Extracting prog: 26m36.284901749s Minimizing prog: 2h7m35.222723032s Simplifying prog options: 18m12.291474651s Extracting C: 9m7.714814426s Simplifying C: 0s 30 programs, 3 VMs, timeouts [6m0s] extracting reproducer from 30 programs single: executing 5 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-write$binfmt_script-mmap-syz_init_net_socket$netrom-getsockopt$netrom_NETROM_T4-sendmsg$BATADV_CMD_TP_METER-socket$kcm-bpf$PROG_LOAD-mmap-socket$nl_netfilter-sendmsg$IPSET_CMD_LIST detailed listing: executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='pids.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000004c0)={'#! ', '', [{0x20, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f|\xa2\x87\xbaC?2\x97\x9e\'(\x0f\xaf\xf1\"\xc4.\xe0\x01\xef,\f\xc1\xf7\t\xab\xb84\xd3\xfae<\xb7\xb0\x043\xd1\x9an\xe91fR(\x8b\xf7?Aev\xec-8\xf5\rwPV\xc1Cd\x90\xf0]J\x8c\bh\xadDO\xaf#\x99\xd1\xc0cn\r\xd8\xf8\xf4\x92\xc5#m\x11\xe3\x94J\x9a\xe1\xa7\xc8\v\x12\x97\xd1\x8f\xaakZ\xce\x9c\xbe\x9d\xf5\x9f\xaf\xc1\xab\xbf\x8dl*\x16\xca\x82K\xefN\xd9\t\x02\xc5\xf1Y8\xd4\xd9\xe6[{sa\xda\xa0\xf6\xa6m8\xc7\x8eg\x7f\xd8r\xce\x0fP?\xdc\x03\xcex\x0e\xee\x9b\xb0\xe1\xbd\x82t\xbd}\xb3\x16\x12\xe0P\xa6{\x8bj\xc9\xc8\v\xf46\xb3CX\xf0\xda\xa0KT\xac\xac\xb1\xd2wg\a\xc3}\xed\xa3\x8a\xb5\xf6T\x9a\n\f>A\xd8\xaf\xa6\xcb e'}, {0x20, 'pids.current\x00'}, {0x20, ':a'}, {}, {0x20, '\a\xa4\xb0\xd5\xf70\x00'}, {0x20, 'lo\x00'}, {0x20, '$\xc4'}]}, 0x10a) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_T4(r1, 0x103, 0x4, 0x0, &(0x7f00000000c0)) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0], 0x20}}, 0x0) socket$kcm(0x2, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000000706ff010000000000000000000000000500010006409e0ec907002e000000fae1e0b81b4cf6839f02ad2c9d597f8f70547eecd0532b52e09a1df8a86892b694b451d653c2231c1ff5f2724800b76e636038821ec7d2b7a9db14eb0160bc8d5e6b2d60f4e0b16bd4ab4136f2ba5b0e2e2517f6d26a26de3c6b"], 0x1c}}, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$kcm-openat$ppp-socket$kcm-sendmsg$inet-setsockopt$sock_attach_bpf-bpf$PROG_LOAD-socketpair$unix-recvmsg$unix-sendmsg$NFT_BATCH-socketpair$unix-socket$key-sendmsg$key-socketpair$unix-recvmsg$unix-close detailed listing: executing program 0: sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000488c) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x90) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x801, 0x0, 0x0, {}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_TYPE={0x8}}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_GC_INTERVAL={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8}]}, @NFT_MSG_DELOBJ={0x2c, 0x14, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_OBJ_USERDATA={0x4}, @NFTA_OBJ_TYPE={0x8}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x10}}, 0xac}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x400000000000003, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, [@sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_sa2={0x2, 0x13, 0x1}]}, 0x48}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x100}, 0x0) close(r0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-socket$inet_tcp-ioctl$sock_inet_SIOCADDRT-socket$inet_sctp-sendmmsg$inet_sctp detailed listing: executing program 0: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r1, &(0x7f0000000840)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @private=0xa010102}, 0x10, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="2000000000000000840000000200000000000c"], 0x20}], 0x1, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$rose-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-setsockopt$inet_sctp_SCTP_PR_SUPPORTED detailed listing: executing program 0: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00', r1}, 0x10) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, 0x0, 0x0) program did not crash testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program crashed: KASAN: slab-use-after-free Read in __hci_req_sync single: successfully extracted reproducer found reproducer