BUG: memory leak
unreferenced object 0xffff88810c7b9900 (size 640):
  comm "syz-executor.0", pid 5417, jiffies 4294944478
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 01 1a 0c 01 02 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc d037fcd3):
    [<ffffffff8165cddc>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff8165cddc>] slab_post_alloc_hook mm/slub.c:3802 [inline]
    [<ffffffff8165cddc>] slab_alloc_node mm/slub.c:3845 [inline]
    [<ffffffff8165cddc>] kmem_cache_alloc_node+0x28c/0x330 mm/slub.c:3888
    [<ffffffff84334f46>] kmalloc_reserve+0xe6/0x180 net/core/skbuff.c:577
    [<ffffffff843389c5>] __alloc_skb+0xd5/0x220 net/core/skbuff.c:668
    [<ffffffff84a7753b>] alloc_skb include/linux/skbuff.h:1318 [inline]
    [<ffffffff84a7753b>] bt_skb_alloc include/net/bluetooth/bluetooth.h:489 [inline]
    [<ffffffff84a7753b>] hci_prepare_cmd+0x2b/0xb0 net/bluetooth/hci_request.c:219
    [<ffffffff84a77b67>] hci_req_add_ev net/bluetooth/hci_request.c:253 [inline]
    [<ffffffff84a77b67>] hci_req_add+0x57/0xe0 net/bluetooth/hci_request.c:273
    [<ffffffff84a09c51>] hci_scan_req+0x41/0x70 net/bluetooth/hci_core.c:73
    [<ffffffff84a76f70>] __hci_req_sync+0x70/0x3c0 net/bluetooth/hci_request.c:128
    [<ffffffff84a774c7>] hci_req_sync+0x67/0xa0 net/bluetooth/hci_request.c:204
    [<ffffffff84a0f1f3>] hci_dev_cmd+0x3f3/0x550 net/bluetooth/hci_core.c:790
    [<ffffffff84a51d8c>] hci_sock_ioctl+0x3ec/0x6f0 net/bluetooth/hci_sock.c:1153
    [<ffffffff84320712>] sock_do_ioctl+0x82/0x1a0 net/socket.c:1222
    [<ffffffff8432293e>] sock_ioctl+0x14e/0x480 net/socket.c:1341
    [<ffffffff81735426>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff81735426>] __do_sys_ioctl fs/ioctl.c:904 [inline]
    [<ffffffff81735426>] __se_sys_ioctl fs/ioctl.c:890 [inline]
    [<ffffffff81735426>] __x64_sys_ioctl+0xf6/0x150 fs/ioctl.c:890
    [<ffffffff85087f05>] do_syscall_x64 arch/x86/entry/common.c:52 [inline]
    [<ffffffff85087f05>] do_syscall_64+0xa5/0x1e0 arch/x86/entry/common.c:83
    [<ffffffff85200126>] entry_SYSCALL_64_after_hwframe+0x6d/0x75

BUG: memory leak
unreferenced object 0xffff88810bd13200 (size 240):
  comm "kworker/u9:0", pid 50, jiffies 4294944478
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc c94ec022):
    [<ffffffff8165c4b1>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff8165c4b1>] slab_post_alloc_hook mm/slub.c:3802 [inline]
    [<ffffffff8165c4b1>] slab_alloc_node mm/slub.c:3845 [inline]
    [<ffffffff8165c4b1>] kmem_cache_alloc+0x271/0x310 mm/slub.c:3852
    [<ffffffff8433feaa>] skb_clone+0xaa/0x190 net/core/skbuff.c:2063
    [<ffffffff84a0a5fb>] hci_send_cmd_sync net/bluetooth/hci_core.c:4220 [inline]
    [<ffffffff84a0a5fb>] hci_cmd_work+0x1db/0x200 net/bluetooth/hci_core.c:4240
    [<ffffffff812ec200>] process_one_work+0x290/0x630 kernel/workqueue.c:3254
    [<ffffffff812ed22d>] process_scheduled_works kernel/workqueue.c:3335 [inline]
    [<ffffffff812ed22d>] worker_thread+0x2bd/0x510 kernel/workqueue.c:3416
    [<ffffffff812fb36c>] kthread+0xfc/0x140 kernel/kthread.c:388
    [<ffffffff81158245>] ret_from_fork+0x45/0x60 arch/x86/kernel/process.c:147
    [<ffffffff81002efa>] ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243

BUG: memory leak
unreferenced object 0xffff88811c5ca000 (size 1024):
  comm "syz-executor.0", pid 5531, jiffies 4294944592
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 0):
    [<ffffffff8165d1b2>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff8165d1b2>] slab_post_alloc_hook mm/slub.c:3802 [inline]
    [<ffffffff8165d1b2>] slab_alloc_node mm/slub.c:3845 [inline]
    [<ffffffff8165d1b2>] __do_kmalloc_node mm/slub.c:3965 [inline]
    [<ffffffff8165d1b2>] __kmalloc_node+0x322/0x420 mm/slub.c:3973
    [<ffffffff815cf74d>] kmalloc_node include/linux/slab.h:648 [inline]
    [<ffffffff815cf74d>] kvmalloc_node+0x9d/0x170 mm/util.c:634
    [<ffffffff827c11a1>] kvmalloc include/linux/slab.h:766 [inline]
    [<ffffffff827c11a1>] kvmalloc_array include/linux/slab.h:784 [inline]
    [<ffffffff827c11a1>] want_pages_array+0x71/0x90 lib/iov_iter.c:883
    [<ffffffff827c287e>] iov_iter_extract_user_pages lib/iov_iter.c:1580 [inline]
    [<ffffffff827c287e>] iov_iter_extract_pages+0x18e/0x9f0 lib/iov_iter.c:1646
    [<ffffffff827036e0>] bio_map_user_iov+0x160/0x5b0 block/blk-map.c:304
    [<ffffffff82703edc>] blk_rq_map_user_iov+0x39c/0xaf0 block/blk-map.c:670
    [<ffffffff82704a77>] blk_rq_map_user block/blk-map.c:697 [inline]
    [<ffffffff82704a77>] blk_rq_map_user_io+0x147/0x160 block/blk-map.c:730
    [<ffffffff830576b9>] sg_io+0x289/0x510 drivers/scsi/scsi_ioctl.c:456
    [<ffffffff83057e03>] scsi_cdrom_send_packet+0x1c3/0x490 drivers/scsi/scsi_ioctl.c:820
    [<ffffffff830581aa>] scsi_ioctl+0xca/0xd40 drivers/scsi/scsi_ioctl.c:903
    [<ffffffff830f6318>] sg_ioctl+0x5f8/0x10a0 drivers/scsi/sg.c:1163
    [<ffffffff81735426>] vfs_ioctl fs/ioctl.c:51 [inline]
    [<ffffffff81735426>] __do_sys_ioctl fs/ioctl.c:904 [inline]
    [<ffffffff81735426>] __se_sys_ioctl fs/ioctl.c:890 [inline]
    [<ffffffff81735426>] __x64_sys_ioctl+0xf6/0x150 fs/ioctl.c:890
    [<ffffffff85087f05>] do_syscall_x64 arch/x86/entry/common.c:52 [inline]
    [<ffffffff85087f05>] do_syscall_64+0xa5/0x1e0 arch/x86/entry/common.c:83
    [<ffffffff85200126>] entry_SYSCALL_64_after_hwframe+0x6d/0x75