Warning: Permanently added '[localhost]:62445' (ECDSA) to the list of known hosts. [ 169.785180][ T39] audit: type=1400 audit(1594658310.783:42): avc: denied { map } for pid=9253 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16525 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/13 16:38:30 fuzzer started 2020/07/13 16:38:31 dialing manager at 10.0.2.10:38591 2020/07/13 16:38:31 syscalls: 3166 2020/07/13 16:38:31 code coverage: enabled 2020/07/13 16:38:31 comparison tracing: enabled 2020/07/13 16:38:31 extra coverage: enabled 2020/07/13 16:38:31 setuid sandbox: enabled 2020/07/13 16:38:31 namespace sandbox: enabled 2020/07/13 16:38:31 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/13 16:38:31 fault injection: enabled 2020/07/13 16:38:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/13 16:38:31 net packet injection: enabled 2020/07/13 16:38:31 net device setup: enabled 2020/07/13 16:38:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/13 16:38:31 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/13 16:38:31 USB emulation: enabled [ 170.187557][ T39] audit: type=1400 audit(1594658311.183:43): avc: denied { integrity } for pid=9270 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 16:39:11 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x7, 0x4, 0x8, 0xf1a}, 0x2c) [ 210.783522][ T39] audit: type=1400 audit(1594658351.773:44): avc: denied { map } for pid=9274 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=32 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 16:39:11 executing program 1: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:12 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000080)=r1) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) [ 211.358249][ T9277] IPVS: ftp: loaded support on port[0] = 21 [ 211.358256][ T9276] IPVS: ftp: loaded support on port[0] = 21 16:39:12 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x0) [ 211.564243][ T9279] IPVS: ftp: loaded support on port[0] = 21 [ 211.751251][ T9281] IPVS: ftp: loaded support on port[0] = 21 [ 211.766190][ T9277] chnl_net:caif_netlink_parms(): no params data found [ 211.796312][ T9276] chnl_net:caif_netlink_parms(): no params data found [ 211.954797][ T9279] chnl_net:caif_netlink_parms(): no params data found [ 211.977836][ T9276] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.991220][ T9276] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.011297][ T9276] device bridge_slave_0 entered promiscuous mode [ 212.037428][ T9277] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.051538][ T9277] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.066267][ T9277] device bridge_slave_0 entered promiscuous mode [ 212.087427][ T9277] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.101240][ T9277] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.116101][ T9277] device bridge_slave_1 entered promiscuous mode [ 212.132800][ T9276] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.145022][ T9276] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.157984][ T9276] device bridge_slave_1 entered promiscuous mode [ 212.198687][ T9277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.245987][ T9277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.277286][ T9276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.313002][ T9279] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.325570][ T9279] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.340559][ T9279] device bridge_slave_0 entered promiscuous mode [ 212.356964][ T9276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.387723][ T9279] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.400297][ T9279] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.413332][ T9279] device bridge_slave_1 entered promiscuous mode [ 212.431264][ T9281] chnl_net:caif_netlink_parms(): no params data found [ 212.452095][ T9276] team0: Port device team_slave_0 added [ 212.465073][ T9277] team0: Port device team_slave_0 added [ 212.485607][ T9277] team0: Port device team_slave_1 added [ 212.514428][ T9276] team0: Port device team_slave_1 added [ 212.552256][ T9277] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.563895][ T9277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.606367][ T9277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.628060][ T9279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.648408][ T9279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.663973][ T9276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.675282][ T9276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.716008][ T9276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.735269][ T9277] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.747566][ T9277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.790725][ T9277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.826460][ T9276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.838879][ T9276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.883023][ T9276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.945970][ T9279] team0: Port device team_slave_0 added [ 212.971637][ T9279] team0: Port device team_slave_1 added [ 213.018725][ T9281] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.038838][ T9281] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.058628][ T9281] device bridge_slave_0 entered promiscuous mode [ 213.131998][ T9277] device hsr_slave_0 entered promiscuous mode [ 213.181167][ T9277] device hsr_slave_1 entered promiscuous mode [ 213.293185][ T9276] device hsr_slave_0 entered promiscuous mode [ 213.369591][ T9276] device hsr_slave_1 entered promiscuous mode [ 213.439300][ T9276] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.456206][ T9276] Cannot create hsr debugfs directory [ 213.474732][ T9281] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.490346][ T9281] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.504238][ T9281] device bridge_slave_1 entered promiscuous mode [ 213.517068][ T9279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.529874][ T9279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.574437][ T9279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.604223][ T9279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.616901][ T9279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.661562][ T9279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.724134][ T9281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 213.757557][ T9281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.884157][ T9279] device hsr_slave_0 entered promiscuous mode [ 213.959551][ T9279] device hsr_slave_1 entered promiscuous mode [ 214.029300][ T9279] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 214.043666][ T9279] Cannot create hsr debugfs directory [ 214.085568][ T9281] team0: Port device team_slave_0 added [ 214.108169][ T9281] team0: Port device team_slave_1 added [ 214.166860][ T9281] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 214.182225][ T9281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.229180][ T9281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 214.256552][ T9281] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.268815][ T9281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.317583][ T9281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 214.554285][ T9281] device hsr_slave_0 entered promiscuous mode [ 214.642932][ T9281] device hsr_slave_1 entered promiscuous mode [ 214.719915][ T9281] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 214.744456][ T9281] Cannot create hsr debugfs directory [ 214.808274][ T39] audit: type=1400 audit(1594658355.803:45): avc: denied { create } for pid=9277 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 214.818585][ T9277] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 214.870985][ T39] audit: type=1400 audit(1594658355.813:46): avc: denied { write } for pid=9277 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 214.955936][ T39] audit: type=1400 audit(1594658355.813:47): avc: denied { read } for pid=9277 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 215.030610][ T9277] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 215.137275][ T9277] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 215.206263][ T9277] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 215.341813][ T9276] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 215.488089][ T9276] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 215.582159][ T9276] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 215.652814][ T9276] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 215.822157][ T9279] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 215.919621][ T9279] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 216.014763][ T9279] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 216.121843][ T9279] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 216.188109][ T9281] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 216.264299][ T9281] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 216.385712][ T9281] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 216.452952][ T9281] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 216.700652][ T9277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.736980][ T9276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.768016][ T9277] 8021q: adding VLAN 0 to HW filter on device team0 [ 216.800808][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.844027][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.890273][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 216.918321][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 216.946869][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 216.978263][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.005942][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.029547][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.083623][ T9276] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.123028][ T9279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.153758][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.183741][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.223402][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.255165][ T3844] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.284258][ T3844] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.315186][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.348685][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.396913][ T9281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.431097][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.469993][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.500940][ T2853] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.536764][ T2853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.567621][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.602905][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.633587][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.660088][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.685872][ T2853] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.702983][ T2853] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.730682][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.754502][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 217.784740][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.806764][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.852919][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.873673][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.894883][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.920167][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.939654][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.960691][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.982104][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 218.009830][ T9279] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.027663][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.047314][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.071216][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 218.089921][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 218.110224][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 218.130042][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.150291][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 218.168281][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 218.186492][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 218.212571][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 218.238845][ T9276] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 218.263462][ T9276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 218.293785][ T9281] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.314601][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 218.336889][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 218.358629][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.376915][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.407112][ T9300] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.434769][ T9300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.482037][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.504707][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.527238][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.546333][ T9300] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.565353][ T9300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.599309][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 218.619849][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 218.646109][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.670269][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.687652][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.711391][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.736635][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.770276][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.793938][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.815813][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.838215][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.863522][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 218.882444][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 218.899939][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.921819][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.945025][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.982472][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.009821][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.030938][ T1217] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 219.058529][ T9277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.078746][ T9276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.115038][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.137415][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.158806][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.183567][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.204175][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.227882][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 219.257870][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 219.280609][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 219.312620][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.335935][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.367206][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 219.390767][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 219.423487][ T9279] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 219.454039][ T9279] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 219.477610][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 219.498413][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 219.520171][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 219.538869][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 219.558251][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 219.583046][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 219.622801][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 219.650004][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 219.678851][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 219.699994][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 219.724505][ T9279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.770179][ T9277] device veth0_vlan entered promiscuous mode [ 219.784090][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 219.801241][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 219.816428][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 219.831953][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.850421][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 219.865574][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.892109][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.911051][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.925387][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.940352][ T59] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.960337][ T9276] device veth0_vlan entered promiscuous mode [ 219.983163][ T9281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.998682][ T9277] device veth1_vlan entered promiscuous mode [ 220.017621][ T9276] device veth1_vlan entered promiscuous mode [ 220.037689][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 220.050966][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 220.066649][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 220.081141][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 220.096848][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 220.146101][ T9303] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 220.167683][ T9303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 220.186990][ T9303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 220.202121][ T9303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 220.216335][ T9303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 220.231983][ T9303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 220.247552][ T9303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 220.271899][ T9279] device veth0_vlan entered promiscuous mode [ 220.290249][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 220.304835][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 220.323811][ T9276] device veth0_macvtap entered promiscuous mode [ 220.337348][ T9279] device veth1_vlan entered promiscuous mode [ 220.350661][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 220.365861][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 220.380740][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 220.394796][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 220.409498][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 220.425085][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 220.440718][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 220.456576][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 220.473806][ T9276] device veth1_macvtap entered promiscuous mode [ 220.487763][ T9277] device veth0_macvtap entered promiscuous mode [ 220.503140][ T9281] device veth0_vlan entered promiscuous mode [ 220.525907][ T9281] device veth1_vlan entered promiscuous mode [ 220.544775][ T9277] device veth1_macvtap entered promiscuous mode [ 220.576981][ T9276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.605780][ T9277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 220.627761][ T9277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.650545][ T9277] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.664267][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 220.677885][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 220.691533][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 220.707317][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 220.722171][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 220.736698][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 220.751362][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 220.766919][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 220.786294][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 220.806977][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 220.823477][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 220.837816][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 220.858623][ T9276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.878648][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 220.895430][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 220.922014][ T9279] device veth0_macvtap entered promiscuous mode [ 220.977876][ T9277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 221.008393][ T9277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.048351][ T9277] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.070523][ T9279] device veth1_macvtap entered promiscuous mode [ 221.188231][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 221.217982][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 221.238436][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 221.255239][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 221.270741][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 221.307336][ T9281] device veth0_macvtap entered promiscuous mode [ 221.432588][ T9281] device veth1_macvtap entered promiscuous mode [ 221.513192][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 221.520528][ T39] audit: type=1400 audit(1594658362.513:48): avc: denied { associate } for pid=9276 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 221.546876][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.617211][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 221.641209][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.968653][ T9279] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.106029][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 222.132902][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 222.148278][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 222.173583][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 222.257567][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 222.284658][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.304216][ T9279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 222.324978][ T9279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.346532][ T9279] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.385158][ T9276] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 222.406659][ T0] NOHZ: local_softirq_pending 08 [ 222.474456][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 222.501742][ T3844] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 222.767359][ T39] audit: type=1400 audit(1594658363.763:49): avc: denied { open } for pid=9305 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 222.792127][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 222.862136][ T39] audit: type=1400 audit(1594658363.773:50): avc: denied { perfmon } for pid=9305 comm="syz-executor.0" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 222.877316][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.935418][ T39] audit: type=1400 audit(1594658363.773:51): avc: denied { kernel } for pid=9305 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 222.949562][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 222.949567][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.949576][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 222.949579][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.952495][ T9281] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.993040][ T39] audit: type=1400 audit(1594658363.773:52): avc: denied { confidentiality } for pid=9305 comm="syz-executor.0" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 223.182038][ T39] audit: type=1400 audit(1594658363.843:53): avc: denied { map_create } for pid=9305 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 223.235887][ T39] audit: type=1400 audit(1594658363.843:54): avc: denied { bpf } for pid=9305 comm="syz-executor.0" capability=39 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 223.291753][ T39] audit: type=1400 audit(1594658363.873:55): avc: denied { map_read map_write } for pid=9305 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 223.404053][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 223.420123][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 223.438859][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 223.462851][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.490584][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 223.534816][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 16:39:24 executing program 1: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) [ 223.569705][ T9281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 223.597453][ T9281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 16:39:24 executing program 1: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) [ 223.628396][ T9281] batman_adv: batadv0: Interface activated: batadv_slave_1 16:39:24 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)={0x1a}) [ 223.662712][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready 16:39:24 executing program 1: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) [ 223.681655][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 16:39:24 executing program 1: ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:24 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)={0x1a}) [ 223.922222][ T9332] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 224.227450][ T39] audit: type=1400 audit(1594658365.223:56): avc: denied { create } for pid=9334 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 224.295205][ T39] audit: type=1400 audit(1594658365.233:57): avc: denied { write } for pid=9334 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 16:39:25 executing program 1: ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:25 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:25 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:25 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000080)=r1) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) 16:39:25 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:25 executing program 1: ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:25 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:25 executing program 0: ioctl$FBIOGET_CON2FBMAP(0xffffffffffffffff, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:25 executing program 1: r0 = syz_open_dev$vbi(0x0, 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:25 executing program 0: ioctl$FBIOGET_CON2FBMAP(0xffffffffffffffff, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:25 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:26 executing program 0: ioctl$FBIOGET_CON2FBMAP(0xffffffffffffffff, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:26 executing program 1: r0 = syz_open_dev$vbi(0x0, 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:26 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000080)=r1) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) 16:39:26 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:26 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:26 executing program 1: r0 = syz_open_dev$vbi(0x0, 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:26 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:26 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:26 executing program 0: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(0xffffffffffffffff, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:27 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:27 executing program 0: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(0xffffffffffffffff, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:27 executing program 1: syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:27 executing program 1: syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:27 executing program 0: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(0xffffffffffffffff, 0x460f, &(0x7f0000000040)={0x1a}) 16:39:27 executing program 3: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x3) 16:39:27 executing program 1: syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) 16:39:27 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000080)=r1) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) 16:39:27 executing program 3: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x3) 16:39:27 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, 0x0) 16:39:27 executing program 1: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, 0x0) 16:39:27 executing program 3: ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x3) 16:39:28 executing program 1: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, 0x0) 16:39:28 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, 0x0) 16:39:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:28 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, 0x0) 16:39:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:28 executing program 1: r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, 0x0) 16:39:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:28 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)) 16:39:28 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000080)=r1) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom(r0, &(0x7f0000000480)=""/110, 0xfffffe32, 0x0, 0x0, 0xffffffffffffff39) 16:39:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:28 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)) 16:39:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:28 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOGET_CON2FBMAP(r0, 0x460f, &(0x7f0000000040)) 16:39:28 executing program 1: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x7, 0x4, 0x8, 0xf1a}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x28, &(0x7f0000000240)}, 0x10) 16:39:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:28 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(r0, r1) 16:39:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(r0, r1) 16:39:29 executing program 1: sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:29 executing program 0: sendmsg$tipc(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:29 executing program 1: sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(r0, r1) 16:39:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:29 executing program 1: sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 0: sendmsg$tipc(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 16:39:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(r0, r1) 16:39:29 executing program 0: sendmsg$tipc(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x3) 16:39:29 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, 0xffffffffffffffff) 16:39:29 executing program 0: r0 = socket$tipc(0x1e, 0x0, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:29 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x3) 16:39:29 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, 0xffffffffffffffff) 16:39:29 executing program 1: socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:30 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x3) 16:39:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 16:39:30 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, 0xffffffffffffffff) 16:39:30 executing program 0: r0 = socket$tipc(0x1e, 0x0, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:30 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:39:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 16:39:30 executing program 0: r0 = socket$tipc(0x1e, 0x0, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:30 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) 16:39:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) 16:39:30 executing program 0: socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 16:39:30 executing program 0: socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) [ 231.200725][ T48] Bluetooth: hci0: command 0x1003 tx timeout [ 231.214741][ T9604] Bluetooth: hci0: sending frame failed (-49) [ 233.280385][ T9303] Bluetooth: hci0: command 0x1001 tx timeout [ 233.293011][ T9604] Bluetooth: hci0: sending frame failed (-49) [ 235.359458][ T9303] Bluetooth: hci0: command 0x1009 tx timeout 16:39:40 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) 16:39:40 executing program 0: socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 16:39:40 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:39:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 16:39:40 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, 0x0, 0x0) 16:39:40 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) 16:39:40 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, 0x0, 0x0) 16:39:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 16:39:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 16:39:40 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, 0x0, 0x0) [ 241.839316][ T9303] Bluetooth: hci0: command 0x1003 tx timeout [ 241.918915][ T9604] Bluetooth: hci0: sending frame failed (-49) [ 244.000055][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 244.030993][ T9604] Bluetooth: hci0: sending frame failed (-49) [ 246.081766][ T5] Bluetooth: hci0: command 0x1009 tx timeout 16:39:50 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) dup2(r0, r1) 16:39:50 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) 16:39:50 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:39:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) dup2(r0, r1) 16:39:51 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) dup2(r0, r1) 16:39:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:39:51 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) [ 250.053873][ T7] Bluetooth: hci0: Frame reassembly failed (-84) 16:39:51 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={0x0, 0x0, &(0x7f0000001540)=[{&(0x7f0000000080)='8', 0x1}], 0x1}, 0x0) 16:39:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) [ 252.079363][ T48] Bluetooth: hci0: command 0x1003 tx timeout [ 252.114204][ T9604] Bluetooth: hci0: sending frame failed (-49) [ 254.159385][ T9300] Bluetooth: hci0: command 0x1001 tx timeout [ 254.172241][ T9604] Bluetooth: hci0: sending frame failed (-49) [ 256.239695][ T9300] Bluetooth: hci0: command 0x1009 tx timeout 16:40:01 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, 0x0}, 0x0) 16:40:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x48, 0x2, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x48}}, 0x0) 16:40:01 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) 16:40:01 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 16:40:01 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, 0x0}, 0x0) 16:40:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x38, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x38}}, 0x0) 16:40:01 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, 0x0}, 0x0) 16:40:01 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(0xffffffffffffffff, r0) 16:40:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x38, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x38}}, 0x0) 16:40:01 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)}, 0x0) 16:40:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x38, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x38}}, 0x0) [ 262.319700][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 262.355596][ T9604] Bluetooth: hci0: sending frame failed (-49) [ 263.364085][ T0] NOHZ: local_softirq_pending 08 [ 264.000116][ T0] NOHZ: local_softirq_pending 08 [ 264.399404][ T5] Bluetooth: hci0: command 0x1001 tx timeout [ 264.420316][ T9604] Bluetooth: hci0: sending frame failed (-49) [ 266.479362][ T1217] Bluetooth: hci0: command 0x1009 tx timeout 16:40:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(r0, 0xffffffffffffffff) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x14, 0x1, 0xa, 0x3, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) 16:40:11 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)}, 0x0) 16:40:11 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)}, 0x0) 16:40:11 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{0x0}], 0x1}, 0x0) 16:40:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(r0, 0xffffffffffffffff) 16:40:11 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:11 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{0x0}], 0x1}, 0x0) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) dup2(r0, 0xffffffffffffffff) 16:40:11 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:11 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{0x0}], 0x1}, 0x0) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)}], 0x1}, 0x0) 16:40:11 executing program 3: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:11 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)}], 0x1}, 0x0) 16:40:11 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nullb0\x00', 0x0, 0x0) readahead(r2, 0x0, 0x0) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000002600)={&(0x7f0000000040)=@id, 0x10, &(0x7f0000001540)=[{&(0x7f0000000080)}], 0x1}, 0x0) 16:40:11 executing program 3: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 3: ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x40}}, 0x0) 16:40:11 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 16:40:12 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:12 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 16:40:12 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 16:40:12 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x3c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x3c}}, 0x0) 16:40:12 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 16:40:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 16:40:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x3c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x3c}}, 0x0) 16:40:13 executing program 3: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r2, r2) dup2(r0, r1) 16:40:13 executing program 3: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x3c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x3c}}, 0x0) 16:40:13 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 16:40:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) 16:40:13 executing program 3: openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:13 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 16:40:13 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 16:40:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) dup2(r0, r1) 16:40:13 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 16:40:13 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, 0x0) 16:40:13 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000040)={0x80000000, 0x0, "74118b4ba65b776c8b9cf5e9eaa0547a26485213dda0edb8c2012a46da7f408c"}) 16:40:13 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) 16:40:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) dup2(r0, r1) 16:40:13 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000040)={0x80000000, 0x0, "74118b4ba65b776c8b9cf5e9eaa0547a26485213dda0edb8c2012a46da7f408c"}) 16:40:13 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0x2}) 16:40:13 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) socket$inet6_tcp(0xa, 0x1, 0x0) 16:40:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) dup2(r0, r1) 16:40:13 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x3, 0x5, 0x4}) 16:40:13 executing program 1: r0 = syz_open_dev$vbi(&(0x7f0000001280)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000040)={0x80000000, 0x0, "74118b4ba65b776c8b9cf5e9eaa0547a26485213dda0edb8c2012a46da7f408c"}) [ 272.800293][ T9874] ================================================================== [ 272.800293][ T9874] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 272.800293][ T9874] Write of size 8 at addr ffffc90009dd1000 by task syz-executor.3/9874 [ 272.800293][ T9874] [ 272.800293][ T9874] CPU: 2 PID: 9874 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 [ 272.800293][ T9874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 272.800293][ T9874] Call Trace: [ 272.800293][ T9874] dump_stack+0x18f/0x20d [ 272.800293][ T9874] ? bitfill_aligned+0x34a/0x400 [ 272.800293][ T9874] ? bitfill_aligned+0x34a/0x400 [ 272.800293][ T9874] print_address_description.constprop.0.cold+0x5/0x436 [ 272.800293][ T9874] ? lockdep_hardirqs_off+0x66/0xa0 [ 272.800293][ T9874] ? vprintk_func+0x97/0x1a6 [ 272.800293][ T9874] ? bitfill_aligned+0x34a/0x400 [ 272.800293][ T9874] kasan_report.cold+0x1f/0x37 [ 272.800293][ T9874] ? bitfill_aligned+0x34a/0x400 [ 272.800293][ T9874] bitfill_aligned+0x34a/0x400 [ 272.800293][ T9874] sys_fillrect+0x408/0x7a0 [ 272.800293][ T9874] ? sys_fillrect+0x7a0/0x7a0 [ 272.800293][ T9874] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 272.800293][ T9874] bit_clear_margins+0x2d5/0x4a0 [ 272.800293][ T9874] ? bit_bmove+0x210/0x210 [ 272.800293][ T9874] ? fb_get_color_depth+0x11a/0x240 [ 272.800293][ T9874] fbcon_clear_margins+0x1d5/0x230 [ 272.800293][ T9874] fbcon_switch+0xb6e/0x16c0 [ 272.800293][ T9874] ? fbcon_scroll+0x3600/0x3600 [ 272.800293][ T9874] ? set_origin+0x156/0x3e0 [ 272.800293][ T9874] redraw_screen+0x2ae/0x770 [ 272.800293][ T9874] ? vc_init+0x440/0x440 [ 272.800293][ T9874] fbcon_modechanged+0x575/0x710 [ 272.800293][ T9874] fbcon_update_vcs+0x3a/0x50 [ 272.800293][ T9874] fb_set_var+0xae8/0xd60 [ 272.800293][ T9874] ? fb_blank+0x190/0x190 [ 272.800293][ T9874] ? _raw_spin_unlock_irq+0x55/0x80 [ 272.800293][ T9874] ? finish_task_switch+0x147/0x750 [ 272.800293][ T9874] ? finish_task_switch+0x119/0x750 [ 272.800293][ T9874] ? __schedule+0x8e9/0x1eb0 [ 272.800293][ T9874] do_fb_ioctl+0x33f/0x6c0 [ 272.800293][ T9874] ? fb_set_suspend+0x1a0/0x1a0 [ 272.800293][ T9874] ? tomoyo_execute_permission+0x470/0x470 [ 272.800293][ T9874] ? lock_is_held_type+0xb0/0xe0 [ 272.800293][ T9874] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 272.800293][ T9874] ? do_vfs_ioctl+0x27d/0x1090 [ 272.800293][ T9874] ? __fget_files+0x294/0x400 [ 272.800293][ T9874] fb_ioctl+0xdd/0x130 [ 272.800293][ T9874] ? do_fb_ioctl+0x6c0/0x6c0 [ 272.800293][ T9874] ksys_ioctl+0x11a/0x180 [ 272.800293][ T9874] __x64_sys_ioctl+0x6f/0xb0 [ 272.800293][ T9874] ? lockdep_hardirqs_on+0x6a/0xe0 [ 272.800293][ T9874] do_syscall_64+0x60/0xe0 [ 272.800293][ T9874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 272.800293][ T9874] RIP: 0033:0x45c939 [ 272.800293][ T9874] Code: Bad RIP value. [ 272.800293][ T9874] RSP: 002b:00007fcef9c60c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.800293][ T9874] RAX: ffffffffffffffda RBX: 000000000074bf00 RCX: 000000000045c939 [ 272.800293][ T9874] RDX: 0000000020000080 RSI: 0000000000004601 RDI: 0000000000000003 [ 272.800293][ T9874] RBP: 00000000006f9940 R08: 0000000000000000 R09: 0000000000000000 [ 272.800293][ T9874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcef9c616d4 [ 272.800293][ T9874] R13: 00000000000002fe R14: 00000000006ed9c0 R15: 00000000004ac5d2 [ 272.800293][ T9874] [ 272.800293][ T9874] [ 272.800293][ T9874] Memory state around the buggy address: [ 272.800293][ T9874] ffffc90009dd0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 272.800293][ T9874] ffffc90009dd0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 272.800293][ T9874] >ffffc90009dd1000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 272.800293][ T9874] ^ [ 272.800293][ T9874] ffffc90009dd1080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 272.800293][ T9874] ffffc90009dd1100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 272.800293][ T9874] ================================================================== [ 272.800293][ T9874] Disabling lock debugging due to kernel taint [ 272.883563][ T9874] Kernel panic - not syncing: panic_on_warn set ... [ 272.883746][ T9874] CPU: 2 PID: 9874 Comm: syz-executor.3 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 272.883752][ T9874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 272.883754][ T9874] Call Trace: [ 272.884193][ T9874] dump_stack+0x18f/0x20d [ 272.884259][ T9874] ? bitfill_aligned+0x300/0x400 [ 272.884268][ T9874] panic+0x2e3/0x75c [ 272.884277][ T9874] ? __warn_printk+0xf3/0xf3 [ 272.884692][ T9874] ? preempt_schedule_common+0x59/0xc0 [ 272.884702][ T9874] ? bitfill_aligned+0x34a/0x400 [ 272.884712][ T9874] ? preempt_schedule_thunk+0x16/0x18 [ 272.884720][ T9874] ? trace_hardirqs_on+0x55/0x220 [ 272.884729][ T9874] ? bitfill_aligned+0x34a/0x400 [ 272.884737][ T9874] ? bitfill_aligned+0x34a/0x400 [ 272.884745][ T9874] end_report+0x4d/0x53 [ 272.884752][ T9874] kasan_report.cold+0xd/0x37 [ 272.884760][ T9874] ? bitfill_aligned+0x34a/0x400 [ 272.884768][ T9874] bitfill_aligned+0x34a/0x400 [ 272.884844][ T9874] sys_fillrect+0x408/0x7a0 [ 272.884853][ T9874] ? sys_fillrect+0x7a0/0x7a0 [ 272.884865][ T9874] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 272.884959][ T9874] bit_clear_margins+0x2d5/0x4a0 [ 272.884968][ T9874] ? bit_bmove+0x210/0x210 [ 272.884979][ T9874] ? fb_get_color_depth+0x11a/0x240 [ 272.884987][ T9874] fbcon_clear_margins+0x1d5/0x230 [ 272.885032][ T9874] fbcon_switch+0xb6e/0x16c0 [ 272.885042][ T9874] ? fbcon_scroll+0x3600/0x3600 [ 272.885056][ T9874] ? set_origin+0x156/0x3e0 [ 272.885065][ T9874] redraw_screen+0x2ae/0x770 [ 272.885110][ T9874] ? vc_init+0x440/0x440 [ 272.885120][ T9874] fbcon_modechanged+0x575/0x710 [ 272.885130][ T9874] fbcon_update_vcs+0x3a/0x50 [ 272.885138][ T9874] fb_set_var+0xae8/0xd60 [ 272.885147][ T9874] ? fb_blank+0x190/0x190 [ 272.885156][ T9874] ? _raw_spin_unlock_irq+0x55/0x80 [ 272.885168][ T9874] ? finish_task_switch+0x147/0x750 [ 272.885179][ T9874] ? finish_task_switch+0x119/0x750 [ 272.885189][ T9874] ? __schedule+0x8e9/0x1eb0 [ 272.885205][ T9874] do_fb_ioctl+0x33f/0x6c0 [ 272.885214][ T9874] ? fb_set_suspend+0x1a0/0x1a0 [ 272.885223][ T9874] ? tomoyo_execute_permission+0x470/0x470 [ 272.885232][ T9874] ? lock_is_held_type+0xb0/0xe0 [ 272.885247][ T9874] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 272.885259][ T9874] ? do_vfs_ioctl+0x27d/0x1090 [ 272.885270][ T9874] ? __fget_files+0x294/0x400 [ 272.885279][ T9874] fb_ioctl+0xdd/0x130 [ 272.885287][ T9874] ? do_fb_ioctl+0x6c0/0x6c0 [ 272.885293][ T9874] ksys_ioctl+0x11a/0x180 [ 272.885301][ T9874] __x64_sys_ioctl+0x6f/0xb0 [ 272.885311][ T9874] ? lockdep_hardirqs_on+0x6a/0xe0 [ 272.885323][ T9874] do_syscall_64+0x60/0xe0 [ 272.885331][ T9874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 272.885372][ T9874] RIP: 0033:0x45c939 [ 272.885424][ T9874] Code: Bad RIP value. [ 272.885428][ T9874] RSP: 002b:00007fcef9c60c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.885436][ T9874] RAX: ffffffffffffffda RBX: 000000000074bf00 RCX: 000000000045c939 [ 272.885440][ T9874] RDX: 0000000020000080 RSI: 0000000000004601 RDI: 0000000000000003 [ 272.885445][ T9874] RBP: 00000000006f9940 R08: 0000000000000000 R09: 0000000000000000 [ 272.885449][ T9874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcef9c616d4 [ 272.885454][ T9874] R13: 00000000000002fe R14: 00000000006ed9c0 R15: 00000000004ac5d2 [ 272.889173][ T9874] Kernel Offset: disabled [ 272.889173][ T9874] Rebooting in 86400 seconds..