with 7 syscalls minimizing guilty program testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: connect$inet(0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0), 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0), 0x0, 0x0, 0x0, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet program did not crash simplifying guilty program options testing program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_mptcp-connect$inet-bind$inet-setsockopt$sock_int-connect$inet-sendto$inet-sendto$inet detailed listing: executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) sendto$inet(r0, &(0x7f00000013c0)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67269c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa4983e129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb65a62fe8119c6543923bb11bfd61db06f5455d202681199fc176e67c4714335e8f479725a37a9dea710b98e3583539fb99a076b773ecf636293b98cc5ce8302e739016b20a70e80d1227c9ac1d2d9324c8bc8312179130a44ad1528b2759f08fecded5aa3eb91f3d54928c59d7bbaeba2cc870e9b767e16e510f2b142e7b249bba2bdc19b10996643a26b9631c4dddcf7e310c7bffeff3dd7d22c4e009842059b8e14b3ef308e4bc849fcd77d6fcb2731b1f7a3c00908c1551932784e7ce430d123f4c8249a34d6b347b8507b8a2eb71a6965c5475eb63678da3cfc876dd26971dfe5755eedbe578858e938a039b312466b37a076166fb7c971f14bde339d88bc7ce7acf0cbc005d9dab73da57af154203cace21ee8cc4ab28c98467e61a5258f096aa768b2d8fb2f5618c7686464d2c69d8e817506471369865cc0c1aab81600c5e0c0300eea38c6102c02a2b9432259ccce10be43801ce79a6bb38479c40e9cbba16958d3b24a7a171e8bc3f8dc4788d072bd2f29672f182eeec86ef53400db8416e69b36cdc925322b479ed07a749161af1a03c3d7ed25ac4a43bf2c0e5bbe21cf5e43421adf7f960aca86f06d4e8744fe630571ea5c16e7772fe9b28e6a02d95d8eab4c5062569327f66140e786ae7504850472aea61884e6b05bba6387886a17b6739447e54669d50676543c4eda9b9840865e3930d00ebed9b1eeb4782297edecccaab84e34207ad569fd00a28539395b432b29bc98634a0e335ceacb3370a498095ef22ca0c080781689020e07171b8ff6d9bf4fd671eed3fa8aaa54d4d854c4da3b434332d7724aff7bec9941a07999567a49ae64f9bcbcca4f298497b940a2ab2a8aa2293362f18da3d16a6dae61e87fe2fc072ec53b0142ccf4d9080f3fd2bc244bc194ee9be3f08d256b99305ddfbef01521d262ae93ccd0c11244a90fa2460b16985e5ae68652f1d8564d5e8d94bfbc3f25f86b1b749ea14e9664bfa53eac14aba49d313689e7f8052a633573484569de148aa3296c369f969ed9f148841b277538965a6b9832d7b272d21fb773b8d59eb95ad8dcef4f877115aa0179cde53b497d15e5291a3aaef5d46b0d676798c8524d2dd2c579025ef57802dc0450b3c698611305349836ebf7c0946b07dcbc07e6e8f273eded8c7a7cb43048a8c0aa8f0cad9df1bf0b79cada49f30db48a021d7f2ff3ee535af6ef47ac9e38086c62ebbbaec8768f67", 0x581, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000026c0)='?', 0xd0b9, 0x0, 0x0, 0x0) program did not crash reproducing took 3h1m31.513934059s repro crashed as (corrupted=false): ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] BUG: KASAN: slab-use-after-free in refcount_read include/linux/refcount.h:136 [inline] BUG: KASAN: slab-use-after-free in skb_unref include/linux/skbuff.h:1228 [inline] BUG: KASAN: slab-use-after-free in __kfree_skb_reason net/core/skbuff.c:1195 [inline] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0 net/core/skbuff.c:1222 Read of size 4 at addr ffff88806da5bd64 by task syz-executor.0/5182 CPU: 0 PID: 5182 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00761-g3ec8d7572a69 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] refcount_read include/linux/refcount.h:136 [inline] skb_unref include/linux/skbuff.h:1228 [inline] __kfree_skb_reason net/core/skbuff.c:1195 [inline] kfree_skb_reason+0x41/0x3b0 net/core/skbuff.c:1222 kfree_skb include/linux/skbuff.h:1263 [inline] __hci_req_sync+0x62f/0x950 net/bluetooth/hci_request.c:184 hci_req_sync+0xa9/0xd0 net/bluetooth/hci_request.c:206 hci_dev_cmd+0x4c5/0xa50 net/bluetooth/hci_core.c:787 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc6b687cc0b Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 RSP: 002b:00007ffe709f32c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc6b687cc0b RDX: 00007ffe709f3338 RSI: 00000000400448dd RDI: 0000000000000003 RBP: 