DUID 00:04:cd:7d:74:7d:04:96:3f:c0:f2:1a:da:5a:49:b1:9f:fb
forked to background, child pid 4670
[   32.197927][ T4671] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.207844][ T4671] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.113' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   53.577517][ T4996] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4996 'syz-executor295'
[   53.747826][ T4996] loop0: detected capacity change from 0 to 32768
[   53.770346][ T4996] ==================================================================
[   53.778460][ T4996] BUG: KASAN: slab-out-of-bounds in jfs_readdir+0x3a89/0x4290
[   53.785969][ T4996] Read of size 1 at addr ffff888077af7f75 by task syz-executor295/4996
[   53.794314][ T4996] 
[   53.796767][ T4996] CPU: 1 PID: 4996 Comm: syz-executor295 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[   53.806644][ T4996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   53.816688][ T4996] Call Trace:
[   53.819956][ T4996]  <TASK>
[   53.822877][ T4996]  dump_stack_lvl+0xd9/0x150
[   53.827485][ T4996]  print_address_description.constprop.0+0x2c/0x3c0
[   53.834075][ T4996]  ? jfs_readdir+0x3a89/0x4290
[   53.838851][ T4996]  kasan_report+0x11c/0x130
[   53.843357][ T4996]  ? jfs_readdir+0x3a89/0x4290
[   53.848131][ T4996]  jfs_readdir+0x3a89/0x4290
[   53.852741][ T4996]  ? dtDelete+0x2fe0/0x2fe0
[   53.857256][ T4996]  ? lock_sync+0x190/0x190
[   53.861697][ T4996]  ? rcu_is_watching+0x12/0xb0
[   53.866462][ T4996]  ? trace_lock_acquire+0x12d/0x180
[   53.871685][ T4996]  ? iterate_dir+0x504/0x6f0
[   53.876276][ T4996]  ? lock_acquire+0x32/0xc0
[   53.880785][ T4996]  ? iterate_dir+0x504/0x6f0
[   53.885378][ T4996]  ? down_write_killable+0x15b/0x250
[   53.890667][ T4996]  ? down_write_killable_nested+0x250/0x250
[   53.896582][ T4996]  ? fsnotify_perm.part.0+0x221/0x610
[   53.901971][ T4996]  iterate_dir+0x1fd/0x6f0
[   53.906390][ T4996]  __x64_sys_getdents64+0x13e/0x2c0
[   53.911596][ T4996]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   53.916879][ T4996]  ? compat_fillonedir+0x470/0x470
[   53.921990][ T4996]  ? syscall_enter_from_user_mode+0x26/0x80
[   53.927887][ T4996]  do_syscall_64+0x39/0xb0
[   53.932314][ T4996]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.938220][ T4996] RIP: 0033:0x7f57540cc539
[   53.942630][ T4996] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   53.962238][ T4996] RSP: 002b:00007fffe25cbb98 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   53.970650][ T4996] RAX: ffffffffffffffda RBX: 00007fffe25cbbe8 RCX: 00007f57540cc539
[   53.978647][ T4996] RDX: 00000000000000c5 RSI: 0000000020000200 RDI: 0000000000000004
[   53.986638][ T4996] RBP: 0000000000000000 R08: 00007fffe25cbcc0 R09: 00007fffe25cbcc0
[   53.994610][ T4996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffe25cbbe0
[   54.002578][ T4996] R13: 00007fffe25cbcc0 R14: 431bde82d7b634db R15: 00007fffe25cbbc0
[   54.010555][ T4996]  </TASK>
[   54.013571][ T4996] 
[   54.015887][ T4996] The buggy address belongs to the object at ffff888077af7800
[   54.015887][ T4996]  which belongs to the cache sock_inode_cache of size 1408
[   54.030464][ T4996] The buggy address is located 501 bytes to the right of
[   54.030464][ T4996]  allocated 1408-byte region [ffff888077af7800, ffff888077af7d80)
[   54.045231][ T4996] 
[   54.047547][ T4996] The buggy address belongs to the physical page:
[   54.053949][ T4996] page:ffffea0001debc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77af0
[   54.064098][ T4996] head:ffffea0001debc00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   54.073028][ T4996] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   54.081002][ T4996] page_type: 0xffffffff()
[   54.085329][ T4996] raw: 00fff00000010200 ffff888141a77a00 dead000000000122 0000000000000000
[   54.093916][ T4996] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
[   54.102495][ T4996] page dumped because: kasan: bad access detected
[   54.108909][ T4996] page_owner tracks the page as allocated
[   54.114612][ T4996] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4990, tgid 4990 (sshd), ts 48039285235, free_ts 15297579328
[   54.137019][ T4996]  post_alloc_hook+0x2db/0x350
[   54.141785][ T4996]  get_page_from_freelist+0xf7c/0x2aa0
[   54.147245][ T4996]  __alloc_pages+0x1cb/0x4a0
[   54.151834][ T4996]  alloc_pages+0x1aa/0x270
[   54.156259][ T4996]  allocate_slab+0x28e/0x380
[   54.160852][ T4996]  ___slab_alloc+0xa91/0x1400
[   54.165537][ T4996]  __slab_alloc.constprop.0+0x56/0xa0
[   54.170926][ T4996]  kmem_cache_alloc_lru+0x4a8/0x600
[   54.176132][ T4996]  sock_alloc_inode+0x27/0x1d0
[   54.180985][ T4996]  alloc_inode+0x61/0x230
[   54.185336][ T4996]  new_inode_pseudo+0x17/0x80
[   54.190018][ T4996]  sock_alloc+0x40/0x270
[   54.194281][ T4996]  __sock_create+0xbd/0x850
[   54.198787][ T4996]  __sys_socket+0x133/0x250
[   54.203294][ T4996]  __x64_sys_socket+0x73/0xb0
[   54.207976][ T4996]  do_syscall_64+0x39/0xb0
[   54.212402][ T4996] page last free stack trace:
[   54.217072][ T4996]  free_unref_page_prepare+0x4dd/0xb90
[   54.222531][ T4996]  free_unref_page+0x33/0x370
[   54.227203][ T4996]  free_contig_range+0xb5/0x180
[   54.232051][ T4996]  destroy_args+0x6c4/0x920
[   54.236558][ T4996]  debug_vm_pgtable+0x2417/0x4210
[   54.241602][ T4996]  do_one_initcall+0x102/0x540
[   54.246370][ T4996]  kernel_init_freeable+0x5a4/0x890
[   54.251567][ T4996]  kernel_init+0x1e/0x2c0
[   54.255906][ T4996]  ret_from_fork+0x1f/0x30
[   54.260326][ T4996] 
[   54.262642][ T4996] Memory state around the buggy address:
[   54.269220][ T4996]  ffff888077af7e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.277279][ T4996]  ffff888077af7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.285333][ T4996] >ffff888077af7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.293390][ T4996]                                                              ^
[   54.301098][ T4996]  ffff888077af7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.309154][ T4996]  ffff888077af8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   54.317214][ T4996] ==================================================================
[   54.325749][ T4996] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   54.332972][ T4996] CPU: 0 PID: 4996 Comm: syz-executor295 Not tainted 6.4.0-rc1-next-20230512-syzkaller #0
[   54.342878][ T4996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   54.352932][ T4996] Call Trace:
[   54.356243][ T4996]  <TASK>
[   54.359173][ T4996]  dump_stack_lvl+0xd9/0x150
[   54.363779][ T4996]  panic+0x686/0x730
[   54.367689][ T4996]  ? panic_smp_self_stop+0xa0/0xa0
[   54.372814][ T4996]  ? preempt_schedule_thunk+0x1a/0x20
[   54.378222][ T4996]  ? preempt_schedule_common+0x45/0xb0
[   54.383690][ T4996]  check_panic_on_warn+0xb1/0xc0
[   54.388675][ T4996]  end_report+0xe9/0x120
[   54.392923][ T4996]  ? jfs_readdir+0x3a89/0x4290
[   54.397695][ T4996]  kasan_report+0xf9/0x130
[   54.402115][ T4996]  ? jfs_readdir+0x3a89/0x4290
[   54.406906][ T4996]  jfs_readdir+0x3a89/0x4290
[   54.411510][ T4996]  ? dtDelete+0x2fe0/0x2fe0
[   54.416026][ T4996]  ? lock_sync+0x190/0x190
[   54.420451][ T4996]  ? rcu_is_watching+0x12/0xb0
[   54.425219][ T4996]  ? trace_lock_acquire+0x12d/0x180
[   54.430425][ T4996]  ? iterate_dir+0x504/0x6f0
[   54.435030][ T4996]  ? lock_acquire+0x32/0xc0
[   54.439540][ T4996]  ? iterate_dir+0x504/0x6f0
[   54.444132][ T4996]  ? down_write_killable+0x15b/0x250
[   54.449422][ T4996]  ? down_write_killable_nested+0x250/0x250
[   54.455320][ T4996]  ? fsnotify_perm.part.0+0x221/0x610
[   54.460713][ T4996]  iterate_dir+0x1fd/0x6f0
[   54.465136][ T4996]  __x64_sys_getdents64+0x13e/0x2c0
[   54.470338][ T4996]  ? __ia32_sys_getdents+0x2c0/0x2c0
[   54.475627][ T4996]  ? compat_fillonedir+0x470/0x470
[   54.480741][ T4996]  ? syscall_enter_from_user_mode+0x26/0x80
[   54.486649][ T4996]  do_syscall_64+0x39/0xb0
[   54.491082][ T4996]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.496984][ T4996] RIP: 0033:0x7f57540cc539
[   54.501398][ T4996] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.521016][ T4996] RSP: 002b:00007fffe25cbb98 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   54.529430][ T4996] RAX: ffffffffffffffda RBX: 00007fffe25cbbe8 RCX: 00007f57540cc539
[   54.537402][ T4996] RDX: 00000000000000c5 RSI: 0000000020000200 RDI: 0000000000000004
[   54.545381][ T4996] RBP: 0000000000000000 R08: 00007fffe25cbcc0 R09: 00007fffe25cbcc0
[   54.553347][ T4996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffe25cbbe0
[   54.561317][ T4996] R13: 00007fffe25cbcc0 R14: 431bde82d7b634db R15: 00007fffe25cbbc0
[   54.569292][ T4996]  </TASK>
[   54.572468][ T4996] Kernel Offset: disabled
[   54.576791][ T4996] Rebooting in 86400 seconds..