From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-il1-f207.google.com (mail-il1-f207.google.com [209.85.166.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D77512116F6 for ; Sun, 16 Nov 2025 12:03:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.166.207 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763294609; cv=none; b=SJ5rK7buxooQ/RwK8PfV8ReV8g/BuXPs0uA7IaOsogFct4RRlbhcN9qPuA/+1NtfB3+YZ3FigJRig4GPv2nwQ+awNCIgPHXZ2hlOGdYl+UtRUPHCQoF0R1veBZ6QkQ66r1tkRc7sRmB4x9j01Cn5xyBNei5yJuWMxC3AeBGi9OY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763294609; c=relaxed/simple; bh=iU4fsQ6VXXIHVpCE7SngPaKYTBvhx61IcdoZtbiB49Y=; h=MIME-Version:Date:Message-ID:Subject:From:To:Content-Type; b=EEUp2whPhKcSnADhRCx+3SgE8n9dTMu7xw2obZihsKInnexD/9sCtOn9sXCDaXQiXoKGGf2sntYT0H95eceeyFr6Jnvxqsz1HoTMbrBZ9bM8ZL7uLo13RRbWj1XiQc5YvUWJmmX2TBlBOX7G0xp6txW/YlH/5AS6cwwFI9bWM3U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.166.207 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-il1-f207.google.com with SMTP id e9e14a558f8ab-43377f5ae6fso102814275ab.1 for ; Sun, 16 Nov 2025 04:03:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763294607; x=1763899407; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=4xxlYloHdXaJPlC5I1JghqAqnx4gwZzh/w0P3NgrzLo=; b=neH/T72vbXB6/NHDqbVlL6Il8mlfbl2/CA8beMmFsD3cwbb+XoIKqYz06yOfC+3h7G zlbPqo87LTMLpkkTWUnaTLSBPtNUNgWqQtpHjhiRu2LENurgff6e56b2uL+m8yYkdj2A mHs1ZRKq1m31HsmzqgwTJQJy8UOnGjBNRyb/IP3fTJl/5WS3Q/98QlgzL1k0r4IPTQ5Q 15/Y+BkzihFbbZwF57zI9a6tp7Nw78Xu2Tr5f0kXgRgFfncarj1d7HolbOCneN5+X0O5 Yzh1Ceg1HA5rzVOXZUUxQXNCp0CKQYxpCkOyPGKBKPFVztDKrMjuY6rcBg+yTWwk8N0g ZMxA== X-Forwarded-Encrypted: i=1; AJvYcCWWdNe+wBXGKtGyqQevL+Vm3+NyN3S+cIAIhoCEoD/LtSVX6ZRHWZ8oW0dD3bOf4DXqDJPmZWtVjbOAXQs=@vger.kernel.org X-Gm-Message-State: AOJu0Yws/5bhbiXsNY0BKc6NI8o0t1dCSwH+i0zeBiMsRh8kFRyLWutC TdDO1o94HoQ6nVQQkySWFoVjnJUXFYl/8f2HRNfA2oRALbwGAx7t80gDdTc8HNb7o4T8p4zoTbO /78caofe9Ql9jOSFN3gV5GcGXEQzueP8xOtMnZGhiuFLq2xvZjViY3oCXT2s= X-Google-Smtp-Source: AGHT+IGNMGx8OKBT12rjDmZ3AJAHp6nFJx0sXbrMN46ekGRzNV1mRfte+JKDBeVsa21ZNqFliC9GhwPUmsHQPLJ3MCUpQwbKim6Q Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6e02:188b:b0:433:68f0:bdbe with SMTP id e9e14a558f8ab-4348c93d4dbmr143149585ab.31.1763294607028; Sun, 16 Nov 2025 04:03:27 -0800 (PST) Date: Sun, 16 Nov 2025 04:03:27 -0800 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <6919bd8f.a70a0220.3124cb.007d.GAE@google.com> Subject: [syzbot] [bpf?] memory leak in map_create From: syzbot To: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, eddyz87@gmail.com, haoluo@google.com, john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org, linux-kernel@vger.kernel.org, martin.lau@linux.dev, sdf@fomichev.me, song@kernel.org, syzkaller-bugs@googlegroups.com, yonghong.song@linux.dev Content-Type: text/plain; charset="UTF-8" Hello, syzbot found the following issue on: HEAD commit: 24172e0d7990 Merge tag 'arm64-fixes' of git://git.kernel.o.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=17818692580000 kernel config: https://syzkaller.appspot.com/x/.config?x=cb128cd5cb439809 dashboard link: https://syzkaller.appspot.com/bug?extid=cf08c551fecea9fd1320 compiler: gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17a64658580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ac3c12580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ded911fa4408/disk-24172e0d.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/a1f3e61cb784/vmlinux-24172e0d.xz kernel image: https://storage.googleapis.com/syzbot-assets/b92fd0e25cb7/bzImage-24172e0d.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+cf08c551fecea9fd1320@syzkaller.appspotmail.com 2025/11/12 11:58:15 executed programs: 5 BUG: memory leak unreferenced object 0xffff888125a64000 (size 1024): comm "syz.0.17", pid 6096, jiffies 4294942817 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 7b9fb9b4): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4983 [inline] slab_alloc_node mm/slub.c:5288 [inline] __do_kmalloc_node mm/slub.c:5649 [inline] __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656 kmalloc_node_noprof include/linux/slab.h:987 [inline] __bpf_map_area_alloc+0x17a/0x1a0 kernel/bpf/syscall.c:395 htab_map_alloc+0x67/0x950 kernel/bpf/hashtab.c:489 map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 __do_sys_bpf kernel/bpf/syscall.c:6259 [inline] __se_sys_bpf kernel/bpf/syscall.c:6257 [inline] __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object (percpu) 0x607e4d6674b0 (size 8): comm "syz.0.17", pid 6096, jiffies 4294942817 hex dump (first 8 bytes on cpu 0): 00 00 00 00 00 00 00 00 ........ backtrace (crc 0): pcpu_alloc_noprof+0x83a/0xd80 mm/percpu.c:1890 bpf_map_alloc_percpu+0x7b/0x190 kernel/bpf/syscall.c:575 bpf_map_init_elem_count include/linux/bpf.h:2532 [inline] htab_map_alloc+0x165/0x950 kernel/bpf/hashtab.c:527 map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 __do_sys_bpf kernel/bpf/syscall.c:6259 [inline] __se_sys_bpf kernel/bpf/syscall.c:6257 [inline] __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888125a64400 (size 1024): comm "syz.0.17", pid 6096, jiffies 4294942817 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 2cb93737): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4983 [inline] slab_alloc_node mm/slub.c:5288 [inline] __do_kmalloc_node mm/slub.c:5649 [inline] __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656 kmalloc_node_noprof include/linux/slab.h:987 [inline] __bpf_map_area_alloc+0x17a/0x1a0 kernel/bpf/syscall.c:395 htab_map_alloc+0x18c/0x950 kernel/bpf/hashtab.c:532 map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 __do_sys_bpf kernel/bpf/syscall.c:6259 [inline] __se_sys_bpf kernel/bpf/syscall.c:6257 [inline] __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object (percpu) 0x607e4d6674b8 (size 208): comm "syz.0.17", pid 6096, jiffies 4294942817 hex dump (first 32 bytes on cpu 0): e0 f7 2c 27 81 88 ff ff 00 00 00 00 00 00 00 00 ..,'............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ee549e23): pcpu_alloc_noprof+0x83a/0xd80 mm/percpu.c:1890 bpf_mem_alloc_init+0x2fe/0x540 kernel/bpf/memalloc.c:525 htab_map_alloc+0x6ce/0x950 kernel/bpf/hashtab.c:579 map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 __do_sys_bpf kernel/bpf/syscall.c:6259 [inline] __se_sys_bpf kernel/bpf/syscall.c:6257 [inline] __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881272cf4e0 (size 96): comm "syz.0.17", pid 6096, jiffies 4294942817 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4983 [inline] slab_alloc_node mm/slub.c:5288 [inline] __do_kmalloc_node mm/slub.c:5649 [inline] __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656 kmalloc_node_noprof include/linux/slab.h:987 [inline] __alloc+0x92/0xd0 kernel/bpf/memalloc.c:155 alloc_bulk+0x242/0x3a0 kernel/bpf/memalloc.c:246 prefill_mem_cache kernel/bpf/memalloc.c:499 [inline] bpf_mem_alloc_init+0x471/0x540 kernel/bpf/memalloc.c:546 htab_map_alloc+0x6ce/0x950 kernel/bpf/hashtab.c:579 map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 __do_sys_bpf kernel/bpf/syscall.c:6259 [inline] __se_sys_bpf kernel/bpf/syscall.c:6257 [inline] __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881272cf720 (size 96): comm "syz.0.17", pid 6096, jiffies 4294942817 hex dump (first 32 bytes): e0 f4 2c 27 81 88 ff ff 00 00 00 00 00 00 00 00 ..,'............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 6bfb1ae8): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4983 [inline] slab_alloc_node mm/slub.c:5288 [inline] __do_kmalloc_node mm/slub.c:5649 [inline] __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656 kmalloc_node_noprof include/linux/slab.h:987 [inline] __alloc+0x92/0xd0 kernel/bpf/memalloc.c:155 alloc_bulk+0x242/0x3a0 kernel/bpf/memalloc.c:246 prefill_mem_cache kernel/bpf/memalloc.c:499 [inline] bpf_mem_alloc_init+0x471/0x540 kernel/bpf/memalloc.c:546 htab_map_alloc+0x6ce/0x950 kernel/bpf/hashtab.c:579 map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 __do_sys_bpf kernel/bpf/syscall.c:6259 [inline] __se_sys_bpf kernel/bpf/syscall.c:6257 [inline] __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881272cf660 (size 96): comm "syz.0.17", pid 6096, jiffies 4294942817 hex dump (first 32 bytes): 20 f7 2c 27 81 88 ff ff 00 00 00 00 00 00 00 00 .,'............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ebf498a1): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4983 [inline] slab_alloc_node mm/slub.c:5288 [inline] __do_kmalloc_node mm/slub.c:5649 [inline] __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656 kmalloc_node_noprof include/linux/slab.h:987 [inline] __alloc+0x92/0xd0 kernel/bpf/memalloc.c:155 alloc_bulk+0x242/0x3a0 kernel/bpf/memalloc.c:246 prefill_mem_cache kernel/bpf/memalloc.c:499 [inline] bpf_mem_alloc_init+0x471/0x540 kernel/bpf/memalloc.c:546 htab_map_alloc+0x6ce/0x950 kernel/bpf/hashtab.c:579 map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 __do_sys_bpf kernel/bpf/syscall.c:6259 [inline] __se_sys_bpf kernel/bpf/syscall.c:6257 [inline] __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup