[ 41.654050][ T26] audit: type=1800 audit(1563151060.442:26): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 41.700347][ T26] audit: type=1800 audit(1563151060.442:27): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[ 41.741860][ T26] audit: type=1800 audit(1563151060.442:28): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 42.436486][ T26] audit: type=1800 audit(1563151061.262:29): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts.
2019/07/15 00:37:51 fuzzer started
2019/07/15 00:37:54 dialing manager at 10.128.0.26:39541
2019/07/15 00:37:54 syscalls: 2465
2019/07/15 00:37:54 code coverage: enabled
2019/07/15 00:37:54 comparison tracing: enabled
2019/07/15 00:37:54 extra coverage: extra coverage is not supported by the kernel
2019/07/15 00:37:54 setuid sandbox: enabled
2019/07/15 00:37:54 namespace sandbox: enabled
2019/07/15 00:37:54 Android sandbox: /sys/fs/selinux/policy does not exist
2019/07/15 00:37:54 fault injection: enabled
2019/07/15 00:37:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/07/15 00:37:54 net packet injection: enabled
2019/07/15 00:37:54 net device setup: enabled
00:38:17 executing program 0:
syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c0908040c", 0x7d}], 0x0, 0x0)
syzkaller login: [ 78.725786][ T8008] IPVS: ftp: loaded support on port[0] = 21
00:38:17 executing program 1:
fsetxattr$security_smack_entry(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x1fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_tables_names\x00')
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(0xffffffffffffffff, 0xc040564b, &(0x7f0000000100)={0x0, 0x0, 0x3017, 0x0, 0x8001, {0x1, 0x150e4aa1}})
creat(&(0x7f0000000040)='./file0\x00', 0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0)
[ 78.841396][ T8008] chnl_net:caif_netlink_parms(): no params data found
[ 78.918986][ T8008] bridge0: port 1(bridge_slave_0) entered blocking state
[ 78.927754][ T8008] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.935946][ T8008] device bridge_slave_0 entered promiscuous mode
[ 78.968001][ T8008] bridge0: port 2(bridge_slave_1) entered blocking state
[ 78.975280][ T8008] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.984675][ T8008] device bridge_slave_1 entered promiscuous mode
[ 79.008752][ T8008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 79.021885][ T8008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 79.025070][ T8011] IPVS: ftp: loaded support on port[0] = 21
[ 79.052070][ T8008] team0: Port device team_slave_0 added
00:38:17 executing program 2:
semctl$GETNCNT(0x0, 0x0, 0x2, 0x0)
[ 79.062390][ T8008] team0: Port device team_slave_1 added
[ 79.160852][ T8008] device hsr_slave_0 entered promiscuous mode
[ 79.197740][ T8008] device hsr_slave_1 entered promiscuous mode
00:38:18 executing program 3:
shmget(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil)
[ 79.306422][ T8013] IPVS: ftp: loaded support on port[0] = 21
[ 79.320069][ T8008] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.327816][ T8008] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.335824][ T8008] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.342988][ T8008] bridge0: port 1(bridge_slave_0) entered forwarding state
00:38:18 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff0000/0xe000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000fef000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x7000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)="ab", 0x1}, 0x68)
[ 79.504147][ T8015] IPVS: ftp: loaded support on port[0] = 21
[ 79.520483][ T8011] chnl_net:caif_netlink_parms(): no params data found
[ 79.595347][ T8008] 8021q: adding VLAN 0 to HW filter on device bond0
00:38:18 executing program 5:
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, 0x0)
syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c0908040c", 0x7d}], 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
[ 79.684261][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 79.698675][ T2876] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.731778][ T2876] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.751703][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 79.794898][ T8008] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.822815][ T8011] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.832371][ T8011] bridge0: port 1(bridge_slave_0) entered disabled state
[ 79.840255][ T8011] device bridge_slave_0 entered promiscuous mode
[ 79.856596][ T8011] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.863871][ T8011] bridge0: port 2(bridge_slave_1) entered disabled state
[ 79.871616][ T8011] device bridge_slave_1 entered promiscuous mode
[ 79.888093][ T8023] IPVS: ftp: loaded support on port[0] = 21
[ 79.895721][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 79.904377][ T2876] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.911527][ T2876] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.921059][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 79.929774][ T2876] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.936801][ T2876] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.965254][ T8015] chnl_net:caif_netlink_parms(): no params data found
[ 80.010105][ T8013] chnl_net:caif_netlink_parms(): no params data found
[ 80.011790][ T8020] IPVS: ftp: loaded support on port[0] = 21
[ 80.028493][ T8011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.042725][ T8011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.052366][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 80.062422][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 80.071310][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 80.080000][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 80.144253][ T8011] team0: Port device team_slave_0 added
[ 80.151906][ T8011] team0: Port device team_slave_1 added
[ 80.160045][ T8017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 80.168996][ T8017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 80.212907][ T8015] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.220136][ T8015] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.228193][ T8015] device bridge_slave_0 entered promiscuous mode
[ 80.235692][ T8015] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.243005][ T8015] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.250959][ T8015] device bridge_slave_1 entered promiscuous mode
[ 80.261491][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 80.269995][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 80.279566][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 80.288459][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 80.298677][ T8008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 80.313637][ T8013] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.321223][ T8013] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.329199][ T8013] device bridge_slave_0 entered promiscuous mode
[ 80.341531][ T8013] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.348828][ T8013] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.356753][ T8013] device bridge_slave_1 entered promiscuous mode
[ 80.371346][ T8015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.399905][ T8015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.410004][ T8023] chnl_net:caif_netlink_parms(): no params data found
[ 80.470098][ T8023] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.477190][ T8023] bridge0: port 1(bridge_slave_0) entered disabled state
[ 80.485438][ T8023] device bridge_slave_0 entered promiscuous mode
[ 80.495354][ T8013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.506625][ T8013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 80.551045][ T8011] device hsr_slave_0 entered promiscuous mode
[ 80.607907][ T8011] device hsr_slave_1 entered promiscuous mode
[ 80.667460][ T8011] debugfs: Directory 'hsr0' with parent '/' already present!
[ 80.694521][ T8008] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.713855][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.721259][ T8023] bridge0: port 2(bridge_slave_1) entered disabled state
[ 80.729085][ T8023] device bridge_slave_1 entered promiscuous mode
[ 80.747774][ T8015] team0: Port device team_slave_0 added
[ 80.822355][ T8015] team0: Port device team_slave_1 added
[ 80.843627][ T8023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 80.859328][ T8013] team0: Port device team_slave_0 added
[ 80.903629][ T8015] device hsr_slave_0 entered promiscuous mode
[ 80.937658][ T8015] device hsr_slave_1 entered promiscuous mode
[ 80.952111][ T8034] XFS (loop0): Mounting V4 Filesystem
[ 80.974935][ T8034] XFS (loop0): empty log check failed
[ 80.977429][ T8015] debugfs: Directory 'hsr0' with parent '/' already present!
[ 80.985246][ T8034] XFS (loop0): log mount/recovery failed: error -5
[ 80.994677][ T8023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 81.009430][ T8020] chnl_net:caif_netlink_parms(): no params data found
[ 81.022547][ T8013] team0: Port device team_slave_1 added
[ 81.027957][ T8034] XFS (loop0): log mount failed
[ 81.109443][ T8013] device hsr_slave_0 entered promiscuous mode
[ 81.148232][ T8013] device hsr_slave_1 entered promiscuous mode
[ 81.187691][ T8013] debugfs: Directory 'hsr0' with parent '/' already present!
[ 81.200176][ T8023] team0: Port device team_slave_0 added
[ 81.235772][ T8023] team0: Port device team_slave_1 added
[ 81.258429][ T8020] bridge0: port 1(bridge_slave_0) entered blocking state
[ 81.265633][ T8020] bridge0: port 1(bridge_slave_0) entered disabled state
[ 81.274104][ T8020] device bridge_slave_0 entered promiscuous mode
[ 81.282337][ T8020] bridge0: port 2(bridge_slave_1) entered blocking state
[ 81.289776][ T8020] bridge0: port 2(bridge_slave_1) entered disabled state
[ 81.298184][ T8020] device bridge_slave_1 entered promiscuous mode
[ 81.316950][ T8020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 81.379352][ T8023] device hsr_slave_0 entered promiscuous mode
[ 81.414868][ T8034] XFS (loop0): Mounting V4 Filesystem
[ 81.421115][ T8023] device hsr_slave_1 entered promiscuous mode
[ 81.467448][ T8023] debugfs: Directory 'hsr0' with parent '/' already present!
[ 81.467838][ T8034] ==================================================================
[ 81.483155][ T8034] BUG: KASAN: use-after-free in xlog_alloc_log+0x102b/0x11f0
[ 81.490539][ T8034] Read of size 8 at addr ffff8880a9072090 by task syz-executor.0/8034
[ 81.498700][ T8034]
[ 81.501050][ T8034] CPU: 1 PID: 8034 Comm: syz-executor.0 Not tainted 5.2.0+ #28
[ 81.508684][ T8034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 81.514301][ T8023] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.518738][ T8034] Call Trace:
[ 81.518762][ T8034] dump_stack+0x1d8/0x2f8
[ 81.518780][ T8034] print_address_description+0x75/0x5b0
[ 81.518791][ T8034] ? log_buf_vmcoreinfo_setup+0x153/0x153
[ 81.518805][ T8034] ? __kasan_report+0xbf/0x1c0
[ 81.533052][ T8023] 8021q: adding VLAN 0 to HW filter on device team0
[ 81.538622][ T8034] __kasan_report+0x14b/0x1c0
[ 81.538637][ T8034] ? xlog_alloc_log+0x102b/0x11f0
[ 81.538648][ T8034] kasan_report+0x26/0x50
[ 81.538662][ T8034] __asan_report_load8_noabort+0x14/0x20
[ 81.566186][ T8023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 81.570407][ T8034] xlog_alloc_log+0x102b/0x11f0
[ 81.570428][ T8034] xfs_log_mount+0xc6/0x750
[ 81.570441][ T8034] xfs_mountfs+0xcc4/0x1d50
[ 81.570461][ T8034] ? xfs_default_resblks+0x70/0x70
[ 81.589139][ T8023] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.592813][ T8034] ? xfs_mru_cache_create+0x479/0x5c0
[ 81.592836][ T8034] xfs_fs_fill_super+0x1035/0x1480
[ 81.602425][ T8034] mount_bdev+0x31c/0x440
[ 81.602438][ T8034] ? xfs_fs_mount+0x40/0x40
[ 81.628476][ T8034] xfs_fs_mount+0x34/0x40
[ 81.632828][ T8034] legacy_get_tree+0xf9/0x1a0
[ 81.637521][ T8034] ? xfs_destroy_zones+0x310/0x310
[ 81.642656][ T8034] vfs_get_tree+0x8f/0x360
[ 81.647095][ T8034] do_mount+0x1813/0x2730
[ 81.651450][ T8034] ? check_preemption_disabled+0x47/0x2a0
[ 81.657206][ T8034] ? copy_mount_string+0x30/0x30
[ 81.662160][ T8034] ? rcu_read_lock_sched_held+0x127/0x1c0
[ 81.667978][ T8034] ? trace_kmalloc+0xcd/0x130
[ 81.667993][ T8034] ? kmem_cache_alloc_trace+0x23a/0x2f0
[ 81.668010][ T8034] ? copy_mount_options+0x5f/0x370
[ 81.678315][ T8034] ? copy_mount_options+0x2d8/0x370
[ 81.678327][ T8034] ksys_mount+0xcc/0x100
[ 81.678339][ T8034] __x64_sys_mount+0xbf/0xd0
[ 81.678353][ T8034] do_syscall_64+0xfe/0x140
[ 81.702242][ T8034] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 81.702254][ T8034] RIP: 0033:0x45c26a
[ 81.702267][ T8034] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00
[ 81.702272][ T8034] RSP: 002b:00007ff915153a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 81.712141][ T8034] RAX: ffffffffffffffda RBX: 00007ff915153b40 RCX: 000000000045c26a
[ 81.712147][ T8034] RDX: 00007ff915153ae0 RSI: 0000000020000000 RDI: 00007ff915153b00
[ 81.712152][ T8034] RBP: 0000000000000001 R08: 00007ff915153b40 R09: 00007ff915153ae0
[ 81.712157][ T8034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
[ 81.712163][ T8034] R13: 00000000004c88f7 R14: 00000000004df540 R15: 00000000ffffffff
[ 81.712188][ T8034]
[ 81.768069][ T8013] 8021q: adding VLAN 0 to HW filter on device bond0
[ 81.772162][ T8034] Allocated by task 8034:
[ 81.772183][ T8034] __kasan_kmalloc+0x11c/0x1b0
[ 81.772192][ T8034] kasan_kmalloc+0x9/0x10
[ 81.772200][ T8034] __kmalloc+0x254/0x340
[ 81.772217][ T8034] kmem_alloc+0x5a0/0x6a0
[ 81.788949][ T8013] 8021q: adding VLAN 0 to HW filter on device team0
[ 81.789215][ T8034] xlog_alloc_log+0x488/0x11f0
[ 81.819653][ T8013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 81.822591][ T8034] xfs_log_mount+0xc6/0x750
