Warning: Permanently added '[localhost]:12517' (ED25519) to the list of known hosts.
executing program
[ 69.039528][ T5316] ==================================================================
[ 69.042641][ T5316] BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0
[ 69.046435][ T5316] Read of size 4 at addr ffffc90000e0e038 by task syz-executor229/5316
[ 69.050728][ T5316]
[ 69.051554][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz-executor229 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 69.055429][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.059153][ T5316] Call Trace:
[ 69.060298][ T5316]
[ 69.061338][ T5316] dump_stack_lvl+0x241/0x360
[ 69.063265][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.065278][ T5316] ? __pfx__printk+0x10/0x10
[ 69.066959][ T5316] ? _printk+0xd5/0x120
[ 69.068408][ T5316] print_report+0x169/0x550
[ 69.070063][ T5316] ? __virt_addr_valid+0xbd/0x530
[ 69.071756][ T5316] ? acpi_nfit_ctl+0x20e8/0x24a0
[ 69.073406][ T5316] kasan_report+0x143/0x180
[ 69.074986][ T5316] ? acpi_nfit_ctl+0x20e8/0x24a0
[ 69.076718][ T5316] acpi_nfit_ctl+0x20e8/0x24a0
[ 69.078355][ T5316] ? __pfx___mutex_trylock_common+0x10/0x10
[ 69.080322][ T5316] ? trace_contention_end+0x3c/0x120
[ 69.082264][ T5316] ? __mutex_lock+0x2ef/0xd70
[ 69.083724][ T5316] ? __pfx_acpi_nfit_ctl+0x10/0x10
[ 69.085311][ T5316] ? nd_ioctl+0x162a/0x1fd0
[ 69.086778][ T5316] ? __pfx_lock_release+0x10/0x10
[ 69.088421][ T5316] ? __might_fault+0xc6/0x120
[ 69.090010][ T5316] ? walk_to_nvdimm_bus+0xb0/0x170
[ 69.091792][ T5316] ? acpi_nfit_clear_to_send+0x19e/0x1c0
[ 69.093617][ T5316] nd_ioctl+0x1844/0x1fd0
[ 69.095000][ T5316] ? __pfx_nd_ioctl+0x10/0x10
[ 69.096611][ T5316] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 69.098679][ T5316] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 69.100813][ T5316] ? __pfx_bus_ioctl+0x10/0x10
[ 69.102479][ T5316] __se_sys_ioctl+0xf9/0x170
[ 69.103936][ T5316] do_syscall_64+0xf3/0x230
[ 69.105408][ T5316] ? clear_bhb_loop+0x35/0x90
[ 69.107224][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.109172][ T5316] RIP: 0033:0x7fb399ccda79
[ 69.110643][ T5316] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 69.116598][ T5316] RSP: 002b:00007ffcf6cb8d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 69.119523][ T5316] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb399ccda79
[ 69.122375][ T5316] RDX: 0000000020000180 RSI: 00000000c008640a RDI: 0000000000000003
[ 69.125152][ T5316] RBP: 00007fb399d405f0 R08: 0000000000000006 R09: 0000000000000006
[ 69.127968][ T5316] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[ 69.130773][ T5316] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 69.133609][ T5316]
[ 69.134821][ T5316]
[ 69.135728][ T5316] The buggy address belongs to the virtual mapping at
[ 69.135728][ T5316] [ffffc90000e0e000, ffffc90000e10000) created by:
[ 69.135728][ T5316] nd_ioctl+0x1594/0x1fd0
[ 69.142373][ T5316]
[ 69.143296][ T5316] The buggy address belongs to the physical page:
[ 69.145596][ T5316] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880401b9a80 pfn:0x401b9
[ 69.149265][ T5316] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 69.152114][ T5316] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 69.155425][ T5316] raw: ffff8880401b9a80 0000000000000000 00000001ffffffff 0000000000000000
[ 69.158625][ T5316] page dumped because: kasan: bad access detected
[ 69.161029][ T5316] page_owner tracks the page as allocated
[ 69.163141][ T5316] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2cc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN), pid 5316, tgid 5316 (syz-executor229), ts 69039468240, free_ts 68666765389
[ 69.169702][ T5316] post_alloc_hook+0x1f3/0x230
[ 69.171483][ T5316] get_page_from_freelist+0x303f/0x3190
[ 69.173473][ T5316] __alloc_pages_noprof+0x292/0x710
[ 69.175323][ T5316] alloc_pages_bulk_noprof+0x729/0xd40
[ 69.177334][ T5316] alloc_pages_bulk_array_mempolicy_noprof+0x8ea/0x1600
[ 69.179888][ T5316] __vmalloc_node_range_noprof+0x752/0x13f0
[ 69.182050][ T5316] vmalloc_noprof+0x79/0x90
[ 69.183725][ T5316] nd_ioctl+0x1594/0x1fd0
[ 69.185240][ T5316] __se_sys_ioctl+0xf9/0x170
[ 69.186918][ T5316] do_syscall_64+0xf3/0x230
[ 69.188683][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.190973][ T5316] page last free pid 5312 tgid 5312 stack trace:
[ 69.193285][ T5316] free_unref_page+0xcfb/0xf20
[ 69.195095][ T5316] __folio_put+0x2c7/0x440
[ 69.196830][ T5316] pipe_read+0x6ed/0x13e0
[ 69.198488][ T5316] vfs_read+0x991/0xb70
[ 69.200221][ T5316] ksys_read+0x183/0x2b0
[ 69.201972][ T5316] do_syscall_64+0xf3/0x230
[ 69.203531][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.205694][ T5316]
[ 69.206611][ T5316] Memory state around the buggy address:
[ 69.208717][ T5316] ffffc90000e0df00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 69.211664][ T5316] ffffc90000e0df80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 69.214553][ T5316] >ffffc90000e0e000: 00 00 00 00 00 00 00 03 f8 f8 f8 f8 f8 f8 f8 f8
[ 69.217597][ T5316] ^
[ 69.220063][ T5316] ffffc90000e0e080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 69.223109][ T5316] ffffc90000e0e100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 69.226067][ T5316] ==================================================================
[ 69.235669][ T5316] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.238305][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz-executor229 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0
[ 69.242273][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.246129][ T5316] Call Trace:
[ 69.247367][ T5316]
[ 69.248509][ T5316] dump_stack_lvl+0x241/0x360
[ 69.250228][ T5316] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.252102][ T5316] ? __pfx__printk+0x10/0x10
[ 69.253822][ T5316] ? preempt_schedule+0xe1/0xf0
[ 69.255607][ T5316] ? vscnprintf+0x5d/0x90
[ 69.257215][ T5316] panic+0x349/0x880
[ 69.258825][ T5316] ? check_panic_on_warn+0x21/0xb0
[ 69.260739][ T5316] ? __pfx_panic+0x10/0x10
[ 69.262473][ T5316] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 69.264637][ T5316] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 69.267034][ T5316] ? print_report+0x502/0x550
[ 69.268809][ T5316] check_panic_on_warn+0x86/0xb0
[ 69.270574][ T5316] ? acpi_nfit_ctl+0x20e8/0x24a0
[ 69.272301][ T5316] end_report+0x77/0x160
[ 69.273874][ T5316] kasan_report+0x154/0x180
[ 69.275574][ T5316] ? acpi_nfit_ctl+0x20e8/0x24a0
[ 69.277365][ T5316] acpi_nfit_ctl+0x20e8/0x24a0
[ 69.279101][ T5316] ? __pfx___mutex_trylock_common+0x10/0x10
[ 69.281253][ T5316] ? trace_contention_end+0x3c/0x120
[ 69.283152][ T5316] ? __mutex_lock+0x2ef/0xd70
[ 69.284872][ T5316] ? __pfx_acpi_nfit_ctl+0x10/0x10
[ 69.286665][ T5316] ? nd_ioctl+0x162a/0x1fd0
[ 69.288363][ T5316] ? __pfx_lock_release+0x10/0x10
[ 69.290331][ T5316] ? __might_fault+0xc6/0x120
[ 69.292096][ T5316] ? walk_to_nvdimm_bus+0xb0/0x170
[ 69.294004][ T5316] ? acpi_nfit_clear_to_send+0x19e/0x1c0
[ 69.295998][ T5316] nd_ioctl+0x1844/0x1fd0
[ 69.297604][ T5316] ? __pfx_nd_ioctl+0x10/0x10
[ 69.299331][ T5316] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 69.301436][ T5316] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 69.303671][ T5316] ? __pfx_bus_ioctl+0x10/0x10
[ 69.305471][ T5316] __se_sys_ioctl+0xf9/0x170
[ 69.307180][ T5316] do_syscall_64+0xf3/0x230
[ 69.308817][ T5316] ? clear_bhb_loop+0x35/0x90
[ 69.310481][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.312634][ T5316] RIP: 0033:0x7fb399ccda79
[ 69.314298][ T5316] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 69.321065][ T5316] RSP: 002b:00007ffcf6cb8d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 69.324070][ T5316] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb399ccda79
[ 69.326839][ T5316] RDX: 0000000020000180 RSI: 00000000c008640a RDI: 0000000000000003
[ 69.329807][ T5316] RBP: 00007fb399d405f0 R08: 0000000000000006 R09: 0000000000000006
[ 69.332712][ T5316] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[ 69.335580][ T5316] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 69.338562][ T5316]
[ 69.340158][ T5316] Kernel Offset: disabled
[ 69.341706][ T5316] Rebooting in 86400 seconds..
VM DIAGNOSIS:
15:27:47 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000065 RBX=ffffffff9a719ec0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000cfef290
R8 =ffffffff854ae4db R9 =1ffff11006786046 R10=dffffc0000000000 R11=ffffffff854ae490
R12=dffffc0000000000 R13=ffffffff9a414f03 R14=0000000000000065 R15=00000000000003f8
RIP=ffffffff854ae50e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555560d91380 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb399d440d0 CR3=0000000040650000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffffff0 Opmask01=0000000000000001 Opmask02=00000000fff7ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcf6cb8d90 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb399d4c220 00007fb399d405d8
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb399d31f24 00007fb399d45220
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7865006a64615f65 726f63735f6d6f6f 2f666c65732f636f 72702f0030303031
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5d40004f41445f40 574a46565f484a4a 0a434940560a464a 57550a0015151514
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000