Extracting prog: 9m53.916510882s Minimizing prog: 14m28.204242442s Simplifying prog options: 0s Extracting C: 1m4.466824631s Simplifying C: 9m46.655995176s extracting reproducer from 21 programs testing a last program of every proc single: executing 7 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_netfilter-socket-sendmsg$IPSET_CMD_CREATE-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-syz_open_procfs-syz_genetlink_get_family_id$nl80211-read$FUSE-syz_fuse_handle_req-setxattr$trusted_overlay_redirect-syz_mount_image$ext4-ioctl$EXT4_IOC_GETFSUUID-socket$nl_generic-syz_genetlink_get_family_id$batadv-sendmsg$BATADV_CMD_GET_BLA_BACKBONE-arch_prctl$ARCH_GET_CPUID-getsockopt$PNPIPE_IFINDEX-sendmsg$BATADV_CMD_GET_GATEWAYS-ioctl$PPPIOCBRIDGECHAN-socket$inet6_sctp-openat$sequencer2-socket$packet-syz_open_procfs$namespace-openat-open_by_handle_at detailed listing: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x28, 0x800, 0x9) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000c00)=ANY=[@ANYRESOCT=r0], 0x5c}, 0x1, 0x0, 0x0, 0x44084}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='attr/fscreate\x00') syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) read$FUSE(r2, &(0x7f0000000c40)={0x2020}, 0xffffffffffffff12) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000200)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x2) r3 = syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x759, &(0x7f0000000800)={[{@lazytime}, {@usrjquota}], [], 0x2c}, 0x0, 0x4f6, &(0x7f00000002c0)="$eJzs3EtvVFUcAPD/nbaUCtiKTx7KKBobjZSW58IFEE3YmJhoDC5rWwhSwNCaAGmkGAOJCw2fwMfOxE/gSjdGjQuNW4lbY0JMN6ALc82duVOnvZ2+mHYs/f2SGc6999w55z/3HuY8ZhrAulXOnpKIzRHxa0R0VzdnZihX/7kzNTH019TEUBJp+tqfSSXf7amJoVrW2nmb8o3eUkTpgyR2FIvtHLt0+czg6OjIhXxH33gpT50dPDVyauTcwOHD+/d1HTo4cKApcWZ1ur39vfM7tx1/88YrQyduvPX9l1l90/x4fRxVPZXnDYsuoa2wpxzlme9lnWcWX/U1YUtdOmnPnkutqwyLlt212eXqqLT/7mirbFV1x8vvt7RywIpK0zTtLOyd/iybTOslSfWENL2aAveAJFpdA6A1ah/0t6eykerEUHEcfG+7dTQqI6As7jv5o3qkvTKCLfdUx0YdK1T+QxFxYvLvT7JHzDkPAQDQXF8fjbh+rNrvqD2qR0rxSF2++/O1oZ6IeCAitkbEg3n/5eGISt5HI+KxunM2L2IVoDxru9j/+bkrT9R3V5sm6/+9mK9tzez/Tde8py3f2lKJvyM5eXp0ZG/+nvRGR2e23V986elptW9e+uXjRuWX6/p/2SMrv9YXzOvxR/usCbrhwfHBu4275tbVyht7pRh/Eu1JLRWxLSK2L+P1s/fs9HNf7Gx0fEb8WZyF+D9q/OLty6jQLOlnEc9Wr/9kzIo/8vW/pLI+efadvrFLl184Xb8+2X/o4MCBvo0xOrK3r3ZXFP3w07VX82RhGDHP9a81jRVdSMuu/31z3v/TK5c9WWp6vXZs6WVcu3m94Zhmuff/huT1Srq2PntxcHz8Qn/EhmSyuH/gv3MvDnbNyJ/F37t77va/NeKfT/PzdkREdhM/HhFPRMSuvO5PRsRTEbF7nvi/O/b0242GkAvHv7Ky+IeXdP0bJY78GDH3obYz335VKPjDciH+jmh0/fdXUr35nuHB8Y0LxTVfTesTd/0GAgAAwBqwqzJPm5T25BNNm6NU2rMnYtP0DMrY+PMnz797brg6n9sTHaXaTFd33Xxofz43nG1nZw3UbWfH91XmjdM0Tbuy7Wz8PrqltaHDurepQfvP/F78SQtwr1nSOlqjX7QBa9Ls9n9z0Wc2/wsZwOpqwvdogDVK+4f1a9Htf6V+BQe0zFzt/0rEnRZUBVhlc7X/Nwp7jqxKXYDVZfwP69fy278vA8Ba5/Mf1qVF/Uh+GYmtx+fJk7SvTKGNE6WY/68A9ETU9tT6NPO/4G+liObUsK2pkXbNuKalOfNsjGaUFaUF87Qv4Q8xrG6i9P+oRjXRGREL3L3TN9uVWuLySles0gg+b+3/TgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHfv3wAAAP//C4DT6g==") ioctl$EXT4_IOC_GETFSUUID(r3, 0x8008662c, &(0x7f0000000200)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r4) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYRES16=r5, @ANYBLOB="030328bd7000fdffffff0a000000080003", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) arch_prctl$ARCH_GET_CPUID(0x1011) getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f0000000440), &(0x7f00000004c0)=0x4) sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYBLOB, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x8040) ioctl$PPPIOCBRIDGECHAN(0xffffffffffffffff, 0x40047435, &(0x7f00000007c0)=0x7fffffff) socket$inet6_sctp(0xa, 0x0, 0x84) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) socket$packet(0x11, 0x3, 0x300) r6 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x105042, 0x189) open_by_handle_at(r6, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES64=r7], 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$l2tp6-socket$inet_tcp-bind$inet-setsockopt$sock_int-socket$inet6_tcp-setsockopt$inet6_int-setsockopt$sock_int-listen-bind$inet6-sendmmsg$inet6-syz_io_uring_setup detailed listing: executing