* Re: [syzbot] [hfs?] memory leak in hfsplus_init_fs_context
[not found] <20251205075055.1400638-1-kartikey406@gmail.com>
@ 2025-12-05 8:41 ` syzbot
0 siblings, 0 replies; 6+ messages in thread
From: syzbot @ 2025-12-05 8:41 UTC (permalink / raw)
To: kartikey406, linux-kernel, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
SYZFAIL: failed to recv rpc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
Warning: Permanently added '10.128.10.19' (ED25519) to the list of known hosts.
2025/12/05 08:40:16 parsed 1 programs
[ 41.176746][ T5819] cgroup: Unknown subsys name 'net'
[ 41.281133][ T5819] cgroup: Unknown subsys name 'cpuset'
[ 41.287826][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 49.291292][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 50.564658][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 50.685574][ T5838] chnl_net:caif_netlink_parms(): no params data found
[ 50.718744][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.726547][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.733855][ T5838] bridge_slave_0: entered allmulticast mode
[ 50.740422][ T5838] bridge_slave_0: entered promiscuous mode
[ 50.749111][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.756705][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.763860][ T5838] bridge_slave_1: entered allmulticast mode
[ 50.770087][ T5838] bridge_slave_1: entered promiscuous mode
[ 50.781997][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 50.792353][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 50.806088][ T5838] team0: Port device team_slave_0 added
[ 50.812289][ T5838] team0: Port device team_slave_1 added
[ 50.821770][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 50.828751][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 50.854896][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 50.865811][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 50.872758][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 50.898803][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 50.915511][ T5838] hsr_slave_0: entered promiscuous mode
[ 50.921517][ T5838] hsr_slave_1: entered promiscuous mode
[ 50.950832][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 50.958488][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 50.966517][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 50.974219][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 50.985730][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.992793][ T5838] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.000070][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.007177][ T5838] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.024053][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[ 51.032907][ T2111] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.040759][ T2111] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.050315][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[ 51.059034][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.066108][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.075368][ T3868] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.082540][ T3868] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.123151][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 51.138305][ T5838] veth0_vlan: entered promiscuous mode
[ 51.145381][ T5838] veth1_vlan: entered promiscuous mode
[ 51.156259][ T5838] veth0_macvtap: entered promiscuous mode
[ 51.163077][ T5838] veth1_macvtap: entered promiscuous mode
[ 51.172007][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 51.181101][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 51.189797][ T3529] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.198817][ T3529] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.208219][ T3529] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.217671][ T3529] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 51.268245][ T3529] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 51.303208][ T3529] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 51.341444][ T3529] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 51.383323][ T3529] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 51.595715][ T3542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.604091][ T3542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.614717][ T2111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 51.622702][ T2111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 51.649068][ T5908] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 51.656254][ T5908] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 51.664039][ T5908] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 51.671332][ T5908] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 51.678641][ T5908] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/12/05 08:40:28 executed programs: 0
[ 54.510958][ T3529] bridge_slave_1: left allmulticast mode
[ 54.516655][ T3529] bridge_slave_1: left promiscuous mode
[ 54.522645][ T3529] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.530202][ T3529] bridge_slave_0: left allmulticast mode
[ 54.535912][ T3529] bridge_slave_0: left promiscuous mode
[ 54.541823][ T3529] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.582118][ T3529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 54.591202][ T3529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 54.600240][ T3529] bond0 (unregistering): Released all slaves
[ 54.661835][ T3529] hsr_slave_0: left promiscuous mode
[ 54.667972][ T3529] hsr_slave_1: left promiscuous mode
[ 54.673755][ T3529] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 54.681245][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 54.688729][ T3529] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 54.696292][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 54.704768][ T3529] veth1_macvtap: left promiscuous mode
