syzbot


memory leak in bcsp_recv

Status: fixed on 2019/08/05 13:45
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+98162c885993b72f19c4@syzkaller.appspotmail.com
Fix commit: 4ce9146e0370 Bluetooth: hci_bcsp: Fix memory leak in rx_skb
First crash: 1794d, last: 1766d
Discussions (15)
Title Replies (including bot) Last reply
[PATCH 4.9 000/223] 4.9.187-stable review 231 (231) 2019/08/28 03:02
[PATCH 5.2 000/413] 5.2.3-stable review 444 (444) 2019/08/05 12:40
[PATCH 4.4 000/158] 4.4.187-stable review 166 (166) 2019/08/03 15:57
[PATCH 4.14 000/293] 4.14.135-stable review 302 (302) 2019/07/31 09:35
[PATCH 4.19 000/271] 4.19.61-stable review 284 (284) 2019/07/27 10:51
[PATCH AUTOSEL 4.19 001/158] wil6210: fix potential out-of-bounds read 161 (161) 2019/07/26 18:07
[PATCH 5.1 000/371] 5.1.20-stable review 384 (384) 2019/07/26 12:24
[PATCH AUTOSEL 5.2 001/249] ath10k: Check tx_stats before use it 267 (267) 2019/07/24 03:35
[PATCH AUTOSEL 4.14 001/105] wil6210: fix potential out-of-bounds read 107 (107) 2019/07/22 00:40
[PATCH AUTOSEL 4.4 01/53] ath10k: Do not send probe response template for mesh 53 (53) 2019/07/15 14:45
[PATCH AUTOSEL 4.9 01/73] ath10k: Do not send probe response template for mesh 73 (73) 2019/07/15 14:36
[PATCH AUTOSEL 5.1 001/219] ath10k: Check tx_stats before use it 219 (219) 2019/07/15 14:03
[PATCH] Bluetooth: hci_bcsp: Fix memory leak in rx_skb 2 (2) 2019/07/06 11:03
Reminder: 27 open syzbot bugs in bluetooth subsystem 1 (1) 2019/06/24 05:14
memory leak in bcsp_recv 0 (1) 2019/05/25 17:38

Sample crash report:
9 tx timeout
BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 80.330s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 80.110s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 54.940s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 29.050s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 81.340s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 81.120s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 55.950s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 30.060s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 82.330s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 82.110s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 56.940s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 31.050s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 83.320s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 83.100s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 57.930s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 32.040s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 83.370s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 83.150s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 57.980s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 32.090s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 84.360s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 84.140s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 58.970s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 33.080s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff888116224c00 (size 224):
  comm "syz-executor345", pid 6904, jiffies 4295000121 (age 84.410s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89d800 (size 224):
  comm "syz-executor345", pid 6908, jiffies 4295000143 (age 84.190s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811d89dc00 (size 224):
  comm "syz-executor345", pid 6917, jiffies 4295002660 (age 59.020s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

BUG: memory leak
unreferenced object 0xffff88811846cc00 (size 224):
  comm "syz-executor345", pid 6932, jiffies 4295005249 (age 33.130s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<000000006a4d84d6>] kmemleak_alloc_recursive include/linux/kmemleak.h:43 [inline]
    [<000000006a4d84d6>] slab_post_alloc_hook mm/slab.h:439 [inline]
    [<000000006a4d84d6>] slab_alloc_node mm/slab.c:3269 [inline]
    [<000000006a4d84d6>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579
    [<000000007eb3c776>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:194
    [<00000000bb6cdded>] alloc_skb include/linux/skbuff.h:1054 [inline]
    [<00000000bb6cdded>] bt_skb_alloc include/net/bluetooth/bluetooth.h:339 [inline]
    [<00000000bb6cdded>] bcsp_recv+0x1c3/0x540 drivers/bluetooth/hci_bcsp.c:670
    [<00000000cf7b9dc1>] hci_uart_tty_receive+0xba/0x200 drivers/bluetooth/hci_ldisc.c:592
    [<00000000e31e1292>] tiocsti drivers/tty/tty_io.c:2195 [inline]
    [<00000000e31e1292>] tty_ioctl+0x81c/0xa30 drivers/tty/tty_io.c:2571
    [<000000002d85e8dc>] vfs_ioctl fs/ioctl.c:46 [inline]
    [<000000002d85e8dc>] file_ioctl fs/ioctl.c:509 [inline]
    [<000000002d85e8dc>] do_vfs_ioctl+0x62a/0x810 fs/ioctl.c:696
    [<000000006ddc65be>] ksys_ioctl+0x86/0xb0 fs/ioctl.c:713
    [<00000000ee625b0d>] __do_sys_ioctl fs/ioctl.c:720 [inline]
    [<00000000ee625b0d>] __se_sys_ioctl fs/ioctl.c:718 [inline]
    [<00000000ee625b0d>] __x64_sys_ioctl+0x1e/0x30 fs/ioctl.c:718
    [<0000000085eaafd2>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
    [<000000002234b1d7>] entry_SYSCALL_64_after_hwframe+0x44/0xa9

executing program

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/21 20:56 upstream abf02e2964b3 34bf9440 .config console log report syz C ci-upstream-gce-leak
2019/06/16 14:36 upstream e01e060fe00d 442206d7 .config console log report syz C ci-upstream-gce-leak
2019/05/25 00:14 upstream c50bbf615f2f 85c57315 .config console log report syz C ci-upstream-gce-leak
* Struck through repros no longer work on HEAD.