Extracting prog: 11m16.730897189s Minimizing prog: 17m19.867799774s Simplifying prog options: 0s Extracting C: 1m43.315052626s Simplifying C: 8m19.622295053s extracting reproducer from 42 programs testing a last program of every proc single: executing 7 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vnet-ioctl$VHOST_SET_FEATURES-ioctl$VHOST_SET_FEATURES-socket$inet6_sctp-setsockopt$inet_sctp6_SCTP_RTOINFO-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-getsockopt$inet6_IPV6_XFRM_POLICY-lstat-chown-bpf$MAP_CREATE-openat$dir-ioctl$EVIOCSFF-syz_open_dev$evdev-write$char_usb-fcntl$setlease-bpf$PROG_LOAD_XDP-sendmsg$IPSET_CMD_CREATE-syz_usb_connect detailed listing: executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000001c0)=0x304008000) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x29, 0xfffffffe}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x80000000000000) ioctl$KVM_SET_SREGS(r4, 0x4138ae84, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@remote}}, &(0x7f00000000c0)=0xe4) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f0000000000)='./file0\x00', r5, r6) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x8, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x50) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x2613a31cac13cae, 0x199) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x55, 0x6fc2, 0x0, {0x6000, 0x1}, {0x50, 0x2}, @period={0x5c, 0x1, 0x0, 0x7f9e, 0x800, {0xfffe, 0x8001, 0x2, 0x200}, 0x0, 0x0}}) r8 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) write$char_usb(r8, &(0x7f0000000040)="e2", 0x12d8) fcntl$setlease(r7, 0x400, 0x3) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x81}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0) syz_usb_connect(0x0, 0x286, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000a1f169405909d02b9848000000010902740201000000000904a80010ff8a3700090505104000057f03090507010002080b04090503"], 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-getsockopt$sock_buf-syz_genetlink_get_family_id$ethtool-sendmsg$ETHTOOL_MSG_PAUSE_SET-syz_open_dev$sndmidi-writev-socket$inet6_sctp-syz_io_uring_setup-mkdirat$cgroup_root-openat$cgroup_root-mkdirat$cgroup-openat$cgroup_freezer_state-write$cgroup_freezer_state-sendfile-io_uring_register$IORING_REGISTER_PBUF_RING-syz_memcpy_off$IO_URING_METADATA_GENERIC-syz_io_uring_submit-syz_usb_connect$hid-syz_emit_ethernet-syz_usb_control_io$hid-syz_usb_control_io$hid-ioctl$HIDIOCGVERSION-io_uring_enter-io_uring_register$IORING_UNREGISTER_RING_FDS detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000000)) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = syz_io_uring_setup(0x487, &(0x7f0000000d00)={0x0, 0x9010, 0x8000, 0x8000, 0x165, 0x0, r0}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r6, &(0x7f0000000dc0)='syz0\x00', 0x1ff) r7 = openat$cgroup_freezer_state(r6, &(0x7f00000002c0), 0x2, 0x0) write$cgroup_freezer_state(r7, &(0x7f00000000c0)='FROZEN\x00', 0x7) sendfile(r7, r7, 0x0, 0x8000002) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x0, r2, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}}) r8 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x40, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @multicast1}, [], "17c1ff07000000000000e55800000000"}}}}}}}, 0x0) syz_usb_control_io$hid(r8, 0x0, 0x0) syz_usb_control_io$hid(r8, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "112000"}, @main=@item_4={0x3, 0x0, 0x8, "7488dffc"}]}}, 0x0}, 0x0) ioctl$HIDIOCGVERSION(0xffffffffffffffff, 0x80044801, &(0x7f0000000100)) io_uring_enter(r3, 0x3517, 0x173d, 0x42, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_RING_FDS(r3, 0x15, &(0x7f0000000c00)=[{0x2, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/18, 0x12}, {&(0x7f0000000180)=""/68, 0x44}], &(0x7f0000000340)=[0x2, 0x7ff, 0x3, 0xdf65, 0x100000001, 0x76, 0x8001, 0x7fff]}, {0x8, 