syzbot

 sign-in | mailing list | source | docs
🐞 Open [1464]
Subsystems
🐞 Fixed [6737]
🐞 Invalid [17313]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

memory leak in map_create

Status: upstream: reported C repro on 2025/11/16 12:03
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+cf08c551fecea9fd1320@syzkaller.appspotmail.com
First crash: 4d03h, last: 4d03h
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] bpf: Plug a potential exclusive map memory leak 1 (1) 2025/11/16 14:58
[syzbot] [bpf?] memory leak in map_create 1 (3) 2025/11/16 14:57
Last patch testing requests (1)
Created Duration User Patch Repo Result
2025/11/16 14:33 22m eadavis@qq.com patch upstream OK log

Sample crash report:
2025/11/12 11:58:15 executed programs: 5
BUG: memory leak
unreferenced object 0xffff888125a64000 (size 1024):
  comm "syz.0.17", pid 6096, jiffies 4294942817
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 7b9fb9b4):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    __do_kmalloc_node mm/slub.c:5649 [inline]
    __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656
    kmalloc_node_noprof include/linux/slab.h:987 [inline]
    __bpf_map_area_alloc+0x17a/0x1a0 kernel/bpf/syscall.c:395
    htab_map_alloc+0x67/0x950 kernel/bpf/hashtab.c:489
    map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512
    __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131
    __do_sys_bpf kernel/bpf/syscall.c:6259 [inline]
    __se_sys_bpf kernel/bpf/syscall.c:6257 [inline]
    __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object (percpu) 0x607e4d6674b0 (size 8):
  comm "syz.0.17", pid 6096, jiffies 4294942817
  hex dump (first 8 bytes on cpu 0):
    00 00 00 00 00 00 00 00                          ........
  backtrace (crc 0):
    pcpu_alloc_noprof+0x83a/0xd80 mm/percpu.c:1890
    bpf_map_alloc_percpu+0x7b/0x190 kernel/bpf/syscall.c:575
    bpf_map_init_elem_count include/linux/bpf.h:2532 [inline]
    htab_map_alloc+0x165/0x950 kernel/bpf/hashtab.c:527
    map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512
    __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131
    __do_sys_bpf kernel/bpf/syscall.c:6259 [inline]
    __se_sys_bpf kernel/bpf/syscall.c:6257 [inline]
    __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888125a64400 (size 1024):
  comm "syz.0.17", pid 6096, jiffies 4294942817
  hex dump (first 32 bytes):
    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 2cb93737):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    __do_kmalloc_node mm/slub.c:5649 [inline]
    __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656
    kmalloc_node_noprof include/linux/slab.h:987 [inline]
    __bpf_map_area_alloc+0x17a/0x1a0 kernel/bpf/syscall.c:395
    htab_map_alloc+0x18c/0x950 kernel/bpf/hashtab.c:532
    map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512
    __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131
    __do_sys_bpf kernel/bpf/syscall.c:6259 [inline]
    __se_sys_bpf kernel/bpf/syscall.c:6257 [inline]
    __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object (percpu) 0x607e4d6674b8 (size 208):
  comm "syz.0.17", pid 6096, jiffies 4294942817
  hex dump (first 32 bytes on cpu 0):
    e0 f7 2c 27 81 88 ff ff 00 00 00 00 00 00 00 00  ..,'............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc ee549e23):
    pcpu_alloc_noprof+0x83a/0xd80 mm/percpu.c:1890
    bpf_mem_alloc_init+0x2fe/0x540 kernel/bpf/memalloc.c:525
    htab_map_alloc+0x6ce/0x950 kernel/bpf/hashtab.c:579
    map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512
    __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131
    __do_sys_bpf kernel/bpf/syscall.c:6259 [inline]
    __se_sys_bpf kernel/bpf/syscall.c:6257 [inline]
    __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881272cf4e0 (size 96):
  comm "syz.0.17", pid 6096, jiffies 4294942817
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 0):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    __do_kmalloc_node mm/slub.c:5649 [inline]
    __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656
    kmalloc_node_noprof include/linux/slab.h:987 [inline]
    __alloc+0x92/0xd0 kernel/bpf/memalloc.c:155
    alloc_bulk+0x242/0x3a0 kernel/bpf/memalloc.c:246
    prefill_mem_cache kernel/bpf/memalloc.c:499 [inline]
    bpf_mem_alloc_init+0x471/0x540 kernel/bpf/memalloc.c:546
    htab_map_alloc+0x6ce/0x950 kernel/bpf/hashtab.c:579
    map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512
    __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131
    __do_sys_bpf kernel/bpf/syscall.c:6259 [inline]
    __se_sys_bpf kernel/bpf/syscall.c:6257 [inline]
    __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881272cf720 (size 96):
  comm "syz.0.17", pid 6096, jiffies 4294942817
  hex dump (first 32 bytes):
    e0 f4 2c 27 81 88 ff ff 00 00 00 00 00 00 00 00  ..,'............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 6bfb1ae8):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    __do_kmalloc_node mm/slub.c:5649 [inline]
    __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656
    kmalloc_node_noprof include/linux/slab.h:987 [inline]
    __alloc+0x92/0xd0 kernel/bpf/memalloc.c:155
    alloc_bulk+0x242/0x3a0 kernel/bpf/memalloc.c:246
    prefill_mem_cache kernel/bpf/memalloc.c:499 [inline]
    bpf_mem_alloc_init+0x471/0x540 kernel/bpf/memalloc.c:546
    htab_map_alloc+0x6ce/0x950 kernel/bpf/hashtab.c:579
    map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512
    __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131
    __do_sys_bpf kernel/bpf/syscall.c:6259 [inline]
    __se_sys_bpf kernel/bpf/syscall.c:6257 [inline]
    __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff8881272cf660 (size 96):
  comm "syz.0.17", pid 6096, jiffies 4294942817
  hex dump (first 32 bytes):
    20 f7 2c 27 81 88 ff ff 00 00 00 00 00 00 00 00   .,'............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc ebf498a1):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    __do_kmalloc_node mm/slub.c:5649 [inline]
    __kmalloc_node_noprof+0x3b4/0x6c0 mm/slub.c:5656
    kmalloc_node_noprof include/linux/slab.h:987 [inline]
    __alloc+0x92/0xd0 kernel/bpf/memalloc.c:155
    alloc_bulk+0x242/0x3a0 kernel/bpf/memalloc.c:246
    prefill_mem_cache kernel/bpf/memalloc.c:499 [inline]
    bpf_mem_alloc_init+0x471/0x540 kernel/bpf/memalloc.c:546
    htab_map_alloc+0x6ce/0x950 kernel/bpf/hashtab.c:579
    map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512
    __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131
    __do_sys_bpf kernel/bpf/syscall.c:6259 [inline]
    __se_sys_bpf kernel/bpf/syscall.c:6257 [inline]
    __x64_sys_bpf+0x22/0x30 kernel/bpf/syscall.c:6257
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/12 11:58 upstream 24172e0d7990 4e1406b4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-leak memory leak in map_create
* Struck through repros no longer work on HEAD.