syzbot

 sign-in | mailing list | source | docs
🐞 Open [1457]
Subsystems
🐞 Fixed [6739]
🐞 Invalid [17334]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

memory leak in do_timer_create

Status: upstream: reported C repro on 2025/11/13 04:26
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+9c47ad18f978d4394986@syzkaller.appspotmail.com
Fix commit: e0fd4d42e27f posix-timers: Plug potential memory leak in do_timer_create()
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-snapshot-upstream-root ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-usb]
First crash: 5d18h, last: 5d18h
Discussions (4)
Title Replies (including bot) Last reply
[PATCH v2] posix-timers: Fix potential memory leak in do_timer_create() 3 (3) 2025/11/14 16:02
[PATCH] posix-timers: Plug a potential memory leak 1 (1) 2025/11/14 13:29
[PATCH] posix-timers: Fix potential memory leak in do_timer_create() 3 (3) 2025/11/14 11:53
[syzbot] [kernel?] memory leak in do_timer_create 0 (4) 2025/11/14 04:17
Last patch testing requests (3)
Created Duration User Patch Repo Result
2025/11/14 04:17 29m eslam.medhat1993@gmail.com patch upstream OK log
2025/11/14 03:54 13m eslam.medhat1993@gmail.com patch upstream error
2025/11/14 01:20 35m eslam.medhat1993@gmail.com patch upstream report log

Sample crash report:
2025/11/12 09:47:51 executed programs: 5
BUG: memory leak
unreferenced object 0xffff888108465800 (size 384):
  comm "syz.0.17", pid 6100, jiffies 4294944668
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 1025e73e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
    alloc_posix_timer kernel/time/posix-timers.c:429 [inline]
    do_timer_create+0xe0/0x800 kernel/time/posix-timers.c:478
    __do_sys_timer_create kernel/time/posix-timers.c:584 [inline]
    __se_sys_timer_create kernel/time/posix-timers.c:573 [inline]
    __x64_sys_timer_create+0xdb/0xf0 kernel/time/posix-timers.c:573
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881084a0000 (size 384):
  comm "syz.0.18", pid 6104, jiffies 4294944670
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 63c47fd0):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
    alloc_posix_timer kernel/time/posix-timers.c:429 [inline]
    do_timer_create+0xe0/0x800 kernel/time/posix-timers.c:478
    __do_sys_timer_create kernel/time/posix-timers.c:584 [inline]
    __se_sys_timer_create kernel/time/posix-timers.c:573 [inline]
    __x64_sys_timer_create+0xdb/0xf0 kernel/time/posix-timers.c:573
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881084a0180 (size 384):
  comm "syz.0.19", pid 6107, jiffies 4294944671
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc d769495f):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
    alloc_posix_timer kernel/time/posix-timers.c:429 [inline]
    do_timer_create+0xe0/0x800 kernel/time/posix-timers.c:478
    __do_sys_timer_create kernel/time/posix-timers.c:584 [inline]
    __se_sys_timer_create kernel/time/posix-timers.c:573 [inline]
    __x64_sys_timer_create+0xdb/0xf0 kernel/time/posix-timers.c:573
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888108464600 (size 384):
  comm "syz.0.20", pid 6127, jiffies 4294945201
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc a3c907e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
    alloc_posix_timer kernel/time/posix-timers.c:429 [inline]
    do_timer_create+0xe0/0x800 kernel/time/posix-timers.c:478
    __do_sys_timer_create kernel/time/posix-timers.c:584 [inline]
    __se_sys_timer_create kernel/time/posix-timers.c:573 [inline]
    __x64_sys_timer_create+0xdb/0xf0 kernel/time/posix-timers.c:573
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881084a0300 (size 384):
  comm "syz.0.21", pid 6128, jiffies 4294945201
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc bb0da4da):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
    alloc_posix_timer kernel/time/posix-timers.c:429 [inline]
    do_timer_create+0xe0/0x800 kernel/time/posix-timers.c:478
    __do_sys_timer_create kernel/time/posix-timers.c:584 [inline]
    __se_sys_timer_create kernel/time/posix-timers.c:573 [inline]
    __x64_sys_timer_create+0xdb/0xf0 kernel/time/posix-timers.c:573
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/12 09:48 upstream 24172e0d7990 4e1406b4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in do_timer_create
* Struck through repros no longer work on HEAD.