BUG: memory leak
unreferenced object 0xffff8880419d0000 (size 4096):
  comm "syz-executor.4", pid 4689, jiffies 4295002347 (age 2759.269s)
  hex dump (first 32 bytes):
    00 60 9d 41 80 88 ff ff 22 01 00 00 00 00 ad de  .`.A....".......
    01 00 00 00 ff ff ff ff ff ff 00 aa aa aa aa aa  ................
  backtrace:
    [<00000000a868fab3>] kmalloc include/linux/slab.h:552 [inline]
    [<00000000a868fab3>] kzalloc include/linux/slab.h:664 [inline]
    [<00000000a868fab3>] hci_conn_add+0x53/0x1250 net/bluetooth/hci_conn.c:525
    [<00000000ae6208ed>] hci_connect_sco+0x34e/0x870 net/bluetooth/hci_conn.c:1283
    [<00000000cb4f6c63>] sco_connect net/bluetooth/sco.c:241 [inline]
    [<00000000cb4f6c63>] sco_sock_connect+0x308/0x980 net/bluetooth/sco.c:588
    [<0000000003739cb7>] __sys_connect_file+0x157/0x1a0 net/socket.c:1839
    [<000000004ef534a1>] __sys_connect+0x161/0x190 net/socket.c:1856
    [<00000000d31689b6>] __do_sys_connect net/socket.c:1866 [inline]
    [<00000000d31689b6>] __se_sys_connect net/socket.c:1863 [inline]
    [<00000000d31689b6>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1863
    [<00000000880e0fa2>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
    [<0000000065d06154>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888045176780 (size 224):
  comm "syz-executor.7", pid 17627, jiffies 4296264970 (age 1496.687s)
  hex dump (first 32 bytes):
    c0 93 6e 42 80 88 ff ff 68 01 76 1b 80 88 ff ff  ..nB....h.v.....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000bf974486>] __alloc_skb+0x6d/0x620 net/core/skbuff.c:198
    [<000000008ff6008f>] alloc_skb include/linux/skbuff.h:1094 [inline]
    [<000000008ff6008f>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<000000008ff6008f>] vhci_get_user drivers/bluetooth/hci_vhci.c:165 [inline]
    [<000000008ff6008f>] vhci_write+0xc0/0x450 drivers/bluetooth/hci_vhci.c:285
    [<00000000dd7db1f7>] call_write_iter include/linux/fs.h:1903 [inline]
    [<00000000dd7db1f7>] new_sync_write+0x427/0x650 fs/read_write.c:518
    [<0000000079fe2a0a>] vfs_write+0x759/0xa50 fs/read_write.c:605
    [<00000000e89f43c1>] ksys_write+0x12d/0x250 fs/read_write.c:658
    [<00000000880e0fa2>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
    [<0000000065d06154>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88800efafc00 (size 512):
  comm "syz-executor.7", pid 17627, jiffies 4296264970 (age 1496.687s)
  hex dump (first 32 bytes):
    40 a6 88 08 80 88 ff ff 02 00 30 1e 00 1a 00 01  @.........0.....
    00 0a 02 02 00 00 04 03 09 08 00 04 00 ad 07 9c  ................
  backtrace:
    [<00000000708e2fbe>] __kmalloc_reserve net/core/skbuff.c:142 [inline]
    [<00000000708e2fbe>] __alloc_skb+0xb1/0x620 net/core/skbuff.c:210
    [<000000008ff6008f>] alloc_skb include/linux/skbuff.h:1094 [inline]
    [<000000008ff6008f>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<000000008ff6008f>] vhci_get_user drivers/bluetooth/hci_vhci.c:165 [inline]
    [<000000008ff6008f>] vhci_write+0xc0/0x450 drivers/bluetooth/hci_vhci.c:285
    [<00000000dd7db1f7>] call_write_iter include/linux/fs.h:1903 [inline]
    [<00000000dd7db1f7>] new_sync_write+0x427/0x650 fs/read_write.c:518
    [<0000000079fe2a0a>] vfs_write+0x759/0xa50 fs/read_write.c:605
    [<00000000e89f43c1>] ksys_write+0x12d/0x250 fs/read_write.c:658
    [<00000000880e0fa2>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
    [<0000000065d06154>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88801b760000 (size 1024):
  comm "kworker/u5:5", pid 306, jiffies 4296264971 (age 1496.686s)
  hex dump (first 32 bytes):
    00 00 9d 41 80 88 ff ff 00 1c 8c 44 80 88 ff ff  ...A.......D....
