[   41.654050][   T26] audit: type=1800 audit(1563151060.442:26): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   41.700347][   T26] audit: type=1800 audit(1563151060.442:27): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   41.741860][   T26] audit: type=1800 audit(1563151060.442:28): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   42.436486][   T26] audit: type=1800 audit(1563151061.262:29): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts.
2019/07/15 00:37:51 fuzzer started
2019/07/15 00:37:54 dialing manager at 10.128.0.26:39541
2019/07/15 00:37:54 syscalls: 2465
2019/07/15 00:37:54 code coverage: enabled
2019/07/15 00:37:54 comparison tracing: enabled
2019/07/15 00:37:54 extra coverage: extra coverage is not supported by the kernel
2019/07/15 00:37:54 setuid sandbox: enabled
2019/07/15 00:37:54 namespace sandbox: enabled
2019/07/15 00:37:54 Android sandbox: /sys/fs/selinux/policy does not exist
2019/07/15 00:37:54 fault injection: enabled
2019/07/15 00:37:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/07/15 00:37:54 net packet injection: enabled
2019/07/15 00:37:54 net device setup: enabled
00:38:17 executing program 0:
syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c0908040c", 0x7d}], 0x0, 0x0)

syzkaller login: [   78.725786][ T8008] IPVS: ftp: loaded support on port[0] = 21
00:38:17 executing program 1:
fsetxattr$security_smack_entry(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x1fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_tables_names\x00')
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(0xffffffffffffffff, 0xc040564b, &(0x7f0000000100)={0x0, 0x0, 0x3017, 0x0, 0x8001, {0x1, 0x150e4aa1}})
creat(&(0x7f0000000040)='./file0\x00', 0x2)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0)

[   78.841396][ T8008] chnl_net:caif_netlink_parms(): no params data found
[   78.918986][ T8008] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.927754][ T8008] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.935946][ T8008] device bridge_slave_0 entered promiscuous mode
[   78.968001][ T8008] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.975280][ T8008] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.984675][ T8008] device bridge_slave_1 entered promiscuous mode
[   79.008752][ T8008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.021885][ T8008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.025070][ T8011] IPVS: ftp: loaded support on port[0] = 21
[   79.052070][ T8008] team0: Port device team_slave_0 added
00:38:17 executing program 2:
semctl$GETNCNT(0x0, 0x0, 0x2, 0x0)

[   79.062390][ T8008] team0: Port device team_slave_1 added
[   79.160852][ T8008] device hsr_slave_0 entered promiscuous mode
[   79.197740][ T8008] device hsr_slave_1 entered promiscuous mode
00:38:18 executing program 3:
shmget(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil)

[   79.306422][ T8013] IPVS: ftp: loaded support on port[0] = 21
[   79.320069][ T8008] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.327816][ T8008] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.335824][ T8008] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.342988][ T8008] bridge0: port 1(bridge_slave_0) entered forwarding state
00:38:18 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff0000/0xe000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000fef000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x7000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)="ab", 0x1}, 0x68)

[   79.504147][ T8015] IPVS: ftp: loaded support on port[0] = 21
[   79.520483][ T8011] chnl_net:caif_netlink_parms(): no params data found
[   79.595347][ T8008] 8021q: adding VLAN 0 to HW filter on device bond0
00:38:18 executing program 5:
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, 0x0)
syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c0908040c", 0x7d}], 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)

[   79.684261][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.698675][ T2876] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.731778][ T2876] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.751703][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   79.794898][ T8008] 8021q: adding VLAN 0 to HW filter on device team0
[   79.822815][ T8011] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.832371][ T8011] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.840255][ T8011] device bridge_slave_0 entered promiscuous mode
[   79.856596][ T8011] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.863871][ T8011] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.871616][ T8011] device bridge_slave_1 entered promiscuous mode
[   79.888093][ T8023] IPVS: ftp: loaded support on port[0] = 21
[   79.895721][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   79.904377][ T2876] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.911527][ T2876] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.921059][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   79.929774][ T2876] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.936801][ T2876] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.965254][ T8015] chnl_net:caif_netlink_parms(): no params data found
