syzbot


memory leak in bcsp_recv

Status: fixed on 2019/08/05 13:45
Reported-by: syzbot+98162c885993b72f19c4@syzkaller.appspotmail.com
Fix commit: 4ce9146e0370 Bluetooth: hci_bcsp: Fix memory leak in rx_skb
First crash: 1173d, last: 1146d

Sample crash report:
9 tx timeout
BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 80.330s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 80.110s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 54.940s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 29.050s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 81.340s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 81.120s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 55.950s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 30.060s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 82.330s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 82.110s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 56.940s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 31.050s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 83.320s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 83.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 57.930s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 32.040s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 83.370s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 83.150s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 57.980s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 32.090s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 84.360s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 84.140s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 58.970s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 33.080s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 84.410s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 84.190s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 59.020s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 33.130s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

executing program

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-gce-leak 2019/06/21 20:56 upstream abf02e2964b3 34bf9440 .config log report syz C
ci-upstream-gce-leak 2019/06/16 14:36 upstream e01e060fe00d 442206d7 .config log report syz C
ci-upstream-gce-leak 2019/05/25 00:14 upstream c50bbf615f2f 85c57315 .config log report syz C