syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1318]
Subsystems
🐞 Fixed [7177]
🐞 Invalid [18954]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

memory leak in do_cmd_ioctl

Status: fixed on 2026/05/21 07:49
Subsystems: comedi
[Documentation on labels]
Reported-by: syzbot+f238baf6ded841b5a82e@syzkaller.appspotmail.com
Fix commit: 29f644f14b89 comedi: runflags cannot determine whether to reclaim chanlist
First crash: 186d, last: 102d
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
81af13f8-8ddf-4526-bb17-80bd7d26a3f8 assessment-security 💥 memory leak in do_cmd_ioctl 2026/05/15 11:48 2026/05/15 11:48 2026/05/15 11:49 9cd3beaadf14b3a22d15fd97a0bf081ee41ebe01 
failed to run ["git" "pull" "origin" "HEAD" "--depth=1" "--allow-unrelated-histories"]: exit status 128
From /app/workdir/repo/linux
 * branch                HEAD       -> FETCH_HEAD
error: unable to ...
truncated to first 200 bytes; open job for full error
Discussions (6)
Title Replies (including bot) Last reply
[PATCH] comedi: runflags cannot determine whether to reclaim chanlist 1 (1) 2026/03/10 11:11
[syzbot] Monthly comedi report (Mar 2026) 0 (1) 2026/03/09 23:06
[syzbot] Monthly comedi report (Feb 2026) 0 (1) 2026/02/06 14:30
[PATCH] comedi: runflags cannot determine whether to reclaim chanlist 2 (2) 2025/12/15 12:25
[PATCH] comedi: test memleak 2 (4) 2025/12/15 09:48
[syzbot] [comedi?] memory leak in do_cmd_ioctl 0 (1) 2025/12/15 04:03
Last patch testing requests (6)
Created Duration User Patch Repo Result
2026/03/09 06:18 12m retest repro upstream report log
2026/02/20 07:57 16m retest repro upstream report log
2026/02/20 07:51 12m retest repro upstream report log
2025/12/29 03:07 1h04m retest repro upstream error
2025/12/15 08:51 26m xiaopeitux@foxmail.com patch upstream OK log
2025/12/15 07:50 14m xiaopeitux@foxmail.com patch upstream report log

Sample crash report:
BUG: memory leak
unreferenced object 0xffff8881259c6658 (size 8):
  comm "syz.0.17", pid 6062, jiffies 4294944980
  hex dump (first 8 bytes):
    04 00 00 00 00 00 00 00                          ........
  backtrace (crc 844a0efa):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_node_track_caller_noprof+0x47b/0x690 mm/slub.c:5768
    memdup_user+0x2a/0xe0 mm/util.c:221
    memdup_array_user include/linux/string.h:39 [inline]
    __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline]
    do_cmd_ioctl.part.0+0x11b/0x340 drivers/comedi/comedi_fops.c:1890
    do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]
    comedi_unlocked_ioctl+0xd39/0x1380 drivers/comedi/comedi_fops.c:2319
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888129361f58 (size 8):
  comm "syz.0.18", pid 6065, jiffies 4294944982
  hex dump (first 8 bytes):
    04 00 00 00 00 00 00 00                          ........
  backtrace (crc 844a0efa):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_node_track_caller_noprof+0x47b/0x690 mm/slub.c:5768
    memdup_user+0x2a/0xe0 mm/util.c:221
    memdup_array_user include/linux/string.h:39 [inline]
    __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline]
    do_cmd_ioctl.part.0+0x11b/0x340 drivers/comedi/comedi_fops.c:1890
    do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]
    comedi_unlocked_ioctl+0xd39/0x1380 drivers/comedi/comedi_fops.c:2319
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881259c6e58 (size 8):
  comm "syz.0.19", pid 6069, jiffies 4294944984
  hex dump (first 8 bytes):
    04 00 00 00 00 00 00 00                          ........
  backtrace (crc 844a0efa):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_node_track_caller_noprof+0x47b/0x690 mm/slub.c:5768
    memdup_user+0x2a/0xe0 mm/util.c:221
    memdup_array_user include/linux/string.h:39 [inline]
    __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline]
    do_cmd_ioctl.part.0+0x11b/0x340 drivers/comedi/comedi_fops.c:1890
    do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]
    comedi_unlocked_ioctl+0xd39/0x1380 drivers/comedi/comedi_fops.c:2319
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881259c65a8 (size 8):
  comm "syz.0.20", pid 6126, jiffies 4294945609
  hex dump (first 8 bytes):
    04 00 00 00 00 00 00 00                          ........
  backtrace (crc 844a0efa):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_node_track_caller_noprof+0x47b/0x690 mm/slub.c:5768
    memdup_user+0x2a/0xe0 mm/util.c:221
    memdup_array_user include/linux/string.h:39 [inline]
    __comedi_get_user_chanlist drivers/comedi/comedi_fops.c:1815 [inline]
    do_cmd_ioctl.part.0+0x11b/0x340 drivers/comedi/comedi_fops.c:1890
    do_cmd_ioctl drivers/comedi/comedi_fops.c:1858 [inline]
    comedi_unlocked_ioctl+0xd39/0x1380 drivers/comedi/comedi_fops.c:2319
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/06 07:36 upstream 8fdb05de0e2d f03c4191 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in do_cmd_ioctl
2025/12/15 02:37 upstream 8f0b4cce4481 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in do_cmd_ioctl
* Struck through repros no longer work on HEAD.