Extracting prog: 10m59.703072861s Minimizing prog: 13m10.081458624s Simplifying prog options: 0s Extracting C: 1m0.143088687s Simplifying C: 6m19.659354391s extracting reproducer from 42 programs testing a last program of every proc single: executing 7 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): rt_sigprocmask-signalfd4-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-timer_create-timer_settime detailed listing: executing program 0: rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) r0 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x800) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f000001bff4)) timer_create(0x2, 0x0, &(0x7f00000000c0)=0x0) timer_settime(r2, 0xe54aef35e9c2845d, &(0x7f0000000280)={{}, {0x0, 0x9}}, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$tun-ioctl$TUNSETIFF-socket-socket$unix-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route_sched-sendmsg$nl_route_sched detailed listing: executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44880}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd25, 0x25df9bfb, {0x0, 0x0, 0x0, r3, {0xd, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x5, 0x4, 0x7, 0x8}, 0x39}}]}, {0xfffffffffffffe7a}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x80, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8010}, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io$uac1-syz_usb_control_io-syz_open_dev$char_usb-ioctl$IOMMU_IOAS_MAP$PAGES-openat$fuse-ioctl$FS_IOC_GETVERSION detailed listing: executing program 0: r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x7, 0x0, 0x0, &(0x7f0000002000/0x1000)=nil, 0x1000}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_CREATE_VM-prctl$PR_SET_MM_MAP-sendmsg$NFT_BATCH-io_uring_setup-sendmsg$nl_route_sched-io_uring_enter-socket$inet6_tcp-bind$inet6-ioctl$BTRFS_IOC_SEND-sendmsg$inet6-connect$inet6-syz_emit_ethernet detailed listing: executing program 0: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x21, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, 0x0) sendmsg$inet6(r1, &(0x7f0000000480)={&(0x7f0000000040)={0xa, 0x4e20, 0xfffffffc, @remote, 0x2}, 0x1c, 0x0}, 0x20008814) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) syz_emit_ethernet(0x3a, &(0x7f0000000280)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x21, 0x2c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x8002, 0x0, 0xe7, {[@window={0x3, 0x3, 0x2}]}}}}}}}, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-syz_kvm_setup_cpu$x86-ioctl$KVM_SET_NESTED_STATE-ioctl$KVM_RUN detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)) ioctl$KVM_RUN(r2, 0xae80, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-openat$kvm-ioctl$KVM_SET_MSRS-ioctl$KVM_CREATE_VM-bpf$PROG_LOAD-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ptrace$setsig-ioctl$KVM_RUN-ioctl$KVM_RUN-ioctl$KVM_RUN detailed listing: executing program 0: mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x401, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ptrace$setsig(0x4203, 0x0, 0x81, &(0x7f00000000c0)={0x7, 0x7, 0x7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-mmap-openat$zero-mmap$binder-madvise-ioctl$KVM_RUN detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x8000000000000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xc8) ioctl$KVM_RUN(r2, 0xae80, 0x0) program crashed: memory leak in prepare_creds single: successfully extracted reproducer found reproducer with 10 syscalls minimizing guilty program testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-mmap-openat$zero-mmap$binder-madvise detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x8000000000000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xc8) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-mmap-openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x8000000000000000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-mmap-openat$zero detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-mmap-mmap$binder detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x8000000000000000) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x8000000000000000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x8000000000000000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x8000000000000000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x8000000000000000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$zero-mmap$binder detailed listing: executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x8000000000000000) program crashed: memory leak in __shmem_file_setup testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x8000000000000000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x8000000000000000) program did not crash extracting C reproducer testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder program crashed: memory leak in prepare_creds simplifying C reproducer testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x8000000000000000) program crashed: memory leak in prepare_creds validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x8000000000000000) program crashed: memory leak in prepare_creds validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap$binder detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) mmap$binder(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x8000000000000000) program crashed: memory leak in prepare_creds validation run: crashed=true reproducing took 34m54.030980799s repro crashed as (corrupted=false): 2025/12/08 13:03:41 executed programs: 5 BUG: memory leak unreferenced object 0xffff8881026f73c0 (size 184): comm "syz-executor", pid 5994, jiffies 4294942880 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc afd64e61): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5265 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888101cb6ec0 (size 32): comm "syz-executor", pid 5994, jiffies 4294942880 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 12 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace (crc f9956722): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] __do_kmalloc_node mm/slub.c:5651 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5664 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881096c7540 (size 184): comm "syz.0.17", pid 6107, jiffies 4294942880 hex dump (first 32 bytes): 00 00 00 00 07 00 0e 02 c0 e3 66 85 ff ff ff ff ..........f..... 48 1a 63 09 81 88 ff ff 00 00 00 00 00 00 00 00 H.c............. backtrace (crc e7cce4be): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5265 alloc_empty_file+0x51/0x1a0 fs/file_table.c:237 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5843 shmem_kernel_file_setup mm/shmem.c:5862 [inline] __shmem_zero_setup mm/shmem.c:5902 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5933 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888109d37398 (size 40): comm "syz.0.17", pid 6107, jiffies 4294942880 hex dump (first 32 bytes): ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f8 12 86 00 81 88 ff ff ................ backtrace (crc e7d14241): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5265 lsm_file_alloc security/security.c:169 [inline] security_file_alloc+0x30/0x240 security/security.c:2380 init_file+0x3e/0x160 fs/file_table.c:159 alloc_empty_file+0x6f/0x1a0 fs/file_table.c:241 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5843 shmem_kernel_file_setup mm/shmem.c:5862 [inline] __shmem_zero_setup mm/shmem.c:5902 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5933 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888108176cc0 (size 184): comm "syz-executor", pid 5994, jiffies 4294942880 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc d053ae1d): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5265 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888101cb6d00 (size 32): comm "syz-executor", pid 5994, jiffies 4294942880 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 12 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace (crc f9956722): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] __do_kmalloc_node mm/slub.c:5651 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5664 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF final repro crashed as (corrupted=false): 2025/12/08 13:03:41 executed programs: 5 BUG: memory leak unreferenced object 0xffff8881026f73c0 (size 184): comm "syz-executor", pid 5994, jiffies 4294942880 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc afd64e61): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5265 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888101cb6ec0 (size 32): comm "syz-executor", pid 5994, jiffies 4294942880 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 12 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace (crc f9956722): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] __do_kmalloc_node mm/slub.c:5651 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5664 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881096c7540 (size 184): comm "syz.0.17", pid 6107, jiffies 4294942880 hex dump (first 32 bytes): 00 00 00 00 07 00 0e 02 c0 e3 66 85 ff ff ff ff ..........f..... 48 1a 63 09 81 88 ff ff 00 00 00 00 00 00 00 00 H.c............. backtrace (crc e7cce4be): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5265 alloc_empty_file+0x51/0x1a0 fs/file_table.c:237 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5843 shmem_kernel_file_setup mm/shmem.c:5862 [inline] __shmem_zero_setup mm/shmem.c:5902 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5933 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888109d37398 (size 40): comm "syz.0.17", pid 6107, jiffies 4294942880 hex dump (first 32 bytes): ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f8 12 86 00 81 88 ff ff ................ backtrace (crc e7d14241): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5265 lsm_file_alloc security/security.c:169 [inline] security_file_alloc+0x30/0x240 security/security.c:2380 init_file+0x3e/0x160 fs/file_table.c:159 alloc_empty_file+0x6f/0x1a0 fs/file_table.c:241 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5843 shmem_kernel_file_setup mm/shmem.c:5862 [inline] __shmem_zero_setup mm/shmem.c:5902 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5933 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888108176cc0 (size 184): comm "syz-executor", pid 5994, jiffies 4294942880 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc d053ae1d): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5265 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888101cb6d00 (size 32): comm "syz-executor", pid 5994, jiffies 4294942880 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 12 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 ................ backtrace (crc f9956722): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4953 [inline] slab_alloc_node mm/slub.c:5258 [inline] __do_kmalloc_node mm/slub.c:5651 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5664 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF