memory leak in get_device

memory leak in get_device_parent
Status: upstream: reported C repro on 2019/05/28 00:48
Reported-by: syzbot+02e97e2ad931a981e568@syzkaller.appspotmail.com
First crash: 650d, last: 613d
Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/09/26 15:43	15m	dvyukov@google.com		upstream	OK
2020/09/23 20:38	3m	anant.thazhemadam@gmail.com		upstream	error
Sample crash report:
BUG: memory leak
unreferenced object 0xffff88811a651100 (size 96):
  comm "syz-executor641", pid 7039, jiffies 4294941459 (age 18.370s)
  hex dump (first 32 bytes):
    10 f0 e8 83 ff ff ff ff 08 11 65 1a 81 88 ff ff  ..........e.....
    08 11 65 1a 81 88 ff ff 00 00 00 00 00 00 00 00  ..e.............
  backtrace:
    [<000000005c658974>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000005c658974>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000005c658974>] slab_alloc mm/slab.c:3326 [inline]
    [<000000005c658974>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<000000005e7ecadb>] kmalloc include/linux/slab.h:547 [inline]
    [<000000005e7ecadb>] kzalloc include/linux/slab.h:742 [inline]
    [<000000005e7ecadb>] class_dir_create_and_add drivers/base/core.c:1723 [inline]
    [<000000005e7ecadb>] get_device_parent.isra.0+0x1a8/0x240 drivers/base/core.c:1787
    [<0000000081d8f097>] device_add+0x136/0x890 drivers/base/core.c:2048
    [<00000000bb1f9b99>] hci_register_dev+0x166/0x380 net/bluetooth/hci_core.c:3305
    [<00000000de65f1db>] __vhci_create_device+0x10a/0x1f0 drivers/bluetooth/hci_vhci.c:124
    [<000000007788edc0>] vhci_create_device drivers/bluetooth/hci_vhci.c:148 [inline]
    [<000000007788edc0>] vhci_get_user drivers/bluetooth/hci_vhci.c:204 [inline]
    [<000000007788edc0>] vhci_write+0x130/0x1f0 drivers/bluetooth/hci_vhci.c:284
    [<0000000014ea831e>] call_write_iter include/linux/fs.h:1872 [inline]
    [<0000000014ea831e>] new_sync_write+0x1ad/0x260 fs/read_write.c:483
    [<00000000b7c37b74>] __vfs_write+0x87/0xa0 fs/read_write.c:496
    [<000000004fc8bd16>] vfs_write fs/read_write.c:558 [inline]
    [<000000004fc8bd16>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000aac1c0d7>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<0000000049d01b63>] __do_sys_write fs/read_write.c:623 [inline]
    [<0000000049d01b63>] __se_sys_write fs/read_write.c:620 [inline]
    [<0000000049d01b63>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<000000002ab9cc4b>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002f166f97>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811a651100 (size 96):
  comm "syz-executor641", pid 7039, jiffies 4294941459 (age 19.390s)
  hex dump (first 32 bytes):
    10 f0 e8 83 ff ff ff ff 08 11 65 1a 81 88 ff ff  ..........e.....
    08 11 65 1a 81 88 ff ff 00 00 00 00 00 00 00 00  ..e.............
