Extracting prog: 7m15.614472067s
Minimizing prog: 29m13.798767271s
Simplifying prog options: 3m25.589917914s
Extracting C: 2m27.099769542s
Simplifying C: 0s


extracting reproducer from 49 programs
testing a last program of every proc
single: executing 9 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vimc1-ioctl$VIDIOC_S_FMT
detailed listing:
executing program 0:
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x8, 0x1ec0000, 0x34565348, 0x5, 0x9, 0xddc8, 0x0, 0x2, 0x0, 0x6, 0x1, 0x3}})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): clock_getres-madvise-ioctl$SIOCSIFMTU-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-socket$nl_generic-sendmsg$TIPC_NL_PEER_REMOVE-sendmsg$TIPC_NL_MEDIA_GET-sched_setattr-mremap-syz_usb_connect-socket$packet-ioctl$SCSI_IOCTL_SEND_COMMAND-mremap-ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE-getdents64-madvise
detailed listing:
executing program 0:
clock_getres(0x2, &(0x7f0000000100))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000014c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x8085}, 0x4000)
sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x18800018}, 0xc, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b89200000001090290"], 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000005c0)=ANY=[])
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000300))
getdents64(0xffffffffffffffff, &(0x7f0000001f00)=""/4093, 0xffd)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$vim2m-openat$kvm-socket$inet6-socket-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-sched_setattr-ioctl$VIDIOC_CREATE_BUFS-socket$inet6_mptcp-setsockopt$inet6_tcp_TCP_CONGESTION-bind$inet6-connect$inet6-mkdirat-open_tree-unshare-move_mount-renameat2-sendmmsg$inet6-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-setsockopt$inet6_tcp_TCP_CONGESTION-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_REQBUFS-ioctl$vim2m_VIDIOC_EXPBUF-syz_io_uring_setup
detailed listing:
executing program 0:
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet6(0x2d, 0x806, 0x0)
socket(0x6, 0x80000, 0x5a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8002, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x8}, 0x0)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x1, {0x3, @sdr={0x56544943, 0x8}}, 0x6b})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000300)='illinois', 0x8)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @private0}, 0x1c)
connect$inet6(r2, &(0x7f00000002c0)={0xa, 0x3, 0x9, @mcast1, 0xfffffffa}, 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x22020600)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
renameat2(r3, &(0x7f00000002c0)='./file0\x00', r3, &(0x7f00000003c0)='./bus\x00', 0x0)
sendmmsg$inet6(r2, 0x0, 0x0, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc580000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000002c0003800c0000800800034000000002100000800c000180060001", @ANYRES16, @ANYBLOB="785454f63ace2532535fe458e26a717fb1f470cbce39657622847a083b06c05d7cca8ca7fd3ef37e"], 0xbc}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x9)
r5 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})
ioctl$vim2m_VIDIOC_EXPBUF(r5, 0xc0405610, 0x0)
syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x3c00, 0x3, 0x0, 0x0, 0x0}, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-io_uring_enter-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x234f, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
single: successfully extracted reproducer
found reproducer with 11 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-io_uring_enter-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x234f, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-io_uring_enter-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x234f, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-io_uring_enter-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x234f, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-io_uring_enter-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x234f, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-io_uring_enter-recvmmsg-prctl$PR_SCHED_CORE-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x234f, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-io_uring_enter-recvmmsg-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x234f, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-io_uring_enter-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x234f, 0x0, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-sendmmsg$unix-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r2, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r1 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r1, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, 0x0, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, 0x0, &(0x7f0000000340)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r1, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, 0x0, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, 0x0, 0x0, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x880)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
program did not crash
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_io_uring_setup-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-io_uring_enter-sendmsg$nl_route
detailed listing:
executing program 0:
r0 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x1, 0x6, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2, 0xa, 0x1})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x880)

program crashed: memory leak in iovec_from_user
validation run: crashed=true
reproducing took 46m13.245764257s
repro crashed as (corrupted=false):
BUG: memory leak
unreferenced object 0xffff8881228893e0 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889400 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889420 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889440 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889460 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889480 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

final repro crashed as (corrupted=false):
BUG: memory leak
unreferenced object 0xffff8881228893e0 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889400 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889420 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889440 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889460 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff888122889480 (size 32):
  comm "syz.6.23", pid 6169, jiffies 4294942659
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
  backtrace (crc ccaa009e):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4958 [inline]
    slab_alloc_node mm/slub.c:5263 [inline]
    __do_kmalloc_node mm/slub.c:5656 [inline]
    __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669
    kmalloc_noprof include/linux/slab.h:961 [inline]
    kmalloc_array_noprof include/linux/slab.h:1003 [inline]
    iovec_from_user lib/iov_iter.c:1321 [inline]
    iovec_from_user+0x108/0x140 lib/iov_iter.c:1304
    __import_iovec+0x71/0x350 lib/iov_iter.c:1375
    io_import_vec io_uring/rw.c:99 [inline]
    __io_import_rw_buffer+0x1e2/0x260 io_uring/rw.c:120
    io_import_rw_buffer io_uring/rw.c:139 [inline]
    io_rw_do_import io_uring/rw.c:313 [inline]
    io_prep_rw+0xb5/0x120 io_uring/rw.c:325
    io_prep_rwv io_uring/rw.c:343 [inline]
    io_prep_writev+0x23/0x80 io_uring/rw.c:363
    io_init_req io_uring/io_uring.c:2235 [inline]
    io_submit_sqe io_uring/io_uring.c:2282 [inline]
    io_submit_sqes+0x40d/0xf40 io_uring/io_uring.c:2435
    __do_sys_io_uring_enter+0x841/0xcf0 io_uring/io_uring.c:3285
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF