ioctl.c:856 [inline]
    [<ffffffff8167fa80>] __x64_sys_ioctl+0x100/0x140 fs/ioctl.c:856
    [<ffffffff84a14749>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff84a14749>] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84c0008b>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/21 11:12 upstream 0dd2a6fb1e34 4bce1a3e .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in fbcon_set_font
* Struck through repros no longer work on HEAD.