[ 54.710447][ T3529] veth0_macvtap: left promiscuous mode
[ 54.715978][ T3529] veth1_vlan: left promiscuous mode
[ 54.721580][ T3529] veth0_vlan: left promiscuous mode
[ 54.744259][ T3529] team0 (unregistering): Port device team_slave_1 removed
[ 54.752630][ T3529] team0 (unregistering): Port device team_slave_0 removed
[ 57.411203][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 57.418346][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 57.425415][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 57.433086][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 57.440536][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 57.474037][ T5993] chnl_net:caif_netlink_parms(): no params data found
[ 57.492366][ T5993] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.499723][ T5993] bridge0: port 1(bridge_slave_0) entered disabled state
[ 57.507823][ T5993] bridge_slave_0: entered allmulticast mode
[ 57.514155][ T5993] bridge_slave_0: entered promiscuous mode
[ 57.520849][ T5993] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.527889][ T5993] bridge0: port 2(bridge_slave_1) entered disabled state
[ 57.535162][ T5993] bridge_slave_1: entered allmulticast mode
[ 57.541464][ T5993] bridge_slave_1: entered promiscuous mode
[ 57.552191][ T5993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 57.562247][ T5993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 57.576766][ T5993] team0: Port device team_slave_0 added
[ 57.583104][ T5993] team0: Port device team_slave_1 added
[ 57.592907][ T5993] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 57.599848][ T5993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 57.626033][ T5993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 57.637216][ T5993] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 57.644351][ T5993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 57.670791][ T5993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 57.687439][ T5993] hsr_slave_0: entered promiscuous mode
[ 57.693446][ T5993] hsr_slave_1: entered promiscuous mode
[ 57.886946][ T5993] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 57.895586][ T5993] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 57.903836][ T5993] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 57.912030][ T5993] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 57.931197][ T5993] bridge0: port 2(bridge_slave_1) entered blocking state
[ 57.938362][ T5993] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 57.945648][ T5993] bridge0: port 1(bridge_slave_0) entered blocking state
[ 57.952803][ T5993] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 57.973507][ T5993] 8021q: adding VLAN 0 to HW filter on device bond0
[ 57.982871][ T31] bridge0: port 1(bridge_slave_0) entered disabled state
[ 57.990406][ T31] bridge0: port 2(bridge_slave_1) entered disabled state
[ 58.000894][ T5993] 8021q: adding VLAN 0 to HW filter on device team0
[ 58.009845][ T31] bridge0: port 1(bridge_slave_0) entered blocking state
[ 58.016912][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 58.026584][ T31] bridge0: port 2(bridge_slave_1) entered blocking state
[ 58.033639][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 58.087594][ T5993] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 58.105504][ T5993] veth0_vlan: entered promiscuous mode
[ 58.113086][ T5993] veth1_vlan: entered promiscuous mode
[ 58.126723][ T5993] veth0_macvtap: entered promiscuous mode
[ 58.133631][ T5993] veth1_macvtap: entered promiscuous mode
[ 58.142945][ T5993] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 58.152148][ T5993] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 58.161440][ T3542] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.173806][ T3542] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.183259][ T3542] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.193398][ T3542] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 58.217473][ T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.228888][ T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 58.240775][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 58.249148][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2391967220=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at d6526ea3e6
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/ccdO0wGA.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Tested on:
commit: 2061f18a Merge tag 'caps-pr-20251204' of git://git.ker..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=4ec6d85125e91f07
dashboard link: https://syzkaller.appspot.com/bug?extid=99f6ed51479b86ac4c41
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1715bcc2580000
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v1] hfsplus: fix memory leak on mount failure
2025-12-05 5:38 syzbot
@ 2025-12-06 0:09 Swaraj Gaikwad
2025-12-05 19:06 ` [syzbot] [hfs?] memory leak in hfsplus_init_fs_context syzbot
-1 siblings, 1 reply; 6+ messages in thread
From: Swaraj Gaikwad @ 2025-12-06 0:09 UTC (permalink / raw)
To: syzbot+99f6ed51479b86ac4c41
Cc: frank.li, glaubitz, linux-fsdevel, linux-kernel, slava, skhan,
david.hunter.linux, syzkaller-bugs, Swaraj Gaikwad
syzbot reported a memory leak in the hfsplus mount path when the mount
fails, which occurs because the fs_context API moves ownership of
fc->s_fs_info to sb->s_fs_info early in sget_fc().
When filesystems are mounted using the new API, the VFS (specifically
sget_fc) transfers the ownership of the context's s_fs_info (the 'sbi'
struct) to the superblock (sb->s_fs_info) and clears the context
pointer.
If the mount fails after this transfer the VFS calls
deactivate_locked_super, which invokes the filesystem's kill_sb
callback. Previously, hfsplus used the generic kill_block_super, which
does not free sb->s_fs_info, resulting in the 'sbi' structure and its
loaded NLS tables being leaked.
