Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts.
executing program
[ 54.109570][ T2961] ==================================================================
[ 54.117652][ T2961] BUG: KASAN: slab-out-of-bounds in _copy_to_iter+0xd18/0x1140
[ 54.125197][ T2961] Write of size 4043 at addr ffff8880221c40e2 by task kworker/1:3/2961
[ 54.133417][ T2961]
[ 54.135729][ T2961] CPU: 1 PID: 2961 Comm: kworker/1:3 Not tainted 6.1.0-rc5-syzkaller-00307-gfe24a97cf254 #0
[ 54.145773][ T2961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.155815][ T2961] Workqueue: events p9_read_work
[ 54.160755][ T2961] Call Trace:
[ 54.164016][ T2961]
[ 54.166934][ T2961] dump_stack_lvl+0xd1/0x138
[ 54.171519][ T2961] print_report+0x15e/0x45d
[ 54.176004][ T2961] ? __phys_addr+0xc8/0x140
[ 54.180498][ T2961] ? _copy_to_iter+0xd18/0x1140
[ 54.185333][ T2961] kasan_report+0xbf/0x1f0
[ 54.189737][ T2961] ? _copy_to_iter+0xd18/0x1140
[ 54.194576][ T2961] kasan_check_range+0x141/0x190
[ 54.199504][ T2961] memcpy+0x3d/0x60
[ 54.203302][ T2961] _copy_to_iter+0xd18/0x1140
[ 54.207965][ T2961] ? _copy_from_iter+0xf40/0xf40
[ 54.212888][ T2961] ? pipe_read+0x13d/0x1110
[ 54.217381][ T2961] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 54.222912][ T2961] ? lock_chain_count+0x20/0x20
[ 54.227752][ T2961] ? page_copy_sane+0x28f/0x410
[ 54.232590][ T2961] copy_page_to_iter+0xe0/0xa20
[ 54.237433][ T2961] pipe_read+0x50e/0x1110
[ 54.241768][ T2961] ? pipe_ioctl+0x2c0/0x2c0
[ 54.246261][ T2961] ? aa_file_perm+0x599/0x1240
[ 54.251011][ T2961] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 54.256994][ T2961] __kernel_read+0x2ca/0x7c0
[ 54.261572][ T2961] ? __ia32_sys_llseek+0x380/0x380
[ 54.266673][ T2961] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 54.272643][ T2961] ? fsnotify_perm.part.0+0x221/0x610
[ 54.278005][ T2961] ? apparmor_file_permission+0x268/0x4e0
[ 54.283733][ T2961] kernel_read+0xc3/0x1c0
[ 54.288051][ T2961] p9_read_work+0x2b0/0x1040
[ 54.292645][ T2961] ? do_raw_spin_lock+0x124/0x2b0
[ 54.297653][ T2961] ? p9_conn_cancel+0x8c0/0x8c0
[ 54.302492][ T2961] process_one_work+0x9bf/0x1710
[ 54.307418][ T2961] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 54.312777][ T2961] ? rwlock_bug.part.0+0x90/0x90
[ 54.317697][ T2961] ? _raw_spin_lock_irq+0x45/0x50
[ 54.322712][ T2961] worker_thread+0x669/0x1090
[ 54.327397][ T2961] ? __kthread_parkme+0x163/0x220
[ 54.332429][ T2961] ? process_one_work+0x1710/0x1710
[ 54.337613][ T2961] kthread+0x2e8/0x3a0
[ 54.341669][ T2961] ? kthread_complete_and_exit+0x40/0x40
[ 54.347286][ T2961] ret_from_fork+0x1f/0x30
[ 54.351699][ T2961]
[ 54.354701][ T2961]
[ 54.357005][ T2961] Allocated by task 3635:
[ 54.361307][ T2961] kasan_save_stack+0x22/0x40
[ 54.365971][ T2961] kasan_set_track+0x25/0x30
[ 54.370547][ T2961] __kasan_kmalloc+0xa5/0xb0
[ 54.375123][ T2961] __kmalloc+0x5a/0xd0
[ 54.379173][ T2961] p9_fcall_init+0x97/0x210
[ 54.383661][ T2961] p9_tag_alloc+0x208/0x840
[ 54.388149][ T2961] p9_client_prepare_req+0x177/0x590
[ 54.393420][ T2961] p9_client_rpc+0x1a1/0xd70
[ 54.397994][ T2961] p9_client_create+0xaf0/0x1070
[ 54.402915][ T2961] v9fs_session_init+0x1e6/0x18b0
[ 54.408034][ T2961] v9fs_mount+0xbe/0xca0
