Re: [syzbot] [bluetooth?] memory leak in init_srcu_struct_fields

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in init_srcu_struct_fields

BUG: memory leak
unreferenced object (percpu) 0x607e4db7f7c0 (size 384):
  comm "syz.0.17", pid 6615, jiffies 4294948617
  hex dump (first 32 bytes on cpu 1):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 593bdea7):
    pcpu_alloc_noprof+0x7c7/0xed0 mm/percpu.c:1956
    init_srcu_struct_fields+0x2eb/0x350 kernel/rcu/srcutree.c:224
    hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
    hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
    hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
    hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
    hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
    tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88810de8e800 (size 512):
  comm "syz.0.18", pid 6621, jiffies 4294948621
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 4c023471):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4613 [inline]
    slab_alloc_node mm/slub.c:4937 [inline]
    __kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5443
    _kmalloc_noprof include/linux/slab.h:969 [inline]
    _kzalloc_noprof include/linux/slab.h:1286 [inline]
    init_srcu_struct_fields+0x2c0/0x350 kernel/rcu/srcutree.c:207
    hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
    hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
    hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
    hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
    hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
    tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object (percpu) 0x607e4db7f940 (size 384):
  comm "syz.0.18", pid 6621, jiffies 4294948621
  hex dump (first 32 bytes on cpu 1):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 593bdea7):
    pcpu_alloc_noprof+0x7c7/0xed0 mm/percpu.c:1956
    init_srcu_struct_fields+0x2eb/0x350 kernel/rcu/srcutree.c:224
    hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
    hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
    hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
    hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
    hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
    tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88810de8fc00 (size 512):
  comm "syz.0.19", pid 6630, jiffies 4294948624
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc a013f5be):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4613 [inline]
    slab_alloc_node mm/slub.c:4937 [inline]
    __kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5443
    _kmalloc_noprof include/linux/slab.h:969 [inline]
    _kzalloc_noprof include/linux/slab.h:1286 [inline]
    init_srcu_struct_fields+0x2c0/0x350 kernel/rcu/srcutree.c:207
    hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
    hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
    hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
    hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
    hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
    tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object (percpu) 0x607e4db7fac0 (size 384):
  comm "syz.0.19", pid 6630, jiffies 4294948624
  hex dump (first 32 bytes on cpu 1):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 593bdea7):
    pcpu_alloc_noprof+0x7c7/0xed0 mm/percpu.c:1956
    init_srcu_struct_fields+0x2eb/0x350 kernel/rcu/srcutree.c:224
    hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
    hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
    hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
    hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
    hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
    tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
    vfs_ioctl fs/ioctl.c:51 [inline]
    __do_sys_ioctl fs/ioctl.c:597 [inline]
    __se_sys_ioctl fs/ioctl.c:583 [inline]
    __x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF


Tested on:

commit:         7da7f071 Add linux-next specific files for 20260529
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1395b36a580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3dd1e35bbd92239d
dashboard link: https://syzkaller.appspot.com/bug?extid=535ecc844591e50588a5
compiler:       gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch:          https://syzkaller.appspot.com/x/patch.diff?x=123de056580000