0x1, 0x0, &(0x7f00000007c0)=[{&(0x7f0000002000)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/184, 0xb8}, {&(0x7f0000000cc0)=""/16, 0x10}, {&(0x7f0000000500)=""/255, 0xff}, {&(0x7f0000000600)=""/59, 0x3b}, {&(0x7f0000000640)=""/81, 0x51}, {&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/210, 0xd2}], &(0x7f0000000880)=[0xffffffffffffffff, 0x6, 0x9, 0x1ff, 0x100000000]}, {0x6, 0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f00000008c0)=""/33, 0x21}, {&(0x7f0000000900)=""/240, 0xf0}, {&(0x7f0000004000)=""/4096, 0x1000}, {&(0x7f0000000a00)=""/49, 0x31}, {&(0x7f0000000a40)=""/118, 0x76}, {&(0x7f0000000ac0)=""/119, 0x77}], &(0x7f0000000bc0)=[0x1]}], 0x3) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe-bpf$PROG_LOAD-bpf$BPF_LINK_CREATE-socket$l2tp-bind$inet-socket$nl_generic-syz_genetlink_get_family_id$l2tp-sendmsg$L2TP_CMD_TUNNEL_CREATE detailed listing: executing program 0: pipe(0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r0, r0, 0x2f, 0x0, @void}, 0x10) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, 0x0, 0x0) program crashed: lost connection to test machine suppressed program crash: lost connection to test machine testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-bpf$PROG_LOAD-sendmmsg$unix-sched_setattr-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CAP_DISABLE_QUIRKS-ioctl$KVM_CREATE_VCPU-bpf$MAP_CREATE-bpf$PROG_LOAD-prctl$PR_SET_SECCOMP-setfsuid-syz_clone-socket-sendmsg$nl_route_sched-sendmsg$ETHTOOL_MSG_LINKMODES_GET detailed listing: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r2, 0x4068aea3, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setfsuid(0xffffffffffffffff) syz_clone(0x100011, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x410009}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000081}, 0x20000000) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00', @ANYRES16, @ANYBLOB="01032757c38d085641a7260000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x24048055}, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-io_uring_enter-setsockopt$sock_int-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xb209, 0x400, 0x1, 0x323}, &(0x7f00000001c0), &(0x7f0000000000)) io_uring_enter(r3, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create single: successfully extracted reproducer found reproducer with 13 syscalls minimizing guilty program testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-io_uring_enter-setsockopt$sock_int-mmap-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xb209, 0x400, 0x1, 0x323}, &(0x7f00000001c0), &(0x7f0000000000)) io_uring_enter(r3, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-io_uring_enter-setsockopt$sock_int-mmap-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xb209, 0x400, 0x1, 0x323}, &(0x7f00000001c0), &(0x7f0000000000)) io_uring_enter(r3, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-io_uring_enter-setsockopt$sock_int-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) r0 = socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xb209, 0x400, 0x1, 0x323}, &(0x7f00000001c0), &(0x7f0000000000)) io_uring_enter(r3, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-io_uring_enter-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xb209, 0x400, 0x1, 0x323}, &(0x7f00000001c0), &(0x7f0000000000)) io_uring_enter(r2, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-syz_io_uring_setup-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xb209, 0x400, 0x1, 0x323}, &(0x7f00000001c0), &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-prctl$PR_SCHED_CORE-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-sendmmsg$unix-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-connect$unix-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-socketpair$unix-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-socket$inet6-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) socket$inet6(0xa, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise-madvise