Fix this by implementing a filesystem-specific ->kill_sb() that frees
sb->s_fs_info and its NLS resources before calling kill_block_super().
Also remove the early kfree(sbi) from hfsplus_fill_super()’s error path,
because the superblock unconditionally owns s_fs_info when using the
fs_context API.
Testing:
This fix was verified by building the kernel with the .config provided
by the syzkaller reporter and running the reproducer. The reproducer
now runs successfully without triggering any memory leaks or kernel errors.
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e69c7c175115
Reported-by: syzbot+99f6ed51479b86ac4c41@syzkaller.appspotmail.com
Signed-off-by: Swaraj Gaikwad <swarajgaikwad1925@gmail.com>
---
fs/hfsplus/super.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c
index 16bc4abc67e0..fa7420d08da1 100644
--- a/fs/hfsplus/super.c
+++ b/fs/hfsplus/super.c
@@ -629,7 +629,6 @@ static int hfsplus_fill_super(struct super_block *sb, struct fs_context *fc)
out_unload_nls:
unload_nls(sbi->nls);
unload_nls(nls);
- kfree(sbi);
return err;
}
@@ -688,10 +687,23 @@ static int hfsplus_init_fs_context(struct fs_context *fc)
return 0;
}
+static void hfsplus_kill_sb(struct super_block *sb)
+{
+ struct hfsplus_sb_info *sbi = HFSPLUS_SB(sb);
+
+ if (sbi) {
+ unload_nls(sbi->nls);
+ kfree(sbi);
+ sb->s_fs_info = NULL;
+ }
+
+ kill_block_super(sb);
+}
+
static struct file_system_type hfsplus_fs_type = {
.owner = THIS_MODULE,
.name = "hfsplus",
- .kill_sb = kill_block_super,
+ .kill_sb = hfsplus_kill_sb,
.fs_flags = FS_REQUIRES_DEV,
.init_fs_context = hfsplus_init_fs_context,
};
base-commit: 6bda50f4333fa61c07f04f790fdd4e2c9f4ca610
--
2.52.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [syzbot] [hfs?] memory leak in hfsplus_init_fs_context
2025-12-06 0:09 [PATCH v1] hfsplus: fix memory leak on mount failure Swaraj Gaikwad
@ 2025-12-05 19:06 ` syzbot
0 siblings, 0 replies; 6+ messages in thread
From: syzbot @ 2025-12-05 19:06 UTC (permalink / raw)
To: david.hunter.linux, frank.li, glaubitz, linux-fsdevel,
linux-kernel, skhan, slava, swarajgaikwad1925, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
SYZFAIL: failed to recv rpc
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts.
2025/12/05 19:05:15 parsed 1 programs
[ 55.119214][ T5818] cgroup: Unknown subsys name 'net'
[ 55.259974][ T5818] cgroup: Unknown subsys name 'cpuset'
[ 55.266582][ T5818] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 63.696572][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 65.016628][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 65.422993][ T5880] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 65.430458][ T5880] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 65.437558][ T5880] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 65.445167][ T5880] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 65.452744][ T5880] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 65.561974][ T5890] chnl_net:caif_netlink_parms(): no params data found
[ 65.584453][ T5890] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.591882][ T5890] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.599824][ T5890] bridge_slave_0: entered allmulticast mode
[ 65.606225][ T5890] bridge_slave_0: entered promiscuous mode
[ 65.612881][ T5890] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.619978][ T5890] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.627492][ T5890] bridge_slave_1: entered allmulticast mode
[ 65.634027][ T5890] bridge_slave_1: entered promiscuous mode
[ 65.645743][ T5890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 65.655760][ T5890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.669914][ T5890] team0: Port device team_slave_0 added
[ 65.676301][ T5890] team0: Port device team_slave_1 added
[ 65.686571][ T5890] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.693917][ T5890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 65.720230][ T5890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.731988][ T5890] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.739356][ T5890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 65.766444][ T5890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.787487][ T5890] hsr_slave_0: entered promiscuous mode
[ 65.793267][ T5890] hsr_slave_1: entered promiscuous mode
[ 65.822570][ T5890] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 65.830459][ T5890] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 65.838351][ T5890] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 65.846563][ T5890] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 65.860377][ T5890] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.867973][ T5890] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.875564][ T5890] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.882626][ T5890] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.899327][ T5890] 8021q: adding VLAN 0 to HW filter on device bond0
[ 65.908810][ T65] bridge0: port 1(bridge_slave_0) entered disabled state
[ 65.916368][ T65] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.926332][ T5890] 8021q: adding VLAN 0 to HW filter on device team0
[ 65.935247][ T55] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.942415][ T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.952498][ T55] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.959571][ T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 66.001572][ T5890] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 66.016258][ T5890] veth0_vlan: entered promiscuous mode
[ 66.023938][ T5890] veth1_vlan: entered promiscuous mode
[ 66.035919][ T5890] veth0_macvtap: entered promiscuous mode
[ 66.043178][ T5890] veth1_macvtap: entered promiscuous mode
[ 66.052173][ T5890] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 66.061801][ T5890] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 66.071356][ T55] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.081780][ T55] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.091070][ T55] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.100260][ T55] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 66.142913][ T55] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.164181][ T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.172643][ T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.182052][ T55] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.195368][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 66.203729][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 66.230379][ T55] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.280211][ T55] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/12/05 19:05:28 executed programs: 0
[ 69.506006][ T55] bridge_slave_1: left allmulticast mode
[ 69.511800][ T55] bridge_slave_1: left promiscuous mode
[ 69.517491][ T55] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.525504][ T55] bridge_slave_0: left allmulticast mode
[ 69.531369][ T55] bridge_slave_0: left promiscuous mode
[ 69.537068][ T55] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.601288][ T55] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 69.611079][ T55] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 69.620253][ T55] bond0 (unregistering): Released all slaves
[ 69.670943][ T55] hsr_slave_0: left promiscuous mode
[ 69.676955][ T55] hsr_slave_1: left promiscuous mode
[ 69.682958][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 69.691003][ T55] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 69.698476][ T55] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 69.706532][ T55] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 69.715577][ T55] veth1_macvtap: left promiscuous mode
[ 69.721203][ T55] veth0_macvtap: left promiscuous mode
[ 69.726728][ T55] veth1_vlan: left promiscuous mode
[ 69.732096][ T55] veth0_vlan: left promiscuous mode
[ 69.757386][ T55] team0 (unregistering): Port device team_slave_1 removed
[ 69.766234][ T55] team0 (unregistering): Port device team_slave_0 removed
[ 70.169404][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[ 70.175683][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.047051][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.054869][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.062046][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.070042][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.077520][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.113196][ T5989] chnl_net:caif_netlink_parms(): no params data found
[ 72.132758][ T5989] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.140022][ T5989] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.147223][ T5989] bridge_slave_0: entered allmulticast mode
[ 72.153712][ T5989] bridge_slave_0: entered promiscuous mode
[ 72.160489][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.167745][ T5989] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.174993][ T5989] bridge_slave_1: entered allmulticast mode
[ 72.181245][ T5989] bridge_slave_1: entered promiscuous mode
[ 72.192621][ T5989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 72.202629][ T5989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 72.217391][ T5989] team0: Port device team_slave_0 added
[ 72.224120][ T5989] team0: Port device team_slave_1 added
[ 72.234181][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 72.241867][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 72.268532][ T5989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 72.280051][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 72.287416][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 72.314180][ T5989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 72.331466][ T5989] hsr_slave_0: entered promiscuous mode
[ 72.337615][ T5989] hsr_slave_1: entered promiscuous mode
[ 72.513584][ T5989] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 72.521437][ T5989] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 72.529452][ T5989] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 72.537435][ T5989] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 72.551368][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.558478][ T5989] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 72.565936][ T5989] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.573710][ T5989] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 72.596776][ T5989] 8021q: adding VLAN 0 to HW filter on device bond0
[ 72.606884][ T31] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.615077][ T31] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.625976][ T5989] 8021q: adding VLAN 0 to HW filter on device team0
[ 72.634865][ T31] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.642139][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 72.660348][ T31] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.667635][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 72.717525][ T5989] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 72.736386][ T5989] veth0_vlan: entered promiscuous mode
[ 72.743922][ T5989] veth1_vlan: entered promiscuous mode
