syzkaller login: [ 86.527190][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:26354' (ED25519) to the list of known hosts.
executing program
[ 100.953822][ T5327] loop0: detected capacity change from 0 to 4096
[ 101.018394][ T5327] =======================================================
[ 101.018394][ T5327] WARNING: The mand mount option has been deprecated and
[ 101.018394][ T5327] and is ignored by this kernel. Remove the mand
[ 101.018394][ T5327] option from the mount to silence this warning.
[ 101.018394][ T5327] =======================================================
[ 101.100889][ T5328] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 101.109666][ T5327] ==================================================================
[ 101.113532][ T5327] BUG: KASAN: use-after-free in nilfs_find_entry+0x29c/0x660
[ 101.138705][ T5327] Read of size 2 at addr ffff88804898f008 by task syz-executor396/5327
[ 101.146011][ T5327]
[ 101.149787][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz-executor396 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0
[ 101.154846][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 101.159889][ T5327] Call Trace:
[ 101.161503][ T5327]
[ 101.162884][ T5327] dump_stack_lvl+0x241/0x360
[ 101.187754][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 101.189612][ T5327] ? __pfx__printk+0x10/0x10
[ 101.191258][ T5327] ? _printk+0xd5/0x120
[ 101.192613][ T5327] ? __virt_addr_valid+0x183/0x530
[ 101.194229][ T5327] ? __virt_addr_valid+0x183/0x530
[ 101.196107][ T5327] print_report+0x169/0x550
[ 101.197784][ T5327] ? __virt_addr_valid+0x183/0x530
[ 101.199781][ T5327] ? __virt_addr_valid+0x183/0x530
[ 101.201772][ T5327] ? __virt_addr_valid+0x45f/0x530
[ 101.204137][ T5327] ? __phys_addr+0xba/0x170
[ 101.206032][ T5327] ? nilfs_find_entry+0x29c/0x660
[ 101.208114][ T5327] kasan_report+0x143/0x180
[ 101.209925][ T5327] ? nilfs_find_entry+0x29c/0x660
[ 101.227948][ T5327] nilfs_find_entry+0x29c/0x660
[ 101.229634][ T5327] nilfs_inode_by_name+0xad/0x240
[ 101.231561][ T5327] ? common_perm+0x18d/0x1f0
[ 101.235381][ T5327] ? __pfx_nilfs_inode_by_name+0x10/0x10
[ 101.237326][ T5327] ? apparmor_path_mknod+0x228/0x2e0
[ 101.239170][ T5327] nilfs_lookup+0xed/0x210
[ 101.257070][ T5327] ? generic_permission+0x1e0/0x550
[ 101.259179][ T5327] ? __pfx_nilfs_lookup+0x10/0x10
[ 101.261182][ T5327] ? inode_permission+0xff/0x460
[ 101.263077][ T5327] ? __pfx_nilfs_permission+0x10/0x10
[ 101.265037][ T5327] ? bpf_lsm_inode_create+0x9/0x10
[ 101.266847][ T5327] ? security_inode_create+0xbe/0x340
[ 101.268759][ T5327] ? __pfx_nilfs_lookup+0x10/0x10
[ 101.270638][ T5327] path_openat+0x11a7/0x3590
[ 101.288834][ T5327] ? __pfx_path_openat+0x10/0x10
[ 101.290712][ T5327] do_filp_open+0x235/0x490
[ 101.292741][ T5327] ? __pfx_do_filp_open+0x10/0x10
[ 101.295167][ T5327] ? _raw_spin_unlock+0x28/0x50
[ 101.297683][ T5327] ? alloc_fd+0x5a1/0x640
[ 101.299864][ T5327] do_sys_openat2+0x13e/0x1d0
[ 101.305855][ T5327] ? mntput_no_expire+0xc2/0x850
[ 101.308428][ T5327] ? __pfx_do_sys_openat2+0x10/0x10
[ 101.317758][ T5327] ? __pfx_mntput_no_expire+0x10/0x10
[ 101.320472][ T5327] __x64_sys_openat+0x247/0x2a0
[ 101.322914][ T5327] ? __pfx___x64_sys_openat+0x10/0x10
[ 101.324962][ T5327] ? do_syscall_64+0x100/0x230
[ 101.326587][ T5327] ? do_syscall_64+0xb6/0x230
[ 101.328268][ T5327] do_syscall_64+0xf3/0x230
[ 101.329908][ T5327] ? clear_bhb_loop+0x35/0x90
[ 101.331606][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.333653][ T5327] RIP: 0033:0x7fc3b6d3bb99
[ 101.335202][ T5327] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 101.357967][ T5327] RSP: 002b:00007fffff564d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 101.370632][ T5327] RAX: ffffffffffffffda RBX: 6569727261626f6e RCX: 00007fc3b6d3bb99
[ 101.391504][ T5327] RDX: 000000000000275a RSI: 0000000020000080 RDI: 00000000ffffff9c
[ 101.397279][ T5327] RBP: 00007fc3b6daf5f0 R08: 0000000000000ee3 R09: 000055555ab464c0
[ 101.401645][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffff564da0
[ 101.420478][ T5327] R13: 00007fffff564fc8 R14: 431bde82d7b634db R15: 00007fc3b6d8403b
[ 101.444689][ T5327]
[ 101.445867][ T5327]
[ 101.446833][ T5327] The buggy address belongs to the physical page:
[ 101.465413][ T5327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7fe23d77e pfn:0x4898f
[ 101.470702][ T5327] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 101.474195][ T5327] raw: 04fff00000000000 ffffea0001219208 ffff88801fc44cb0 0000000000000000
[ 101.494075][ T5327] raw: 00000007fe23d77e 0000000000000000 00000000ffffffff 0000000000000000
[ 101.497475][ T5327] page dumped because: kasan: bad access detected
[ 101.507641][ T5327] page_owner tracks the page as freed
[ 101.515315][ T5327] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5316, tgid 5316 (sshd), ts 98147180694, free_ts 98313762663
[ 101.527073][ T5327] post_alloc_hook+0x1f3/0x230
[ 101.545272][ T5327] get_page_from_freelist+0x303f/0x3190
[ 101.547816][ T5327] __alloc_pages_noprof+0x292/0x710
[ 101.550322][ T5327] alloc_pages_mpol_noprof+0x3e8/0x680
[ 101.553006][ T5327] vma_alloc_folio_noprof+0x12e/0x230
[ 101.555332][ T5327] folio_prealloc+0x31/0x170
[ 101.561255][ T5327] handle_pte_fault+0x24dd/0x6820
[ 101.564978][ T5327] handle_mm_fault+0x1106/0x1bb0
[ 101.567701][ T5327] exc_page_fault+0x459/0x8c0
[ 101.570450][ T5327] asm_exc_page_fault+0x26/0x30
[ 101.575524][ T5327] page last free pid 5316 tgid 5316 stack trace:
[ 101.584082][ T5327] free_unref_folios+0xf12/0x18d0
[ 101.586167][ T5327] folios_put_refs+0x76c/0x860
[ 101.588798][ T5327] free_pages_and_swap_cache+0x2ea/0x690
[ 101.591254][ T5327] tlb_flush_mmu+0x3a3/0x680
[ 101.592852][ T5327] tlb_finish_mmu+0xd4/0x200
[ 101.594423][ T5327] vms_clear_ptes+0x437/0x530
[ 101.596055][ T5327] vms_complete_munmap_vmas+0x208/0x910
[ 101.597952][ T5327] do_vmi_align_munmap+0x613/0x730
[ 101.599729][ T5327] do_vmi_munmap+0x24e/0x2d0
[ 101.601553][ T5327] __vm_munmap+0x24c/0x480
[ 101.605461][ T5327] __x64_sys_munmap+0x60/0x70
[ 101.610065][ T5327] do_syscall_64+0xf3/0x230
[ 101.612966][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.618260][ T5327]
[ 101.622850][ T5327] Memory state around the buggy address:
[ 101.628321][ T5327] ffff88804898ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 101.645605][ T5327] ffff88804898ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 101.648915][ T5327] >ffff88804898f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.652053][ T5327] ^
[ 101.653838][ T5327] ffff88804898f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.658591][ T5327] ffff88804898f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.664465][ T5327] ==================================================================
[ 101.679606][ T5327] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 101.696228][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz-executor396 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0
[ 101.701996][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 101.706975][ T5327] Call Trace:
[ 101.708675][ T5327]
[ 101.710062][ T5327] dump_stack_lvl+0x241/0x360
[ 101.728164][ T5327] ? __pfx_dump_stack_lvl+0x10/0x10
[ 101.731292][ T5327] ? __pfx__printk+0x10/0x10
[ 101.734560][ T5327] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 101.737768][ T5327] ? vscnprintf+0x5d/0x90
[ 101.739704][ T5327] panic+0x349/0x880
[ 101.742222][ T5327] ? check_panic_on_warn+0x21/0xb0
[ 101.756604][ T5327] ? __pfx_panic+0x10/0x10