000055555e17b430 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 Allocated by task 4486: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3940 [inline] slab_alloc_node mm/slub.c:4000 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4007 skb_clone+0x20c/0x390 net/core/skbuff.c:2052 hci_send_cmd_sync net/bluetooth/hci_core.c:4123 [inline] hci_cmd_work+0x29e/0x670 net/bluetooth/hci_core.c:4143 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 4486: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2195 [inline] slab_free mm/slub.c:4436 [inline] kmem_cache_free+0x145/0x350 mm/slub.c:4511 kfree_skb include/linux/skbuff.h:1263 [inline] hci_req_sync_complete+0xe7/0x290 net/bluetooth/hci_request.c:109 hci_event_packet+0xc71/0x1540 net/bluetooth/hci_event.c:7479 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4074 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 The buggy address belongs to the object at ffff88806da5bc80 which belongs to the cache skbuff_head_cache of size 240 The buggy address is located 228 bytes inside of freed 240-byte region [ffff88806da5bc80, ffff88806da5bd70) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6da5b flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffefff(slab) raw: 00fff00000000000 ffff888018ae2780 dead000000000122 0000000000000000 raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5184, tgid 5182 (syz-executor.0), ts 699417443300, free_ts 699363316025 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1468 prep_new_page mm/page_alloc.c:1476 [inline] get_page_from_freelist+0x2e2d/0x2ee0 mm/page_alloc.c:3402 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4660 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] alloc_slab_page+0x5f/0x120 mm/slub.c:2264 allocate_slab+0x5a/0x2e0 mm/slub.c:2427 new_slab mm/slub.c:2480 [inline] ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3666 __slab_alloc+0x58/0xa0 mm/slub.c:3756 __slab_alloc_node mm/slub.c:3809 [inline] slab_alloc_node mm/slub.c:3988 [inline] kmem_cache_alloc_node_noprof+0x1fe/0x320 mm/slub.c:4043 __alloc_skb+0x1c3/0x440 net/core/skbuff.c:656 alloc_skb include/linux/skbuff.h:1314 [inline] bt_skb_alloc include/net/bluetooth/bluetooth.h:489 [inline] vhci_get_user drivers/bluetooth/hci_vhci.c:489 [inline] vhci_write+0xc0/0x480 drivers/bluetooth/hci_vhci.c:609 do_iter_readv_writev+0x5a4/0x800 vfs_writev+0x395/0xbe0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5176 tgid 5176 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1088 [inline] free_unref_page+0xd22/0xea0 mm/page_alloc.c:2565 vfree+0x186/0x2e0 mm/vmalloc.c:3346 kcov_put kernel/kcov.c:429 [inline] kcov_close+0x2b/0x50 kernel/kcov.c:525 __fput+0x406/0x8b0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa27/0x27e0 kernel/exit.c:874 do_group_exit+0x207/0x2c0 kernel/exit.c:1023 get_signal+0x16a1/0x1740 kernel/signal.c:2909 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Memory state around the buggy address: ffff88806da5bc00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ffff88806da5bc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88806da5bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc ^ ffff88806da5bd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ffff88806da5be00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== final repro crashed as (corrupted=false): ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] BUG: KASAN: slab-use-after-free in refcount_read include/linux/refcount.h:136 [inline] BUG: KASAN: slab-use-after-free in skb_unref include/linux/skbuff.h:1228 [inline] BUG: KASAN: slab-use-after-free in __kfree_skb_reason net/core/skbuff.c:1195 [inline] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0 net/core/skbuff.c:1222 Read of size 4 at addr ffff88806da5bd64 by task syz-executor.0/5182 CPU: 0 PID: 5182 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00761-g3ec8d7572a69 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] refcount_read include/linux/refcount.h:136 [inline] skb_unref include/linux/skbuff.h:1228 [inline] __kfree_skb_reason net/core/skbuff.c:1195 [inline] kfree_skb_reason+0x41/0x3b0 net/core/skbuff.c:1222 kfree_skb include/linux/skbuff.h:1263 [inline] __hci_req_sync+0x62f/0x950 net/bluetooth/hci_request.c:184 hci_req_sync+0xa9/0xd0 net/bluetooth/hci_request.c:206 hci_dev_cmd+0x4c5/0xa50 net/bluetooth/hci_core.c:787 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc6b687cc0b Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 RSP: 002b:00007ffe709f32c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc6b687cc0b RDX: 00007ffe709f3338 RSI: 00000000400448dd RDI: 0000000000000003 RBP: 000055555e17b430 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 Allocated by task 4486: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3940 [inline] slab_alloc_node mm/slub.c:4000 [inline] kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4007 skb_clone+0x20c/0x390 net/core/skbuff.c:2052 hci_send_cmd_sync net/bluetooth/hci_core.c:4123 [inline] hci_cmd_work+0x29e/0x670 net/bluetooth/hci_core.c:4143 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 4486: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2195 [inline] slab_free mm/slub.c:4436 [inline] kmem_cache_free+0x145/0x350 mm/slub.c:4511 kfree_skb include/linux/skbuff.h:1263 [inline] hci_req_sync_complete+0xe7/0x290 net/bluetooth/hci_request.c:109 hci_event_packet+0xc71/0x1540 net/bluetooth/hci_event.c:7479 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4074 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 The buggy address belongs to the object at ffff88806da5bc80 which belongs to the cache skbuff_head_cache of size 240 The buggy address is located 228 bytes inside of freed 240-byte region [ffff88806da5bc80, ffff88806da5bd70) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6da5b flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffefff(slab) raw: 00fff00000000000 ffff888018ae2780 dead000000000122 0000000000000000 raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5184, tgid 5182 (syz-executor.0), ts 699417443300, free_ts 699363316025 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1468 prep_new_page mm/page_alloc.c:1476 [inline] get_page_from_freelist+0x2e2d/0x2ee0 mm/page_alloc.c:3402 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4660 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] alloc_slab_page+0x5f/0x120 mm/slub.c:2264 allocate_slab+0x5a/0x2e0 mm/slub.c:2427 new_slab mm/slub.c:2480 [inline] ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3666 __slab_alloc+0x58/0xa0 mm/slub.c:3756 __slab_alloc_node mm/slub.c:3809 [inline] slab_alloc_node mm/slub.c:3988 [inline] kmem_cache_alloc_node_noprof+0x1fe/0x320 mm/slub.c:4043 __alloc_skb+0x1c3/0x440 net/core/skbuff.c:656 alloc_skb include/linux/skbuff.h:1314 [inline] bt_skb_alloc include/net/bluetooth/bluetooth.h:489 [inline] vhci_get_user drivers/bluetooth/hci_vhci.c:489 [inline] vhci_write+0xc0/0x480 drivers/bluetooth/hci_vhci.c:609 do_iter_readv_writev+0x5a4/0x800 vfs_writev+0x395/0xbe0 fs/read_write.c:971 do_writev+0x1b1/0x350 fs/read_write.c:1018 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5176 tgid 5176 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1088 [inline] free_unref_page+0xd22/0xea0 mm/page_alloc.c:2565 vfree+0x186/0x2e0 mm/vmalloc.c:3346 kcov_put kernel/kcov.c:429 [inline] kcov_close+0x2b/0x50 kernel/kcov.c:525 __fput+0x406/0x8b0 fs/file_table.c:422 task_work_run+0x24f/0x310 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa27/0x27e0 kernel/exit.c:874 do_group_exit+0x207/0x2c0 kernel/exit.c:1023 get_signal+0x16a1/0x1740 kernel/signal.c:2909 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Memory state around the buggy address: ffff88806da5bc00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ffff88806da5bc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88806da5bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc ^ ffff88806da5bd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ffff88806da5be00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================