[ 41.654050][ T26] audit: type=1800 audit(1563151060.442:26): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 41.700347][ T26] audit: type=1800 audit(1563151060.442:27): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 41.741860][ T26] audit: type=1800 audit(1563151060.442:28): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 42.436486][ T26] audit: type=1800 audit(1563151061.262:29): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts. 2019/07/15 00:37:51 fuzzer started 2019/07/15 00:37:54 dialing manager at 10.128.0.26:39541 2019/07/15 00:37:54 syscalls: 2465 2019/07/15 00:37:54 code coverage: enabled 2019/07/15 00:37:54 comparison tracing: enabled 2019/07/15 00:37:54 extra coverage: extra coverage is not supported by the kernel 2019/07/15 00:37:54 setuid sandbox: enabled 2019/07/15 00:37:54 namespace sandbox: enabled 2019/07/15 00:37:54 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/15 00:37:54 fault injection: enabled 2019/07/15 00:37:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/15 00:37:54 net packet injection: enabled 2019/07/15 00:37:54 net device setup: enabled 00:38:17 executing program 0: syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c0908040c", 0x7d}], 0x0, 0x0) syzkaller login: [ 78.725786][ T8008] IPVS: ftp: loaded support on port[0] = 21 00:38:17 executing program 1: fsetxattr$security_smack_entry(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x1fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_tables_names\x00') ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(0xffffffffffffffff, 0xc040564b, &(0x7f0000000100)={0x0, 0x0, 0x3017, 0x0, 0x8001, {0x1, 0x150e4aa1}}) creat(&(0x7f0000000040)='./file0\x00', 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) [ 78.841396][ T8008] chnl_net:caif_netlink_parms(): no params data found [ 78.918986][ T8008] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.927754][ T8008] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.935946][ T8008] device bridge_slave_0 entered promiscuous mode [ 78.968001][ T8008] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.975280][ T8008] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.984675][ T8008] device bridge_slave_1 entered promiscuous mode [ 79.008752][ T8008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.021885][ T8008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.025070][ T8011] IPVS: ftp: loaded support on port[0] = 21 [ 79.052070][ T8008] team0: Port device team_slave_0 added 00:38:17 executing program 2: semctl$GETNCNT(0x0, 0x0, 0x2, 0x0) [ 79.062390][ T8008] team0: Port device team_slave_1 added [ 79.160852][ T8008] device hsr_slave_0 entered promiscuous mode [ 79.197740][ T8008] device hsr_slave_1 entered promiscuous mode 00:38:18 executing program 3: shmget(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) [ 79.306422][ T8013] IPVS: ftp: loaded support on port[0] = 21 [ 79.320069][ T8008] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.327816][ T8008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.335824][ T8008] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.342988][ T8008] bridge0: port 1(bridge_slave_0) entered forwarding state 00:38:18 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff0000/0xe000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000fef000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x7000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)="ab", 0x1}, 0x68) [ 79.504147][ T8015] IPVS: ftp: loaded support on port[0] = 21 [ 79.520483][ T8011] chnl_net:caif_netlink_parms(): no params data found [ 79.595347][ T8008] 8021q: adding VLAN 0 to HW filter on device bond0 00:38:18 executing program 5: ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, 0x0) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c0908040c", 0x7d}], 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) [ 79.684261][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.698675][ T2876] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.731778][ T2876] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.751703][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 79.794898][ T8008] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.822815][ T8011] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.832371][ T8011] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.840255][ T8011] device bridge_slave_0 entered promiscuous mode [ 79.856596][ T8011] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.863871][ T8011] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.871616][ T8011] device bridge_slave_1 entered promiscuous mode [ 79.888093][ T8023] IPVS: ftp: loaded support on port[0] = 21 [ 79.895721][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.904377][ T2876] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.911527][ T2876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.921059][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.929774][ T2876] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.936801][ T2876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.965254][ T8015] chnl_net:caif_netlink_parms(): no params data found [ 80.010105][ T8013] chnl_net:caif_netlink_parms(): no params data found [ 80.011790][ T8020] IPVS: ftp: loaded support on port[0] = 21 [ 80.028493][ T8011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.042725][ T8011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.052366][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.062422][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.071310][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.080000][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.144253][ T8011] team0: Port device team_slave_0 added [ 80.151906][ T8011] team0: Port device team_slave_1 added [ 80.160045][ T8017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.168996][ T8017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.212907][ T8015] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.220136][ T8015] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.228193][ T8015] device bridge_slave_0 entered promiscuous mode [ 80.235692][ T8015] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.243005][ T8015] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.250959][ T8015] device bridge_slave_1 entered promiscuous mode [ 80.261491][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.269995][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.279566][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.288459][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.298677][ T8008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.313637][ T8013] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.321223][ T8013] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.329199][ T8013] device bridge_slave_0 entered promiscuous mode [ 80.341531][ T8013] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.348828][ T8013] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.356753][ T8013] device bridge_slave_1 entered promiscuous mode [ 80.371346][ T8015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.399905][ T8015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.410004][ T8023] chnl_net:caif_netlink_parms(): no params data found [ 80.470098][ T8023] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.477190][ T8023] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.485438][ T8023] device bridge_slave_0 entered promiscuous mode [ 80.495354][ T8013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.506625][ T8013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.551045][ T8011] device hsr_slave_0 entered promiscuous mode [ 80.607907][ T8011] device hsr_slave_1 entered promiscuous mode [ 80.667460][ T8011] debugfs: Directory 'hsr0' with parent '/' already present! [ 80.694521][ T8008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.713855][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.721259][ T8023] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.729085][ T8023] device