[   80.010105][ T8013] chnl_net:caif_netlink_parms(): no params data found
[   80.011790][ T8020] IPVS: ftp: loaded support on port[0] = 21
[   80.028493][ T8011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.042725][ T8011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.052366][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   80.062422][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   80.071310][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   80.080000][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   80.144253][ T8011] team0: Port device team_slave_0 added
[   80.151906][ T8011] team0: Port device team_slave_1 added
[   80.160045][ T8017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   80.168996][ T8017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   80.212907][ T8015] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.220136][ T8015] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.228193][ T8015] device bridge_slave_0 entered promiscuous mode
[   80.235692][ T8015] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.243005][ T8015] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.250959][ T8015] device bridge_slave_1 entered promiscuous mode
[   80.261491][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   80.269995][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   80.279566][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   80.288459][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   80.298677][ T8008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.313637][ T8013] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.321223][ T8013] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.329199][ T8013] device bridge_slave_0 entered promiscuous mode
[   80.341531][ T8013] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.348828][ T8013] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.356753][ T8013] device bridge_slave_1 entered promiscuous mode
[   80.371346][ T8015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.399905][ T8015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.410004][ T8023] chnl_net:caif_netlink_parms(): no params data found
[   80.470098][ T8023] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.477190][ T8023] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.485438][ T8023] device bridge_slave_0 entered promiscuous mode
[   80.495354][ T8013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.506625][ T8013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.551045][ T8011] device hsr_slave_0 entered promiscuous mode
[   80.607907][ T8011] device hsr_slave_1 entered promiscuous mode
[   80.667460][ T8011] debugfs: Directory 'hsr0' with parent '/' already present!
[   80.694521][ T8008] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.713855][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.721259][ T8023] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.729085][ T8023] device bridge_slave_1 entered promiscuous mode
[   80.747774][ T8015] team0: Port device team_slave_0 added
[   80.822355][ T8015] team0: Port device team_slave_1 added
[   80.843627][ T8023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.859328][ T8013] team0: Port device team_slave_0 added
[   80.903629][ T8015] device hsr_slave_0 entered promiscuous mode
[   80.937658][ T8015] device hsr_slave_1 entered promiscuous mode
[   80.952111][ T8034] XFS (loop0): Mounting V4 Filesystem
[   80.974935][ T8034] XFS (loop0): empty log check failed
[   80.977429][ T8015] debugfs: Directory 'hsr0' with parent '/' already present!
[   80.985246][ T8034] XFS (loop0): log mount/recovery failed: error -5
[   80.994677][ T8023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.009430][ T8020] chnl_net:caif_netlink_parms(): no params data found
[   81.022547][ T8013] team0: Port device team_slave_1 added
[   81.027957][ T8034] XFS (loop0): log mount failed
[   81.109443][ T8013] device hsr_slave_0 entered promiscuous mode
[   81.148232][ T8013] device hsr_slave_1 entered promiscuous mode
[   81.187691][ T8013] debugfs: Directory 'hsr0' with parent '/' already present!
[   81.200176][ T8023] team0: Port device team_slave_0 added
[   81.235772][ T8023] team0: Port device team_slave_1 added
[   81.258429][ T8020] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.265633][ T8020] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.274104][ T8020] device bridge_slave_0 entered promiscuous mode
[   81.282337][ T8020] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.289776][ T8020] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.298184][ T8020] device bridge_slave_1 entered promiscuous mode
[   81.316950][ T8020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.379352][ T8023] device hsr_slave_0 entered promiscuous mode
[   81.414868][ T8034] XFS (loop0): Mounting V4 Filesystem
[   81.421115][ T8023] device hsr_slave_1 entered promiscuous mode
[   81.467448][ T8023] debugfs: Directory 'hsr0' with parent '/' already present!
[   81.467838][ T8034] ==================================================================
[   81.483155][ T8034] BUG: KASAN: use-after-free in xlog_alloc_log+0x102b/0x11f0
[   81.490539][ T8034] Read of size 8 at addr ffff8880a9072090 by task syz-executor.0/8034
[   81.498700][ T8034] 
[   81.501050][ T8034] CPU: 1 PID: 8034 Comm: syz-executor.0 Not tainted 5.2.0+ #28
[   81.508684][ T8034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   81.514301][ T8023] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.518738][ T8034] Call Trace:
[   81.518762][ T8034]  dump_stack+0x1d8/0x2f8
[   81.518780][ T8034]  print_address_description+0x75/0x5b0
[   81.518791][ T8034]  ? log_buf_vmcoreinfo_setup+0x153/0x153
[   81.518805][ T8034]  ? __kasan_report+0xbf/0x1c0
[   81.533052][ T8023] 8021q: adding VLAN 0 to HW filter on device team0
[   81.538622][ T8034]  __kasan_report+0x14b/0x1c0
[   81.538637][ T8034]  ? xlog_alloc_log+0x102b/0x11f0
[   81.538648][ T8034]  kasan_report+0x26/0x50
[   81.538662][ T8034]  __asan_report_load8_noabort+0x14/0x20
[   81.566186][ T8023] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   81.570407][ T8034]  xlog_alloc_log+0x102b/0x11f0
[   81.570428][ T8034]  xfs_log_mount+0xc6/0x750
[   81.570441][ T8034]  xfs_mountfs+0xcc4/0x1d50
[   81.570461][ T8034]  ? xfs_default_resblks+0x70/0x70
[   81.589139][ T8023] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.592813][ T8034]  ? xfs_mru_cache_create+0x479/0x5c0
[   81.592836][ T8034]  xfs_fs_fill_super+0x1035/0x1480
[   81.602425][ T8034]  mount_bdev+0x31c/0x440
[   81.602438][ T8034]  ? xfs_fs_mount+0x40/0x40
[   81.628476][ T8034]  xfs_fs_mount+0x34/0x40
[   81.632828][ T8034]  legacy_get_tree+0xf9/0x1a0
[   81.637521][ T8034]  ? xfs_destroy_zones+0x310/0x310
[   81.642656][ T8034]  vfs_get_tree+0x8f/0x360
[   81.647095][ T8034]  do_mount+0x1813/0x2730
[   81.651450][ T8034]  ? check_preemption_disabled+0x47/0x2a0
[   81.657206][ T8034]  ? copy_mount_string+0x30/0x30
[   81.662160][ T8034]  ? rcu_read_lock_sched_held+0x127/0x1c0
[   81.667978][ T8034]  ? trace_kmalloc+0xcd/0x130
[   81.667993][ T8034]  ? kmem_cache_alloc_trace+0x23a/0x2f0
[   81.668010][ T8034]  ? copy_mount_options+0x5f/0x370
[   81.678315][ T8034]  ? copy_mount_options+0x2d8/0x370
[   81.678327][ T8034]  ksys_mount+0xcc/0x100
[   81.678339][ T8034]  __x64_sys_mount+0xbf/0xd0
[   81.678353][ T8034]  do_syscall_64+0xfe/0x140
[   81.702242][ T8034]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.702254][ T8034] RIP: 0033:0x45c26a
[   81.702267][ T8034] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00
[   81.702272][ T8034] RSP: 002b:00007ff915153a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   81.712141][ T8034] RAX: ffffffffffffffda RBX: 00007ff915153b40 RCX: 000000000045c26a
[   81.712147][ T8034] RDX: 00007ff915153ae0 RSI: 0000000020000000 RDI: 00007ff915153b00
[   81.712152][ T8034] RBP: 0000000000000001 R08: 00007ff915153b40 R09: 00007ff915153ae0
[   81.712157][ T8034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
[   81.712163][ T8034] R13: 00000000004c88f7 R14: 00000000004df540 R15: 00000000ffffffff
[   81.712188][ T8034] 
[   81.768069][ T8013] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.772162][ T8034] Allocated by task 8034:
[   81.772183][ T8034]  __kasan_kmalloc+0x11c/0x1b0
[   81.772192][ T8034]  kasan_kmalloc+0x9/0x10
[   81.772200][ T8034]  __kmalloc+0x254/0x340
[   81.772217][ T8034]  kmem_alloc+0x5a0/0x6a0
[   81.788949][ T8013] 8021q: adding VLAN 0 to HW filter on device team0
[   81.789215][ T8034]  xlog_alloc_log+0x488/0x11f0
[   81.819653][ T8013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   81.822591][ T8034]  xfs_log_mount+0xc6/0x750
[   81.822599][ T8034]  xfs_mountfs+0xcc4/0x1d50
[   81.822608][ T8034]  xfs_fs_fill_super+0x1035/0x1480
[   81.822616][ T8034]  mount_bdev+0x31c/0x440
[   81.822628][ T8034]  xfs_fs_mount+0x34/0x40
[   81.842481][ T8013] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.843920][ T8034]  legacy_get_tree+0xf9/0x1a0
[   81.843930][ T8034]  vfs_get_tree+0x8f/0x360
[   81.843940][ T8034]  do_mount+0x1813/0x2730
[   81.843952][ T8034]  ksys_mount+0xcc/0x100
[   81.852604][ T8034]  __x64_sys_mount+0xbf/0xd0
[   81.852616][ T8034]  do_syscall_64+0xfe/0x140
[   81.852628][ T8034]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.852632][ T8034] 
[   81.852637][ T8034] Freed by task 8034:
[   81.852653][ T8034]  __kasan_slab_free+0x12a/0x1e0
[   81.903190][ T8034]  kasan_slab_free+0xe/0x10
[   81.907708][ T8034]  kfree+0x115/0x200
[   81.911610][ T8034]  kvfree+0x47/0x50
[   81.915429][ T8034]  xlog_alloc_log+0x1069/0x11f0
[   81.920283][ T8034]  xfs_log_mount+0xc6/0x750
[   81.920290][ T8034]  xfs_mountfs+0xcc4/0x1d50
[   81.920298][ T8034]  xfs_fs_fill_super+0x1035/0x1480
[   81.920305][ T8034]  mount_bdev+0x31c/0x440
[   81.920312][ T8034]  xfs_fs_mount+0x34/0x40
[   81.920326][ T8034]  legacy_get_tree+0xf9/0x1a0
[   81.934402][ T8034]  vfs_get_tree+0x8f/0x360
[   81.934413][ T8034]  do_mount+0x1813/0x2730
[   81.934422][ T8034]  ksys_mount+0xcc/0x100
[   81.934429][ T8034]  __x64_sys_mount+0xbf/0xd0
[   81.934446][ T8034]  do_syscall_64+0xfe/0x140
00:38:20 executing program 2:
fsetxattr$security_smack_entry(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x1fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_tables_names\x00')
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(0xffffffffffffffff, 0xc040564b, &(0x7f0000000100)={0x0, 0x0, 0x3017, 0x0, 0x8001, {0x1, 0x150e4aa1}})
add_key(&(0x7f0000000000)='asymmetric\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)

[   81.969880][ T8034]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   81.975766][ T8034] 
[   81.978121][ T8034] The buggy address belongs to the object at ffff8880a9072000
[   81.978121][ T8034]  which belongs to the cache kmalloc-1k of size 1024
[   81.992272][ T8034] The buggy address is located 144 bytes inside of
[   81.992272][ T8034]  1024-byte region [ffff8880a9072000, ffff8880a9072400)
[   82.005721][ T8034] The buggy address belongs to the page:
[   82.011358][ T8034] page:ffffea0002a41c80 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0
[   82.022318][ T8034] flags: 0x1fffc0000010200(slab|head)
[   82.027676][ T8034] raw: 01fffc0000010200 ffffea00025eb088 ffffea00025fb208 ffff8880aa400c40
[   82.036235][ T8034] raw: 0000000000000000 ffff8880a9072000 0000000100000007 0000000000000000
[   82.044790][ T8034] page dumped because: kasan: bad access detected
[   82.051198][ T8034] 
[   82.053506][ T8034] Memory state around the buggy address:
[   82.059113][ T8034]  ffff8880a9071f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.067250][ T8034]  ffff8880a9072000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   82.075302][ T8034] >ffff8880a9072080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   82.083338][ T8034]                          ^
[   82.087902][ T8034]  ffff8880a9072100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   82.095936][ T8034]  ffff8880a9072180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   82.103969][ T8034] ==================================================================
[   82.112006][ T8034] Disabling lock debugging due to kernel taint
[   82.122348][ T8020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.134741][ T8034] Kernel panic - not syncing: panic_on_warn set ...
[   82.141377][ T8034] CPU: 1 PID: 8034 Comm: syz-executor.0 Tainted: G    B             5.2.0+ #28
[   82.150408][ T8034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   82.154772][ T8011] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.160461][ T8034] Call Trace:
[   82.160484][ T8034]  dump_stack+0x1d8/0x2f8
[   82.160495][ T8034]  panic+0x29b/0x7d9
[   82.160514][ T8034]  ? trace_hardirqs_on+0x34/0x80
[   82.183511][ T8034]  ? nmi_panic+0x97/0x97
[   82.186854][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   82.187758][ T8034]  ? ___preempt_schedule+0x16/0x18
[   82.187770][ T8034]  ? trace_hardirqs_on+0x34/0x80
[   82.187786][ T8034]  __kasan_report+0x1bb/0x1c0
[   82.196814][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   82.200759][ T8034]  ? xlog_alloc_log+0x102b/0x11f0
[   82.200773][ T8034]  kasan_report+0x26/0x50
[   82.200783][ T8034]  __asan_report_load8_noabort+0x14/0x20
[   82.200790][ T8034]  xlog_alloc_log+0x102b/0x11f0
[   82.200802][ T8034]  xfs_log_mount+0xc6/0x750
[   82.200817][ T8034]  xfs_mountfs+0xcc4/0x1d50
[   82.206372][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   82.210493][ T8034]  ? xfs_default_resblks+0x70/0x70
[   82.210501][ T8034]  ? xfs_mru_cache_create+0x479/0x5c0
[   82.210515][ T8034]  xfs_fs_fill_super+0x1035/0x1480
[   82.210529][ T8034]  mount_bdev+0x31c/0x440
[   82.210541][ T8034]  ? xfs_fs_mount+0x40/0x40
[   82.218928][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   82.223250][ T8034]  xfs_fs_mount+0x34/0x40
[   82.223265][ T8034]  legacy_get_tree+0xf9/0x1a0
[   82.223272][ T8034]  ? xfs_destroy_zones+0x310/0x310
[   82.223285][ T8034]  vfs_get_tree+0x8f/0x360
[   82.228334][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   82.233226][ T8034]  do_mount+0x1813/0x2730
[   82.233238][ T8034]  ? check_preemption_disabled+0x47/0x2a0
[   82.233249][ T8034]  ? copy_mount_string+0x30/0x30
[   82.233258][ T8034]  ? rcu_read_lock_sched_held+0x127/0x1c0
[   82.233273][ T8034]  ? trace_kmalloc+0xcd/0x130
[   82.338655][ T8034]  ? kmem_cache_alloc_trace+0x23a/0x2f0
[   82.344179][ T8034]  ? copy_mount_options+0x5f/0x370
[   82.349272][ T8034]  ? copy_mount_options+0x2d8/0x370
[   82.354444][ T8034]  ksys_mount+0xcc/0x100
[   82.358698][ T8034]  __x64_sys_mount+0xbf/0xd0
[   82.363290][ T8034]  do_syscall_64+0xfe/0x140
[   82.367781][ T8034]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   82.373736][ T8034] RIP: 0033:0x45c26a
[   82.377610][ T8034] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00
[   82.397197][ T8034] RSP: 002b:00007ff915153a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   82.405588][ T8034] RAX: ffffffffffffffda RBX: 00007ff915153b40 RCX: 000000000045c26a
[   82.413535][ T8034] RDX: 00007ff915153ae0 RSI: 0000000020000000 RDI: 00007ff915153b00
[   82.421484][ T8034] RBP: 0000000000000001 R08: 00007ff915153b40 R09: 00007ff915153ae0
[   82.429435][ T8034] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
[   82.437386][ T8034] R13: 00000000004c88f7 R14: 00000000004df540 R15: 00000000ffffffff
[   82.446595][ T8034] Kernel Offset: disabled
[   82.450935][ T8034] Rebooting in 86400 seconds..