[ 109.062176][ T8] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:40720' (ED25519) to the list of known hosts.
executing program
[ 129.399071][ T5329] loop0: detected capacity change from 0 to 4096
[ 129.429448][ T5329] =======================================================
[ 129.429448][ T5329] WARNING: The mand mount option has been deprecated and
[ 129.429448][ T5329] and is ignored by this kernel. Remove the mand
[ 129.429448][ T5329] option from the mount to silence this warning.
[ 129.429448][ T5329] =======================================================
[ 129.516339][ T5330] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 129.568965][ T5329] ==================================================================
[ 129.572311][ T5329] BUG: KASAN: use-after-free in nilfs_find_entry+0x29c/0x660
[ 129.575314][ T5329] Read of size 2 at addr ffff888044d2a008 by task syz-executor345/5329
[ 129.598568][ T5329]
[ 129.599400][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz-executor345 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0
[ 129.603612][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 129.607736][ T5329] Call Trace:
[ 129.609058][ T5329]
[ 129.610195][ T5329] dump_stack_lvl+0x241/0x360
[ 129.612138][ T5329] ? __pfx_dump_stack_lvl+0x10/0x10
[ 129.613981][ T5329] ? __pfx__printk+0x10/0x10
[ 129.615525][ T5329] ? _printk+0xd5/0x120
[ 129.633121][ T5329] ? __virt_addr_valid+0x183/0x530
[ 129.635151][ T5329] ? __virt_addr_valid+0x183/0x530
[ 129.637220][ T5329] print_report+0x169/0x550
[ 129.638933][ T5329] ? __virt_addr_valid+0x183/0x530
[ 129.640772][ T5329] ? __virt_addr_valid+0x183/0x530
[ 129.647274][ T5329] ? __virt_addr_valid+0x45f/0x530
[ 129.649511][ T5329] ? __phys_addr+0xba/0x170
[ 129.651388][ T5329] ? nilfs_find_entry+0x29c/0x660
[ 129.653479][ T5329] kasan_report+0x143/0x180
[ 129.655199][ T5329] ? nilfs_find_entry+0x29c/0x660
[ 129.657146][ T5329] nilfs_find_entry+0x29c/0x660
[ 129.658972][ T5329] nilfs_inode_by_name+0xad/0x240
[ 129.661023][ T5329] ? common_perm+0x18d/0x1f0
[ 129.663618][ T5329] ? __pfx_nilfs_inode_by_name+0x10/0x10
[ 129.666133][ T5329] ? apparmor_path_mknod+0x228/0x2e0
[ 129.668464][ T5329] nilfs_lookup+0xed/0x210
[ 129.670436][ T5329] ? generic_permission+0x1e0/0x550
[ 129.672719][ T5329] ? __pfx_nilfs_lookup+0x10/0x10
[ 129.695053][ T5329] ? inode_permission+0xff/0x460
[ 129.699605][ T5329] ? __pfx_nilfs_permission+0x10/0x10
[ 129.701480][ T5329] ? bpf_lsm_inode_create+0x9/0x10
[ 129.703255][ T5329] ? security_inode_create+0xbe/0x340
[ 129.705051][ T5329] ? __pfx_nilfs_lookup+0x10/0x10
[ 129.706841][ T5329] path_openat+0x11a7/0x3590
[ 129.725571][ T5329] ? __pfx_path_openat+0x10/0x10
[ 129.727656][ T5329] do_filp_open+0x235/0x490
[ 129.749407][ T5329] ? __pfx_do_filp_open+0x10/0x10
[ 129.751508][ T5329] ? _raw_spin_unlock+0x28/0x50
[ 129.753525][ T5329] ? alloc_fd+0x5a1/0x640
[ 129.755249][ T5329] do_sys_openat2+0x13e/0x1d0
[ 129.757224][ T5329] ? mntput_no_expire+0xc2/0x850
[ 129.759746][ T5329] ? __pfx_do_sys_openat2+0x10/0x10
[ 129.762864][ T5329] ? __pfx_mntput_no_expire+0x10/0x10
[ 129.781549][ T5329] __x64_sys_openat+0x247/0x2a0
[ 129.784024][ T5329] ? __pfx___x64_sys_openat+0x10/0x10
[ 129.786873][ T5329] ? do_syscall_64+0x100/0x230
[ 129.789382][ T5329] ? do_syscall_64+0xb6/0x230
[ 129.792179][ T5329] do_syscall_64+0xf3/0x230
[ 129.794770][ T5329] ? clear_bhb_loop+0x35/0x90
[ 129.796959][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 129.799109][ T5329] RIP: 0033:0x7fd82768f229
[ 129.800840][ T5329] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 129.807621][ T5329] RSP: 002b:00007ffc63f86648 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 129.810943][ T5329] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd82768f229
[ 129.814261][ T5329] RDX: 000000000000275a RSI: 0000000020000080 RDI: 00000000ffffff9c
[ 129.832662][ T5329] RBP: 0000000000000000 R08: 0000000000000ee3 R09: 00007ffc63f86680
[ 129.838045][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 129.843013][ T5329] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffc63f866a0
[ 129.849716][ T5329]
[ 129.851011][ T5329]
[ 129.852163][ T5329] The buggy address belongs to the physical page:
[ 129.855384][ T5329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f6860690 pfn:0x44d2a
[ 129.859633][ T5329] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 129.862330][ T5329] raw: 04fff00000000000 ffffea0001134ac8 ffff88801fc44cb0 0000000000000000
[ 129.865324][ T5329] raw: 00000007f6860690 0000000000000000 00000000ffffffff 0000000000000000
[ 129.868250][ T5329] page dumped because: kasan: bad access detected
[ 129.870504][ T5329] page_owner tracks the page as freed
[ 129.872379][ T5329] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5317, tgid 5317 (sshd), ts 126612213045, free_ts 126969955636
[ 129.897119][ T5329] post_alloc_hook+0x1f3/0x230
[ 129.902335][ T5329] get_page_from_freelist+0x303f/0x3190
[ 129.918572][ T5329] __alloc_pages_noprof+0x292/0x710
[ 129.921412][ T5329] alloc_pages_mpol_noprof+0x3e8/0x680
[ 129.924194][ T5329] vma_alloc_folio_noprof+0x12e/0x230
[ 129.927140][ T5329] folio_prealloc+0x31/0x170
[ 129.930613][ T5329] handle_pte_fault+0x24dd/0x6820
[ 129.933938][ T5329] handle_mm_fault+0x1106/0x1bb0
[ 129.945891][ T5329] exc_page_fault+0x459/0x8c0
[ 129.948500][ T5329] asm_exc_page_fault+0x26/0x30
[ 129.950918][ T5329] page last free pid 5317 tgid 5317 stack trace:
[ 129.955569][ T5329] free_unref_folios+0xf12/0x18d0
[ 129.960673][ T5329] folios_put_refs+0x76c/0x860
[ 129.965829][ T5329] free_pages_and_swap_cache+0x2ea/0x690
[ 129.971995][ T5329] tlb_flush_mmu+0x3a3/0x680
[ 129.978258][ T5329] tlb_finish_mmu+0xd4/0x200
[ 130.021956][ T5329] vms_clear_ptes+0x437/0x530
[ 130.023906][ T5329] vms_complete_munmap_vmas+0x208/0x910
[ 130.026136][ T5329] do_vmi_align_munmap+0x613/0x730
[ 130.028195][ T5329] do_vmi_munmap+0x24e/0x2d0
[ 130.031271][ T5329] __vm_munmap+0x24c/0x480
[ 130.033527][ T5329] __x64_sys_munmap+0x60/0x70
[ 130.035942][ T5329] do_syscall_64+0xf3/0x230
[ 130.038319][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.041688][ T5329]
[ 130.042568][ T5329] Memory state around the buggy address:
[ 130.056893][ T5329] ffff888044d29f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.059711][ T5329] ffff888044d29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 130.062532][ T5329] >ffff888044d2a000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 130.065981][ T5329] ^
[ 130.082020][ T5329] ffff888044d2a080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 130.085219][ T5329] ffff888044d2a100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 130.088321][ T5329] ==================================================================
[ 130.117118][ T5329] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 130.120138][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz-executor345 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0
[ 130.125103][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 130.145231][ T5329] Call Trace:
[ 130.146603][ T5329]
[ 130.147788][ T5329] dump_stack_lvl+0x241/0x360
[ 130.149767][ T5329] ? __pfx_dump_stack_lvl+0x10/0x10
[ 130.151869][ T5329] ? __pfx__printk+0x10/0x10
[ 130.153781][ T5329] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 130.157311][ T5329] ? vscnprintf+0x5d/0x90
[ 130.159507][ T5329] panic+0x349/0x880
[ 130.161250][ T5329] ? check_panic_on_warn+0x21/0xb0
[ 130.163075][ T5329] ? __pfx_panic+0x10/0x10
[ 130.164634][ T5329] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 130.166726][ T5329] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 130.168929][ T5329] check_panic_on_warn+0x86/0xb0
[ 130.170686][ T5329] ? nilfs_find_entry+0x29c/0x660
[ 130.185609][ T5329] end_report+0x77/0x160
[ 130.187899][ T5329] kasan_report+0x154/0x180
[ 130.189831][ T5329] ? nilfs_find_entry+0x29c/0x660
[ 130.191808][ T5329] nilfs_find_entry+0x29c/0x660
[ 130.194285][ T5329] nilfs_inode_by_name+0xad/0x240
[ 130.196871][ T5329] ? common_perm+0x18d/0x1f0
[ 130.199554][ T5329] ? __pfx_nilfs_inode_by_name+0x10/0x10
[ 130.201777][ T5329] ? apparmor_path_mknod+0x228/0x2e0
[ 130.204594][ T5329] nilfs_lookup+0xed/0x210
[ 130.225076][ T5329] ? generic_permission+0x1e0/0x550
[ 130.227089][ T5329] ? __pfx_nilfs_lookup+0x10/0x10
[ 130.229016][ T5329] ? inode_permission+0xff/0x460
[ 130.231056][ T5329] ? __pfx_nilfs_permission+0x10/0x10
[ 130.233247][ T5329] ? bpf_lsm_inode_create+0x9/0x10
[ 130.235324][ T5329] ? security_inode_create+0xbe/0x340
[ 130.254851][ T5329] ? __pfx_nilfs_lookup+0x10/0x10
[ 130.256669][ T5329] path_openat+0x11a7/0x3590
[ 130.258397][ T5329] ? __pfx_path_openat+0x10/0x10
[ 130.260203][ T5329] do_filp_open+0x235/0x490
[ 130.262008][ T5329] ? __pfx_do_filp_open+0x10/0x10
[ 130.264023][ T5329] ? _raw_spin_unlock+0x28/0x50
[ 130.266010][ T5329] ? alloc_fd+0x5a1/0x640
[ 130.267593][ T5329] do_sys_openat2+0x13e/0x1d0
[ 130.291457][ T5329] ? mntput_no_expire+0xc2/0x850
[ 130.293427][ T5329] ? __pfx_do_sys_openat2+0x10/0x10
[ 130.295252][ T5329] ? __pfx_mntput_no_expire+0x10/0x10
[ 130.297216][ T5329] __x64_sys_openat+0x247/0x2a0
[ 130.298949][ T5329] ? __pfx___x64_sys_openat+0x10/0x10
[ 130.300932][ T5329] ? do_syscall_64+0x100/0x230
[ 130.302873][ T5329] ? do_syscall_64+0xb6/0x230
[ 130.326624][ T5329] do_syscall_64+0xf3/0x230
[ 130.330477][ T5329] ? clear_bhb_loop+0x35/0x90
[ 130.335433][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 130.337564][ T5329] RIP: 0033:0x7fd82768f229
[ 130.339227][ T5329] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 130.346714][ T5329] RSP: 002b:00007ffc63f86648 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 130.370265][ T5329] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd82768f229
[ 130.372863][ T5329] RDX: 000000000000275a RSI: 0000000020000080 RDI: 00000000ffffff9c
[ 130.375398][ T5329] RBP: 0000000000000000 R08: 0000000000000ee3 R09: 00007ffc63f86680
[ 130.377938][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 130.395609][ T5329] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffc63f866a0
[ 130.398921][ T5329]
[ 130.400471][ T5329] Kernel Offset: disabled
[ 130.413755][ T5329] Rebooting in 86400 seconds..
VM DIAGNOSIS:
06:09:09 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000065 RBX=ffffffff9a719ec0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000d1eeef0
R8 =ffffffff854ae41b R9 =1ffff11000095046 R10=dffffc0000000000 R11=ffffffff854ae3d0
R12=dffffc0000000000 R13=ffffffff9a414ef9 R14=0000000000000065 R15=00000000000003f8
RIP=ffffffff854ae44e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555946b0380 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffe15bb0af4 CR3=0000000040f76000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000001 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffce902d7f0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffff0000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00ff0000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6572706564206e65 656220736168206e 6f6974706f20746e 756f6d20646e6100
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6572706564206465 6562207361622064 6563747065207464 7565672064646100
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3154202020202034 3738332820322e38 342020205b3e363c 00203a534656203a
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3154202020202033 3432202820322432 2020202033203227 00203a3427202030
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 637d2a65782a3c33 3e6b3a6e393e3a6f 6c3a273a336b3227 3a6b6e3e2732393d
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3b5e2a2a2a2a5157 3d32393d39382432 3e2a2a2a51343c36 00246f6465642a30
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000