From nobody Sat Feb 7 13:41:26 2026 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F80913B7A3 for ; Thu, 25 Dec 2025 06:34:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766644455; cv=none; b=C/GvDNHrPdVDwE+vn1HJGU9jtQGSR6e+xS2B9pPlS4kmykdJIO5hSoq+S4L101PJvvspJM2MzZ9IQo5YcaOB2NQuCpUuat8wX+Wn1+7hu1lzw7L/+iNnoR91enzTcld5RQ9wjLgrinj12z7crCeOia0zpsVHkpb/RrffCwVt++w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766644455; c=relaxed/simple; bh=pTWub1wm6+YOwgTT62/BfAKG3yOfsN3gpjW71MdZj3E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=rG7d07GY54iv7W2fwvzeHlJWduvTEvvffwv7C0GDdpYruIiY/Hcd9yvZuIF2Yaa8VA0XucgjQdnED27CiKbicUNBxaA/91pjlleupBJo7VWaXL//Pi6/HlKYi/EnQsdEUFzw3hCrpiXLXHkOqXVLK9Zj0IN0b70w9cxZl1Csoyk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HvMMpzu8; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HvMMpzu8" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2a1388cdac3so60356575ad.0 for ; Wed, 24 Dec 2025 22:34:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766644453; x=1767249253; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=OMv12N6Z7QdXIVFJNcbnUr2FQCD/anI5DuLaDa7CSFo=; b=HvMMpzu8Y2TMb0LTh2pjqh25x70RKEp3Mqfrkzlxo9HmoUgQyP2EPYj8iFOKN4wglE A5WdUN/BwO9ylSHfrsVzTLslU57fWdOzwt6QMvrnqavahFs14shVmk9YAkUzKwWrDddw 97tg+Z7xN1QpL1kFXCamdAdfl3DlCtBNmtoyxStmX9oAoXcbJHu/cv3MSasg8BPueiDi zGhKUjrtaePmkUjsL+jp6Zt2AJMVdn1H4UAAEtYnhCYg4iJB4jjrKQP7U8fpg/hmZeXz s1AYQ6YbM1w1vx6jXm8evwrLHsXtAq/uoSSNHXdfkQVWWHcvS/GelO3u8ObLw90jC208 NizQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766644453; x=1767249253; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=OMv12N6Z7QdXIVFJNcbnUr2FQCD/anI5DuLaDa7CSFo=; b=OjhhtMXfGSKTYsb6MdYnoZ9+S6jN3EO+Ut8ZREoGK567NxEHk/L1UpmbcGuDW5iJ8N 5R2sJy6ZuhfA041gGuiHBTyOINxWP5WYlbkDQ29vuf3rp6HTJ1mQtmVxSjr+PVKz5M2E ps2Fv08/P4zC6MvUeR8kovgmilsxKj9Fke5ZYsv6mUjZD02E364JrUUKs+rBUPH/F770 kTLqHqrkXr/C5gmipUDxXLhVt0mP2aB5cqX/fCLdGlJmMDjBSt7YmHcpxWtn0Q2MyrYE nZDEu2M0nW0GVXqhV4EteyflGzhwAIJbXxU40jmBmt2IXb0yd1spKaHpIdf2khl/NNqa +AKQ== X-Forwarded-Encrypted: i=1; AJvYcCXHW6wXqXkzctFd1dUKnb/FGUuymQW92xkjf02NBwRVl/YvpZwmUYUi6FjKnTIbCuZvGIHfbN4PyKBC+d4=@vger.kernel.org X-Gm-Message-State: AOJu0YyzYbomSvtMaNhCcn2939jfx01OIc05+QqFyq/rvSWwEmClcp0h 0uz2NKz7GQC7tUhHD5gblm3NVWaSjtsVa6DM2VSZUY8yneGPV1FsOxiH X-Gm-Gg: AY/fxX7xxu/8Y3poQWAfX+W0+kUgt4zB0806iGKnkZzJ0kphXpP54K9+7/DzVybXjUP uYeYYzLB1lcV1P1Y/FO9y2ih1h2kJQTlDAZh/1j76KtZebXGgI4xiy+ortHea13wn0KvDQ3zyHv fzBYNZION6Pm6ojALkJ9MbhO83FKjre8GDcFYULX3LHz3y1jnRvIIQ3UWY2qpJnCg+wFDf625VS eqxVacGBAnCD9+MgGUJczHcoXdsbfy3M0/Pvh5VhcBs1x9Bjfwb/Fof+oVy1sj1in/o50QHr3dU LksCKeUCZO0V5zjbtKQ6boDyj8heZdkFoO7Ylgty44wjjfegFLy3JXAS3FQ5dPVXem2H+Fhvg9w GUZpp8/t2fkZD0JDpijzR72sBSlamhQ+j4efNfNm+QOllIqBg6PbEp4SqhWahrwn/koULBUfLxa NU4ssnEKeXdhrt22x6l/GSg4akRTVf X-Google-Smtp-Source: AGHT+IFx0tk9ytMvmJKYaOSglMaTl8EMF2q6AFP1CjeCN6tQ8HgdzQxtnWndoHZS4n0yWdBkn8zNew== X-Received: by 2002:a17:902:e74b:b0:299:e215:f61e with SMTP id d9443c01a7336-2a2f2a34fadmr199291485ad.36.1766644452765; Wed, 24 Dec 2025 22:34:12 -0800 (PST) Received: from localhost.localdomain ([111.125.235.126]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3d4cb48sm174073575ad.64.2025.12.24.22.34.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Dec 2025 22:34:12 -0800 (PST) From: Prithvi Tambewagh To: syzbot+00e61c43eb5e4740438f@syzkaller.appspotmail.com, axboe@kernel.dk, brauner@kernel.org, jack@suse.cz, viro@zeniv.linux.org.uk Cc: io-uring@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Prithvi Tambewagh Subject: Syzbot test for v2: io_uring: fix filename leak in __io_openat_prep() Date: Thu, 25 Dec 2025 12:04:02 +0530 Message-Id: <20251225063402.19684-1-activprithvi@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <694bcb49.050a0220.35954c.001a.GAE@google.com> References: <694bcb49.050a0220.35954c.001a.GAE@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" #syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git = b927546677c876e26eba308550207c2ddf812a43 Signed-off-by: Prithvi Tambewagh Reported-by: syzbot+00e61c43eb5e4740438f@syzkaller.appspotmail.com Tested-by: syzbot+00e61c43eb5e4740438f@syzkaller.appspotmail.com --- io_uring/openclose.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/io_uring/openclose.c b/io_uring/openclose.c index bfeb91b31bba..15dde9bd6ff6 100644 --- a/io_uring/openclose.c +++ b/io_uring/openclose.c @@ -73,13 +73,13 @@ static int __io_openat_prep(struct io_kiocb *req, const= struct io_uring_sqe *sqe open->filename =3D NULL; return ret; } + req->flags |=3D REQ_F_NEED_CLEANUP; =20 open->file_slot =3D READ_ONCE(sqe->file_index); if (open->file_slot && (open->how.flags & O_CLOEXEC)) return -EINVAL; =20 open->nofile =3D rlimit(RLIMIT_NOFILE); - req->flags |=3D REQ_F_NEED_CLEANUP; if (io_openat_force_async(open)) req->flags |=3D REQ_F_FORCE_ASYNC; return 0; base-commit: b927546677c876e26eba308550207c2ddf812a43 --=20 2.34.1