memory leak in bcsp

Title	Replies (including bot)	Last reply
[PATCH 4.9 000/223] 4.9.187-stable review	231 (231)	2019/08/28 03:02
[PATCH 5.2 000/413] 5.2.3-stable review	444 (444)	2019/08/05 12:40
[PATCH 4.4 000/158] 4.4.187-stable review	166 (166)	2019/08/03 15:57
[PATCH 4.14 000/293] 4.14.135-stable review	302 (302)	2019/07/31 09:35
[PATCH 4.19 000/271] 4.19.61-stable review	284 (284)	2019/07/27 10:51
[PATCH AUTOSEL 4.19 001/158] wil6210: fix potential out-of-bounds read	161 (161)	2019/07/26 18:07
[PATCH 5.1 000/371] 5.1.20-stable review	384 (384)	2019/07/26 12:24
[PATCH AUTOSEL 5.2 001/249] ath10k: Check tx_stats before use it	267 (267)	2019/07/24 03:35
[PATCH AUTOSEL 4.14 001/105] wil6210: fix potential out-of-bounds read	107 (107)	2019/07/22 00:40
[PATCH AUTOSEL 4.4 01/53] ath10k: Do not send probe response template for mesh	53 (53)	2019/07/15 14:45
[PATCH AUTOSEL 4.9 01/73] ath10k: Do not send probe response template for mesh	73 (73)	2019/07/15 14:36
[PATCH AUTOSEL 5.1 001/219] ath10k: Check tx_stats before use it	219 (219)	2019/07/15 14:03
[PATCH] Bluetooth: hci_bcsp: Fix memory leak in rx_skb	2 (2)	2019/07/06 11:03
Reminder: 27 open syzbot bugs in bluetooth subsystem	1 (1)	2019/06/24 05:14
memory leak in bcsp_recv	0 (1)	2019/05/25 17:38

9 tx timeout BUG: memory leak unreferenced object 0xffff888116224c00 (size 224): comm "syz-executor345", pid 6904, jiffies 4295000121 (age 80.330s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89d800 (size 224): comm "syz-executor345", pid 6908, jiffies 4295000143 (age 80.110s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89dc00 (size 224): comm "syz-executor345", pid 6917, jiffies 4295002660 (age 54.940s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811846cc00 (size 224): comm "syz-executor345", pid 6932, jiffies 4295005249 (age 29.050s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116224c00 (size 224): comm "syz-executor345", pid 6904, jiffies 4295000121 (age 81.340s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89d800 (size 224): comm "syz-executor345", pid 6908, jiffies 4295000143 (age 81.120s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89dc00 (size 224): comm "syz-executor345", pid 6917, jiffies 4295002660 (age 55.950s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811846cc00 (size 224): comm "syz-executor345", pid 6932, jiffies 4295005249 (age 30.060s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116224c00 (size 224): comm "syz-executor345", pid 6904, jiffies 4295000121 (age 82.330s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89d800 (size 224): comm "syz-executor345", pid 6908, jiffies 4295000143 (age 82.110s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89dc00 (size 224): comm "syz-executor345", pid 6917, jiffies 4295002660 (age 56.940s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811846cc00 (size 224): comm "syz-executor345", pid 6932, jiffies 4295005249 (age 31.050s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116224c00 (size 224): comm "syz-executor345", pid 6904, jiffies 4295000121 (age 83.320s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89d800 (size 224): comm "syz-executor345", pid 6908, jiffies 4295000143 (age 83.100s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89dc00 (size 224): comm "syz-executor345", pid 6917, jiffies 4295002660 (age 57.930s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811846cc00 (size 224): comm "syz-executor345", pid 6932, jiffies 4295005249 (age 32.040s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116224c00 (size 224): comm "syz-executor345", pid 6904, jiffies 4295000121 (age 83.370s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89d800 (size 224): comm "syz-executor345", pid 6908, jiffies 4295000143 (age 83.150s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89dc00 (size 224): comm "syz-executor345", pid 6917, jiffies 4295002660 (age 57.980s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811846cc00 (size 224): comm "syz-executor345", pid 6932, jiffies 4295005249 (age 32.090s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116224c00 (size 224): comm "syz-executor345", pid 6904, jiffies 4295000121 (age 84.360s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89d800 (size 224): comm "syz-executor345", pid 6908, jiffies 4295000143 (age 84.140s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89dc00 (size 224): comm "syz-executor345", pid 6917, jiffies 4295002660 (age 58.970s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811846cc00 (size 224): comm "syz-executor345", pid 6932, jiffies 4295005249 (age 33.080s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116224c00 (size 224): comm "syz-executor345", pid 6904, jiffies 4295000121 (age 84.410s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89d800 (size 224): comm "syz-executor345", pid 6908, jiffies 4295000143 (age 84.190s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811d89dc00 (size 224): comm "syz-executor345", pid 6917, jiffies 4295002660 (age 59.020s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff88811846cc00 (size 224): comm "syz-executor345", pid 6932, jiffies 4295005249 (age 33.130s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline] [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline] [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194 [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline] [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline] [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670 [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592 [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline] [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571 [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline] [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline] [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696 [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713 [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline] [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline] [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718 [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301 [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 executing program

Crashes (3):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/06/21 20:56	upstream	abf02e2964b3	34bf9440	.config	console log	report	syz	C	ci-upstream-gce-leak
2019/06/16 14:36	upstream	e01e060fe00d	442206d7	.config	console log	report	syz	C	ci-upstream-gce-leak
2019/05/25 00:14	upstream	c50bbf615f2f	85c57315	.config	console log	report	syz	C	ci-upstream-gce-leak

Crashes (3):

Assets (help?)