[ 101.758629][ T5327] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 101.761544][ T5327] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 101.764779][ T5327] check_panic_on_warn+0x86/0xb0
[ 101.767040][ T5327] ? nilfs_find_entry+0x29c/0x660
[ 101.805359][ T5327] end_report+0x77/0x160
[ 101.819211][ T5327] kasan_report+0x154/0x180
[ 101.822060][ T5327] ? nilfs_find_entry+0x29c/0x660
[ 101.824489][ T5327] nilfs_find_entry+0x29c/0x660
[ 101.826746][ T5327] nilfs_inode_by_name+0xad/0x240
[ 101.843776][ T5327] ? common_perm+0x18d/0x1f0
[ 101.845977][ T5327] ? __pfx_nilfs_inode_by_name+0x10/0x10
[ 101.848519][ T5327] ? apparmor_path_mknod+0x228/0x2e0
[ 101.850845][ T5327] nilfs_lookup+0xed/0x210
[ 101.852955][ T5327] ? generic_permission+0x1e0/0x550
[ 101.855363][ T5327] ? __pfx_nilfs_lookup+0x10/0x10
[ 101.871747][ T5327] ? inode_permission+0xff/0x460
[ 101.874169][ T5327] ? __pfx_nilfs_permission+0x10/0x10
[ 101.876902][ T5327] ? bpf_lsm_inode_create+0x9/0x10
[ 101.879389][ T5327] ? security_inode_create+0xbe/0x340
[ 101.882334][ T5327] ? __pfx_nilfs_lookup+0x10/0x10
[ 101.884440][ T5327] path_openat+0x11a7/0x3590
[ 101.886314][ T5327] ? __pfx_path_openat+0x10/0x10
[ 101.888344][ T5327] do_filp_open+0x235/0x490
[ 101.890231][ T5327] ? __pfx_do_filp_open+0x10/0x10
[ 101.901610][ T5327] ? _raw_spin_unlock+0x28/0x50
[ 101.923491][ T5327] ? alloc_fd+0x5a1/0x640
[ 101.925830][ T5327] do_sys_openat2+0x13e/0x1d0
[ 101.927833][ T5327] ? mntput_no_expire+0xc2/0x850
[ 101.929878][ T5327] ? __pfx_do_sys_openat2+0x10/0x10
[ 101.945590][ T5327] ? __pfx_mntput_no_expire+0x10/0x10
[ 101.948004][ T5327] __x64_sys_openat+0x247/0x2a0
[ 101.950153][ T5327] ? __pfx___x64_sys_openat+0x10/0x10
[ 101.952637][ T5327] ? do_syscall_64+0x100/0x230
[ 101.954525][ T5327] ? do_syscall_64+0xb6/0x230
[ 101.972564][ T5327] do_syscall_64+0xf3/0x230
[ 101.974396][ T5327] ? clear_bhb_loop+0x35/0x90
[ 101.976242][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 101.978677][ T5327] RIP: 0033:0x7fc3b6d3bb99
[ 101.980537][ T5327] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 101.998474][ T5327] RSP: 002b:00007fffff564d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 102.001861][ T5327] RAX: ffffffffffffffda RBX: 6569727261626f6e RCX: 00007fc3b6d3bb99
[ 102.004988][ T5327] RDX: 000000000000275a RSI: 0000000020000080 RDI: 00000000ffffff9c
[ 102.008283][ T5327] RBP: 00007fc3b6daf5f0 R08: 0000000000000ee3 R09: 000055555ab464c0
[ 102.011908][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffff564da0
[ 102.025017][ T5327] R13: 00007fffff564fc8 R14: 431bde82d7b634db R15: 00007fc3b6d8403b
[ 102.028084][ T5327]
[ 102.029525][ T5327] Kernel Offset: disabled
[ 102.031162][ T5327] Rebooting in 86400 seconds..
VM DIAGNOSIS:
05:30:01 Registers:
info registers vcpu 0
CPU#0
RAX=000000000000000a RBX=ffffffff9a719ec0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc90000e36ef0
R8 =ffffffff854ae41b R9 =1ffff11003dc9046 R10=dffffc0000000000 R11=ffffffff854ae3d0
R12=dffffc0000000000 R13=ffffffff9a414f32 R14=000000000000000a R15=00000000000003f8
RIP=ffffffff854ae44e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555ab45380 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00005627fde88fe0 CR3=0000000042efc000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000440401 Opmask01=0000000000000001 Opmask02=00000000fff7ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffff564d80 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc3b6dbb560 00007fc3b6daf5d8
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc3b6da1164 00007fc3b6db4240
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65723d73726f7272 6500747865003036 36396f7369007265 6c6c616b7a797300
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40571856574a5757 4000515d40001513 131c4a564c005740 4949444e5f5c5600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000