Extracting prog: 8m38.919443761s Minimizing prog: 8m6.800237015s Simplifying prog options: 0s Extracting C: 2m1.694340937s Simplifying C: 8m2.525497806s extracting reproducer from 42 programs testing a last program of every proc single: executing 7 programs separately with timeout 1m40s testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$SNDCTL_DSP_SETFMT-creat-bpf$PROG_LOAD-bpf$BPF_LINK_CREATE_XDP detailed listing: executing program 0: ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-close_range detailed listing: executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r0, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$alg-bind$alg-accept4-setsockopt$ALG_SET_KEY-sendto$inet detailed listing: executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendto$inet(r1, &(0x7f0000000400)="0a44750656", 0x5, 0x80, 0x0, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$vim2m-mmap-openat$zero-mmap detailed listing: executing program 0: r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1800002, 0x28011, r0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r1, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds single: successfully extracted reproducer found reproducer with 4 syscalls minimizing guilty program testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$vim2m-mmap-openat$zero detailed listing: executing program 0: r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1800002, 0x28011, r0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$vim2m-mmap-mmap detailed listing: executing program 0: r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1800002, 0x28011, r0, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, 0xffffffffffffffff, 0xfffffffffaa23000) program did not crash testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$vim2m-openat$zero-mmap detailed listing: executing program 0: syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program did not crash extracting C reproducer testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds simplifying C reproducer testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap program crashed: memory leak in prepare_creds testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds validation run: crashed=true testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$zero-mmap detailed listing: executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x80082, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x11, r0, 0xfffffffffaa23000) program crashed: memory leak in prepare_creds validation run: crashed=true reproducing took 30m4.310057793s repro crashed as (corrupted=false): 2025/12/25 07:08:12 executed programs: 5 BUG: memory leak unreferenced object 0xffff888108751300 (size 184): comm "syz-executor", pid 5989, jiffies 4294944378 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 92ed136b): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810873c820 (size 32): comm "syz-executor", pid 5989, jiffies 4294944378 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810a7fcb40 (size 184): comm "syz.0.17", pid 6095, jiffies 4294944379 hex dump (first 32 bytes): 00 00 00 00 07 00 0e 02 00 e4 66 85 ff ff ff ff ..........f..... 38 94 3a 13 81 88 ff ff 00 00 00 00 00 00 00 00 8.:............. backtrace (crc b5c315cd): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 alloc_empty_file+0x51/0x1a0 fs/file_table.c:237 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881018e5b18 (size 40): comm "syz.0.17", pid 6095, jiffies 4294944379 hex dump (first 32 bytes): ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f8 52 86 00 81 88 ff ff .........R...... backtrace (crc 2d2a393c): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 lsm_file_alloc security/security.c:169 [inline] security_file_alloc+0x30/0x240 security/security.c:2380 init_file+0x3e/0x160 fs/file_table.c:159 alloc_empty_file+0x6f/0x1a0 fs/file_table.c:241 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888108751600 (size 184): comm "syz-executor", pid 5989, jiffies 4294944379 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 87acbc81): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810873c880 (size 32): comm "syz-executor", pid 5989, jiffies 4294944379 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF final repro crashed as (corrupted=false): 2025/12/25 07:08:12 executed programs: 5 BUG: memory leak unreferenced object 0xffff888108751300 (size 184): comm "syz-executor", pid 5989, jiffies 4294944378 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 92ed136b): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810873c820 (size 32): comm "syz-executor", pid 5989, jiffies 4294944378 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810a7fcb40 (size 184): comm "syz.0.17", pid 6095, jiffies 4294944379 hex dump (first 32 bytes): 00 00 00 00 07 00 0e 02 00 e4 66 85 ff ff ff ff ..........f..... 38 94 3a 13 81 88 ff ff 00 00 00 00 00 00 00 00 8.:............. backtrace (crc b5c315cd): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 alloc_empty_file+0x51/0x1a0 fs/file_table.c:237 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff8881018e5b18 (size 40): comm "syz.0.17", pid 6095, jiffies 4294944379 hex dump (first 32 bytes): ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f8 52 86 00 81 88 ff ff .........R...... backtrace (crc 2d2a393c): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 lsm_file_alloc security/security.c:169 [inline] security_file_alloc+0x30/0x240 security/security.c:2380 init_file+0x3e/0x160 fs/file_table.c:159 alloc_empty_file+0x6f/0x1a0 fs/file_table.c:241 alloc_file fs/file_table.c:354 [inline] alloc_file_pseudo+0xae/0x140 fs/file_table.c:383 __shmem_file_setup+0x11a/0x210 mm/shmem.c:5846 shmem_kernel_file_setup mm/shmem.c:5865 [inline] __shmem_zero_setup mm/shmem.c:5905 [inline] shmem_zero_setup_desc+0x33/0x90 mm/shmem.c:5936 mmap_zero_prepare+0x4e/0x60 drivers/char/mem.c:524 vfs_mmap_prepare include/linux/fs.h:2058 [inline] call_mmap_prepare mm/vma.c:2596 [inline] __mmap_region+0x8b8/0x13e0 mm/vma.c:2692 mmap_region+0x19f/0x1e0 mm/vma.c:2786 do_mmap+0x6a3/0xb60 mm/mmap.c:558 vm_mmap_pgoff+0x1a6/0x2d0 mm/util.c:581 ksys_mmap_pgoff+0x233/0x2d0 mm/mmap.c:604 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x6f/0xa0 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff888108751600 (size 184): comm "syz-executor", pid 5989, jiffies 4294944379 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 87acbc81): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270 prepare_creds+0x22/0x5e0 kernel/cred.c:185 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f BUG: memory leak unreferenced object 0xffff88810873c880 (size 32): comm "syz-executor", pid 5989, jiffies 4294944379 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ f8 52 86 00 81 88 ff ff 00 00 00 00 00 00 00 00 .R.............. backtrace (crc 336e1c5f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] lsm_blob_alloc+0x4d/0x70 security/security.c:192 lsm_cred_alloc security/security.c:209 [inline] security_prepare_creds+0x2f/0x270 security/security.c:2763 prepare_creds+0x385/0x5e0 kernel/cred.c:215 copy_creds+0x44/0x290 kernel/cred.c:286 copy_process+0x979/0x2860 kernel/fork.c:2086 kernel_clone+0x119/0x6c0 kernel/fork.c:2651 __do_sys_clone+0x7b/0xb0 kernel/fork.c:2792 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF