Re: [BUG] bpf: Tracing progs on the stack save subtree can result in OOM

Next message: Kevin Hilman: "Re: [PATCH v2 2/2] ARM: dts: ti: var-som-om44: Add USB Ethernet controller node"
Previous message: Niklas S&#xF6;derlund: "[net-next 1/3] dt-bindings: ptp: renesas,rcar-gen4-gptp: Add binding for R-Car Gen4"
In reply to: Mahnur A: "[BUG] bpf: Tracing progs on the stack save subtree can result in OOM"
Next in thread: Mahnur A: "Re: [BUG] bpf: Tracing progs on the stack save subtree can result in OOM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexei Starovoitov

Date: Tue Jun 09 2026 - 18:07:18 EST

On Tue Jun 9, 2026 at 10:04 AM PDT, Mahnur A wrote:
> Hi,
>
> I hit the following case on the current mainline kernel (7.1-rc7)
>
> BPF tracing programs that allocate something and have a deferred-free for it:
> Attached to any function in the stack save / unwind result in OOM.
>
>
> KASAN, slub_debug etc. all save a stack on every alloc/free.
> An example bpf program updates a map element,
> before lookup and retrieval of the timer object.
> It then calls bpf_timer_init().
> If this happens at every alloc/free event,
> a new timer object gets allocated with every map element update,
> while the previous one is deferred-free (via kfree_rcu).

It's a known design constraint.
A bunch of things in the kernel need call_rcu().
bpf is not immune to such requirements.