[syzbot] [fscrypt?] [f2fs?] memory leak in fscrypt_setup_filename
1 view
Skip to first unread message
syzbot
Mar 3, 2026, 5:25:39 PM (7 hours ago) Mar 3
to ch...@kernel.org, ebig...@kernel.org, jae...@kernel.org, linux-f2...@lists.sourceforge.net, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, ty...@mit.edu
Hello,
syzbot found the following issue on:
HEAD commit: af4e9ef3d784 uaccess: Fix scoped_user_read_access() for 'p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12506d5a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2c6ad6fefffa76b1
dashboard link: https://syzkaller.appspot.com/bug?extid=cf7946ab25b21abc4b66
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=160a18d6580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e2b0ba580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/70cb2ebe1e6e/disk-af4e9ef3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/945fea3c8a6d/vmlinux-af4e9ef3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fa6a6a5cbcc8/bzImage-af4e9ef3.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/c12ae92fa9b6/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=10e1d202580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf7946...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888127f70830 (size 16):
comm "syz.0.23", pid 6144, jiffies 4294943712
hex dump (first 16 bytes):
3c af 57 72 5b e6 8f ad 6e 8e fd 33 42 39 03 ff <.Wr[...n..3B9..
backtrace (crc 925f8a80):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4520 [inline]
slab_alloc_node mm/slub.c:4844 [inline]
__do_kmalloc_node mm/slub.c:5237 [inline]
__kmalloc_noprof+0x3bd/0x560 mm/slub.c:5250
kmalloc_noprof include/linux/slab.h:954 [inline]
fscrypt_setup_filename+0x15e/0x3b0 fs/crypto/fname.c:364
f2fs_setup_filename+0x52/0xb0 fs/f2fs/dir.c:143
f2fs_rename+0x159/0xca0 fs/f2fs/namei.c:961
f2fs_rename2+0xd5/0xf20 fs/f2fs/namei.c:1308
vfs_rename+0x7ff/0x1250 fs/namei.c:6026
filename_renameat2+0x4f4/0x660 fs/namei.c:6144
__do_sys_renameat2 fs/namei.c:6173 [inline]
__se_sys_renameat2 fs/namei.c:6168 [inline]
__x64_sys_renameat2+0x59/0x80 fs/namei.c:6168
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: af4e9ef3d784 uaccess: Fix scoped_user_read_access() for 'p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12506d5a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=2c6ad6fefffa76b1
dashboard link: https://syzkaller.appspot.com/bug?extid=cf7946ab25b21abc4b66
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=160a18d6580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14e2b0ba580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/70cb2ebe1e6e/disk-af4e9ef3.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/945fea3c8a6d/vmlinux-af4e9ef3.xz
kernel image: https://storage.googleapis.com/syzbot-assets/fa6a6a5cbcc8/bzImage-af4e9ef3.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/c12ae92fa9b6/mount_0.gz
fsck result: failed (log: https://syzkaller.appspot.com/x/fsck.log?x=10e1d202580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf7946...@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff888127f70830 (size 16):
comm "syz.0.23", pid 6144, jiffies 4294943712
hex dump (first 16 bytes):
3c af 57 72 5b e6 8f ad 6e 8e fd 33 42 39 03 ff <.Wr[...n..3B9..
backtrace (crc 925f8a80):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4520 [inline]
slab_alloc_node mm/slub.c:4844 [inline]
__do_kmalloc_node mm/slub.c:5237 [inline]
__kmalloc_noprof+0x3bd/0x560 mm/slub.c:5250
kmalloc_noprof include/linux/slab.h:954 [inline]
fscrypt_setup_filename+0x15e/0x3b0 fs/crypto/fname.c:364
f2fs_setup_filename+0x52/0xb0 fs/f2fs/dir.c:143
f2fs_rename+0x159/0xca0 fs/f2fs/namei.c:961
f2fs_rename2+0xd5/0xf20 fs/f2fs/namei.c:1308
vfs_rename+0x7ff/0x1250 fs/namei.c:6026
filename_renameat2+0x4f4/0x660 fs/namei.c:6144
__do_sys_renameat2 fs/namei.c:6173 [inline]
__se_sys_renameat2 fs/namei.c:6168 [inline]
__x64_sys_renameat2+0x59/0x80 fs/namei.c:6168
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Eric Biggers
Mar 3, 2026, 7:36:06 PM (5 hours ago) Mar 3
to syzbot, ch...@kernel.org, jae...@kernel.org, linux-f2...@lists.sourceforge.net, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, ty...@mit.edu
On Tue, Mar 03, 2026 at 02:25:37PM -0800, syzbot wrote:
> BUG: memory leak
> unreferenced object 0xffff888127f70830 (size 16):
> comm "syz.0.23", pid 6144, jiffies 4294943712
> hex dump (first 16 bytes):
> 3c af 57 72 5b e6 8f ad 6e 8e fd 33 42 39 03 ff <.Wr[...n..3B9..
> backtrace (crc 925f8a80):
> kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
> slab_post_alloc_hook mm/slub.c:4520 [inline]
> slab_alloc_node mm/slub.c:4844 [inline]
> __do_kmalloc_node mm/slub.c:5237 [inline]
> __kmalloc_noprof+0x3bd/0x560 mm/slub.c:5250
> kmalloc_noprof include/linux/slab.h:954 [inline]
> fscrypt_setup_filename+0x15e/0x3b0 fs/crypto/fname.c:364
> f2fs_setup_filename+0x52/0xb0 fs/f2fs/dir.c:143
> f2fs_rename+0x159/0xca0 fs/f2fs/namei.c:961
> f2fs_rename2+0xd5/0xf20 fs/f2fs/namei.c:1308
The following commit added a call to f2fs_setup_filename() without a
> BUG: memory leak
> unreferenced object 0xffff888127f70830 (size 16):
> comm "syz.0.23", pid 6144, jiffies 4294943712
> hex dump (first 16 bytes):
> 3c af 57 72 5b e6 8f ad 6e 8e fd 33 42 39 03 ff <.Wr[...n..3B9..
> backtrace (crc 925f8a80):
> kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
> slab_post_alloc_hook mm/slub.c:4520 [inline]
> slab_alloc_node mm/slub.c:4844 [inline]
> __do_kmalloc_node mm/slub.c:5237 [inline]
> __kmalloc_noprof+0x3bd/0x560 mm/slub.c:5250
> kmalloc_noprof include/linux/slab.h:954 [inline]
> fscrypt_setup_filename+0x15e/0x3b0 fs/crypto/fname.c:364
> f2fs_setup_filename+0x52/0xb0 fs/f2fs/dir.c:143
> f2fs_rename+0x159/0xca0 fs/f2fs/namei.c:961
> f2fs_rename2+0xd5/0xf20 fs/f2fs/namei.c:1308
matching call to f2fs_free_filename():
commit 40b2d55e045222dd6de2a54a299f682e0f954b03
Author: Chao Yu <ch...@kernel.org>
Date: Wed Feb 7 15:05:48 2024 +0800
f2fs: fix to create selinux label during whiteout initialization
Chao, do you want to handle fixing this?
- Eric
Chao Yu
Mar 3, 2026, 8:07:07 PM (4 hours ago) Mar 3
to Eric Biggers, syzbot, ch...@kernel.org, jae...@kernel.org, linux-f2...@lists.sourceforge.net, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, ty...@mit.edu
Thanks Eric for the reminder.
Thanks,
>
> - Eric
Reply all
Reply to author
Forward
0 new messages