From: syzbot <syzbot+535ecc844591e50588a5@syzkaller.appspotmail.com>
To: kartikey406@gmail.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [bluetooth?] memory leak in init_srcu_struct_fields
Date: Sat, 30 May 2026 17:13:01 -0700 [thread overview]
Message-ID: <6a1b7d0d.b111c304.35cd64.001c.GAE@google.com> (raw)
In-Reply-To: <20260530231803.97278-1-kartikey406@gmail.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
memory leak in init_srcu_struct_fields
BUG: memory leak
unreferenced object 0xffff88810de6f800 (size 512):
comm "syz.0.17", pid 6610, jiffies 4294948707
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 55438727):
kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
slab_post_alloc_hook mm/slub.c:4613 [inline]
slab_alloc_node mm/slub.c:4937 [inline]
__kmalloc_cache_noprof+0x371/0x480 mm/slub.c:5443
_kmalloc_noprof include/linux/slab.h:969 [inline]
_kzalloc_noprof include/linux/slab.h:1286 [inline]
init_srcu_struct_fields+0x2c0/0x350 kernel/rcu/srcutree.c:207
hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object (percpu) 0x607e4db7f740 (size 384):
comm "syz.0.17", pid 6610, jiffies 4294948707
hex dump (first 32 bytes on cpu 0):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 593bdea7):
pcpu_alloc_noprof+0x7c7/0xed0 mm/percpu.c:1956
init_srcu_struct_fields+0x2eb/0x350 kernel/rcu/srcutree.c:224
hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object (percpu) 0x607e4db7f8c0 (size 384):
comm "syz.0.18", pid 6619, jiffies 4294948711
hex dump (first 32 bytes on cpu 0):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 593bdea7):
pcpu_alloc_noprof+0x7c7/0xed0 mm/percpu.c:1956
init_srcu_struct_fields+0x2eb/0x350 kernel/rcu/srcutree.c:224
hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
BUG: memory leak
unreferenced object (percpu) 0x607e4db7fa40 (size 384):
comm "syz.0.19", pid 6624, jiffies 4294948716
hex dump (first 32 bytes on cpu 0):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 593bdea7):
pcpu_alloc_noprof+0x7c7/0xed0 mm/percpu.c:1956
init_srcu_struct_fields+0x2eb/0x350 kernel/rcu/srcutree.c:224
hci_alloc_dev_priv+0x37/0x680 net/bluetooth/hci_core.c:2416
hci_alloc_dev include/net/bluetooth/hci_core.h:1763 [inline]
hci_uart_register_dev drivers/bluetooth/hci_ldisc.c:672 [inline]
hci_uart_set_proto drivers/bluetooth/hci_ldisc.c:752 [inline]
hci_uart_tty_ioctl+0x173/0x460 drivers/bluetooth/hci_ldisc.c:806
tty_ioctl+0xaca/0xd60 drivers/tty/tty_io.c:2801
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__x64_sys_ioctl+0xf4/0x140 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xee/0x600 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF
Tested on:
commit: 7da7f071 Add linux-next specific files for 20260529
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14bf17a6580000
kernel config: https://syzkaller.appspot.com/x/.config?x=3dd1e35bbd92239d
dashboard link: https://syzkaller.appspot.com/bug?extid=535ecc844591e50588a5
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch: https://syzkaller.appspot.com/x/patch.diff?x=10cd7ed2580000
next parent reply other threads:[~2026-05-31 0:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260530231803.97278-1-kartikey406@gmail.com>
2026-05-31 0:13 ` syzbot [this message]
2026-05-31 15:27 [PATCH v2] Bluetooth: fix memory leak in error path of hci_alloc_dev() Bharath Reddy
2026-05-31 16:11 ` [syzbot] [bluetooth?] memory leak in init_srcu_struct_fields syzbot
-- strict thread matches above, loose matches on Subject: below --
2026-05-31 14:41 [PATCH] Bluetooth: fix memory leaks in error path of hci_alloc_dev() Bharath Reddy
2026-05-31 15:27 ` [syzbot] [bluetooth?] memory leak in init_srcu_struct_fields syzbot
2026-05-31 14:25 [PATCH] Bluetooth: fix memory leaks in error path of hci_alloc_dev() Bharath Reddy
2026-05-31 14:59 ` [syzbot] [bluetooth?] memory leak in init_srcu_struct_fields syzbot
[not found] <20260531001321.98695-1-kartikey406@gmail.com>
2026-05-31 1:19 ` syzbot
[not found] <20260530232001.97305-1-kartikey406@gmail.com>
2026-05-31 0:21 ` syzbot
2026-05-30 20:57 syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6a1b7d0d.b111c304.35cd64.001c.GAE@google.com \
--to=syzbot+535ecc844591e50588a5@syzkaller.appspotmail.com \
--cc=kartikey406@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.