[ 72.757219][ T5989] veth0_macvtap: entered promiscuous mode
[ 72.764388][ T5989] veth1_macvtap: entered promiscuous mode
[ 72.774941][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 72.784711][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 72.794630][ T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.807307][ T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.816371][ T723] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.828572][ T723] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.847366][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.856762][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 72.870318][ T723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 72.878614][ T723] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1479309889=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at d6526ea3e
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/ccXWETje.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Tested on:
commit: e69c7c17 Merge tag 'timers_urgent_for_v6.18_rc8' of gi..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config: https://syzkaller.appspot.com/x/.config?x=f30cc590c4f6da44
dashboard link: https://syzkaller.appspot.com/bug?extid=99f6ed51479b86ac4c41
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=14477cc2580000
^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <20251205144843.1757055-1-kartikey406@gmail.com>]
* Re: [syzbot] [hfs?] memory leak in hfsplus_init_fs_context
[not found] <20251205144843.1757055-1-kartikey406@gmail.com>
@ 2025-12-05 15:04 ` syzbot
0 siblings, 0 replies; 6+ messages in thread
From: syzbot @ 2025-12-05 15:04 UTC (permalink / raw)
To: kartikey406, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in hfsplus_init_fs_context
BUG: memory leak
unreferenced object 0xffff888112296400 (size 512):
comm "syz.0.17", pid 6722, jiffies 4294946670
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 8418e967):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4953 [inline]
slab_alloc_node mm/slub.c:5258 [inline]
__kmalloc_cache_noprof+0x3a6/0x570 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:701
alloc_fs_context+0x2a0/0x6e0 fs/fs_context.c:315
do_new_mount fs/namespace.c:3692 [inline]
path_mount+0x93f/0x1320 fs/namespace.c:4022
do_mount fs/namespace.c:4035 [inline]
__do_sys_mount fs/namespace.c:4224 [inline]
__se_sys_mount fs/namespace.c:4201 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4201
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888109a34400 (size 512):
comm "syz.0.18", pid 6729, jiffies 4294946674
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 8418e967):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4953 [inline]
slab_alloc_node mm/slub.c:5258 [inline]
__kmalloc_cache_noprof+0x3a6/0x570 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:701
alloc_fs_context+0x2a0/0x6e0 fs/fs_context.c:315
do_new_mount fs/namespace.c:3692 [inline]
path_mount+0x93f/0x1320 fs/namespace.c:4022
do_mount fs/namespace.c:4035 [inline]
__do_sys_mount fs/namespace.c:4224 [inline]
__se_sys_mount fs/namespace.c:4201 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4201
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888109a34a00 (size 512):
comm "syz.0.19", pid 6732, jiffies 4294946677
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 8418e967):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4953 [inline]
slab_alloc_node mm/slub.c:5258 [inline]
__kmalloc_cache_noprof+0x3a6/0x570 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:701
alloc_fs_context+0x2a0/0x6e0 fs/fs_context.c:315
do_new_mount fs/namespace.c:3692 [inline]
path_mount+0x93f/0x1320 fs/namespace.c:4022
do_mount fs/namespace.c:4035 [inline]
__do_sys_mount fs/namespace.c:4224 [inline]
__se_sys_mount fs/namespace.c:4201 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4201
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
Tested on:
commit: 2061f18a Merge tag 'caps-pr-20251204' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16b1c41a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4ec6d85125e91f07
dashboard link: https://syzkaller.appspot.com/bug?extid=99f6ed51479b86ac4c41
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=10e25ab4580000
^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <20251205124309.1754872-1-kartikey406@gmail.com>]
* Re: [syzbot] [hfs?] memory leak in hfsplus_init_fs_context
[not found] <20251205124309.1754872-1-kartikey406@gmail.com>
@ 2025-12-05 13:43 ` syzbot
0 siblings, 0 replies; 6+ messages in thread
From: syzbot @ 2025-12-05 13:43 UTC (permalink / raw)
To: kartikey406, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in hfsplus_init_fs_context
BUG: memory leak
unreferenced object 0xffff888128616800 (size 512):
comm "syz.0.17", pid 6730, jiffies 4294947750
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 8418e967):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4953 [inline]
slab_alloc_node mm/slub.c:5258 [inline]
__kmalloc_cache_noprof+0x3a6/0x570 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:700
alloc_fs_context+0x2a0/0x6e0 fs/fs_context.c:315
do_new_mount fs/namespace.c:3692 [inline]
path_mount+0x93f/0x1320 fs/namespace.c:4022
do_mount fs/namespace.c:4035 [inline]
__do_sys_mount fs/namespace.c:4224 [inline]
__se_sys_mount fs/namespace.c:4201 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4201
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff888128617600 (size 512):
comm "syz.0.18", pid 6734, jiffies 4294947753
