BUG: memory leak unreferenced object 0xffff888040470000 (size 4096): comm "syz-executor.1", pid 15922, jiffies 4295156698 (age 1792.436s) hex dump (first 32 bytes): 00 20 f7 3f 80 88 ff ff 22 01 00 00 00 00 ad de . .?...."....... 03 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa ................ backtrace: [<00000000e95109b7>] kmalloc include/linux/slab.h:552 [inline] [<00000000e95109b7>] kzalloc include/linux/slab.h:664 [inline] [<00000000e95109b7>] hci_conn_add+0x53/0x1280 net/bluetooth/hci_conn.c:525 [<00000000c62a7165>] hci_connect_sco+0x351/0x8d0 net/bluetooth/hci_conn.c:1292 [<00000000a29f0c30>] sco_connect net/bluetooth/sco.c:258 [inline] [<00000000a29f0c30>] sco_sock_connect+0x352/0xa60 net/bluetooth/sco.c:596 [<00000000a8bfc3fd>] __sys_connect_file+0x15b/0x1a0 net/socket.c:1865 [<000000002cb65715>] io_connect+0x10d/0x610 io_uring/io_uring.c:5280 [<00000000fd7a8623>] io_issue_sqe+0x1611/0x7700 io_uring/io_uring.c:6785 [<000000007074e0f9>] __io_queue_sqe+0x90/0x9d0 io_uring/io_uring.c:7057 [<0000000032299122>] io_queue_sqe io_uring/io_uring.c:7108 [inline] [<0000000032299122>] io_submit_sqe io_uring/io_uring.c:7285 [inline] [<0000000032299122>] io_submit_sqes+0x4461/0x85c0 io_uring/io_uring.c:7391 [<00000000cf754c29>] __do_sys_io_uring_enter+0x6b5/0x18c0 io_uring/io_uring.c:9918 [<000000005261fa06>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000676481a5>] entry_SYSCALL_64_after_hwframe+0x67/0xcc BUG: memory leak unreferenced object 0xffff88800fdfa640 (size 232): comm "syz-executor.6", pid 364046, jiffies 4296024636 (age 924.566s) hex dump (first 32 bytes): 80 ac df 0f 80 88 ff ff 68 51 ff 2f 80 88 ff ff ........hQ./.... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000a89004c7>] __alloc_skb+0x6d/0x5b0 net/core/skbuff.c:199 [<0000000005bca31b>] alloc_skb include/linux/skbuff.h:1102 [inline] [<0000000005bca31b>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline] [<0000000005bca31b>] vhci_get_user drivers/bluetooth/hci_vhci.c:170 [inline] [<0000000005bca31b>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:290 [<000000005a313a5e>] call_write_iter include/linux/fs.h:1964 [inline] [<000000005a313a5e>] new_sync_write+0x42c/0x660 fs/read_write.c:518 [<000000001cdf52b1>] vfs_write+0x747/0xa70 fs/read_write.c:605 [<00000000978e5e27>] ksys_write+0x12d/0x260 fs/read_write.c:658 [<000000005261fa06>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000676481a5>] entry_SYSCALL_64_after_hwframe+0x67/0xcc BUG: memory leak unreferenced object 0xffff88805e473400 (size 512): comm "syz-executor.6", pid 364046, jiffies 4296024636 (age 924.566s) hex dump (first 32 bytes): 80 52 f1 0f 80 88 ff ff 02 00 00 0c 00 08 00 01 .R.............. 00 07 07 04 00 06 00 00 00 6c 6f 63 6b 2f 6c 6f .........lock/lo backtrace: [<00000000b24c8928>] __kmalloc_reserve net/core/skbuff.c:143 [inline] [<00000000b24c8928>] __alloc_skb+0xb1/0x5b0 net/core/skbuff.c:211 [<0000000005bca31b>] alloc_skb include/linux/skbuff.h:1102 [inline] [<0000000005bca31b>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline] [<0000000005bca31b>] vhci_get_user drivers/bluetooth/hci_vhci.c:170 [inline] [<0000000005bca31b>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:290 [<000000005a313a5e>] call_write_iter include/linux/fs.h:1964 [inline] [<000000005a313a5e>] new_sync_write+0x42c/0x660 fs/read_write.c:518 [<000000001cdf52b1>] vfs_write+0x747/0xa70 fs/read_write.c:605 [<00000000978e5e27>] ksys_write+0x12d/0x260 fs/read_write.c:658 [<000000005261fa06>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000676481a5>] entry_SYSCALL_64_after_hwframe+0x67/0xcc BUG: memory leak unreferenced object 0xffff88802fff5000 (size 1024): comm "kworker/u5:9", pid 310, jiffies 4296024637 (age 924.565s) hex dump (first 32 bytes): 00 00 47 40 80 88 ff ff 00 b0 d0 48 80 88 ff ff ..G@.......H.... fd 03 00 00 00 00 00 00 00 06 00 00 00 00 00 00 ................ backtrace: [<000000003d6ad4a5>] kmalloc include/linux/slab.h:552 [inline] [<000000003d6ad4a5>] kzalloc include/linux/slab.h:664 [inline] [<000000003d6ad4a5>] l2cap_conn_add.part.0+0x64/0xdf0 net/bluetooth/l2cap_core.c:7860 [<00000000d822f4af>] l2cap_conn_add net/bluetooth/l2cap_core.c:7853 [inline] [<00000000d822f4af>] l2cap_recv_acldata+0x578/0x8e0 net/bluetooth/l2cap_core.c:8441 [<00000000d7bc494f>] hci_acldata_packet net/bluetooth/hci_core.c:4779 [inline] [<00000000d7bc494f>] hci_rx_work+0x4b6/0xcb0 net/bluetooth/hci_core.c:4970 [<00000000a9d425ac>] process_one_work+0x9a9/0x14b0 kernel/workqueue.c:2282 [<000000001f9ed17f>] worker_thread+0x61d/0x1310 kernel/workqueue.c:2428 [<000000005270f780>] kthread+0x38f/0x470 kernel/kthread.c:313 [<00000000c4b311e7>] ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:299 BUG: memory leak unreferenced object 0xffff88800fdfac80 (size 232): comm "syz-executor.6", pid 364046, jiffies 4296024687 (age 924.515s) hex dump (first 32 bytes): 68 51 ff 2f 80 88 ff ff 40 a6 df 0f 80 88 ff ff hQ./....@....... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000a89004c7>] __alloc_skb+0x6d/0x5b0 net/core/skbuff.c:199 [<0000000005bca31b>] alloc_skb include/linux/skbuff.h:1102 [inline] [<0000000005bca31b>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline] [<0000000005bca31b>] vhci_get_user drivers/bluetooth/hci_vhci.c:170 [inline] [<0000000005bca31b>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:290 [<000000005a313a5e>] call_write_iter include/linux/fs.h:1964 [inline] [<000000005a313a5e>] new_sync_write+0x42c/0x660 fs/read_write.c:518 [<000000001cdf52b1>] vfs_write+0x747/0xa70 fs/read_write.c:605 [<00000000978e5e27>] ksys_write+0x12d/0x260 fs/read_write.c:658 [<000000005261fa06>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000676481a5>] entry_SYSCALL_64_after_hwframe+0x67/0xcc BUG: leak checking failed