Hello, We found the following error when fuzzing^1 the Linux kernel 6.10 and we are able to reproduce it. To our knowledge, this error has not been observed by SyzBot so we would like to report it for your reference. - Crash WARNING: CPU: 1 PID: 2687 at fs/namei.c:263 putname+0x114/0x140 linux-6.10/fs/namei.c:263 Modules linked in: CPU: 1 PID: 2687 Comm: syz-executor Not tainted 6.10.0 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:putname+0x114/0x140 linux-6.10/fs/namei.c:263 Code: 5d 41 5c 41 5d e9 8c 4b cc ff e8 87 4b cc ff 48 89 ee 4c 89 ef e8 fc 0d f5 ff 5b 5d 41 5c 41 5d e9 71 4b cc ff e8 6c 4b cc ff <0f> 0b eb d1 4c 89 e7 e8 30 9e fa ff e9 3a ff ff ff 48 c7 c7 b8 37 RSP: 0018:ffff88800b7dfe50 EFLAGS: 00010293 RAX: ffff88800c80c300 RBX: dffffc0000000000 RCX: ffffffff817771a5 RDX: 0000000000000000 RSI: ffffffff81777284 RDI: ffff888008a82210 RBP: ffff888008a82200 R08: 0000000000000001 R09: ffffed1001150443 R10: ffffed1001150442 R11: ffff888008a82213 R12: ffff888008a82210 R13: ffff888008a82200 R14: 00000000ffffff9c R15: ffff888007180128 FS: 0000555593f1ba00(0000) GS:ffff88806d300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f754e228d50 CR3: 0000000009bca003 CR4: 0000000000170ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> do_mkdirat+0x184/0x280 linux-6.10/fs/namei.c:4169 __do_sys_mkdir linux-6.10/fs/namei.c:4180 [inline] __se_sys_mkdir linux-6.10/fs/namei.c:4178 [inline] __x64_sys_mkdir+0x65/0x80 linux-6.10/fs/namei.c:4178 do_syscall_x64 linux-6.10/arch/x86/entry/common.c:52 [inline] do_syscall_64+0x4b/0x110 linux-6.10/arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f0e7fe1778b Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcacc14348 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f0e7fe1778b RDX: 00000000000000cb RSI: 00000000000001c0 RDI: 00007ffcacc145b0 RBP: 00007ffcacc145bc R08: 000000000000000d R09: 0000000000011dcc R10: 7fffffffffffffff R11: 0000000000000246 R12: 00007ffcacc145b0 R13: 00007f0e7feafec0 R14: 00007ffcacc14370 R15: 8421084210842109 </TASK> ---[ end trace 0000000000000000 ]--- - reproducer syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) syz_open_dev$usbmon(&(0x7f00000004c0), 0x0, 0x0) setxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$null(0xffffffffffffff9c, &(0x7f0000001180), 0x0, 0x0) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read(r0, &(0x7f0000000000), 0x2000) shutdown(0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) - kernel config https://drive.google.com/file/d/1LMJgfJPhTu78Cd2DfmDaRitF6cdxxcey/view?usp=sharing [^1] We used a customized Syzkaller but did not change the guest kernel or the hypervisor.