bridge_slave_1 entered promiscuous mode [ 80.747774][ T8015] team0: Port device team_slave_0 added [ 80.822355][ T8015] team0: Port device team_slave_1 added [ 80.843627][ T8023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.859328][ T8013] team0: Port device team_slave_0 added [ 80.903629][ T8015] device hsr_slave_0 entered promiscuous mode [ 80.937658][ T8015] device hsr_slave_1 entered promiscuous mode [ 80.952111][ T8034] XFS (loop0): Mounting V4 Filesystem [ 80.974935][ T8034] XFS (loop0): empty log check failed [ 80.977429][ T8015] debugfs: Directory 'hsr0' with parent '/' already present! [ 80.985246][ T8034] XFS (loop0): log mount/recovery failed: error -5 [ 80.994677][ T8023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.009430][ T8020] chnl_net:caif_netlink_parms(): no params data found [ 81.022547][ T8013] team0: Port device team_slave_1 added [ 81.027957][ T8034] XFS (loop0): log mount failed [ 81.109443][ T8013] device hsr_slave_0 entered promiscuous mode [ 81.148232][ T8013] device hsr_slave_1 entered promiscuous mode [ 81.187691][ T8013] debugfs: Directory 'hsr0' with parent '/' already present! [ 81.200176][ T8023] team0: Port device team_slave_0 added [ 81.235772][ T8023] team0: Port device team_slave_1 added [ 81.258429][ T8020] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.265633][ T8020] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.274104][ T8020] device bridge_slave_0 entered promiscuous mode [ 81.282337][ T8020] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.289776][ T8020] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.298184][ T8020] device bridge_slave_1 entered promiscuous mode [ 81.316950][ T8020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.379352][ T8023] device hsr_slave_0 entered promiscuous mode [ 81.414868][ T8034] XFS (loop0): Mounting V4 Filesystem [ 81.421115][ T8023] device hsr_slave_1 entered promiscuous mode [ 81.467448][ T8023] debugfs: Directory 'hsr0' with parent '/' already present! [ 81.467838][ T8034] ================================================================== [ 81.483155][ T8034] BUG: KASAN: use-after-free in xlog_alloc_log+0x102b/0x11f0 [ 81.490539][ T8034] Read of size 8 at addr ffff8880a9072090 by task syz-executor.0/8034 [ 81.498700][ T8034] [ 81.501050][ T8034] CPU: 1 PID: 8034 Comm: syz-executor.0 Not tainted 5.2.0+ #28 [ 81.508684][ T8034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.514301][ T8023] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.518738][ T8034] Call Trace: [ 81.518762][ T8034] dump_stack+0x1d8/0x2f8 [ 81.518780][ T8034] print_address_description+0x75/0x5b0 [ 81.518791][ T8034] ? log_buf_vmcoreinfo_setup+0x153/0x153 [ 81.518805][ T8034] ? __kasan_report+0xbf/0x1c0 [ 81.533052][ T8023] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.538622][ T8034] __kasan_report+0x14b/0x1c0 [ 81.538637][ T8034] ? xlog_alloc_log+0x102b/0x11f0 [ 81.538648][ T8034] kasan_report+0x26/0x50 [ 81.538662][ T8034] __asan_report_load8_noabort+0x14/0x20 [ 81.566186][ T8023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.570407][ T8034] xlog_alloc_log+0x102b/0x11f0 [ 81.570428][ T8034] xfs_log_mount+0xc6/0x750 [ 81.570441][ T8034] xfs_mountfs+0xcc4/0x1d50 [ 81.570461][ T8034] ? xfs_default_resblks+0x70/0x70 [ 81.589139][ T8023] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.592813][ T8034] ? xfs_mru_cache_create+0x479/0x5c0 [ 81.592836][ T8034] xfs_fs_fill_super+0x1035/0x1480 [ 81.602425][ T8034] mount_bdev+0x31c/0x440 [ 81.602438][ T8034] ? xfs_fs_mount+0x40/0x40 [ 81.628476][ T8034] xfs_fs_mount+0x34/0x40 [ 81.632828][ T8034] legacy_get_tree+0xf9/0x1a0 [ 81.637521][ T8034] ? xfs_destroy_zones+0x310/0x310 [ 81.642656][ T8034] vfs_get_tree+0x8f/0x360 [ 81.647095][ T8034] do_mount+0x1813/0x2730 [ 81.651450][ T8034] ? check_preemption_disabled+0x47/0x2a0 [ 81.657206][ T8034] ? copy_mount_string+0x30/0x30 [ 81.662160][ T8034] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 81.667978][ T8034] ? trace_kmalloc+0xcd/0x130 [ 81.667993][ T8034] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 81.668010][ T8034] ? copy_mount_options+0x5f/0x370 [ 81.678315][ T8034] ? copy_mount_options+0x2d8/0x370 [ 81.678327][ T8034] ksys_mount+0xcc/0x100 [ 81.678339][ T8034] __x64_sys_mount+0xbf/0xd0 [ 81.678353][ T8034] do_syscall_64+0xfe/0x140 [ 81.702242][ T8034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.702254][ T8034] RIP: 0033:0x45c26a [ 81.702267][ T8034] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 81.702272][ T8034] RSP: 002b:00007ff915153a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 81.712141][ T8034] RAX: ffffffffffffffda RBX: 00007ff915153b40 RCX: 000000000045c26a [ 81.712147][ T8034] RDX: 00007ff915153ae0 RSI: 0000000020000000 RDI: 00007ff915153b00 [ 81.712152][ T8034] RBP: 0000000000000001 R08: 00007ff915153b40 R09: 00007ff915153ae0 [ 81.712157][ T8034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 81.712163][ T8034] R13: 00000000004c88f7 R14: 00000000004df540 R15: 00000000ffffffff [ 81.712188][ T8034] [ 81.768069][ T8013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.772162][ T8034] Allocated by task 8034: [ 81.772183][ T8034] __kasan_kmalloc+0x11c/0x1b0 [ 81.772192][ T8034] kasan_kmalloc+0x9/0x10 [ 81.772200][ T8034] __kmalloc+0x254/0x340 [ 81.772217][ T8034] kmem_alloc+0x5a0/0x6a0 [ 81.788949][ T8013] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.789215][ T8034] xlog_alloc_log+0x488/0x11f0 [ 81.819653][ T8013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.822591][ T8034] xfs_log_mount+0xc6/0x750 [ 81.822599][ T8034] xfs_mountfs+0xcc4/0x1d50 [ 81.822608][ T8034] xfs_fs_fill_super+0x1035/0x1480 [ 81.822616][ T8034] mount_bdev+0x31c/0x440 [ 81.822628][ T8034] xfs_fs_mount+0x34/0x40 [ 81.842481][ T8013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.843920][ T8034] legacy_get_tree+0xf9/0x1a0 [ 81.843930][ T8034] vfs_get_tree+0x8f/0x360 [ 81.843940][ T8034] do_mount+0x1813/0x2730 [ 81.843952][ T8034] ksys_mount+0xcc/0x100 [ 81.852604][ T8034] __x64_sys_mount+0xbf/0xd0 [ 81.852616][ T8034] do_syscall_64+0xfe/0x140 [ 81.852628][ T8034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.852632][ T8034] [ 81.852637][ T8034] Freed by task 8034: [ 81.852653][ T8034] __kasan_slab_free+0x12a/0x1e0 [ 81.903190][ T8034] kasan_slab_free+0xe/0x10 [ 81.907708][ T8034] kfree+0x115/0x200 [ 81.911610][ T8034] kvfree+0x47/0x50 [ 81.915429][ T8034] xlog_alloc_log+0x1069/0x11f0 [ 81.920283][ T8034] xfs_log_mount+0xc6/0x750 [ 81.920290][ T8034] xfs_mountfs+0xcc4/0x1d50 [ 81.920298][ T8034] xfs_fs_fill_super+0x1035/0x1480 [ 81.920305][ T8034] mount_bdev+0x31c/0x440 [ 81.920312][ T8034] xfs_fs_mount+0x34/0x40 [ 81.920326][ T8034] legacy_get_tree+0xf9/0x1a0 [ 81.934402][ T8034] vfs_get_tree+0x8f/0x360 [ 81.934413][ T8034] do_mount+0x1813/0x2730 [ 81.934422][ T8034] ksys_mount+0xcc/0x100 [ 81.934429][ T8034] __x64_sys_mount+0xbf/0xd0 [ 81.934446][ T8034] do_syscall_64+0xfe/0x140 00:38:20 executing program 2: fsetxattr$security_smack_entry(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x1fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_tables_names\x00') ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(0xffffffffffffffff, 0xc040564b, &(0x7f0000000100)={0x0, 0x0, 0x3017, 0x0, 0x8001, {0x1, 0x150e4aa1}}) add_key(&(0x7f0000000000)='asymmetric\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) [ 81.969880][ T8034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.975766][ T8034] [ 81.978121][ T8034] The buggy address belongs to the object at ffff8880a9072000 [ 81.978121][ T8034] which belongs to the cache kmalloc-1k of size 1024 [ 81.992272][ T8034] The buggy address is located 144 bytes inside of [ 81.992272][ T8034] 1024-byte region [ffff8880a9072000, ffff8880a9072400) [ 82.005721][ T8034] The buggy address belongs to the page: [ 82.011358][ T8034] page:ffffea0002a41c80 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0 [ 82.022318][ T8034] flags: 0x1fffc0000010200(slab|head) [ 82.027676][ T8034] raw: 01fffc0000010200 ffffea00025eb088 