detailed listing: executing program 0: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: lost connection to test machine suppressed program crash: lost connection to test machine extracting C reproducer testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise program crashed: memory leak in xas_create simplifying C reproducer testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise program crashed: memory leak in xas_create testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise program crashed: memory leak in xas_create testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise program crashed: memory leak in xas_create testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise program crashed: memory leak in xas_create testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise program crashed: memory leak in xas_create testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise program crashed: memory leak in xas_create testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise program crashed: memory leak in xas_create testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6-mmap-madvise-madvise detailed listing: executing program 0: socket$inet6(0xa, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) program crashed: memory leak in xas_create validation run: crashed=true reproducing took 41m55.086289233s repro crashed as (corrupted=false): BUG: memory leak unreferenced object 0xffff88810f73db60 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946290 hex dump (first 32 bytes): 06 10 08 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 50 9a 09 0f 81 88 ff ff 78 db 73 0f 81 88 ff ff P.......x.s..... backtrace (crc c410c67e): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_expand lib/xarray.c:590 [inline] xas_create+0x105/0x8a0 lib/xarray.c:661 xas_store+0x7a/0xb20 lib/xarray.c:795 shmem_add_to_page_cache+0x39f/0x490 mm/shmem.c:922 shmem_alloc_and_add_folio+0x30c/0x6d0 mm/shmem.c:1998 shmem_get_folio_gfp+0x3b2/0x9d0 mm/shmem.c:2567 shmem_fault+0x91/0x490 mm/shmem.c:2768 __do_fault+0x51/0x1a0 mm/memory.c:5364 do_read_fault mm/memory.c:5799 [inline] do_fault+0x671/0xb50 mm/memory.c:5933 do_pte_missing mm/memory.c:4477 [inline] handle_pte_fault mm/memory.c:6317 [inline] __handle_mm_fault+0x1022/0x1df0 mm/memory.c:6455 handle_mm_fault+0x216/0x630 mm/memory.c:6624 faultin_page mm/gup.c:1126 [inline] __get_user_pages+0x967/0x1f10 mm/gup.c:1428 populate_vma_page_range+0xf8/0x160 mm/gup.c:1860 __mm_populate+0x93/0x270 mm/gup.c:1963 mm_populate include/linux/mm.h:3899 [inline] vm_mmap_pgoff+0x226/0x2d0 mm/util.c:586 BUG: memory leak unreferenced object 0xffff88810f791da8 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946296 hex dump (first 32 bytes): 00 07 00 00 00 00 00 00 60 db 73 0f 81 88 ff ff ........`.s..... 50 9a 09 0f 81 88 ff ff c0 1d 79 0f 81 88 ff ff P.........y..... backtrace (crc 79863739): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_create+0x40d/0x8a0 lib/xarray.c:685 xas_create_range+0xb5/0x1b0 lib/xarray.c:725 collapse_file+0x209/0x1b70 mm/khugepaged.c:1883 hpage_collapse_scan_file+0x3b8/0xb10 mm/khugepaged.c:2380 madvise_collapse+0x22a/0x700 mm/khugepaged.c:2809 madvise_vma_behavior+0xb05/0x1310 mm/madvise.c:1370 madvise_walk_vmas+0x14f/0x510 mm/madvise.c:1719 madvise_do_behavior+0xc6/0x2c0 mm/madvise.c:1935 do_madvise+0x137/0x1c0 mm/madvise.c:2028 __do_sys_madvise mm/madvise.c:2037 [inline] __se_sys_madvise mm/madvise.c:2035 [inline] __x64_sys_madvise+0x2c/0x40 mm/madvise.c:2035 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810f791b60 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946296 hex dump (first 32 bytes): 00 06 00 00 00 00 00 00 60 db 73 0f 81 88 ff ff ........