    fd 03 00 00 00 00 00 00 00 06 00 00 00 00 00 00  ................
  backtrace:
    [<0000000025f08c31>] kmalloc include/linux/slab.h:552 [inline]
    [<0000000025f08c31>] kzalloc include/linux/slab.h:664 [inline]
    [<0000000025f08c31>] l2cap_conn_add.part.0+0x60/0xdc0 net/bluetooth/l2cap_core.c:7707
    [<000000005d86cde1>] l2cap_conn_add net/bluetooth/l2cap_core.c:7700 [inline]
    [<000000005d86cde1>] l2cap_recv_acldata+0x578/0x8e0 net/bluetooth/l2cap_core.c:8288
    [<000000002a4e5c1a>] hci_acldata_packet net/bluetooth/hci_core.c:4752 [inline]
    [<000000002a4e5c1a>] hci_rx_work+0x4b7/0xb80 net/bluetooth/hci_core.c:4943
    [<000000008c108522>] process_one_work+0x9ac/0x1580 kernel/workqueue.c:2270
    [<000000003a265443>] worker_thread+0x61d/0x1310 kernel/workqueue.c:2416
    [<0000000062fdd609>] kthread+0x38f/0x470 kernel/kthread.c:292
    [<00000000c63be30c>] ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:296

BUG: memory leak
unreferenced object 0xffff8880426e93c0 (size 224):
  comm "syz-executor.7", pid 18014, jiffies 4296265201 (age 1496.456s)
  hex dump (first 32 bytes):
    c0 3d f8 44 80 88 ff ff 80 67 17 45 80 88 ff ff  .=.D.....g.E....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000bf974486>] __alloc_skb+0x6d/0x620 net/core/skbuff.c:198
    [<000000008ff6008f>] alloc_skb include/linux/skbuff.h:1094 [inline]
    [<000000008ff6008f>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<000000008ff6008f>] vhci_get_user drivers/bluetooth/hci_vhci.c:165 [inline]
    [<000000008ff6008f>] vhci_write+0xc0/0x450 drivers/bluetooth/hci_vhci.c:285
    [<00000000dd7db1f7>] call_write_iter include/linux/fs.h:1903 [inline]
    [<00000000dd7db1f7>] new_sync_write+0x427/0x650 fs/read_write.c:518
    [<0000000079fe2a0a>] vfs_write+0x759/0xa50 fs/read_write.c:605
    [<00000000e89f43c1>] ksys_write+0x12d/0x250 fs/read_write.c:658
    [<00000000880e0fa2>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
    [<0000000065d06154>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888045b6e800 (size 512):
  comm "syz-executor.7", pid 18014, jiffies 4296265201 (age 1496.456s)
  hex dump (first 32 bytes):
    c0 1d f9 42 80 88 ff ff 02 00 00 1e 00 1a 00 01  ...B............
    00 0a 02 02 00 00 04 03 09 08 00 04 00 ad 07 9c  ................
  backtrace:
    [<00000000708e2fbe>] __kmalloc_reserve net/core/skbuff.c:142 [inline]
    [<00000000708e2fbe>] __alloc_skb+0xb1/0x620 net/core/skbuff.c:210
    [<000000008ff6008f>] alloc_skb include/linux/skbuff.h:1094 [inline]
    [<000000008ff6008f>] bt_skb_alloc include/net/bluetooth/bluetooth.h:389 [inline]
    [<000000008ff6008f>] vhci_get_user drivers/bluetooth/hci_vhci.c:165 [inline]
    [<000000008ff6008f>] vhci_write+0xc0/0x450 drivers/bluetooth/hci_vhci.c:285
    [<00000000dd7db1f7>] call_write_iter include/linux/fs.h:1903 [inline]
    [<00000000dd7db1f7>] new_sync_write+0x427/0x650 fs/read_write.c:518
    [<0000000079fe2a0a>] vfs_write+0x759/0xa50 fs/read_write.c:605
    [<00000000e89f43c1>] ksys_write+0x12d/0x250 fs/read_write.c:658
    [<00000000880e0fa2>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
    [<0000000065d06154>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: leak checking failed