  backtrace:
    [<000000005c658974>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000005c658974>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000005c658974>] slab_alloc mm/slab.c:3326 [inline]
    [<000000005c658974>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<000000005e7ecadb>] kmalloc include/linux/slab.h:547 [inline]
    [<000000005e7ecadb>] kzalloc include/linux/slab.h:742 [inline]
    [<000000005e7ecadb>] class_dir_create_and_add drivers/base/core.c:1723 [inline]
    [<000000005e7ecadb>] get_device_parent.isra.0+0x1a8/0x240 drivers/base/core.c:1787
    [<0000000081d8f097>] device_add+0x136/0x890 drivers/base/core.c:2048
    [<00000000bb1f9b99>] hci_register_dev+0x166/0x380 net/bluetooth/hci_core.c:3305
    [<00000000de65f1db>] __vhci_create_device+0x10a/0x1f0 drivers/bluetooth/hci_vhci.c:124
    [<000000007788edc0>] vhci_create_device drivers/bluetooth/hci_vhci.c:148 [inline]
    [<000000007788edc0>] vhci_get_user drivers/bluetooth/hci_vhci.c:204 [inline]
    [<000000007788edc0>] vhci_write+0x130/0x1f0 drivers/bluetooth/hci_vhci.c:284
    [<0000000014ea831e>] call_write_iter include/linux/fs.h:1872 [inline]
    [<0000000014ea831e>] new_sync_write+0x1ad/0x260 fs/read_write.c:483
    [<00000000b7c37b74>] __vfs_write+0x87/0xa0 fs/read_write.c:496
    [<000000004fc8bd16>] vfs_write fs/read_write.c:558 [inline]
    [<000000004fc8bd16>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000aac1c0d7>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<0000000049d01b63>] __do_sys_write fs/read_write.c:623 [inline]
    [<0000000049d01b63>] __se_sys_write fs/read_write.c:620 [inline]
    [<0000000049d01b63>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<000000002ab9cc4b>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002f166f97>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811a651100 (size 96):
  comm "syz-executor641", pid 7039, jiffies 4294941459 (age 22.330s)
  hex dump (first 32 bytes):
    10 f0 e8 83 ff ff ff ff 08 11 65 1a 81 88 ff ff  ..........e.....
    08 11 65 1a 81 88 ff ff 00 00 00 00 00 00 00 00  ..e.............
  backtrace:
    [<000000005c658974>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000005c658974>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000005c658974>] slab_alloc mm/slab.c:3326 [inline]
    [<000000005c658974>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<000000005e7ecadb>] kmalloc include/linux/slab.h:547 [inline]
    [<000000005e7ecadb>] kzalloc include/linux/slab.h:742 [inline]
    [<000000005e7ecadb>] class_dir_create_and_add drivers/base/core.c:1723 [inline]
    [<000000005e7ecadb>] get_device_parent.isra.0+0x1a8/0x240 drivers/base/core.c:1787
    [<0000000081d8f097>] device_add+0x136/0x890 drivers/base/core.c:2048
    [<00000000bb1f9b99>] hci_register_dev+0x166/0x380 net/bluetooth/hci_core.c:3305
    [<00000000de65f1db>] __vhci_create_device+0x10a/0x1f0 drivers/bluetooth/hci_vhci.c:124
    [<000000007788edc0>] vhci_create_device drivers/bluetooth/hci_vhci.c:148 [inline]
    [<000000007788edc0>] vhci_get_user drivers/bluetooth/hci_vhci.c:204 [inline]
    [<000000007788edc0>] vhci_write+0x130/0x1f0 drivers/bluetooth/hci_vhci.c:284
    [<0000000014ea831e>] call_write_iter include/linux/fs.h:1872 [inline]
    [<0000000014ea831e>] new_sync_write+0x1ad/0x260 fs/read_write.c:483
    [<00000000b7c37b74>] __vfs_write+0x87/0xa0 fs/read_write.c:496
    [<000000004fc8bd16>] vfs_write fs/read_write.c:558 [inline]
    [<000000004fc8bd16>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000aac1c0d7>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<0000000049d01b63>] __do_sys_write fs/read_write.c:623 [inline]
    [<0000000049d01b63>] __se_sys_write fs/read_write.c:620 [inline]
    [<0000000049d01b63>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<000000002ab9cc4b>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002f166f97>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811a651100 (size 96):
  comm "syz-executor641", pid 7039, jiffies 4294941459 (age 23.350s)
  hex dump (first 32 bytes):
    10 f0 e8 83 ff ff ff ff 08 11 65 1a 81 88 ff ff  ..........e.....
    08 11 65 1a 81 88 ff ff 00 00 00 00 00 00 00 00  ..e.............
  backtrace:
    [<000000005c658974>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000005c658974>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000005c658974>] slab_alloc mm/slab.c:3326 [inline]
    [<000000005c658974>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<000000005e7ecadb>] kmalloc include/linux/slab.h:547 [inline]
    [<000000005e7ecadb>] kzalloc include/linux/slab.h:742 [inline]
    [<000000005e7ecadb>] class_dir_create_and_add drivers/base/core.c:1723 [inline]
    [<000000005e7ecadb>] get_device_parent.isra.0+0x1a8/0x240 drivers/base/core.c:1787
    [<0000000081d8f097>] device_add+0x136/0x890 drivers/base/core.c:2048
    [<00000000bb1f9b99>] hci_register_dev+0x166/0x380 net/bluetooth/hci_core.c:3305
    [<00000000de65f1db>] __vhci_create_device+0x10a/0x1f0 drivers/bluetooth/hci_vhci.c:124
    [<000000007788edc0>] vhci_create_device drivers/bluetooth/hci_vhci.c:148 [inline]
    [<000000007788edc0>] vhci_get_user drivers/bluetooth/hci_vhci.c:204 [inline]
    [<000000007788edc0>] vhci_write+0x130/0x1f0 drivers/bluetooth/hci_vhci.c:284
    [<0000000014ea831e>] call_write_iter include/linux/fs.h:1872 [inline]
    [<0000000014ea831e>] new_sync_write+0x1ad/0x260 fs/read_write.c:483
    [<00000000b7c37b74>] __vfs_write+0x87/0xa0 fs/read_write.c:496
    [<000000004fc8bd16>] vfs_write fs/read_write.c:558 [inline]
    [<000000004fc8bd16>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000aac1c0d7>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<0000000049d01b63>] __do_sys_write fs/read_write.c:623 [inline]
    [<0000000049d01b63>] __se_sys_write fs/read_write.c:620 [inline]
    [<0000000049d01b63>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<000000002ab9cc4b>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002f166f97>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811a651100 (size 96):
  comm "syz-executor641", pid 7039, jiffies 4294941459 (age 24.390s)
  hex dump (first 32 bytes):
    10 f0 e8 83 ff ff ff ff 08 11 65 1a 81 88 ff ff  ..........e.....
    08 11 65 1a 81 88 ff ff 00 00 00 00 00 00 00 00  ..e.............
  backtrace:
    [<000000005c658974>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000005c658974>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000005c658974>] slab_alloc mm/slab.c:3326 [inline]
    [<000000005c658974>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<000000005e7ecadb>] kmalloc include/linux/slab.h:547 [inline]
    [<000000005e7ecadb>] kzalloc include/linux/slab.h:742 [inline]
    [<000000005e7ecadb>] class_dir_create_and_add drivers/base/core.c:1723 [inline]
    [<000000005e7ecadb>] get_device_parent.isra.0+0x1a8/0x240 drivers/base/core.c:1787
    [<0000000081d8f097>] device_add+0x136/0x890 drivers/base/core.c:2048
    [<00000000bb1f9b99>] hci_register_dev+0x166/0x380 net/bluetooth/hci_core.c:3305
    [<00000000de65f1db>] __vhci_create_device+0x10a/0x1f0 drivers/bluetooth/hci_vhci.c:124
    [<000000007788edc0>] vhci_create_device drivers/bluetooth/hci_vhci.c:148 [inline]
    [<000000007788edc0>] vhci_get_user drivers/bluetooth/hci_vhci.c:204 [inline]
    [<000000007788edc0>] vhci_write+0x130/0x1f0 drivers/bluetooth/hci_vhci.c:284
    [<0000000014ea831e>] call_write_iter include/linux/fs.h:1872 [inline]
    [<0000000014ea831e>] new_sync_write+0x1ad/0x260 fs/read_write.c:483
    [<00000000b7c37b74>] __vfs_write+0x87/0xa0 fs/read_write.c:496
    [<000000004fc8bd16>] vfs_write fs/read_write.c:558 [inline]
    [<000000004fc8bd16>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000aac1c0d7>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<0000000049d01b63>] __do_sys_write fs/read_write.c:623 [inline]
    [<0000000049d01b63>] __se_sys_write fs/read_write.c:620 [inline]
    [<0000000049d01b63>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<000000002ab9cc4b>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002f166f97>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811a651100 (size 96):
  comm "syz-executor641", pid 7039, jiffies 4294941459 (age 25.410s)
  hex dump (first 32 bytes):
    10 f0 e8 83 ff ff ff ff 08 11 65 1a 81 88 ff ff  ..........e.....
    08 11 65 1a 81 88 ff ff 00 00 00 00 00 00 00 00  ..e.............
  backtrace:
    [<000000005c658974>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000005c658974>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000005c658974>] slab_alloc mm/slab.c:3326 [inline]
    [<000000005c658974>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
    [<000000005e7ecadb>] kmalloc include/linux/slab.h:547 [inline]
    [<000000005e7ecadb>] kzalloc include/linux/slab.h:742 [inline]
    [<000000005e7ecadb>] class_dir_create_and_add drivers/base/core.c:1723 [inline]
    [<000000005e7ecadb>] get_device_parent.isra.0+0x1a8/0x240 drivers/base/core.c:1787
    [<0000000081d8f097>] device_add+0x136/0x890 drivers/base/core.c:2048
    [<00000000bb1f9b99>] hci_register_dev+0x166/0x380 net/bluetooth/hci_core.c:3305
    [<00000000de65f1db>] __vhci_create_device+0x10a/0x1f0 drivers/bluetooth/hci_vhci.c:124
    [<000000007788edc0>] vhci_create_device drivers/bluetooth/hci_vhci.c:148 [inline]
    [<000000007788edc0>] vhci_get_user drivers/bluetooth/hci_vhci.c:204 [inline]
    [<000000007788edc0>] vhci_write+0x130/0x1f0 drivers/bluetooth/hci_vhci.c:284
    [<0000000014ea831e>] call_write_iter include/linux/fs.h:1872 [inline]
    [<0000000014ea831e>] new_sync_write+0x1ad/0x260 fs/read_write.c:483
    [<00000000b7c37b74>] __vfs_write+0x87/0xa0 fs/read_write.c:496
    [<000000004fc8bd16>] vfs_write fs/read_write.c:558 [inline]
    [<000000004fc8bd16>] vfs_write+0xee/0x210 fs/read_write.c:542
    [<00000000aac1c0d7>] ksys_write+0x7c/0x130 fs/read_write.c:611
    [<0000000049d01b63>] __do_sys_write fs/read_write.c:623 [inline]
    [<0000000049d01b63>] __se_sys_write fs/read_write.c:620 [inline]
    [<0000000049d01b63>] __x64_sys_write+0x1e/0x30 fs/read_write.c:620
    [<000000002ab9cc4b>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002f166f97>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

executing program
executing program
Crashes (5):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-gce-leak	2019/07/02 07:18	upstream	6fbc7275	cccc4302	.config	log	report	syz	C
ci-upstream-gce-leak	2019/06/21 16:58	upstream	abf02e29	34bf9440	.config	log	report	syz	C
ci-upstream-gce-leak	2019/05/26 18:26	upstream	35efb51e	85c57315	.config	log	report	syz	C
ci-upstream-gce-leak	2019/07/01 18:17	upstream	6fbc7275	907bf746	.config	log	report	syz
ci-upstream-gce-leak	2019/06/02 11:57	upstream	3ab4436f	53c81ea5	.config	log	report	syz