ffffea00025fb208 ffff8880aa400c40 [ 82.036235][ T8034] raw: 0000000000000000 ffff8880a9072000 0000000100000007 0000000000000000 [ 82.044790][ T8034] page dumped because: kasan: bad access detected [ 82.051198][ T8034] [ 82.053506][ T8034] Memory state around the buggy address: [ 82.059113][ T8034] ffff8880a9071f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.067250][ T8034] ffff8880a9072000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.075302][ T8034] >ffff8880a9072080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.083338][ T8034] ^ [ 82.087902][ T8034] ffff8880a9072100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.095936][ T8034] ffff8880a9072180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.103969][ T8034] ================================================================== [ 82.112006][ T8034] Disabling lock debugging due to kernel taint [ 82.122348][ T8020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.134741][ T8034] Kernel panic - not syncing: panic_on_warn set ... [ 82.141377][ T8034] CPU: 1 PID: 8034 Comm: syz-executor.0 Tainted: G B 5.2.0+ #28 [ 82.150408][ T8034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.154772][ T8011] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.160461][ T8034] Call Trace: [ 82.160484][ T8034] dump_stack+0x1d8/0x2f8 [ 82.160495][ T8034] panic+0x29b/0x7d9 [ 82.160514][ T8034] ? trace_hardirqs_on+0x34/0x80 [ 82.183511][ T8034] ? nmi_panic+0x97/0x97 [ 82.186854][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 82.187758][ T8034] ? ___preempt_schedule+0x16/0x18 [ 82.187770][ T8034] ? trace_hardirqs_on+0x34/0x80 [ 82.187786][ T8034] __kasan_report+0x1bb/0x1c0 [ 82.196814][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.200759][ T8034] ? xlog_alloc_log+0x102b/0x11f0 [ 82.200773][ T8034] kasan_report+0x26/0x50 [ 82.200783][ T8034] __asan_report_load8_noabort+0x14/0x20 [ 82.200790][ T8034] xlog_alloc_log+0x102b/0x11f0 [ 82.200802][ T8034] xfs_log_mount+0xc6/0x750 [ 82.200817][ T8034] xfs_mountfs+0xcc4/0x1d50 [ 82.206372][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 82.210493][ T8034] ? xfs_default_resblks+0x70/0x70 [ 82.210501][ T8034] ? xfs_mru_cache_create+0x479/0x5c0 [ 82.210515][ T8034] xfs_fs_fill_super+0x1035/0x1480 [ 82.210529][ T8034] mount_bdev+0x31c/0x440 [ 82.210541][ T8034] ? xfs_fs_mount+0x40/0x40 [ 82.218928][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 82.223250][ T8034] xfs_fs_mount+0x34/0x40 [ 82.223265][ T8034] legacy_get_tree+0xf9/0x1a0 [ 82.223272][ T8034] ? xfs_destroy_zones+0x310/0x310 [ 82.223285][ T8034] vfs_get_tree+0x8f/0x360 [ 82.228334][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 82.233226][ T8034] do_mount+0x1813/0x2730 [ 82.233238][ T8034] ? check_preemption_disabled+0x47/0x2a0 [ 82.233249][ T8034] ? copy_mount_string+0x30/0x30 [ 82.233258][ T8034] ? rcu_read_lock_sched_held+0x127/0x1c0 [ 82.233273][ T8034] ? trace_kmalloc+0xcd/0x130 [ 82.338655][ T8034] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 82.344179][ T8034] ? copy_mount_options+0x5f/0x370 [ 82.349272][ T8034] ? copy_mount_options+0x2d8/0x370 [ 82.354444][ T8034] ksys_mount+0xcc/0x100 [ 82.358698][ T8034] __x64_sys_mount+0xbf/0xd0 [ 82.363290][ T8034] do_syscall_64+0xfe/0x140 [ 82.367781][ T8034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.373736][ T8034] RIP: 0033:0x45c26a [ 82.377610][ T8034] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 82.397197][ T8034] RSP: 002b:00007ff915153a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 82.405588][ T8034] RAX: ffffffffffffffda RBX: 00007ff915153b40 RCX: 000000000045c26a [ 82.413535][ T8034] RDX: 00007ff915153ae0 RSI: 0000000020000000 RDI: 00007ff915153b00 [ 82.421484][ T8034] RBP: 0000000000000001 R08: 00007ff915153b40 R09: 00007ff915153ae0 [ 82.429435][ T8034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 82.437386][ T8034] R13: 00000000004c88f7 R14: 00000000004df540 R15: 00000000ffffffff [ 82.446595][ T8034] Kernel Offset: disabled [ 82.450935][ T8034] Rebooting in 86400 seconds..