syzbot


memory leak in vfs_tmpfile_open

Status: upstream: reported C repro on 2022/10/13 08:05
Reported-by: syzbot+fd749a7ea127a84e0ffd@syzkaller.appspotmail.com
First crash: 45d, last: 4d12h
Patch testing requests:
Created Duration User Patch Repo Result
2022/10/13 08:39 0m miklos@szeredi.hu patch upstream error
2022/10/13 08:28 0m miklos@szeredi.hu patch upstream error

Sample crash report:
executing program
executing program
executing program
executing program
BUG: memory leak
unreferenced object 0xffff88810e642e00 (size 256):
  comm "syz-executor460", pid 3680, jiffies 4294963362 (age 26.330s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 f0 2e 0b 81 88 ff ff 80 c7 45 10 81 88 ff ff  ..........E.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cf0af00 (size 256):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 26.320s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 dd 62 0e 81 88 ff ff c0 f6 42 00 81 88 ff ff  ..b.......B.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810ced9570 (size 24):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 26.320s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 72 bc 00 81 88 ff ff  .........r......
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8223a4aa>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff8223a4aa>] lsm_file_alloc security/security.c:575 [inline]
    [<ffffffff8223a4aa>] security_file_alloc+0x2a/0xb0 security/security.c:1529
    [<ffffffff815fb57d>] __alloc_file+0x5d/0xf0 fs/file_table.c:143
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810e642e00 (size 256):
  comm "syz-executor460", pid 3680, jiffies 4294963362 (age 27.400s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 f0 2e 0b 81 88 ff ff 80 c7 45 10 81 88 ff ff  ..........E.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cf0af00 (size 256):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.390s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 dd 62 0e 81 88 ff ff c0 f6 42 00 81 88 ff ff  ..b.......B.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810ced9570 (size 24):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.390s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 72 bc 00 81 88 ff ff  .........r......
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8223a4aa>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff8223a4aa>] lsm_file_alloc security/security.c:575 [inline]
    [<ffffffff8223a4aa>] security_file_alloc+0x2a/0xb0 security/security.c:1529
    [<ffffffff815fb57d>] __alloc_file+0x5d/0xf0 fs/file_table.c:143
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810e642e00 (size 256):
  comm "syz-executor460", pid 3680, jiffies 4294963362 (age 27.440s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 f0 2e 0b 81 88 ff ff 80 c7 45 10 81 88 ff ff  ..........E.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cf0af00 (size 256):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.430s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 dd 62 0e 81 88 ff ff c0 f6 42 00 81 88 ff ff  ..b.......B.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810ced9570 (size 24):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.430s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 72 bc 00 81 88 ff ff  .........r......
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8223a4aa>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff8223a4aa>] lsm_file_alloc security/security.c:575 [inline]
    [<ffffffff8223a4aa>] security_file_alloc+0x2a/0xb0 security/security.c:1529
    [<ffffffff815fb57d>] __alloc_file+0x5d/0xf0 fs/file_table.c:143
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810e642e00 (size 256):
  comm "syz-executor460", pid 3680, jiffies 4294963362 (age 27.480s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 f0 2e 0b 81 88 ff ff 80 c7 45 10 81 88 ff ff  ..........E.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cf0af00 (size 256):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.470s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 dd 62 0e 81 88 ff ff c0 f6 42 00 81 88 ff ff  ..b.......B.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810ced9570 (size 24):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.470s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 72 bc 00 81 88 ff ff  .........r......
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8223a4aa>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff8223a4aa>] lsm_file_alloc security/security.c:575 [inline]
    [<ffffffff8223a4aa>] security_file_alloc+0x2a/0xb0 security/security.c:1529
    [<ffffffff815fb57d>] __alloc_file+0x5d/0xf0 fs/file_table.c:143
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810e642e00 (size 256):
  comm "syz-executor460", pid 3680, jiffies 4294963362 (age 27.510s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 f0 2e 0b 81 88 ff ff 80 c7 45 10 81 88 ff ff  ..........E.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cf0af00 (size 256):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.500s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 dd 62 0e 81 88 ff ff c0 f6 42 00 81 88 ff ff  ..b.......B.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810ced9570 (size 24):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.500s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 72 bc 00 81 88 ff ff  .........r......
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8223a4aa>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff8223a4aa>] lsm_file_alloc security/security.c:575 [inline]
    [<ffffffff8223a4aa>] security_file_alloc+0x2a/0xb0 security/security.c:1529
    [<ffffffff815fb57d>] __alloc_file+0x5d/0xf0 fs/file_table.c:143
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810e642e00 (size 256):
  comm "syz-executor460", pid 3680, jiffies 4294963362 (age 27.550s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 f0 2e 0b 81 88 ff ff 80 c7 45 10 81 88 ff ff  ..........E.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cf0af00 (size 256):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.540s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 dd 62 0e 81 88 ff ff c0 f6 42 00 81 88 ff ff  ..b.......B.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810ced9570 (size 24):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.540s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 72 bc 00 81 88 ff ff  .........r......
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8223a4aa>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff8223a4aa>] lsm_file_alloc security/security.c:575 [inline]
    [<ffffffff8223a4aa>] security_file_alloc+0x2a/0xb0 security/security.c:1529
    [<ffffffff815fb57d>] __alloc_file+0x5d/0xf0 fs/file_table.c:143
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810e642e00 (size 256):
  comm "syz-executor460", pid 3680, jiffies 4294963362 (age 27.590s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 f0 2e 0b 81 88 ff ff 80 c7 45 10 81 88 ff ff  ..........E.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cf0af00 (size 256):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.580s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 dd 62 0e 81 88 ff ff c0 f6 42 00 81 88 ff ff  ..b.......B.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810ced9570 (size 24):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.580s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 72 bc 00 81 88 ff ff  .........r......
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8223a4aa>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff8223a4aa>] lsm_file_alloc security/security.c:575 [inline]
    [<ffffffff8223a4aa>] security_file_alloc+0x2a/0xb0 security/security.c:1529
    [<ffffffff815fb57d>] __alloc_file+0x5d/0xf0 fs/file_table.c:143
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810e642e00 (size 256):
  comm "syz-executor460", pid 3680, jiffies 4294963362 (age 27.630s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 f0 2e 0b 81 88 ff ff 80 c7 45 10 81 88 ff ff  ..........E.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810cf0af00 (size 256):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.620s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    e0 dd 62 0e 81 88 ff ff c0 f6 42 00 81 88 ff ff  ..b.......B.....
  backtrace:
    [<ffffffff815fb53f>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff815fb53f>] __alloc_file+0x1f/0xf0 fs/file_table.c:138
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

BUG: memory leak
unreferenced object 0xffff88810ced9570 (size 24):
  comm "syz-executor460", pid 3684, jiffies 4294963363 (age 27.620s)
  hex dump (first 24 bytes):
    00 00 00 00 00 00 00 00 b0 72 bc 00 81 88 ff ff  .........r......
    00 00 00 00 00 00 00 00                          ........
  backtrace:
    [<ffffffff8223a4aa>] kmem_cache_zalloc include/linux/slab.h:679 [inline]
    [<ffffffff8223a4aa>] lsm_file_alloc security/security.c:575 [inline]
    [<ffffffff8223a4aa>] security_file_alloc+0x2a/0xb0 security/security.c:1529
    [<ffffffff815fb57d>] __alloc_file+0x5d/0xf0 fs/file_table.c:143
    [<ffffffff815fc149>] alloc_empty_file_noaccount+0x19/0x50 fs/file_table.c:209
    [<ffffffff8160f616>] vfs_tmpfile_open+0x26/0x90 fs/namei.c:3644
    [<ffffffff81c1895c>] ovl_do_tmpfile fs/overlayfs/overlayfs.h:317 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_tmpfile fs/overlayfs/copy_up.c:747 [inline]
    [<ffffffff81c1895c>] ovl_do_copy_up fs/overlayfs/copy_up.c:839 [inline]
    [<ffffffff81c1895c>] ovl_copy_up_one+0xe5c/0x1670 fs/overlayfs/copy_up.c:1007
    [<ffffffff81c19277>] ovl_copy_up_flags+0x107/0x170 fs/overlayfs/copy_up.c:1053
    [<ffffffff81c193e0>] ovl_maybe_copy_up+0x100/0x130 fs/overlayfs/copy_up.c:1085
    [<ffffffff81c0ea02>] ovl_open+0x52/0x100 fs/overlayfs/file.c:152
    [<ffffffff815efaff>] do_dentry_open+0x2ff/0x7c0 fs/open.c:882
    [<ffffffff8161601f>] do_open fs/namei.c:3557 [inline]
    [<ffffffff8161601f>] path_openat+0x161f/0x1b70 fs/namei.c:3713
    [<ffffffff81618e11>] do_filp_open+0xc1/0x1b0 fs/namei.c:3740
    [<ffffffff815f346d>] do_sys_openat2+0xed/0x260 fs/open.c:1310
    [<ffffffff815f3ebf>] do_sys_open fs/open.c:1326 [inline]
    [<ffffffff815f3ebf>] __do_sys_openat fs/open.c:1342 [inline]
    [<ffffffff815f3ebf>] __se_sys_openat fs/open.c:1337 [inline]
    [<ffffffff815f3ebf>] __x64_sys_openat+0x7f/0xe0 fs/open.c:1337
    [<ffffffff848802f5>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    [<ffffffff848802f5>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
    [<ffffffff84a00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd


Crashes (5):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2022/11/20 20:38 upstream b6e7fdfd6f6a 5bb70014 .config log report syz C memory leak in vfs_tmpfile_open
ci-upstream-gce-leak 2022/11/19 20:20 upstream fe24a97cf254 5bb70014 .config log report syz C memory leak in vfs_tmpfile_open
ci-upstream-gce-leak 2022/10/16 05:23 upstream 19d17ab7c68b 67cb024c .config log report syz C memory leak in vfs_tmpfile_open
ci-upstream-gce-leak 2022/10/12 23:50 upstream 49da07006239 89b5a509 .config log report syz C memory leak in vfs_tmpfile_open
ci-upstream-gce-leak 2022/11/22 13:35 upstream eb7081409f94 1c576c23 .config log report syz memory leak in vfs_tmpfile_open
* Struck through repros no longer work on HEAD.