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 8418e967):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4953 [inline]
slab_alloc_node mm/slub.c:5258 [inline]
__kmalloc_cache_noprof+0x3a6/0x570 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:700
alloc_fs_context+0x2a0/0x6e0 fs/fs_context.c:315
do_new_mount fs/namespace.c:3692 [inline]
path_mount+0x93f/0x1320 fs/namespace.c:4022
do_mount fs/namespace.c:4035 [inline]
__do_sys_mount fs/namespace.c:4224 [inline]
__se_sys_mount fs/namespace.c:4201 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4201
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881274f3800 (size 512):
comm "syz.0.19", pid 6739, jiffies 4294947757
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 8418e967):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4953 [inline]
slab_alloc_node mm/slub.c:5258 [inline]
__kmalloc_cache_noprof+0x3a6/0x570 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:700
alloc_fs_context+0x2a0/0x6e0 fs/fs_context.c:315
do_new_mount fs/namespace.c:3692 [inline]
path_mount+0x93f/0x1320 fs/namespace.c:4022
do_mount fs/namespace.c:4035 [inline]
__do_sys_mount fs/namespace.c:4224 [inline]
__se_sys_mount fs/namespace.c:4201 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4201
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
Tested on:
commit: 2061f18a Merge tag 'caps-pr-20251204' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15e6c41a580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4ec6d85125e91f07
dashboard link: https://syzkaller.appspot.com/bug?extid=99f6ed51479b86ac4c41
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=10b2c41a580000
^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <20251205062813.1398599-1-kartikey406@gmail.com>]
* Re: [syzbot] [hfs?] memory leak in hfsplus_init_fs_context
[not found] <20251205062813.1398599-1-kartikey406@gmail.com>
@ 2025-12-05 7:44 ` syzbot
0 siblings, 0 replies; 6+ messages in thread
From: syzbot @ 2025-12-05 7:44 UTC (permalink / raw)
To: kartikey406, linux-kernel, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
SYZFAIL: failed to recv rpc
SYZFAIL: failed to recv rpc
Warning: Permanently added '10.128.1.150' (ED25519) to the list of known hosts.
2025/12/05 07:43:31 parsed 1 programs
[ 44.042808][ T5812] cgroup: Unknown subsys name 'net'
[ 44.127074][ T5812] cgroup: Unknown subsys name 'cpuset'
[ 44.133650][ T5812] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 52.645880][ T5812] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 54.143312][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 54.299791][ T133] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.309905][ T133] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 54.320511][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 54.328915][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 54.497265][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 54.504519][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 54.511943][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 54.525287][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 54.532574][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 54.725582][ T5877] chnl_net:caif_netlink_parms(): no params data found
[ 54.747201][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.754361][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.762220][ T5877] bridge_slave_0: entered allmulticast mode
[ 54.768738][ T5877] bridge_slave_0: entered promiscuous mode
[ 54.775347][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.782475][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.789704][ T5877] bridge_slave_1: entered allmulticast mode
[ 54.796084][ T5877] bridge_slave_1: entered promiscuous mode
[ 54.818263][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 54.828255][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 54.841814][ T5877] team0: Port device team_slave_0 added
[ 54.848131][ T5877] team0: Port device team_slave_1 added
[ 54.859765][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 54.867269][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 54.895194][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 54.906753][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 54.913711][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 54.940364][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 54.959931][ T5877] hsr_slave_0: entered promiscuous mode
[ 54.966029][ T5877] hsr_slave_1: entered promiscuous mode
[ 55.003186][ T5877] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 55.011384][ T5877] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 55.019230][ T5877] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 55.027232][ T5877] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 55.039665][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.046885][ T5877] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.054350][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.061870][ T5877] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.080653][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0
[ 55.090452][ T133] bridge0: port 1(bridge_slave_0) entered disabled state
[ 55.098390][ T133] bridge0: port 2(bridge_slave_1) entered disabled state
[ 55.108313][ T5877] 8021q: adding VLAN 0 to HW filter on device team0
[ 55.117493][ T133] bridge0: port 1(bridge_slave_0) entered blocking state
[ 55.124594][ T133] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 55.133971][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 55.141600][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 55.186705][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 55.202568][ T5877] veth0_vlan: entered promiscuous mode
