ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x4, 0x0, '\x00', [{0x8, 0x90, 0xa0c, 0x1, 0x3, 0x73}, {0x2, 0x0, 0xc2c, 0x1f, 0x400, 0xab7}], ['\x00', '\x00', '\x00', '\x00']}) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x2f0) BUG: memory leak unreferenced object 0xffff88801785e000 (size 4096): comm "syz-executor.5", pid 7096, jiffies 4295250716 (age 543.927s) hex dump (first 32 bytes): 00 80 85 17 80 88 ff ff 22 01 00 00 00 00 ad de ........"....... 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa ................ backtrace: [<00000000570bc27d>] kmalloc include/linux/slab.h:552 [inline] [<00000000570bc27d>] kzalloc include/linux/slab.h:664 [inline] [<00000000570bc27d>] hci_conn_add+0x53/0x1280 net/bluetooth/hci_conn.c:525 [<00000000dbbc142d>] hci_connect_sco+0x351/0x8d0 net/bluetooth/hci_conn.c:1292 [<0000000009cf477e>] sco_connect net/bluetooth/sco.c:254 [inline] [<0000000009cf477e>] sco_sock_connect+0x352/0xa60 net/bluetooth/sco.c:592 [<00000000fd0ec113>] __sys_connect_file+0x15b/0x1a0 net/socket.c:1863 [<000000008a82f734>] io_connect+0x10d/0x610 io_uring/io_uring.c:5294 [<000000000da342e2>] io_issue_sqe+0x1611/0x7700 io_uring/io_uring.c:6799 [<000000008528316e>] __io_queue_sqe+0x90/0x9d0 io_uring/io_uring.c:7071 [<000000003fba67cb>] io_queue_sqe io_uring/io_uring.c:7122 [inline] [<000000003fba67cb>] io_submit_sqe io_uring/io_uring.c:7299 [inline] [<000000003fba67cb>] io_submit_sqes+0x4461/0x85c0 io_uring/io_uring.c:7405 [<00000000b93226ac>] __do_sys_io_uring_enter+0x6b5/0x1920 io_uring/io_uring.c:10114 [<0000000037810c20>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000e3529885>] entry_SYSCALL_64_after_hwframe+0x62/0xc7 BUG: memory leak unreferenced object 0xffff88803975c780 (size 232): comm "syz-executor.0", pid 8480, jiffies 4295497362 (age 297.293s) hex dump (first 32 bytes): 40 cb 75 39 80 88 ff ff 68 81 b2 08 80 88 ff ff @.u9....h....... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000aae5c182>] __alloc_skb+0x6d/0x5b0 net/core/skbuff.c:198 [<00000000f05f23b3>] alloc_skb include/linux/skbuff.h:1102 [inline] [<00000000f05f23b3>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline] [<00000000f05f23b3>] vhci_get_user drivers/bluetooth/hci_vhci.c:170 [inline] [<00000000f05f23b3>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:290 [<000000004327884b>] call_write_iter include/linux/fs.h:1962 [inline] [<000000004327884b>] new_sync_write+0x42c/0x660 fs/read_write.c:518 [<0000000079fb1d2d>] vfs_write+0x747/0xa70 fs/read_write.c:605 [<00000000c0f07208>] ksys_write+0x12d/0x260 fs/read_write.c:658 [<0000000037810c20>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000e3529885>] entry_SYSCALL_64_after_hwframe+0x62/0xc7 BUG: memory leak unreferenced object 0xffff88804839a400 (size 512): comm "syz-executor.0", pid 8480, jiffies 4295497362 (age 297.294s) hex dump (first 32 bytes): 40 71 9f 1b 80 88 ff ff 02 00 00 10 00 0c 00 05 @q.............. 00 12 f9 08 00 08 00 07 00 05 00 02 00 2f 6c 6f ............./lo backtrace: [<0000000029bbdf07>] __kmalloc_reserve net/core/skbuff.c:142 [inline] [<0000000029bbdf07>] __alloc_skb+0xb1/0x5b0 net/core/skbuff.c:210 [<00000000f05f23b3>] alloc_skb include/linux/skbuff.h:1102 [inline] [<00000000f05f23b3>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline] [<00000000f05f23b3>] vhci_get_user drivers/bluetooth/hci_vhci.c:170 [inline] [<00000000f05f23b3>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:290 [<000000004327884b>] call_write_iter include/linux/fs.h:1962 [inline] [<000000004327884b>] new_sync_write+0x42c/0x660 fs/read_write.c:518 [<0000000079fb1d2d>] vfs_write+0x747/0xa70 fs/read_write.c:605 [<00000000c0f07208>] ksys_write+0x12d/0x260 fs/read_write.c:658 [<0000000037810c20>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000e3529885>] entry_SYSCALL_64_after_hwframe+0x62/0xc7 BUG: memory leak unreferenced object 0xffff888008b28000 (size 1024): comm "kworker/u5:1", pid 291, jiffies 4295497363 (age 297.293s) hex dump (first 32 bytes): 00 e0 85 17 80 88 ff ff 00 8d 89 4b 80 88 ff ff ...........K.... fd 03 00 00 00 00 00 00 00 06 00 00 00 00 00 00 ................ backtrace: [<00000000fe8c7f14>] kmalloc include/linux/slab.h:552 [inline] [<00000000fe8c7f14>] kzalloc include/linux/slab.h:664 [inline] [<00000000fe8c7f14>] l2cap_conn_add.part.0+0x64/0xdf0 net/bluetooth/l2cap_core.c:7841 [<000000006149e079>] l2cap_conn_add net/bluetooth/l2cap_core.c:7834 [inline] [<000000006149e079>] l2cap_recv_acldata+0x578/0x8e0 net/bluetooth/l2cap_core.c:8422 [<00000000c742a931>] hci_acldata_packet net/bluetooth/hci_core.c:4778 [inline] [<00000000c742a931>] hci_rx_work+0x4b6/0xcb0 net/bluetooth/hci_core.c:4969 [<000000009431d21b>] process_one_work+0x9a9/0x14b0 kernel/workqueue.c:2282 [<000000007d80f108>] worker_thread+0x61d/0x1310 kernel/workqueue.c:2428 [<00000000f39f85f3>] kthread+0x38f/0x470 kernel/kthread.c:313 [<00000000848a7c61>] ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:299 BUG: memory leak unreferenced object 0xffff88803975cb40 (size 232): comm "syz-executor.0", pid 8480, jiffies 4295497373 (age 297.283s) hex dump (first 32 bytes): 68 81 b2 08 80 88 ff ff 80 c7 75 39 80 88 ff ff h.........u9.... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000aae5c182>] __alloc_skb+0x6d/0x5b0 net/core/skbuff.c:198 [<00000000f05f23b3>] alloc_skb include/linux/skbuff.h:1102 [inline] [<00000000f05f23b3>] bt_skb_alloc include/net/bluetooth/bluetooth.h:391 [inline] [<00000000f05f23b3>] vhci_get_user drivers/bluetooth/hci_vhci.c:170 [inline] [<00000000f05f23b3>] vhci_write+0xbd/0x450 drivers/bluetooth/hci_vhci.c:290 [<000000004327884b>] call_write_iter include/linux/fs.h:1962 [inline] [<000000004327884b>] new_sync_write+0x42c/0x660 fs/read_write.c:518 [<0000000079fb1d2d>] vfs_write+0x747/0xa70 fs/read_write.c:605 [<00000000c0f07208>] ksys_write+0x12d/0x260 fs/read_write.c:658 [<0000000037810c20>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<00000000e3529885>] entry_SYSCALL_64_after_hwframe+0x62/0xc7 BUG: leak checking failed