[ 81.822599][ T8034] xfs_mountfs+0xcc4/0x1d50
[ 81.822608][ T8034] xfs_fs_fill_super+0x1035/0x1480
[ 81.822616][ T8034] mount_bdev+0x31c/0x440
[ 81.822628][ T8034] xfs_fs_mount+0x34/0x40
[ 81.842481][ T8013] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 81.843920][ T8034] legacy_get_tree+0xf9/0x1a0
[ 81.843930][ T8034] vfs_get_tree+0x8f/0x360
[ 81.843940][ T8034] do_mount+0x1813/0x2730
[ 81.843952][ T8034] ksys_mount+0xcc/0x100
[ 81.852604][ T8034] __x64_sys_mount+0xbf/0xd0
[ 81.852616][ T8034] do_syscall_64+0xfe/0x140
[ 81.852628][ T8034] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 81.852632][ T8034]
[ 81.852637][ T8034] Freed by task 8034:
[ 81.852653][ T8034] __kasan_slab_free+0x12a/0x1e0
[ 81.903190][ T8034] kasan_slab_free+0xe/0x10
[ 81.907708][ T8034] kfree+0x115/0x200
[ 81.911610][ T8034] kvfree+0x47/0x50
[ 81.915429][ T8034] xlog_alloc_log+0x1069/0x11f0
[ 81.920283][ T8034] xfs_log_mount+0xc6/0x750
[ 81.920290][ T8034] xfs_mountfs+0xcc4/0x1d50
[ 81.920298][ T8034] xfs_fs_fill_super+0x1035/0x1480
[ 81.920305][ T8034] mount_bdev+0x31c/0x440
[ 81.920312][ T8034] xfs_fs_mount+0x34/0x40
[ 81.920326][ T8034] legacy_get_tree+0xf9/0x1a0
[ 81.934402][ T8034] vfs_get_tree+0x8f/0x360
[ 81.934413][ T8034] do_mount+0x1813/0x2730
[ 81.934422][ T8034] ksys_mount+0xcc/0x100
[ 81.934429][ T8034] __x64_sys_mount+0xbf/0xd0
[ 81.934446][ T8034] do_syscall_64+0xfe/0x140
00:38:20 executing program 2:
fsetxattr$security_smack_entry(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x1fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_tables_names\x00')
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(0xffffffffffffffff, 0xc040564b, &(0x7f0000000100)={0x0, 0x0, 0x3017, 0x0, 0x8001, {0x1, 0x150e4aa1}})
add_key(&(0x7f0000000000)='asymmetric\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
[ 81.969880][ T8034] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 81.975766][ T8034]
[ 81.978121][ T8034] The buggy address belongs to the object at ffff8880a9072000
[ 81.978121][ T8034] which belongs to the cache kmalloc-1k of size 1024
[ 81.992272][ T8034] The buggy address is located 144 bytes inside of
[ 81.992272][ T8034] 1024-byte region [ffff8880a9072000, ffff8880a9072400)
[ 82.005721][ T8034] The buggy address belongs to the page:
[ 82.011358][ T8034] page:ffffea0002a41c80 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0
[ 82.022318][ T8034] flags: 0x1fffc0000010200(slab|head)
[ 82.027676][ T8034] raw: 01fffc0000010200 ffffea00025eb088 ffffea00025fb208 ffff8880aa400c40
[ 82.036235][ T8034] raw: 0000000000000000 ffff8880a9072000 0000000100000007 0000000000000000
[ 82.044790][ T8034] page dumped because: kasan: bad access detected
[ 82.051198][ T8034]
[ 82.053506][ T8034] Memory state around the buggy address:
[ 82.059113][ T8034] ffff8880a9071f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 82.067250][ T8034] ffff8880a9072000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.075302][ T8034] >ffff8880a9072080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.083338][ T8034] ^
[ 82.087902][ T8034] ffff8880a9072100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.095936][ T8034] ffff8880a9072180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.103969][ T8034] ==================================================================
[ 82.112006][ T8034] Disabling lock debugging due to kernel taint
[ 82.122348][ T8020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 82.134741][ T8034] Kernel panic - not syncing: panic_on_warn set ...
[ 82.141377][ T8034] CPU: 1 PID: 8034 Comm: syz-executor.0 Tainted: G B 5.2.0+ #28
[ 82.150408][ T8034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 82.154772][ T8011] 8021q: adding VLAN 0 to HW filter on device bond0
[ 82.160461][ T8034] Call Trace:
[ 82.160484][ T8034] dump_stack+0x1d8/0x2f8
[ 82.160495][ T8034] panic+0x29b/0x7d9
[ 82.160514][ T8034] ? trace_hardirqs_on+0x34/0x80
[ 82.183511][ T8034] ? nmi_panic+0x97/0x97
[ 82.186854][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 82.187758][ T8034] ? ___preempt_schedule+0x16/0x18
[ 82.187770][ T8034] ? trace_hardirqs_on+0x34/0x80
[ 82.187786][ T8034] __kasan_report+0x1bb/0x1c0
[ 82.196814][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 82.200759][ T8034] ? xlog_alloc_log+0x102b/0x11f0
[ 82.200773][ T8034] kasan_report+0x26/0x50
[ 82.200783][ T8034] __asan_report_load8_noabort+0x14/0x20
[ 82.200790][ T8034] xlog_alloc_log+0x102b/0x11f0
[ 82.200802][ T8034] xfs_log_mount+0xc6/0x750
[ 82.200817][ T8034] xfs_mountfs+0xcc4/0x1d50
[ 82.206372][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 82.210493][ T8034] ? xfs_default_resblks+0x70/0x70
[ 82.210501][ T8034] ? xfs_mru_cache_create+0x479/0x5c0
[ 82.210515][ T8034] xfs_fs_fill_super+0x1035/0x1480
[ 82.210529][ T8034] mount_bdev+0x31c/0x440
[ 82.210541][ T8034] ? xfs_fs_mount+0x40/0x40
[ 82.218928][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 82.223250][ T8034] xfs_fs_mount+0x34/0x40
[ 82.223265][ T8034] legacy_get_tree+0xf9/0x1a0
[ 82.223272][ T8034] ? xfs_destroy_zones+0x310/0x310
[ 82.223285][ T8034] vfs_get_tree+0x8f/0x360
[ 82.228334][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 82.233226][ T8034] do_mount+0x1813/0x2730
[ 82.233238][ T8034] ? check_preemption_disabled+0x47/0x2a0
[ 82.233249][ T8034] ? copy_mount_string+0x30/0x30
[ 82.233258][ T8034] ? rcu_read_lock_sched_held+0x127/0x1c0
[ 82.233273][ T8034] ? trace_kmalloc+0xcd/0x130
[ 82.338655][ T8034] ? kmem_cache_alloc_trace+0x23a/0x2f0
[ 82.344179][ T8034] ? copy_mount_options+0x5f/0x370
[ 82.349272][ T8034] ? copy_mount_options+0x2d8/0x370
[ 82.354444][ T8034] ksys_mount+0xcc/0x100
[ 82.358698][ T8034] __x64_sys_mount+0xbf/0xd0
[ 82.363290][ T8034] do_syscall_64+0xfe/0x140
[ 82.367781][ T8034] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 82.373736][ T8034] RIP: 0033:0x45c26a
[ 82.377610][ T8034] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00
[ 82.397197][ T8034] RSP: 002b:00007ff915153a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 82.405588][ T8034] RAX: ffffffffffffffda RBX: 00007ff915153b40 RCX: 000000000045c26a
[ 82.413535][ T8034] RDX: 00007ff915153ae0 RSI: 0000000020000000 RDI: 00007ff915153b00
[ 82.421484][ T8034] RBP: 0000000000000001 R08: 00007ff915153b40 R09: 00007ff915153ae0
[ 82.429435][ T8034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
[ 82.437386][ T8034] R13: 00000000004c88f7 R14: 00000000004df540 R15: 00000000ffffffff
[ 82.446595][ T8034] Kernel Offset: disabled
[ 82.450935][ T8034] Rebooting in 86400 seconds..