[ 55.209710][ T5877] veth1_vlan: entered promiscuous mode
[ 55.221357][ T5877] veth0_macvtap: entered promiscuous mode
[ 55.228585][ T5877] veth1_macvtap: entered promiscuous mode
[ 55.237919][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 55.248299][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 55.257538][ T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.266627][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.275497][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.284859][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 55.320966][ T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.369319][ T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.447100][ T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 55.467896][ T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/12/05 07:43:45 executed programs: 0
[ 58.410697][ T62] bridge_slave_1: left allmulticast mode
[ 58.416833][ T62] bridge_slave_1: left promiscuous mode
[ 58.422540][ T62] bridge0: port 2(bridge_slave_1) entered disabled state
[ 58.431389][ T62] bridge_slave_0: left allmulticast mode
[ 58.437607][ T62] bridge_slave_0: left promiscuous mode
[ 58.443411][ T62] bridge0: port 1(bridge_slave_0) entered disabled state
[ 58.509109][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 58.518647][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 58.528253][ T62] bond0 (unregistering): Released all slaves
[ 58.608647][ T62] hsr_slave_0: left promiscuous mode
[ 58.614815][ T62] hsr_slave_1: left promiscuous mode
[ 58.621461][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 58.629526][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 58.637346][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 58.644977][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 58.653724][ T62] veth1_macvtap: left promiscuous mode
[ 58.659468][ T62] veth0_macvtap: left promiscuous mode
[ 58.665187][ T62] veth1_vlan: left promiscuous mode
[ 58.670728][ T62] veth0_vlan: left promiscuous mode
[ 58.701020][ T62] team0 (unregistering): Port device team_slave_1 removed
[ 58.709272][ T62] team0 (unregistering): Port device team_slave_0 removed
[ 61.343108][ T5134] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 61.350405][ T5134] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 61.357820][ T5134] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 61.365394][ T5134] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 61.373014][ T5134] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 61.410932][ T5987] chnl_net:caif_netlink_parms(): no params data found
[ 61.431401][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.438773][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state
[ 61.446357][ T5987] bridge_slave_0: entered allmulticast mode
[ 61.452606][ T5987] bridge_slave_0: entered promiscuous mode
[ 61.459577][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.466850][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state
[ 61.474214][ T5987] bridge_slave_1: entered allmulticast mode
[ 61.480620][ T5987] bridge_slave_1: entered promiscuous mode
[ 61.492762][ T5987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 61.502926][ T5987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 61.517255][ T5987] team0: Port device team_slave_0 added
[ 61.523465][ T5987] team0: Port device team_slave_1 added
[ 61.533816][ T5987] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 61.541096][ T5987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 61.568438][ T5987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 61.579932][ T5987] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 61.586999][ T5987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 61.613994][ T5987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 61.631616][ T5987] hsr_slave_0: entered promiscuous mode
[ 61.637415][ T5987] hsr_slave_1: entered promiscuous mode
[ 61.807060][ T5987] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 61.815018][ T5987] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 61.823175][ T5987] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 61.831557][ T5987] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 61.852955][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.860270][ T5987] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 61.867863][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.875026][ T5987] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 61.898612][ T5987] 8021q: adding VLAN 0 to HW filter on device bond0
[ 61.909150][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 61.917188][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 61.927534][ T5987] 8021q: adding VLAN 0 to HW filter on device team0
[ 61.938143][ T58] bridge0: port 1(bridge_slave_0) entered blocking state
[ 61.945307][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 61.958922][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 61.966035][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 61.982882][ T5987] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 61.994284][ T5987] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 62.053394][ T5987] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 62.072926][ T5987] veth0_vlan: entered promiscuous mode
[ 62.081131][ T5987] veth1_vlan: entered promiscuous mode
[ 62.095259][ T5987] veth0_macvtap: entered promiscuous mode
