[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   37.234081] audit: type=1800 audit(1538776900.808:25): pid=5665 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   37.254551] audit: type=1800 audit(1538776900.808:26): pid=5665 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   37.282636] audit: type=1800 audit(1538776900.808:27): pid=5665 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.76' (ECDSA) to the list of known hosts.
2018/10/05 22:01:51 fuzzer started
2018/10/05 22:01:53 dialing manager at 10.128.0.26:38395
2018/10/05 22:01:54 syscalls: 1
2018/10/05 22:01:54 code coverage: enabled
2018/10/05 22:01:54 comparison tracing: enabled
2018/10/05 22:01:54 setuid sandbox: enabled
2018/10/05 22:01:54 namespace sandbox: enabled
2018/10/05 22:01:54 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/05 22:01:54 fault injection: enabled
2018/10/05 22:01:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/05 22:01:54 net packed injection: enabled
2018/10/05 22:01:54 net device setup: enabled
22:04:31 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000300)={"294e200bf9191bf9e36ea2413015510c832200ed1d9b95e0d2dfafd53fcd65d0fead9b88b7c7af67e7e56e7594026b38df99df766530f4d4c863b23d82917d03cee087545afc4a94cdf78ec84b725dfbc8f6ab02858e575dbc1a2bb83d1830fd41bae2a80bd6dcae4f5365a743dc4fdcbb8d02a4857ef20d61a943828b7980d58d0016537f11ba5ce25ebefc768a8da119e6aba9f4ca3372773cca50aac43ce194a757fb02d310059b69979172dbd39195c72edbd0e04e29ada064131d875c201f45aa00a35d8589a74ed46254060f9341c0d284704abe394742c659cdaab8f82b71b75f08b6c25b5fe427afcc676a582649eda1157e8018370f38a16bf20a78a68032d0bd31827274a77f6ed172137649259611ccb101004ba88e6e146188b2110ef90ec4df2548ff99be50fa7f2fd8ed191d18c843d3e5a2d18c7dcc80a04e2cbe88d3359ce62e27be82614e4d85023755aa2a11e3cd677bc8c56a2954c0ed4990d08a76ab1d8e6358a13874407bc50aa02cb892920e3847c4ca1d0902c871f6673264a781ab07532fd18011a2b89fe242133e72df2db079f82e781caae92bb6dba398a897035f52dc2b3417b0ba5b15a7d8af634d3b2fdc6c22abfaba447fa3171fe5a13698585516586b9f006c7dfeb472aea4b80aeb0d19a26ca66707ac35f77aacd6dff32e4e5b38bee30d7d00d9c4d2bc18f9b0430b6a9c7d86924030187324b471606fefd2abcc94dda6f4c8d9650c9abd43f65ba61d4d54f54432a667f3764d4a1555f1500de8d10f8bb7ee103e0ce2500958d9d237442d60366e4c00b7bd2f85c2fc5fb6e294334a8990d55701d39c8c1384ad2868085509347dae515860a4442cddb1d51e09f57f7a6044104a7dee260c8cef6e132de106d9117973a529e37f41faf61eb6395e20743aa80ad5dd97949c55736a066d53128fa6867f69966d3bbc74fba807c179ea7aa5b22262dd282700f5bf7a7d94694d48aefc15f850e4853ffc8b83421365884997000da6bca5639443f9019899e3e51fd6f97d1508f2c05f14ed49cb1619f634082192e0a16f7709516b6a18abe2831fee11a731c0d58f29fe4caca2fb0e595923d5f8464ef495bf891d8f37bee91b3ac6130e8366aff743cc9da97b7fa25b05d874663978e798084f9d341766b67cc884e35fc89d14981265b7bdf9e61194cb8e9595ee59d3ad05da346fef83ff25540236568ad290ce0e86f954a8d6d9c71caac7d4e7692d55452d2859648c1e57072c71530a5842cd4c558b892c63286035b2ff9390bef12753279dc7ab3406dec1c2676693a813347bcb7d31ed67bba19891dedc2993a8510823f0c36d72eacdab68ee42f3ed54d4448f58171cb609a9c90db89d41b0e277947844504d5f1c6851ba8d673f0a64260e9b9729d219ab869dbeb83c90537ad2ee0f8ee5774332c3e060bf"})
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000700)={"accc4f17d9d0f60e7ef85fccb89770e279a200000f3a709a9b40e45e4da5972cb516a2345591047a8ae454827c700c173e7254671ebf0aaa8e0ebe880a000b2a338564a29e5f46736588099118283f08c164b195037d361a7a68708f2881ae58ac9c365df2bea256a6c837446cb126ada7f08c75eb00f444dad8b3e76d46c04a9cebe2cef312bc03f3fb2253f4148a6aa1cdc223cf62fd8a795e2f533920009375de4c7f360b75c792573826497dc15cbf254992f7a9d1368c8d2f4d741252c3f0f68a20be1303ad568820a29f3c52cd3817d03ea508cec0cf8b06c58e7542ee4efcbc68a220a98a9a5c24a78d10bd55756edb1182ee9a672ab1ef713f77258069706ac7921d2ae2d23555ad6a54583b501b4e911a3e07cee99d6ff287c8632e8e865b0009ecef4c408f34f893d0ab284badcf1ea0ced6d4b464b21f548fe95573db172455170fe0a6378aa69fdfbb360155797f7e753637f21c74ed5918ca473f1ba11892d4e64c9ecf1d39afb5f6a1ca05a7b0d5b9aadb564f7d4c9aade3c31038d9f8ec017b02bccbc492f308e988733f55ff88a125678c4a1cacd190caef4b8c72be11548b793955c991bf4379017cc10467b860ec3b451b352ce3f45a3d284fef270ff95f012b3f8582a40a4da3adc4df84d1786f13bd7ecb4b62a11698c9b78c30b345f64176964ed29c6390831dd5a9cdc8b53bdeb81a140a223226e6baf72b7f95f3cf7e058424fdd5d24cf6b6758166cd5aa368aefc8a048fe4f8d8d2ea867bacdd7b08d2d464c97428d13cbddf7e9f4b261c08d18bc2dfabffbf5f2d33adc3554655b9f91ecfa6e8c995df7cedfa96fe05b52deb68525ae26b466703516d534f7484b43051e82c84c9fb0ceeb004b052036f818d822e6bdf46e1acb76d3afd42da3434bfabd1f9bda7c4213565a0f8b7f6ab0a107a53ce92ff321c0ed8e2f35ece158bf095db35d411988c53fc22763c476e06e1aae4f1136d9c259db21ef7265bb792047d60a2dd09a2012eb4c5da27043d3ad9de27f2c96454e98f9093d2978d7c630ee0d1bf60ed0bb8658bda5b93b1d5709fa5ea88f29df605616a55dfd83d7dcd35f0415d88e48fe50b03892228662a5b0c34d1980f28963ced4195407ad10814f1cf9e2a40e2b230efa2282c847b9d4b94d999f33fb7161f39794721c0f4b0b665f5324ff0685435ce08442fb1f0ad7f6be98f0e1e0e4aff50e7b48cb329e888634015bdae3aa6968351e3889157436d52a0446ff4e8f78a9249b10d9d4250b011c17bc23b8a6e2c59868bdacb18aee99872ca2688a6fd38fd4c89f50fc7d652429b21f2ad4e36337287576169950607a76482354e9f58d8a7f414b54b22930cd6ffe493a6090e672b4463f4b1d0360de281cafb4fc1ccb23a08acb1dba306fa059d711bfbb2edc829e4901b74bdf508ad2b8ca34f2adc57"})

syzkaller login: [  207.741869] IPVS: ftp: loaded support on port[0] = 21
22:04:31 executing program 1:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000002c0)=@nat={'nat\x00', 0x19, 0x1, 0x138, [0x20000640, 0x0, 0x0, 0x20000670, 0x200006a0], 0x0, &(0x7f0000000000), &(0x7f0000000640)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x5, 0x0, 0x0, 'veth1_to_bridge\x00', 'rose0\x00', 'syz_tun\x00', '\x00', @broadcast, [], @random="89b5869c4829", [], 0x6f, 0x70, 0xa8}}, @snat={'snat\x00', 0x10, {{@remote}}}}]}]}, 0x1b0)

[  207.987403] IPVS: ftp: loaded support on port[0] = 21
22:04:31 executing program 2:
r0 = openat$md(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/md0\x00', 0x0, 0x0)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

[  208.268101] IPVS: ftp: loaded support on port[0] = 21
22:04:32 executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x20000003)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r2 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x0)
sendmmsg(r2, &(0x7f0000003d40)=[{{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f0000000000)=[{0x10, 0x10d}], 0x10}}], 0x1, 0x0)

[  208.610260] IPVS: ftp: loaded support on port[0] = 21
22:04:32 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write(r0, &(0x7f0000000040)="150000000000080083a602a28b179eaea3", 0x11)

[  208.879661] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.900502] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.911602] device bridge_slave_0 entered promiscuous mode
[  209.015803] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.042288] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.049662] device bridge_slave_1 entered promiscuous mode
[  209.157666] IPVS: ftp: loaded support on port[0] = 21
[  209.180358] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  209.334571] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
22:04:32 executing program 5:
r0 = socket$kcm(0xa, 0x3, 0x11)
r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r1)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
sendmmsg(0xffffffffffffffff, &(0x7f0000006800)=[{{&(0x7f0000000300)=@ax25={0x3, {"cf80ba64943eac"}, 0xdf99}, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000000400)}}, {{&(0x7f0000000b40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x4}}, 0x80, &(0x7f0000001cc0), 0x0, &(0x7f0000001d00)}}], 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$kcm(r0, &(0x7f00000027c0)={&(0x7f0000000000)=@nl=@unspec={0x2001001000000000}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[]}, 0x0)

[  209.567165] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.591328] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.605526] device bridge_slave_0 entered promiscuous mode
[  209.606445] IPVS: ftp: loaded support on port[0] = 21
[  209.720955] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.731678] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.750560] device bridge_slave_1 entered promiscuous mode
[  209.769957] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  209.841630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  209.890746] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.897125] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.915715] device bridge_slave_0 entered promiscuous mode
[  209.931227] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  209.939451] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  210.016654] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.045456] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.060494] device bridge_slave_1 entered promiscuous mode
[  210.185467] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  210.259354] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  210.305534] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  210.346552] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.359932] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.381437] device bridge_slave_0 entered promiscuous mode
[  210.435100] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  210.468965] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.495629] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.507371] device bridge_slave_1 entered promiscuous mode
[  210.565642] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  210.580749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  210.598527] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  210.619667] team0: Port device team_slave_0 added
[  210.641967] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  210.651138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  210.704935] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  210.714035] team0: Port device team_slave_1 added
[  210.727387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  210.739334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  210.761111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  210.782406] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  210.873428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  210.882985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  210.901344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  210.911121] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  210.940321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  210.997764] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  211.006625] team0: Port device team_slave_0 added
[  211.012520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  211.020559] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.026913] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.047315] device bridge_slave_0 entered promiscuous mode
[  211.077448] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  211.099466] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  211.147007] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  211.167376] team0: Port device team_slave_1 added
[  211.178699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  211.189994] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  211.203180] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  211.212815] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  211.243284] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.250127] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.273569] device bridge_slave_1 entered promiscuous mode
[  211.280212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  211.295494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  211.330193] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  211.369649] team0: Port device team_slave_0 added
[  211.384856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  211.400930] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  211.429136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  211.460656] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.467043] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.485904] device bridge_slave_0 entered promiscuous mode
[  211.495477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  211.513473] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  211.531735] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  211.538906] team0: Port device team_slave_1 added
[  211.559496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  211.568876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  211.608949] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.624792] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.632104] device bridge_slave_1 entered promiscuous mode
[  211.639914] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  211.661275] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  211.690761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  211.698851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  211.712117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  211.724840] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  211.738567] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  211.749117] team0: Port device team_slave_0 added
[  211.761789] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  211.821539] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  211.828559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  211.837551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  211.855319] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  211.870565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  211.885609] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  211.911336] team0: Port device team_slave_1 added
[  211.959126] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  211.991259] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.003208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.014693] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  212.034345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.067863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  212.094749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.105120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  212.145949] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  212.181689] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  212.227537] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  212.241755] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  212.258062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.289972] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  212.323236] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  212.355125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.364745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  212.525960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  212.543573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  212.594203] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.600620] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.607243] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.613665] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.637028] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  212.687064] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  212.701514] team0: Port device team_slave_0 added
[  212.793354] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  212.818260] team0: Port device team_slave_1 added
[  212.846638] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.853059] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.859716] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.866095] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.893335] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  212.904675] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  212.917331] team0: Port device team_slave_0 added
[  212.930823] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  212.989581] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  213.003086] team0: Port device team_slave_1 added
[  213.025411] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  213.071357] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  213.078446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  213.091060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  213.151945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  213.224360] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  213.250509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  213.271017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  213.303590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  213.321431] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.327793] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.334436] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.340821] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.364222] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  213.401432] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  213.408503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  213.421256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  213.482414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  213.497866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  213.520948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  213.540797] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  213.559975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  213.567989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  213.667929] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.674352] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.681022] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.687378] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.708212] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  214.287049] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.293474] bridge0: port 2(bridge_slave_1) entered forwarding state
[  214.300100] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.306495] bridge0: port 1(bridge_slave_0) entered forwarding state
[  214.331410] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  214.550590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  214.571000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  214.607137] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.613567] bridge0: port 2(bridge_slave_1) entered forwarding state
[  214.620200] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.626603] bridge0: port 1(bridge_slave_0) entered forwarding state
[  214.635997] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  215.590578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  216.564529] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.911595] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  217.126815] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.353605] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.368463] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  217.384271] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  217.400957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  217.559883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  217.692825] 8021q: adding VLAN 0 to HW filter on device team0
[  217.811575] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  217.865083] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.983498] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  217.989650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  217.998007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  218.075750] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.159609] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  218.165876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  218.174853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  218.223609] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  218.420937] 8021q: adding VLAN 0 to HW filter on device team0
[  218.441766] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  218.511679] 8021q: adding VLAN 0 to HW filter on device team0
[  218.591897] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  218.600539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  218.614687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  218.662304] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.871956] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  218.878118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  218.889615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  218.923368] 8021q: adding VLAN 0 to HW filter on device team0
[  218.980402] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  219.261838] 8021q: adding VLAN 0 to HW filter on device team0
[  219.396754] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  219.412339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  219.419318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  219.801642] 8021q: adding VLAN 0 to HW filter on device team0
[  219.911085] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
22:04:43 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
r1 = dup2(r0, r0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000400)={0x7, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local}}}, 0x108)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000300)={&(0x7f0000000180), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0)

22:04:44 executing program 0:
r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x2}})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x0, 0x0)

22:04:44 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)

22:04:44 executing program 0:
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r0 = socket(0x11, 0x80002, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r1, &(0x7f0000de1fff), 0xfffffffffffffd43, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x10)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739ddb, 0x1f00000000001d00, 0x0, 0xffffffffffffff39)
setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000000)=0x2, 0x4)
bind$packet(r0, &(0x7f0000000180)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0xc5)

22:04:44 executing program 1:
r0 = socket$kcm(0xa, 0x3, 0x11)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x1c)
sendmsg$kcm(r0, &(0x7f00000027c0)={&(0x7f0000000000)=@nl=@unspec={0x2001001000000000}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[]}, 0x0)

[  220.725392] kernel msg: ebtables bug: please report to author: entry offsets not in right order
22:04:44 executing program 2:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000a8eff8)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000ac5000), 0x4)
sendmmsg$unix(r0, &(0x7f00000bd000), 0x80, 0x0)
r1 = memfd_create(&(0x7f0000000080)='dev ', 0x3)
write(r1, &(0x7f0000000040)="16", 0x1)
sendfile(r0, r1, &(0x7f0000000000), 0xffff)
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
fcntl$addseals(r1, 0x409, 0x8)
write$P9_RWALK(r1, &(0x7f0000003d40)={0x9}, 0x9)

[  220.809283] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
22:04:44 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
quotactl(0x80000101, 0x0, 0x0, &(0x7f00000003c0))
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28}, 0x28)

[  220.961457] hrtimer: interrupt took 25067 ns
22:04:44 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
quotactl(0x80000101, 0x0, 0x0, &(0x7f00000003c0))
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28}, 0x28)

22:04:44 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
quotactl(0x80000101, 0x0, 0x0, &(0x7f00000003c0))
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28}, 0x28)

22:04:44 executing program 3:
r0 = socket$l2tp(0x18, 0x1, 0x1)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
socketpair$unix(0x1, 0x100000000000005, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg(r1, &(0x7f0000007c40), 0x6a3, 0x0)
ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f00000004c0))

22:04:45 executing program 4:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x4)

22:04:45 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f000066c000/0x2000)=nil, 0x2000, 0x4)

22:04:45 executing program 0:
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x6009, 0x1)
quotactl(0x0, &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000040))

22:04:45 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
quotactl(0x80000101, 0x0, 0x0, &(0x7f00000003c0))
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)
write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28}, 0x28)

22:04:45 executing program 4:
setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6)
r0 = socket(0x11, 0x80002, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r1, &(0x7f0000de1fff), 0xfffffffffffffd43, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x10)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvfrom(r1, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739ddb, 0x0, 0x0, 0xffffffffffffff39)
setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000000)=0x2, 0x4)
bind$packet(r0, &(0x7f0000000180)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14)
setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0xc5)

22:04:45 executing program 0:
clone(0x210027fa, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff)

[  221.648821] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
22:04:45 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070")
syz_emit_ethernet(0xffffffe9, &(0x7f0000000080)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x110, 0x48, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, &(0x7f0000000100)={0x0, 0x2, [0x0, 0xad4]})

22:04:45 executing program 2:
r0 = socket$inet6(0xa, 0x3, 0x800000000000004)
ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.eventw\x00', 0x26e1, 0x0)
r2 = socket$inet6(0xa, 0x1000000040001, 0x0)
ioctl(r2, 0x4000002, &(0x7f00000005c0)="025c76408d8fe4f85370")
ioctl(r0, 0x8901, &(0x7f00000000c0)="025cc83d6d345f8f762070")
r3 = socket$inet(0x2, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e21}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e24, 0x35, @ipv4, 0x9}, @in={0x2, 0x4e20, @remote}], 0x5c)
mmap(&(0x7f00009c4000/0x4000)=nil, 0x4000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0)
socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f00000002c0))
socket$inet6(0xa, 0x1000000000003, 0x0)
ioctl(r3, 0x9, &(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00\x00^\x00\x00\x00\x00')
bind$inet(r3, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10)
connect$inet(r3, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10)
connect$inet(r1, &(0x7f00000006c0)={0x2, 0x4e23, @multicast1}, 0x10)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000040)={<r4=>0x0, 0x1, 0x0, 0x80, 0xfffffffffffff800}, &(0x7f0000000600)=0x18)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000740)=@assoc_value={r4, 0x1}, &(0x7f0000000680)=0xfffffffffffffd77)
r5 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r5, 0x84, 0x20, &(0x7f0000000200)=0x400, 0x4)
r6 = socket$inet6(0xa, 0xfffffffffffffffe, 0x80000001)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000580)={0x28, 0x0, 0xd219882153f79c93, @hyper}, 0x10)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000240)={<r8=>0x0, 0x1}, &(0x7f0000000380)=0x8)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f00000003c0)={r8, 0x40, 0x3, 0xffffffffffffffff, 0xf68, 0xd3}, &(0x7f0000000400)=0x14)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000f00)=ANY=[@ANYBLOB="36ad93ddbb04407049dc65f34d716efb4fdb17462ece428d8dd3ac61a159ce41d1cb5d502dd5c3995b06e34f460a251587b1c601689ed3c16617bfb16aa9e948c062afffaacccb1f910f0360f5be21e53e521a8849c195c286bea4d845e951efcad4132a57a49ada947133849dafd0dbe195aea476f699bd0bd97b841cab2e46dee147870a4ee7793ea922c1ac14c924d5809cb29fad53993c0fa9545c3a4c3b31801c018f43ce30aa9a800ab98a1cbdfa0abf359b14014e897232fa0ce7f2eb945246cb634fa22c5a6428940e310e2577da206a2e04e3b91e452b855320793c6ee81938eb2ca65e878bcceca0dfb3747dadebd02fb07dec7df390c5d78e2e15c5e404642233d709a2597b5a2f7f0436781608018cfce53e4bacd1b76a50f7de42bcfd613fe95965c8e842d567a4d576fe848fabad55d70f2344698d8bab2b8eb3d01b8a91303f1af72f1c49bc020fa9fae183bcfb7e535d904287eae89405d895539b6bf4c70000000000006b089be477c942c8a4fe2d6707ee28354a8279f4defadbf01409b7bb30a9b0140e24659f8dceac554dee5bb5eb49c71d33367896278d67e9854387ff33a6554c0494fa63b9c510b67ea4a368253278b307dfd819a158d57c75f7c54664391e16500112154105f4fdecb5c77bd01fabd4c43bff8cb18929d8aba70b6f2b6169b47b630427cafebdbb0000000000000000000000002412c19a9e155ccbc00ea71b43627ea5f5d0befdd0ff5011c292c4ed3f080a062b97648dba4bd6ecf862a94fa5cda7e8e727095da3d0c36fa3749334e9115c4562bc987032e202d34d008928cb35b14c08198424163070f851ce2573d1646a0554b9837343bf14e6a11a3ff9caad492117ba3ea368118f8e427b70bdec4991e411f7efd58332cbee3ba83306a5577ca8400eec351def1301cd931063172fccf9fb9a1e1c63af96af77ee3254a7c66ae34743da4034677e8c62355c4098b7f69cd15a6c1b90e838ecef923ed85465cda9e6637f0b32b89d8d7981c55fcdb35770044ce456ffc237702b80de5422bd6542c688f763389b45072716000000005854a0356682952762acdcea11188fc2daba67dfb77f58ecabe8740fa6cd278a2eb3f37730b327e528bc3fd72d481753eb3608cd0d6cd0497b7c6c6130bb385884322dfc1b8b6551d9a8717edd081ca2778897312a38a43d696423bfbccc599ce25f261b5ad4178370fed5a62ce566f184754ecb67ea9cd2e32d9488bc31372c2e553b28d505f826cb65831637cbf58b7d9f6b3be77e261bf20bfc0f3a733e453876c5990a3922d68c98a08a281a78d73d87bded17342075baf387e8e82f0ea6afb85d5d3ec54064292d565da22c269d3d364c2b0bb166519300739f8e2efcced195234541d5175feee4f7ce78277cad086cb31715af59bb463105f4c342bb3f8ccea1a66a9b88da85b85e5f28ad35586b535f85b43011f8ff92b377012aa1fe3aa7560b1fc6b76f89c2b5bbc9f65f8df727478c6cf65b7790a3d7bba74723db024c1be0f3b4a501b4ca6f0463ca443a1b8df18405a43db2b0b223c008cf3b37413bd64108a0df39d9773a1a8b5917e906c6badcc89a4503eae641118b8e10ff63f35236e9f878f9cf8925363b4c327318e0d4c77c80361db7c361682aca5b7731270804725e9ff08073fc20955ad31665eaf82c6c490fb14fa93ab608834de4e777e6bf3f6b3fe8f14517db383cb26082a6a31f58c83fc4947f63f9f7d0212be730eeb1beb23558defc06f4189cae2a03ec91cbddf88974b8009dfc3d6b9893737a1c48ae79c4a8327c5e1766b956e8d289a8daa519af89268cb8fbe75e0e148bf80550a99b20db42c3f982a75de999c1669d2767b03f4ff4f980efeee58c8f49f3252e000000000000000000000000000000000000000096426cb24aa801cc51eee4cf43010892c2e5680e66f2506ab171971d5ca63f2a038c2f90d61cafc938486b60cc3d311b8b9984d5d21fd82e6bcca89c6da91c7089ee404bc48803eace19b6664664e77fd5388b1315394d2e933b7e0acdf52993010a440274c88f3be7cdae2f1c83c3e22fd1cea0bddf18b4c528971a68b9005a7b30d9f79ca872a650a53a868a1b7a3347ab57f821dc4028341e22c39c894a30adbcc3ba0803021538bb2ba16cc0db7bb94681da70dbaa82744bfe57627a7e5de34e342ce2d563be843c57087bc727f38006f28082a15d8dba7b570b001499e4c4e3760be749b9ec3da6d567bf44fbdd7e2e909f598e056a1731e6818b85345ae08b4970a7e304a83170c5aa7f2fabcd8bbde4e35f1a9737d9213c48938ec41b1d382d916c7948015ee5d6d52fc37e4bec01f9a386fc41438f9d6c845da89ae5bc49af286be72ee7cc45c4c4f62c8957713ee1c95c595abda3d70770e16bd168b07b76e1bdef31225ce5015c5d64f209963e7e264255d131b65a0b995b", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=<r9=>0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000440)=0xa)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000480)={r9, @in={{0x2, 0x4e21, @remote}}, 0x3, 0x4, 0x6, 0xaf6e, 0x8}, &(0x7f0000000540)=0x98)
setsockopt$inet6_MRT6_ADD_MFC_PROXY(r5, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x4e23, 0x3, @local, 0x1}, {0xa, 0x4e20, 0x1000, @mcast1, 0x7d}}, 0x5c)

22:04:45 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
quotactl(0x80000101, 0x0, 0x0, &(0x7f00000003c0))
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0)

22:04:45 executing program 5:
r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x44, 0x0, &(0x7f0000000480)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000040)=[@flat={0x77682a85}], &(0x7f0000000080)=[0x0]}}], 0x0, 0x0, &(0x7f0000000500)})

22:04:45 executing program 0:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x400000000002f})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
write$uinput_user_dev(r0, &(0x7f0000000540)={'syz1\x00'}, 0x45c)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)

[  221.831986] binder: 7463:7466 got transaction with invalid handle, 0
[  221.840057] binder: 7463:7466 transaction failed 29201/-22, size 24-8 line 3062
[  221.866080] binder_alloc: binder_alloc_mmap_handler: 7463 20001000-20004000 already mapped failed -16
[  221.884979] WARNING: CPU: 1 PID: 7473 at mm/slab_common.c:1031 kmalloc_slab+0x56/0x70
[  221.892973] Kernel panic - not syncing: panic_on_warn set ...
[  221.892973] 
[  221.900354] CPU: 1 PID: 7473 Comm: syz-executor0 Not tainted 4.19.0-rc6+ #269
[  221.901520] binder_alloc: 7463: binder_alloc_buf, no vma
[  221.907628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  221.907634] Call Trace:
[  221.907659]  dump_stack+0x1c4/0x2b4
[  221.907684]  ? dump_stack_print_info.cold.2+0x52/0x52
[  221.913642] binder: 7463:7470 transaction failed 29189/-3, size 24-8 line 2970
[  221.922494]  panic+0x238/0x4e7
[  221.922509]  ? add_taint.cold.5+0x16/0x16
[  221.922527]  ? __warn.cold.8+0x148/0x1ba
[  221.922547]  ? kmalloc_slab+0x56/0x70
[  221.925310] binder: undelivered TRANSACTION_ERROR: 29201
[  221.928755]  __warn.cold.8+0x163/0x1ba
[  221.928772]  ? kmalloc_slab+0x56/0x70
[  221.928793]  report_bug+0x254/0x2d0
[  221.934450] binder: undelivered TRANSACTION_ERROR: 29189
[  221.941324]  do_error_trap+0x1fc/0x4d0
[  221.941340]  ? math_error+0x3f0/0x3f0
[  221.941356]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  221.941376]  ? trace_hardirqs_on_caller+0x310/0x310
[  221.996208]  ? lock_downgrade+0x900/0x900
[  222.000354]  ? kasan_slab_free+0xe/0x10
[  222.004332]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  222.009174]  do_invalid_op+0x1b/0x20
[  222.012890]  invalid_op+0x14/0x20
[  222.016342] RIP: 0010:kmalloc_slab+0x56/0x70
[  222.020750] Code: c5 60 ab 00 89 5d c3 48 85 ff b8 10 00 00 00 74 f4 83 ef 01 c1 ef 03 0f b6 87 80 aa 00 89 eb d8 31 c0 81 e6 00 02 00 00 75 db <0f> 0b 5d c3 48 8b 04 c5 a0 aa 00 89 5d c3 66 90 66 2e 0f 1f 84 00
[  222.039668] RSP: 0018:ffff880191057978 EFLAGS: 00010246
[  222.045062] RAX: 0000000000000000 RBX: 00000000fffffff9 RCX: ffffc90001e5c000
[  222.052356] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000003ffffffe60
[  222.059621] RBP: ffff880191057978 R08: ffff8801d2c086c0 R09: ffffed00399111b9
[  222.066886] R10: ffff880191057a48 R11: ffff8801cc888dcf R12: 0000000000000000
[  222.074151] R13: 0000000000000000 R14: ffff8801cbc93340 R15: 00000000006080c0
[  222.081439]  __kmalloc+0x25/0x760
[  222.084893]  ? input_mt_init_slots+0xe5/0x4a0
[  222.089397]  input_mt_init_slots+0xe5/0x4a0
[  222.093727]  uinput_ioctl_handler.isra.10+0x2049/0x2540
[  222.099093]  ? uinput_request_submit.part.9+0x2d0/0x2d0
[  222.104459]  ? __fget+0x4d1/0x740
[  222.107914]  ? ksys_dup3+0x680/0x680
[  222.111672]  ? __might_fault+0x12b/0x1e0
[  222.115742]  ? lock_downgrade+0x900/0x900
[  222.119892]  uinput_ioctl+0x4c/0x60
[  222.123516]  ? uinput_compat_ioctl+0x90/0x90
[  222.127923]  do_vfs_ioctl+0x1de/0x1720
[  222.131818]  ? ioctl_preallocate+0x300/0x300
[  222.136239]  ? __fget_light+0x2e9/0x430
[  222.140234]  ? fget_raw+0x20/0x20
[  222.143716]  ? _copy_to_user+0xc8/0x110
[  222.147694]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  222.153239]  ? put_timespec64+0x10f/0x1b0
[  222.157392]  ? nsecs_to_jiffies+0x30/0x30
[  222.161549]  ? security_file_ioctl+0x94/0xc0
[  222.165961]  ksys_ioctl+0xa9/0xd0
[  222.169441]  __x64_sys_ioctl+0x73/0xb0
[  222.173328]  do_syscall_64+0x1b9/0x820
[  222.177213]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  222.182607]  ? syscall_return_slowpath+0x5e0/0x5e0
[  222.187547]  ? trace_hardirqs_on_caller+0x310/0x310
[  222.192560]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  222.197573]  ? recalc_sigpending_tsk+0x180/0x180
[  222.202325]  ? kasan_check_write+0x14/0x20
[  222.206563]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  222.211413]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  222.216600] RIP: 0033:0x457579
[  222.219790] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  222.238690] RSP: 002b:00007fae05cccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  222.246407] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000457579
[  222.254192] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  222.261458] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  222.268728] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae05ccd6d4
[  222.276008] R13: 00000000004c1284 R14: 00000000004d1e78 R15: 00000000ffffffff
[  222.284210] Kernel Offset: disabled
[  222.287853] Rebooting in 86400 seconds..