From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B2B63321AC for ; Fri, 19 Dec 2025 15:44:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766159099; cv=none; b=lGm3XvW3fkPC5ehx1I1xnJrebGhBw1hga7I3DANP6urZQ0Ez5vkHdOWlW24gzcQUXbdjmcGEWfdwRvFTfGaDBrHJQOf+FntgO9wwXDdCTdp87YgCaMxS7fNnW1bSR3A80jgNKNzrqpJEbewCE2YknCr66P6T9m1GzD9LXu3xKm0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766159099; c=relaxed/simple; bh=VOfMmC48jgQIxw09jjesIDsIWzGdGKDqTvZqkiZMYWM=; h=Mime-Version:Content-Type:Date:Message-Id:From:Subject:Cc:To: References:In-Reply-To; b=AQwQYMg8if7PCEU65iaAhT3ggZbcNQ32Vnqi7201AK9p6oO0Q0xOMt+Ev3xcQFOBovdQ7w6xYYfqbk3h9x8NTPXx956uLfmVXKqX7eOi80APEMJSRcTyt6FeIUKMC6t2FJtfzjGRbzyP6zk9V785j+aw/5hSM9xl4m3R2Cn5OHc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=XScaU23t; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="XScaU23t" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 30C7CC4CEF1; Fri, 19 Dec 2025 15:44:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1766159098; bh=VOfMmC48jgQIxw09jjesIDsIWzGdGKDqTvZqkiZMYWM=; h=Date:From:Subject:Cc:To:References:In-Reply-To:From; b=XScaU23tE0GzlTtp9jTs6QOhdq7vu9rKZmMVaCP6Za9gVYlDKf7oA75bIz1O//8RM BjP3zqyZ8o02nVVgNFOCXaOf2ouHdTnXpLDcp7LRQ9jsc/sht8jLOYhskx4T6BeXUV u0DtjrjKziezNglJ9usXreECa+8h9GI1ufm9YZYnmlpePpuAP1W9pmyllJGMDAxuFf xF2+WCQNNOree7/NyJl8GJ1bg88+YR28OksegLjaB5acpmVzUOjSdVotZqT1iXRx65 jBn/GlmFlOU+Dz5qgo2sRSuGQ7krHkVvloJbBNK4MWX/DQxyNxEyyA7j8qfKaVWYW+ yGNMlQPKA5nQg== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 19 Dec 2025 16:44:55 +0100 Message-Id: From: "Danilo Krummrich" Subject: Re: [PATCH] debugfs: Fix memleak in debugfs_change_name(). Cc: "Greg Kroah-Hartman" , "Rafael J. Wysocki" , "Christian Brauner" , "NeilBrown" , "Kuniyuki Iwashima" , , To: "Kuniyuki Iwashima" References: <20251208094551.46184-1-kuniyu@google.com> In-Reply-To: <20251208094551.46184-1-kuniyu@google.com> On Mon Dec 8, 2025 at 10:45 AM CET, Kuniyuki Iwashima wrote: > syzbot reported memleak in debugfs_change_name(). [0] > > When lookup_noperm_unlocked() fails, new_name is leaked. > > Let's fix it by reusing to kfree_const() at the end of > debugfs_change_name(). > > [0]: > BUG: memory leak > unreferenced object 0xffff8881110bb308 (size 8): > comm "syz.0.17", pid 6090, jiffies 4294942958 > hex dump (first 8 bytes): > 2e 00 00 00 00 00 00 00 ........ > backtrace (crc ecfc7064): > kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] > slab_post_alloc_hook mm/slub.c:4953 [inline] > slab_alloc_node mm/slub.c:5258 [inline] > __do_kmalloc_node mm/slub.c:5651 [inline] > __kmalloc_node_track_caller_noprof+0x3b2/0x670 mm/slub.c:5759 > __kmemdup_nul mm/util.c:64 [inline] > kstrdup+0x3c/0x80 mm/util.c:84 > kstrdup_const+0x63/0x80 mm/util.c:104 > kvasprintf_const+0xca/0x110 lib/kasprintf.c:48 > debugfs_change_name+0xf6/0x5d0 fs/debugfs/inode.c:854 > cfg80211_dev_rename+0xd8/0x110 net/wireless/core.c:149 > nl80211_set_wiphy+0x102/0x1770 net/wireless/nl80211.c:3844 > genl_family_rcv_msg_doit+0x11e/0x190 net/netlink/genetlink.c:1115 > genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] > genl_rcv_msg+0x2fd/0x440 net/netlink/genetlink.c:1210 > netlink_rcv_skb+0x93/0x1d0 net/netlink/af_netlink.c:2550 > genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 > netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] > netlink_unicast+0x3a3/0x4f0 net/netlink/af_netlink.c:1344 > netlink_sendmsg+0x335/0x6b0 net/netlink/af_netlink.c:1894 > sock_sendmsg_nosec net/socket.c:718 [inline] > __sock_sendmsg net/socket.c:733 [inline] > ____sys_sendmsg+0x562/0x5a0 net/socket.c:2608 > ___sys_sendmsg+0xc8/0x130 net/socket.c:2662 > __sys_sendmsg+0xc7/0x140 net/socket.c:2694 > > Fixes: 833d2b3a072f7 ("Add start_renaming_two_dentries()") > Reported-by: syzbot+3d7ca9c802c547f8550a@syzkaller.appspotmail.com > Closes: https://lore.kernel.org/all/69369d82.a70a0220.38f243.009f.GAE@goo= gle.com/ > Signed-off-by: Kuniyuki Iwashima Applied to driver-core-linus, thanks! [ Fix minor typo in commit message. - Danilo ]