[ 62.103071][ T5987] veth1_macvtap: entered promiscuous mode
[ 62.114171][ T5987] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 62.124750][ T5987] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 62.135106][ T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.148659][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.160564][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.181317][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 62.191067][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
SYZFAIL: failed to recv rpc
[ 62.202944][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 62.215016][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 62.223739][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build282997806=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at d6526ea3e6
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=d6526ea3e6ad9081c902859bbb80f9f840377cb4 -X github.com/google/syzkaller/prog.gitRevisionDate=20251126-113115" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d6526ea3e6ad9081c902859bbb80f9f840377cb4\"
/usr/bin/ld: /tmp/ccoqPmtJ.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Tested on:
commit: 2061f18a Merge tag 'caps-pr-20251204' of git://git.ker..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=4ec6d85125e91f07
dashboard link: https://syzkaller.appspot.com/bug?extid=99f6ed51479b86ac4c41
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1497b01a580000
^ permalink raw reply [flat|nested] 6+ messages in thread
* [syzbot] [hfs?] memory leak in hfsplus_init_fs_context
@ 2025-12-05 5:38 syzbot
0 siblings, 0 replies; 6+ messages in thread
From: syzbot @ 2025-12-05 5:38 UTC (permalink / raw)
To: frank.li, glaubitz, linux-fsdevel, linux-kernel, slava,
syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: e69c7c175115 Merge tag 'timers_urgent_for_v6.18_rc8' of gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=116ffcb4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f30cc590c4f6da44
dashboard link: https://syzkaller.appspot.com/bug?extid=99f6ed51479b86ac4c41
compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10eef912580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1534c192580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e1758d9b5b79/disk-e69c7c17.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/772ec0d0a545/vmlinux-e69c7c17.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d905337ef02b/bzImage-e69c7c17.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/65bc76439748/mount_4.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+99f6ed51479b86ac4c41@syzkaller.appspotmail.com
BUG: memory leak
unreferenced object 0xffff8881287f8a00 (size 512):
comm "syz.0.17", pid 6072, jiffies 4294944858
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc aaf4239b):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4983 [inline]
slab_alloc_node mm/slub.c:5288 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:678
alloc_fs_context+0x214/0x430 fs/fs_context.c:315
do_new_mount fs/namespace.c:3698 [inline]
path_mount+0x93c/0x12e0 fs/namespace.c:4028
do_mount fs/namespace.c:4041 [inline]
__do_sys_mount fs/namespace.c:4229 [inline]
__se_sys_mount fs/namespace.c:4206 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4206
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881287f9a00 (size 512):
comm "syz.0.18", pid 6078, jiffies 4294944862
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc aaf4239b):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4983 [inline]
slab_alloc_node mm/slub.c:5288 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:678
alloc_fs_context+0x214/0x430 fs/fs_context.c:315
do_new_mount fs/namespace.c:3698 [inline]
path_mount+0x93c/0x12e0 fs/namespace.c:4028
do_mount fs/namespace.c:4041 [inline]
__do_sys_mount fs/namespace.c:4229 [inline]
__se_sys_mount fs/namespace.c:4206 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4206
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object 0xffff8881287f9c00 (size 512):
comm "syz.0.19", pid 6079, jiffies 4294944864
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc aaf4239b):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4983 [inline]
slab_alloc_node mm/slub.c:5288 [inline]
__kmalloc_cache_noprof+0x3a6/0x5b0 mm/slub.c:5766
kmalloc_noprof include/linux/slab.h:957 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
hfsplus_init_fs_context+0x26/0x90 fs/hfsplus/super.c:678
alloc_fs_context+0x214/0x430 fs/fs_context.c:315
do_new_mount fs/namespace.c:3698 [inline]
path_mount+0x93c/0x12e0 fs/namespace.c:4028
do_mount fs/namespace.c:4041 [inline]
__do_sys_mount fs/namespace.c:4229 [inline]
__se_sys_mount fs/namespace.c:4206 [inline]
__x64_sys_mount+0x1a2/0x1e0 fs/namespace.c:4206
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-12-05 19:06 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20251205075055.1400638-1-kartikey406@gmail.com>
2025-12-05 8:41 ` [syzbot] [hfs?] memory leak in hfsplus_init_fs_context syzbot
2025-12-06 0:09 [PATCH v1] hfsplus: fix memory leak on mount failure Swaraj Gaikwad
2025-12-05 19:06 ` [syzbot] [hfs?] memory leak in hfsplus_init_fs_context syzbot
[not found] <20251205144843.1757055-1-kartikey406@gmail.com>
2025-12-05 15:04 ` syzbot
[not found] <20251205124309.1754872-1-kartikey406@gmail.com>
2025-12-05 13:43 ` syzbot
[not found] <20251205062813.1398599-1-kartikey406@gmail.com>
2025-12-05 7:44 ` syzbot
-- strict thread matches above, loose matches on Subject: below --
2025-12-05 5:38 syzbot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox