BUG: memory leak unreferenced object 0xffff88803c0e2000 (size 4096): comm "syz-executor.7", pid 5963, jiffies 4295175679 (age 1344.193s) hex dump (first 32 bytes): 00 40 0e 3c 80 88 ff ff 22 01 00 00 00 00 ad de .@.<...."....... 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa ................ backtrace: [<00000000b05319ec>] kmalloc include/linux/slab.h:552 [inline] [<00000000b05319ec>] kzalloc include/linux/slab.h:664 [inline] [<00000000b05319ec>] hci_conn_add+0x53/0x1270 net/bluetooth/hci_conn.c:527 [<000000006777b079>] hci_connect_sco+0x34e/0x870 net/bluetooth/hci_conn.c:1285 [<000000005f2e4979>] sco_connect net/bluetooth/sco.c:254 [inline] [<000000005f2e4979>] sco_sock_connect+0x34e/0xa60 net/bluetooth/sco.c:599 [<00000000267d4624>] __sys_connect_file+0x157/0x1a0 net/socket.c:1841 [<000000002c758af6>] io_connect+0x114/0x540 fs/io_uring.c:4819 [<00000000b4c799f8>] io_issue_sqe+0x2152/0x3bd0 fs/io_uring.c:6043 [<000000008ad17e5f>] __io_queue_sqe+0x204/0xd00 fs/io_uring.c:6329 [<00000000f3a95855>] io_queue_sqe+0x5bc/0x1020 fs/io_uring.c:6395 [<00000000d8a7d56f>] io_submit_sqe fs/io_uring.c:6464 [inline] [<00000000d8a7d56f>] io_submit_sqes+0x130d/0x2310 fs/io_uring.c:6692 [<000000006692eaf3>] __do_sys_io_uring_enter+0x1086/0x1900 fs/io_uring.c:9093 [<000000009eae8c79>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000bc95d0c2>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88801e252140 (size 224): comm "syz-executor.5", pid 7435, jiffies 4295606981 (age 912.903s) hex dump (first 32 bytes): 68 09 6c 1a 80 88 ff ff 68 09 6c 1a 80 88 ff ff h.l.....h.l..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000008393b3c4>] __alloc_skb+0x6d/0x620 net/core/skbuff.c:198 [<0000000087b67ffb>] alloc_skb include/linux/skbuff.h:1094 [inline] [<0000000087b67ffb>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline] [<0000000087b67ffb>] vhci_get_user drivers/bluetooth/hci_vhci.c:167 [inline] [<0000000087b67ffb>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:287 [<00000000f8b7dd28>] call_write_iter include/linux/fs.h:1903 [inline] [<00000000f8b7dd28>] new_sync_write+0x42c/0x660 fs/read_write.c:518 [<00000000d4c9c4b8>] vfs_write+0x743/0xa20 fs/read_write.c:605 [<00000000ea4eb8f7>] ksys_write+0x12d/0x250 fs/read_write.c:658 [<000000009eae8c79>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000bc95d0c2>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8880491c7800 (size 512): comm "syz-executor.5", pid 7435, jiffies 4295606981 (age 912.903s) hex dump (first 32 bytes): 80 42 67 35 80 88 ff ff 02 00 00 10 00 0c 00 05 .Bg5............ 00 17 00 a6 08 00 00 00 82 3c f4 c6 00 00 00 00 .........<...... backtrace: [<0000000078091a2e>] __kmalloc_reserve net/core/skbuff.c:142 [inline] [<0000000078091a2e>] __alloc_skb+0xb1/0x620 net/core/skbuff.c:210 [<0000000087b67ffb>] alloc_skb include/linux/skbuff.h:1094 [inline] [<0000000087b67ffb>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline] [<0000000087b67ffb>] vhci_get_user drivers/bluetooth/hci_vhci.c:167 [inline] [<0000000087b67ffb>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:287 [<00000000f8b7dd28>] call_write_iter include/linux/fs.h:1903 [inline] [<00000000f8b7dd28>] new_sync_write+0x42c/0x660 fs/read_write.c:518 [<00000000d4c9c4b8>] vfs_write+0x743/0xa20 fs/read_write.c:605 [<00000000ea4eb8f7>] ksys_write+0x12d/0x250 fs/read_write.c:658 [<000000009eae8c79>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000bc95d0c2>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88801a6c0800 (size 1024): comm "kworker/u5:0", pid 52, jiffies 4295606981 (age 912.904s) hex dump (first 32 bytes): 00 20 0e 3c 80 88 ff ff 00 1a af 46 80 88 ff ff . .<.......F.... fd 03 00 00 00 00 00 00 00 06 00 00 00 00 00 00 ................ backtrace: [<00000000cf04fcb0>] kmalloc include/linux/slab.h:552 [inline] [<00000000cf04fcb0>] kzalloc include/linux/slab.h:664 [inline] [<00000000cf04fcb0>] l2cap_conn_add.part.0+0x64/0xdf0 net/bluetooth/l2cap_core.c:7708 [<00000000b3d42235>] l2cap_conn_add net/bluetooth/l2cap_core.c:7701 [inline] [<00000000b3d42235>] l2cap_recv_acldata+0x578/0x8e0 net/bluetooth/l2cap_core.c:8289 [<00000000141615fb>] hci_acldata_packet net/bluetooth/hci_core.c:4762 [inline] [<00000000141615fb>] hci_rx_work+0x4d0/0xb90 net/bluetooth/hci_core.c:4953 [<0000000009dec220>] process_one_work+0x9a9/0x1590 kernel/workqueue.c:2279 [<0000000084316b68>] worker_thread+0x61d/0x1310 kernel/workqueue.c:2425 [<0000000096751121>] kthread+0x38f/0x470 kernel/kthread.c:313 [<0000000076941ae3>] ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:296 BUG: leak checking failed