program 0: r0 = socket$l2tp6(0xa, 0x2, 0x73) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) setsockopt$sock_int(r1, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) listen(r1, 0xb5d6) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0xff, @local, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000740)=[@rthdr={{0x18, 0x29, 0x37, {0x2c, 0x0, 0x2, 0x6}}}], 0x18}}], 0x1, 0x4020084) syz_io_uring_setup(0x3257, &(0x7f0000000000)={0x0, 0x76a7, 0x20200, 0x0, 0x64}, &(0x7f00000000c0), &(0x7f0000000100)) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SET_MM_MAP-sched_setscheduler-sendmsg$nl_route-io_uring_setup-sendmsg$NFT_BATCH-bpf$BPF_PROG_TEST_RUN-io_uring_enter detailed listing: executing program 0: prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sched_setscheduler(0x0, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x635c, 0x1f480, 0x0, 0x32f}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) io_uring_enter(r0, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$LINK_DETACH-bpf$BPF_GET_BTF_INFO detailed listing: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000008000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$LINK_DETACH(0x22, &(0x7f0000000340), 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0}, 0x10) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-sendmsg$IPSET_CMD_CREATE-sendmsg$IPCTNL_MSG_EXP_NEW-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="380036a38b3b010800000000000000000500000414000780080011400000005205001500dd000000050001000600000005000500"], 0x38}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014"], 0x84}}, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-gettid-rt_sigqueueinfo-openat$zero-mmap-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER-ioctl$UFFDIO_CONTINUE detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = gettid() rt_sigqueueinfo(r0, 0x21, &(0x7f0000000100)={0x1f}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r1, 0xfffffffffaa23000) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, &(0x7f0000000440)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}}) program crashed: memory leak in prepare_creds single: successfully extracted reproducer found reproducer with 11 syscalls minimizing guilty program testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-gettid-rt_sigqueueinfo-openat$zero-mmap-userfaultfd-ioctl$UFFDIO_API-ioctl$UFFDIO_REGISTER detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = gettid() rt_sigqueueinfo(r0, 0x21, &(0x7f0000000100)={0x1f}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r1, 0xfffffffffaa23000) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-gettid-rt_sigqueueinfo-openat$zero-mmap-userfaultfd-ioctl$UFFDIO_API detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = gettid() rt_sigqueueinfo(r0, 0x21, &(0x7f0000000100)={0x1f}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r1, 0xfffffffffaa23000) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x100}) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-gettid-rt_sigqueueinfo-openat$zero-mmap-userfaultfd detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = gettid() rt_sigqueueinfo(r0, 0x21, &(0x7f0000000100)={0x1f}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r1, 0xfffffffffaa23000) userfaultfd(0x80801) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-gettid-rt_sigqueueinfo-openat$zero-mmap detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = gettid() rt_sigqueueinfo(r0, 0x21, &(0x7f0000000100)={0x1f}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r1, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-gettid-rt_sigqueueinfo-openat$zero detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = gettid() rt_sigqueueinfo(r0, 0x21, &(0x7f0000000100)={0x1f}) openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-gettid-rt_sigqueueinfo-mmap detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = gettid() rt_sigqueueinfo(r0, 0x21, &(0x7f0000000100)={0x1f}) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, 0xffffffffffffffff, 0xfffffffffaa23000) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-gettid-openat$zero-mmap detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) gettid() r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-mmap-openat$zero-mmap detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-syz_usb_connect-openat$zero-mmap detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) syz_usb_connect(0x2, 0x24, 0x0, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-openat$zero-mmap detailed listing: executing program 0: socket$packet(0x11, 0x3, 0x300) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program did not crash extracting C reproducer testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds simplifying C reproducer testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds validation run: crashed=true reproducing took 38m11.586913368s repro crashed as (corrupted=false): BUG: memory leak unreferenced object 0xffff888102997f00 (size 184): comm "syz-executor", pid 5985, jiffies 4294943568 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc b90cef50): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881029e6ca0 (size 32): comm "syz-executor", pid 5985, jiffies 4294943568 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888109ab3cc0 (size 184): comm "syz.0.17", pid 6080, jiffies 4294943568 hex dump (first 32 bytes): 00 00 00 00 07 00 0e 02 00 e4 66 85 ff ff ff ff ..........f..... 38 14 e4 18 81 88 ff ff 00 00 00 00 00 00 00 00 8............... backtrace (crc b78a5ee8): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 alloc_empty_file+0x51/0x1a0 fs/file_table.c:237 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888100fed870 (size 40): comm "syz.0.17", pid 6080, jiffies 4294943568 hex dump (first 32 bytes): ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f8 52 86 00 81 88 ff ff .........R...... backtrace (crc 2d2a393c): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 lsm_file_alloc security/security.c:169 [inline] security_file_alloc+0x30/0x240 security/security.c:2380 init_file+0x3e/0x160 fs/file_table.c:159 alloc_empty_file+0x6f/0x1a0 fs/file_table.c:241 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888102997cc0 (size 184): comm "syz-executor", pid 5985, jiffies 4294943570 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ef2f123b): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881029e6000 (size 32): comm "syz-executor", pid 5985, jiffies 4294943570 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF final repro crashed as (corrupted=false): BUG: memory leak unreferenced object 0xffff888102997f00 (size 184): comm "syz-executor", pid 5985, jiffies 4294943568 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc b90cef50): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881029e6ca0 (size 32): comm "syz-executor", pid 5985, jiffies 4294943568 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888109ab3cc0 (size 184): comm "syz.0.17", pid 6080, jiffies 4294943568 hex dump (first 32 bytes): 00 00 00 00 07 00 0e 02 00 e4 66 85 ff ff ff ff ..........f..... 38 14 e4 18 81 88 ff ff 00 00 00 00 00 00 00 00 8............... backtrace (crc b78a5ee8): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 alloc_empty_file+0x51/0x1a0 fs/file_table.c:237 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888100fed870 (size 40): comm "syz.0.17", pid 6080, jiffies 4294943568 hex dump (first 32 bytes): ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f8 52 86 00 81 88 ff ff .........R...... backtrace (crc 2d2a393c): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 lsm_file_alloc security/security.c:169 [inline] security_file_alloc+0x30/0x240 security/security.c:2380 init_file+0x3e/0x160 fs/file_table.c:159 alloc_empty_file+0x6f/0x1a0 fs/file_table.c:241 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888102997cc0 (size 184): comm "syz-executor", pid 5985, jiffies 4294943570 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ef2f123b): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881029e6000 (size 32): comm "syz-executor", pid 5985, jiffies 4294943570 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF