From nobody Sun Feb 8 05:28:50 2026 Received: from out203-205-221-205.mail.qq.com (out203-205-221-205.mail.qq.com [203.205.221.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E6B901E7C18 for ; Sun, 16 Nov 2025 14:58:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=203.205.221.205 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763305107; cv=none; b=doi9wWKeBgoeEQBNzyBi+qaS/arK5kePct/MSmDXqQ0ejNXcJXcMI2iPNv/Zevl4NPralad4LV63aetZa9fyYok3ELLR/nphGJxmY8S7xzcKcOwTBhpu5cjOPIq+BFqc0xOphrTO8wWFKjm79lE68UjMBWmyo4/zdj/H/Msy8Ao= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1763305107; c=relaxed/simple; bh=sDLWQB1chOnQ+OXFkW8rsNT/cW1nZdopWnWP4PoVKB4=; h=Message-ID:From:To:Cc:Subject:Date:In-Reply-To:References: MIME-Version; b=SUxMlM9cGv3vagxM3sg/g9qakQI1DTy+zPCriK8pwN4MqXN+eqZh9IRSUa5ox9AKaeG8ZVp39FKmUIdYzIAKXgAZXvb6DPOMvPiUUzT2J7lTNGjm2PVxnMuptUCdYsbZLDOXZ1LxiuCRNznm7jeSplQT4EOqs1Tn4GcqtsnMdzw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com; spf=pass smtp.mailfrom=qq.com; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b=EbyHrP1l; arc=none smtp.client-ip=203.205.221.205 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="EbyHrP1l" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1763305096; bh=UClAcNxcWUrwNakyC1v8MBC40xhrBlUFaVXLPYMUnr4=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=EbyHrP1lrmvTIQWcRGStqqN7I4Wv95OJA1hjcQD/tbaIH2x+HeM+zs1U5d6SMZ68S kdxOQJvewDrf558V6YeozJBWZOgz+Bu4zQ1nJAvPKOuzbSI7UJEQEhANGYgbCoea4i hlBB3+cprUueu/kj7bhSRcBzJkCrl030Cb9OAH1Q= Received: from lxu-ped-host.. ([111.201.7.117]) by newxmesmtplogicsvrsza36-0.qq.com (NewEsmtp) with SMTP id E8C9BCB4; Sun, 16 Nov 2025 22:58:12 +0800 X-QQ-mid: xmsmtpt1763305092tbh6zvk9v Message-ID: X-QQ-XMAILINFO: MDbayGdXPuoemJsVEB6ryQkkB0ir3RrhBULE99wMSjaQGh8vIT4I4eUB+BBI7E gr9+BBcrYUX+uSKVU/4PN6PFpQBMirC3+L1lUsTVX+3M0SsPGknh3220KSlzxuXy3wVn+acaAKdL ydnZYkiW2+RnFxFYEcXvkHuA2IPljBJAKfS2YXUMXleWwdSWeozShccoOmszokuZpA79ue2mbOgj /f2hMO9o9fh90m+HCdJdMyQ5KmOn1Xhfz2ZlInT/uK6NrMwttkXrDzqhR1vpnBkkGM3MAbs25BX2 3zDMa/MJSRAr18bKe1D95mJR78ZEH9WEzx4BEvHVOWfy9NGqWmKOnnhrVxlFfG2IClE+WW5Gi07V /X6Dj8XFC2AdxYiHYr0DoxNZKin4yrQ2TWhxFKzCk0v/J13Po3/62Ud22BYS8fXsQjC/ts1Vsw6R OcC8/G1Zje60fc2BgmfRht8UeQ1Ly0ZsH7eWLqpT43Cb6eXG7SFv9blZ+duw1xwmDo+3a7suA9jK dSNhiuh9UY136aY2eClOEL20gqXzAw7SIQlk+VBlC0J0Tl1qzJH0h9VP1gQsl9dAtEnqcyd8tNAy cKdwHA5h1WATqDXDx2KGr4vMoDTJOyJpmqAvhq1gKbXWRFNuGE5Bd/aSlyUKAh56Scao3xTVMuna PDEWj2x9ywHMk2tIkEYnx54Ktm99alZktG+8ICHiDfAfXSUv8PtbIOM0ucRyfiv0FCQyAlAICQSS z1Z3FvyINsLAl9rH/sb1qDDaQOC4rYRpxklvfdOHsjWUfbwAMTvDXCjZ9mqh4dIWxB9DGQdJ7GPu hfSafXIBZPJdQTnaOhrPga10IxoG2O4cnSzuD6aN4WUKwnX6mUeYK1KZjl8msmEOW2lwUvtOwcaZ BgxS1Rtpj1CWNggiW4IeGMwVx1EHhbXxWkbTZbTccSmWL32J9jPeDMvcc5PcqJautjOGxFCkje3/ +r8qty0K9dkfjlxTZ19TqS4AI8vV3DRXwFx1kw/CmOBWjUm7FIJ/QuPGy4fymHc6mY3DzLffH8rw oi7sltsw== X-QQ-XMRINFO: Nq+8W0+stu50PRdwbJxPCL0= From: Edward Adam Davis To: syzbot+cf08c551fecea9fd1320@syzkaller.appspotmail.com Cc: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, eddyz87@gmail.com, haoluo@google.com, john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org, linux-kernel@vger.kernel.org, martin.lau@linux.dev, sdf@fomichev.me, song@kernel.org, syzkaller-bugs@googlegroups.com, yonghong.song@linux.dev Subject: [PATCH] bpf: Plug a potential exclusive map memory leak Date: Sun, 16 Nov 2025 22:58:13 +0800 X-OQ-MSGID: <20251116145812.64225-2-eadavis@qq.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <6919bd8f.a70a0220.3124cb.007d.GAE@google.com> References: <6919bd8f.a70a0220.3124cb.007d.GAE@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak problem reported by syzbot [1].=20 syzbot reported: BUG: memory leak backtrace (crc 7b9fb9b4): map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 Fixes: baefdbdf6812 ("bpf: Implement exclusive map creation") Reported-by: syzbot+cf08c551fecea9fd1320@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3Dcf08c551fecea9fd1320 Tested-by: syzbot+cf08c551fecea9fd1320@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis Acked-by: Yonghong Song --- kernel/bpf/syscall.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 8a129746bd6c..aa0979e8de15 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -1585,7 +1585,8 @@ static int map_create(union bpf_attr *attr, bpfptr_t = uattr) goto free_map; } } else if (attr->excl_prog_hash_size) { - return -EINVAL; + err =3D -EINVAL; + goto free_map; } =20 err =3D security_bpf_map_create(map, attr, token, uattr.is_kernel); --=20 2.43.0