`.s..... 50 9a 09 0f 81 88 ff ff 78 1b 79 0f 81 88 ff ff P.......x.y..... backtrace (crc d8148b8c): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_create+0x40d/0x8a0 lib/xarray.c:685 xas_create_range+0xb5/0x1b0 lib/xarray.c:725 collapse_file+0x209/0x1b70 mm/khugepaged.c:1883 hpage_collapse_scan_file+0x3b8/0xb10 mm/khugepaged.c:2380 madvise_collapse+0x22a/0x700 mm/khugepaged.c:2809 madvise_vma_behavior+0xb05/0x1310 mm/madvise.c:1370 madvise_walk_vmas+0x14f/0x510 mm/madvise.c:1719 madvise_do_behavior+0xc6/0x2c0 mm/madvise.c:1935 do_madvise+0x137/0x1c0 mm/madvise.c:2028 __do_sys_madvise mm/madvise.c:2037 [inline] __se_sys_madvise mm/madvise.c:2035 [inline] __x64_sys_madvise+0x2c/0x40 mm/madvise.c:2035 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810f791918 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946296 hex dump (first 32 bytes): 00 05 00 00 00 00 00 00 60 db 73 0f 81 88 ff ff ........`.s..... 50 9a 09 0f 81 88 ff ff 30 19 79 0f 81 88 ff ff P.......0.y..... backtrace (crc d0d2ae56): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_create+0x40d/0x8a0 lib/xarray.c:685 xas_create_range+0xb5/0x1b0 lib/xarray.c:725 collapse_file+0x209/0x1b70 mm/khugepaged.c:1883 hpage_collapse_scan_file+0x3b8/0xb10 mm/khugepaged.c:2380 madvise_collapse+0x22a/0x700 mm/khugepaged.c:2809 madvise_vma_behavior+0xb05/0x1310 mm/madvise.c:1370 madvise_walk_vmas+0x14f/0x510 mm/madvise.c:1719 madvise_do_behavior+0xc6/0x2c0 mm/madvise.c:1935 do_madvise+0x137/0x1c0 mm/madvise.c:2028 __do_sys_madvise mm/madvise.c:2037 [inline] __se_sys_madvise mm/madvise.c:2035 [inline] __x64_sys_madvise+0x2c/0x40 mm/madvise.c:2035 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810f7916d0 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946296 hex dump (first 32 bytes): 00 04 00 00 00 00 00 00 60 db 73 0f 81 88 ff ff ........`.s..... 50 9a 09 0f 81 88 ff ff e8 16 79 0f 81 88 ff ff P.........y..... backtrace (crc e185fdcf): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_create+0x40d/0x8a0 lib/xarray.c:685 xas_create_range+0xb5/0x1b0 lib/xarray.c:725 collapse_file+0x209/0x1b70 mm/khugepaged.c:1883 hpage_collapse_scan_file+0x3b8/0xb10 mm/khugepaged.c:2380 madvise_collapse+0x22a/0x700 mm/khugepaged.c:2809 madvise_vma_behavior+0xb05/0x1310 mm/madvise.c:1370 madvise_walk_vmas+0x14f/0x510 mm/madvise.c:1719 madvise_do_behavior+0xc6/0x2c0 mm/madvise.c:1935 do_madvise+0x137/0x1c0 mm/madvise.c:2028 __do_sys_madvise mm/madvise.c:2037 [inline] __se_sys_madvise mm/madvise.c:2035 [inline] __x64_sys_madvise+0x2c/0x40 mm/madvise.c:2035 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF final repro crashed as (corrupted=false): BUG: memory leak unreferenced object 0xffff88810f73db60 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946290 hex dump (first 32 bytes): 06 10 08 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 50 9a 09 0f 81 88 ff ff 78 db 73 0f 81 88 ff ff P.......x.s..... backtrace (crc c410c67e): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_expand lib/xarray.c:590 [inline] xas_create+0x105/0x8a0 lib/xarray.c:661 xas_store+0x7a/0xb20 lib/xarray.c:795 shmem_add_to_page_cache+0x39f/0x490 mm/shmem.c:922 shmem_alloc_and_add_folio+0x30c/0x6d0 mm/shmem.c:1998 shmem_get_folio_gfp+0x3b2/0x9d0 mm/shmem.c:2567 shmem_fault+0x91/0x490 mm/shmem.c:2768 __do_fault+0x51/0x1a0 mm/memory.c:5364 do_read_fault mm/memory.c:5799 [inline] do_fault+0x671/0xb50 mm/memory.c:5933 do_pte_missing mm/memory.c:4477 [inline] handle_pte_fault mm/memory.c:6317 [inline] __handle_mm_fault+0x1022/0x1df0 mm/memory.c:6455 handle_mm_fault+0x216/0x630 mm/memory.c:6624 faultin_page mm/gup.c:1126 [inline] __get_user_pages+0x967/0x1f10 mm/gup.c:1428 populate_vma_page_range+0xf8/0x160 mm/gup.c:1860 __mm_populate+0x93/0x270 mm/gup.c:1963 mm_populate include/linux/mm.h:3899 [inline] vm_mmap_pgoff+0x226/0x2d0 mm/util.c:586 BUG: memory leak unreferenced object 0xffff88810f791da8 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946296 hex dump (first 32 bytes): 00 07 00 00 00 00 00 00 60 db 73 0f 81 88 ff ff ........`.s..... 50 9a 09 0f 81 88 ff ff c0 1d 79 0f 81 88 ff ff P.........y..... backtrace (crc 79863739): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_create+0x40d/0x8a0 lib/xarray.c:685 xas_create_range+0xb5/0x1b0 lib/xarray.c:725 collapse_file+0x209/0x1b70 mm/khugepaged.c:1883 hpage_collapse_scan_file+0x3b8/0xb10 mm/khugepaged.c:2380 madvise_collapse+0x22a/0x700 mm/khugepaged.c:2809 madvise_vma_behavior+0xb05/0x1310 mm/madvise.c:1370 madvise_walk_vmas+0x14f/0x510 mm/madvise.c:1719 madvise_do_behavior+0xc6/0x2c0 mm/madvise.c:1935 do_madvise+0x137/0x1c0 mm/madvise.c:2028 __do_sys_madvise mm/madvise.c:2037 [inline] __se_sys_madvise mm/madvise.c:2035 [inline] __x64_sys_madvise+0x2c/0x40 mm/madvise.c:2035 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810f791b60 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946296 hex dump (first 32 bytes): 00 06 00 00 00 00 00 00 60 db 73 0f 81 88 ff ff ........`.s..... 50 9a 09 0f 81 88 ff ff 78 1b 79 0f 81 88 ff ff P.......x.y..... backtrace (crc d8148b8c): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_create+0x40d/0x8a0 lib/xarray.c:685 xas_create_range+0xb5/0x1b0 lib/xarray.c:725 collapse_file+0x209/0x1b70 mm/khugepaged.c:1883 hpage_collapse_scan_file+0x3b8/0xb10 mm/khugepaged.c:2380 madvise_collapse+0x22a/0x700 mm/khugepaged.c:2809 madvise_vma_behavior+0xb05/0x1310 mm/madvise.c:1370 madvise_walk_vmas+0x14f/0x510 mm/madvise.c:1719 madvise_do_behavior+0xc6/0x2c0 mm/madvise.c:1935 do_madvise+0x137/0x1c0 mm/madvise.c:2028 __do_sys_madvise mm/madvise.c:2037 [inline] __se_sys_madvise mm/madvise.c:2035 [inline] __x64_sys_madvise+0x2c/0x40 mm/madvise.c:2035 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810f791918 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946296 hex dump (first 32 bytes): 00 05 00 00 00 00 00 00 60 db 73 0f 81 88 ff ff ........`.s..... 50 9a 09 0f 81 88 ff ff 30 19 79 0f 81 88 ff ff P.......0.y..... backtrace (crc d0d2ae56): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_create+0x40d/0x8a0 lib/xarray.c:685 xas_create_range+0xb5/0x1b0 lib/xarray.c:725 collapse_file+0x209/0x1b70 mm/khugepaged.c:1883 hpage_collapse_scan_file+0x3b8/0xb10 mm/khugepaged.c:2380 madvise_collapse+0x22a/0x700 mm/khugepaged.c:2809 madvise_vma_behavior+0xb05/0x1310 mm/madvise.c:1370 madvise_walk_vmas+0x14f/0x510 mm/madvise.c:1719 madvise_do_behavior+0xc6/0x2c0 mm/madvise.c:1935 do_madvise+0x137/0x1c0 mm/madvise.c:2028 __do_sys_madvise mm/madvise.c:2037 [inline] __se_sys_madvise mm/madvise.c:2035 [inline] __x64_sys_madvise+0x2c/0x40 mm/madvise.c:2035 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810f7916d0 (size 576): comm "syz.0.19", pid 6090, jiffies 4294946296 hex dump (first 32 bytes): 00 04 00 00 00 00 00 00 60 db 73 0f 81 88 ff ff ........`.s..... 50 9a 09 0f 81 88 ff ff e8 16 79 0f 81 88 ff ff P.........y..... backtrace (crc e185fdcf): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4547 [inline] slab_alloc_node mm/slub.c:4869 [inline] kmem_cache_alloc_lru_noprof+0x37d/0x490 mm/slub.c:4888 xas_alloc+0xf1/0x110 lib/xarray.c:378 xas_create+0x40d/0x8a0 lib/xarray.c:685 xas_create_range+0xb5/0x1b0 lib/xarray.c:725 collapse_file+0x209/0x1b70 mm/khugepaged.c:1883 hpage_collapse_scan_file+0x3b8/0xb10 mm/khugepaged.c:2380 madvise_collapse+0x22a/0x700 mm/khugepaged.c:2809 madvise_vma_behavior+0xb05/0x1310 mm/madvise.c:1370 madvise_walk_vmas+0x14f/0x510 mm/madvise.c:1719 madvise_do_behavior+0xc6/0x2c0 mm/madvise.c:1935 do_madvise+0x137/0x1c0 mm/madvise.c:2028 __do_sys_madvise mm/madvise.c:2037 [inline] __se_sys_madvise mm/madvise.c:2035 [inline] __x64_sys_madvise+0x2c/0x40 mm/madvise.c:2035 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF