BUG: memory leak
unreferenced object 0xffff8880521a6000 (size 4096):
  comm "syz-executor.1", pid 9571, jiffies 4295841745 (age 2119.302s)
  hex dump (first 32 bytes):
    00 e0 e7 4a 80 88 ff ff 22 01 00 00 00 00 ad de  ...J....".......
    00 00 00 00 aa aa aa aa aa 11 00 aa aa aa aa aa  ................
  backtrace:
    [<000000002af419db>] kmalloc include/linux/slab.h:552 [inline]
    [<000000002af419db>] kzalloc include/linux/slab.h:664 [inline]
    [<000000002af419db>] hci_conn_add+0x53/0x1280 net/bluetooth/hci_conn.c:525
    [<00000000ff54b2ad>] hci_connect_sco+0x351/0x8d0 net/bluetooth/hci_conn.c:1292
    [<000000001cd94c54>] sco_connect net/bluetooth/sco.c:254 [inline]
    [<000000001cd94c54>] sco_sock_connect+0x352/0xa60 net/bluetooth/sco.c:592
    [<00000000bc15c45e>] __sys_connect_file+0x15b/0x1a0 net/socket.c:1865
    [<0000000019a6b2f5>] io_connect+0x10d/0x610 io_uring/io_uring.c:5280
    [<0000000005e945ed>] io_issue_sqe+0x1611/0x7700 io_uring/io_uring.c:6785
    [<000000004fa31f85>] __io_queue_sqe+0x90/0x9d0 io_uring/io_uring.c:7057
    [<000000005ee87406>] io_queue_sqe io_uring/io_uring.c:7108 [inline]
    [<000000005ee87406>] io_submit_state_end io_uring/io_uring.c:7299 [inline]
    [<000000005ee87406>] io_submit_sqes+0x4256/0x85c0 io_uring/io_uring.c:7403
    [<0000000014038952>] __do_sys_io_uring_enter+0x6b5/0x18c0 io_uring/io_uring.c:9918
    [<000000003bfc57e6>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
    [<00000000440dd067>] entry_SYSCALL_64_after_hwframe+0x67/0xcc

BUG: memory leak
unreferenced object 0xffff88805e300000 (size 232):
  comm "syz-executor.0", pid 45798, jiffies 4297935613 (age 25.460s)
  hex dump (first 32 bytes):
    68 a9 a1 52 80 88 ff ff 68 a9 a1 52 80 88 ff ff  h..R....h..R....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000009f746fe5>] __alloc_skb+0x6d/0x5b0 net/core/skbuff.c:198
    [<000000000c802104>] alloc_skb include/linux/skbuff.h:1102 [inline]
    [<000000000c802104>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline]
    [<000000000c802104>] vhci_get_user drivers/bluetooth/hci_vhci.c:170 [inline]
    [<000000000c802104>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:290
    [<00000000c17eec2d>] call_write_iter include/linux/fs.h:1964 [inline]
    [<00000000c17eec2d>] new_sync_write+0x42c/0x660 fs/read_write.c:518
    [<00000000859e138d>] vfs_write+0x747/0xa70 fs/read_write.c:605
    [<000000007eba8f92>] ksys_write+0x12d/0x260 fs/read_write.c:658
    [<000000003bfc57e6>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
    [<00000000440dd067>] entry_SYSCALL_64_after_hwframe+0x67/0xcc

BUG: memory leak
unreferenced object 0xffff88800f625800 (size 512):
  comm "syz-executor.0", pid 45798, jiffies 4297935613 (age 25.460s)
  hex dump (first 32 bytes):
    c0 43 73 3a 80 88 ff ff 02 00 00 0c 00 08 00 01  .Cs:............
    00 07 07 04 00 06 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000007e9bc844>] __kmalloc_reserve net/core/skbuff.c:142 [inline]
    [<000000007e9bc844>] __alloc_skb+0xb1/0x5b0 net/core/skbuff.c:210
    [<000000000c802104>] alloc_skb include/linux/skbuff.h:1102 [inline]
    [<000000000c802104>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline]
    [<000000000c802104>] vhci_get_user drivers/bluetooth/hci_vhci.c:170 [inline]
    [<000000000c802104>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:290
    [<00000000c17eec2d>] call_write_iter include/linux/fs.h:1964 [inline]
    [<00000000c17eec2d>] new_sync_write+0x42c/0x660 fs/read_write.c:518
    [<00000000859e138d>] vfs_write+0x747/0xa70 fs/read_write.c:605
    [<000000007eba8f92>] ksys_write+0x12d/0x260 fs/read_write.c:658
    [<000000003bfc57e6>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
    [<00000000440dd067>] entry_SYSCALL_64_after_hwframe+0x67/0xcc

BUG: memory leak
unreferenced object 0xffff888052a1a800 (size 1024):
  comm "kworker/u5:0", pid 13340, jiffies 4297935613 (age 25.460s)
  hex dump (first 32 bytes):
    00 60 1a 52 80 88 ff ff 00 d4 12 54 80 88 ff ff  .`.R.......T....
    fd 03 00 00 00 00 00 00 00 06 00 00 00 00 00 00  ................
  backtrace:
    [<00000000cfd1936f>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000cfd1936f>] kzalloc include/linux/slab.h:664 [inline]
    [<00000000cfd1936f>] l2cap_conn_add.part.0+0x64/0xdf0 net/bluetooth/l2cap_core.c:7857
    [<00000000496fcc09>] l2cap_conn_add net/bluetooth/l2cap_core.c:7850 [inline]
    [<00000000496fcc09>] l2cap_recv_acldata+0x578/0x8e0 net/bluetooth/l2cap_core.c:8438
    [<0000000065ec2632>] hci_acldata_packet net/bluetooth/hci_core.c:4779 [inline]
    [<0000000065ec2632>] hci_rx_work+0x4b6/0xcb0 net/bluetooth/hci_core.c:4970
    [<000000004ce4537b>] process_one_work+0x9a9/0x14b0 kernel/workqueue.c:2282
    [<0000000099b601c4>] worker_thread+0x61d/0x1310 kernel/workqueue.c:2428
    [<00000000bfb2067c>] kthread+0x38f/0x470 kernel/kthread.c:313
    [<00000000ad7cf791>] ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:299

BUG: leak checking failed