syzbot


upstream boot error: KASAN: invalid-access Read in tomoyo_memory_ok

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: cf10bd4c4aff kasan: fix per-page tags for non-page_alloc pages
First crash: 566d, last: 553d

Sample crash report:
BUG: KASAN: invalid-access in tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
Read of size 1 at addr f8ff00007b6e2000 by task sh/3098
Pointer tag: [f8], memory tag: [f0]

CPU: 0 PID: 3098 Comm: sh Not tainted 5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace+0x0/0x1b0 arch/arm64/kernel/stacktrace.c:112
 show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xd0/0x12c lib/dump_stack.c:120
 print_address_description+0x70/0x29c mm/kasan/report.c:232
 __kasan_report mm/kasan/report.c:399 [inline]
 kasan_report+0x134/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699

Allocated by task 2846403498:
------------[ cut here ]------------
slab index 831406 out of bounds (205) for stack id adacafae
WARNING: CPU: 0 PID: 3098 at lib/stackdepot.c:236 stack_depot_fetch+0x68/0x84 lib/stackdepot.c:236
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Not tainted 5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : stack_depot_fetch+0x68/0x84 lib/stackdepot.c:236
lr : stack_depot_fetch+0x68/0x84 lib/stackdepot.c:236
sp : ffff800015fe3860
x29: ffff800015fe3860 x28: ffff8000127e0308 
x27: 0000000000000000 x26: 0000000000000000 
x25: 0000000000000028 x24: f7ff000003001200 
x23: 00000000000000f8 x22: ffff800011d21d70 
x21: 00ff00007b6e2000 x20: ffff00007b6e2000 
x19: ffff00007b6e2080 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: ffffffffffffffff 
x13: 00000000000002e5 x12: ffff800015fe3510 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 stack_depot_fetch+0x68/0x84 lib/stackdepot.c:236
 print_stack mm/kasan/report.c:116 [inline]
 print_track+0x34/0x64 mm/kasan/report.c:124
 describe_object_stacks mm/kasan/report.c:178 [inline]
 describe_object mm/kasan/report.c:208 [inline]
 print_address_description+0x14c/0x29c mm/kasan/report.c:239
 __kasan_report mm/kasan/report.c:399 [inline]
 kasan_report+0x134/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d3806 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3098 at kernel/stacktrace.c:28 stack_trace_print+0x30/0x80 kernel/stacktrace.c:33
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : stack_trace_print+0x30/0x80 kernel/stacktrace.c:28
lr : print_stack mm/kasan/report.c:117 [inline]
lr : print_track+0x44/0x64 mm/kasan/report.c:124
sp : ffff800015fe3870
x29: ffff800015fe3870 x28: ffff8000127e0308 
x27: 0000000000000000 x26: 0000000000000000 
x25: 0000000000000028 x24: f7ff000003001200 
x23: 00000000000000f8 x22: ffff800011d21d70 
x21: 00ff00007b6e2000 x20: ffff00007b6e2000 
x19: ffff00007b6e2080 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: ffffffffffffffff 
x13: 00000000000002e5 x12: ffff800015fe3510 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : 0000000000000000 
Call trace:
 stack_trace_print+0x30/0x80 kernel/stacktrace.c:33
 describe_object_stacks mm/kasan/report.c:178 [inline]
 describe_object mm/kasan/report.c:208 [inline]
 print_address_description+0x14c/0x29c mm/kasan/report.c:239
 __kasan_report mm/kasan/report.c:399 [inline]
 kasan_report+0x134/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d3807 ]---

Freed by task 2846403498:
------------[ cut here ]------------
slab index 831406 out of bounds (205) for stack id adacafae
WARNING: CPU: 0 PID: 3098 at lib/stackdepot.c:236 stack_depot_fetch+0x68/0x84 lib/stackdepot.c:236
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : stack_depot_fetch+0x68/0x84 lib/stackdepot.c:236
lr : stack_depot_fetch+0x68/0x84 lib/stackdepot.c:236
sp : ffff800015fe3860
x29: ffff800015fe3860 x28: ffff8000127e0308 
x27: 0000000000000000 x26: 0000000000000000 
x25: 0000000000000028 x24: f7ff000003001200 
x23: 00000000000000f8 x22: ffff800011d21d70 
x21: 00ff00007b6e2000 x20: ffff00007b6e2000 
x19: ffff00007b6e2088 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: ffffffffffffffff 
x13: 000000000000034b x12: ffff800015fe3510 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 stack_depot_fetch+0x68/0x84 lib/stackdepot.c:236
 print_stack mm/kasan/report.c:116 [inline]
 print_track+0x34/0x64 mm/kasan/report.c:124
 describe_object_stacks mm/kasan/report.c:184 [inline]
 describe_object mm/kasan/report.c:208 [inline]
 print_address_description+0x174/0x29c mm/kasan/report.c:239
 __kasan_report mm/kasan/report.c:399 [inline]
 kasan_report+0x134/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d3808 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3098 at kernel/stacktrace.c:28 stack_trace_print+0x30/0x80 kernel/stacktrace.c:33
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : stack_trace_print+0x30/0x80 kernel/stacktrace.c:28
lr : print_stack mm/kasan/report.c:117 [inline]
lr : print_track+0x44/0x64 mm/kasan/report.c:124
sp : ffff800015fe3870
x29: ffff800015fe3870 x28: ffff8000127e0308 
x27: 0000000000000000 x26: 0000000000000000 
x25: 0000000000000028 x24: f7ff000003001200 
x23: 00000000000000f8 x22: ffff800011d21d70 
x21: 00ff00007b6e2000 x20: ffff00007b6e2000 
x19: ffff00007b6e2088 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: ffffffffffffffff 
x13: 000000000000034b x12: ffff800015fe3510 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : 0000000000000000 
Call trace:
 stack_trace_print+0x30/0x80 kernel/stacktrace.c:33
 describe_object_stacks mm/kasan/report.c:184 [inline]
 describe_object mm/kasan/report.c:208 [inline]
 print_address_description+0x174/0x29c mm/kasan/report.c:239
 __kasan_report mm/kasan/report.c:399 [inline]
 kasan_report+0x134/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d3809 ]---

The buggy address belongs to the object at 00ff00007b6e2000
 which belongs to the cache kmalloc-128 of size 128
The buggy address is located -128 bytes to the right of
 128-byte region [00ff00007b6e2000, 00ff00007b6e2080)
The buggy address belongs to the page:
page:000000002b0b1bf3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xbb6e2
flags: 0x1ffc00000001200(slab|reserved)
raw: 01ffc00000001200 dead000000000100 dead000000000122 f7ff000003001200
raw: 0000000000000000 0000000080010001 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 00000000000003ba x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d380a ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 00000000000003f1 x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d380b ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 0000000000000428 x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d380c ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 000000000000045f x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d380d ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 0000000000000496 x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d380e ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 00000000000004cd x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d380f ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 0000000000000504 x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d3810 ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 000000000000053b x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d3811 ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 0000000000000572 x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d3812 ]---
------------[ cut here ]------------
Ignoring spurious kernel translation fault at virtual address ffff00007b6e1e00
WARNING: CPU: 0 PID: 3098 at arch/arm64/mm/fault.c:373 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
Modules linked in:
CPU: 0 PID: 3098 Comm: sh Tainted: G        W         5.12.0-rc4-syzkaller-00004-g84196390620a #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
pc : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
lr : __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
sp : ffff800015fe3640
x29: ffff800015fe3640 x28: f6ff000005963d00 
x27: 0000000000000000 x26: ffff800011d21ca0 
x25: 0000000000000028 x24: ffff800011d017b8 
x23: 0000000060400089 x22: ffff00007b6e1e00 
x21: 0000000000000025 x20: ffff800015fe3710 
x19: 0000000096000007 x18: 00000000fffffffb 
x17: 0000000000000000 x16: 0000000000000000 
x15: 0000000000000020 x14: 6c656e72656b2073 
x13: 00000000000005a9 x12: ffff800015fe32f0 
x11: ffff80001279be70 x10: 00000000ffffe000 
x9 : ffff80001279be70 x8 : ffff8000126ebe70 
x7 : ffff80001279be70 x6 : 0000000000000000 
x5 : ffff00007fbb6948 x4 : 0000000000015ff5 
x3 : 0000000000000001 x2 : 0000000000000000 
x1 : 0000000000000000 x0 : f6ff000005963d00 
Call trace:
 __do_kernel_fault+0x16c/0x1dc arch/arm64/mm/fault.c:373
 do_bad_area arch/arm64/mm/fault.c:474 [inline]
 do_translation_fault+0x58/0xc0 arch/arm64/mm/fault.c:674
 do_mem_abort+0x44/0xbc arch/arm64/mm/fault.c:805
 el1_abort+0x40/0x6c arch/arm64/kernel/entry-common.c:167
 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:259
 el1_sync+0x70/0x100 arch/arm64/kernel/entry.S:656
 kasan_metadata_fetch_row+0x18/0x40 mm/kasan/report_hw_tags.c:32
 __kasan_report mm/kasan/report.c:401 [inline]
 kasan_report+0x144/0x380 mm/kasan/report.c:416
 __kasan_check_byte+0x60/0x70 mm/kasan/common.c:580
 kasan_check_byte include/linux/kasan.h:265 [inline]
 ksize+0x90/0xcc mm/slab_common.c:1250
 tomoyo_memory_ok+0x1c/0xb0 security/tomoyo/memory.c:50
 tomoyo_commit_ok+0x30/0x94 security/tomoyo/memory.c:78
 tomoyo_update_domain+0xb8/0x200 security/tomoyo/domain.c:139
 tomoyo_write_env security/tomoyo/environ.c:105 [inline]
 tomoyo_write_misc+0xa0/0x130 security/tomoyo/environ.c:121
 tomoyo_write_domain2+0x6c/0xc0 security/tomoyo/common.c:1152
 tomoyo_add_entry security/tomoyo/common.c:2042 [inline]
 tomoyo_supervisor+0x4a8/0x640 security/tomoyo/common.c:2103
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0xac/0xdc security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x5e0/0x8d0 security/tomoyo/domain.c:879
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
 tomoyo_bprm_check_security+0x7c/0xb4 security/tomoyo/tomoyo.c:91
 security_bprm_check+0x2c/0x50 security/security.c:842
 search_binary_handler fs/exec.c:1708 [inline]
 exec_binprm fs/exec.c:1761 [inline]
 bprm_execve fs/exec.c:1830 [inline]
 bprm_execve+0x1c4/0x55c fs/exec.c:1792
 do_execveat_common+0x178/0x1d0 fs/exec.c:1919
 do_execve fs/exec.c:1987 [inline]
 __do_sys_execve fs/exec.c:2063 [inline]
 __se_sys_execve fs/exec.c:2058 [inline]
 __arm64_sys_execve+0x40/0x54 fs/exec.c:2058
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x60/0x120 arch/arm64/kernel/syscall.c:129
 do_el0_svc+0x74/0x90 arch/arm64/kernel/syscall.c:168
 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:416
 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:432
 el0_sync+0x18c/0x1c0 arch/arm64/kernel/entry.S:699
---[ end trace 313b390e4b5d3813 ]---

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-qemu2-arm64-mte 2021/03/23 07:15 upstream 84196390620a 8092f30d .config log report upstream boot error: KASAN: invalid-access Read in tomoyo_memory_ok
ci-qemu2-arm64-mte 2021/03/16 03:57 upstream 1a4431a5db2b fdb2bb2c .config log report upstream boot error: KASAN: invalid-access Read in tomoyo_memory_ok
ci-qemu2-arm64-mte 2021/03/10 06:34 upstream 05a59d79793d 26967e35 .config log report upstream boot error: KASAN: invalid-access Read in tomoyo_memory_ok
* Struck through repros no longer work on HEAD.