memory leak in __shmem_file

Title	Replies (including bot)	Last reply
[PATCH mm-hotfixes] mm/vma: do not leak memory when .mmap_prepare swaps the file	1 (1)	2026/01/12 15:51
[syzbot] [fs?] memory leak in __shmem_file_setup	2 (3)	2026/01/12 15:10

2026/01/08 07:49:49 executed programs: 5 BUG: memory leak unreferenced object 0xffff888112c4b240 (size 184): comm "syz.0.17", pid 6070, jiffies 4294944898 hex dump (first 32 bytes): 00 00 00 00 07 00 0e 02 00 e4 66 85 ff ff ff ff ..........f..... 98 38 89 09 81 88 ff ff 00 00 00 00 00 00 00 00 .8.............. backtrace (crc 987747be): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 alloc_empty_file+0x51/0x1a0 fs/file_table.c:237 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888101e46ca8 (size 40): comm "syz.0.17", pid 6070, jiffies 4294944898 hex dump (first 32 bytes): ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f8 52 86 00 81 88 ff ff .........R...... backtrace (crc 2d2a393c): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 lsm_file_alloc security/security.c:169 [inline] security_file_alloc+0x30/0x240 security/security.c:2380 init_file+0x3e/0x160 fs/file_table.c:159 alloc_empty_file+0x6f/0x1a0 fs/file_table.c:241 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888108f03840 (size 184): comm "syz-executor", pid 5988, jiffies 4294944899 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 5869ffdf): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888109a7b8e0 (size 32): comm "syz-executor", pid 5988, jiffies 4294944899 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888109b169c0 (size 184): comm "syz.0.18", pid 6072, jiffies 4294944899 hex dump (first 32 bytes): 00 00 00 00 07 00 0e 02 00 e4 66 85 ff ff ff ff ..........f..... 68 e6 05 0e 81 88 ff ff 00 00 00 00 00 00 00 00 h............... backtrace (crc 86e9bbaa): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 alloc_empty_file+0x51/0x1a0 fs/file_table.c:237 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2026/01/08 07:50	upstream	f0b9d8eb98df	d6526ea3	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-gce-leak	memory leak in __shmem_file_setup

Crashes (1):

Assets (help?)