[ 54.412264][ T2961] legacy_get_tree+0x109/0x220
[ 54.417018][ T2961] vfs_get_tree+0x8d/0x2f0
[ 54.421441][ T2961] path_mount+0x132a/0x1e20
[ 54.425934][ T2961] __x64_sys_mount+0x283/0x300
[ 54.430687][ T2961] do_syscall_64+0x39/0xb0
[ 54.435091][ T2961] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.440973][ T2961]
[ 54.443276][ T2961] The buggy address belongs to the object at ffff8880221c4000
[ 54.443276][ T2961] which belongs to the cache kmalloc-4k of size 4096
[ 54.457315][ T2961] The buggy address is located 226 bytes inside of
[ 54.457315][ T2961] 4096-byte region [ffff8880221c4000, ffff8880221c5000)
[ 54.470654][ T2961]
[ 54.472956][ T2961] The buggy address belongs to the physical page:
[ 54.479345][ T2961] page:ffffea0000887000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x221c0
[ 54.489474][ T2961] head:ffffea0000887000 order:3 compound_mapcount:0 compound_pincount:0
[ 54.497775][ T2961] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 54.505739][ T2961] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888012042140
[ 54.514306][ T2961] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 54.522872][ T2961] page dumped because: kasan: bad access detected
[ 54.529262][ T2961] page_owner tracks the page as allocated
[ 54.535050][ T2961] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3635, tgid 3633 (syz-executor212), ts 54068261588, free_ts 54063359485
[ 54.555868][ T2961] get_page_from_freelist+0x10b5/0x2d50
[ 54.561404][ T2961] __alloc_pages+0x1cb/0x5b0
[ 54.565983][ T2961] alloc_pages+0x1aa/0x270
[ 54.570385][ T2961] allocate_slab+0x213/0x300
[ 54.574959][ T2961] ___slab_alloc+0xa91/0x1400
[ 54.579625][ T2961] __slab_alloc.constprop.0+0x56/0xa0
[ 54.584997][ T2961] __kmem_cache_alloc_node+0x199/0x3e0
[ 54.590443][ T2961] __kmalloc+0x4a/0xd0
[ 54.594496][ T2961] tomoyo_realpath_from_path+0xc3/0x600
[ 54.600033][ T2961] tomoyo_mount_acl+0x14e/0x840
[ 54.604872][ T2961] tomoyo_mount_permission+0x155/0x3f0
[ 54.610319][ T2961] security_sb_mount+0x6a/0xc0
[ 54.615069][ T2961] path_mount+0x133/0x1e20
[ 54.619479][ T2961] __x64_sys_mount+0x283/0x300
[ 54.624234][ T2961] do_syscall_64+0x39/0xb0
[ 54.628638][ T2961] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.634518][ T2961] page last free stack trace:
[ 54.639167][ T2961] free_pcp_prepare+0x65c/0xd90
[ 54.644004][ T2961] free_unref_page+0x1d/0x4d0
[ 54.648666][ T2961] qlist_free_all+0x6a/0x170
[ 54.653244][ T2961] kasan_quarantine_reduce+0x184/0x210
[ 54.658692][ T2961] __kasan_slab_alloc+0x66/0x90
[ 54.663527][ T2961] __kmem_cache_alloc_node+0x2e2/0x3e0
[ 54.668968][ T2961] __kmalloc_node_track_caller+0x4b/0xc0
[ 54.674581][ T2961] kmemdup_nul+0x36/0xb0
[ 54.678813][ T2961] p9_client_create+0x596/0x1070
[ 54.683735][ T2961] v9fs_session_init+0x1e6/0x18b0
[ 54.688743][ T2961] v9fs_mount+0xbe/0xca0
[ 54.692974][ T2961] legacy_get_tree+0x109/0x220
[ 54.697730][ T2961] vfs_get_tree+0x8d/0x2f0
[ 54.702136][ T2961] path_mount+0x132a/0x1e20
[ 54.706633][ T2961] __x64_sys_mount+0x283/0x300
[ 54.711404][ T2961] do_syscall_64+0x39/0xb0
[ 54.715834][ T2961]
[ 54.718149][ T2961] Memory state around the buggy address:
[ 54.723760][ T2961] ffff8880221c4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 54.731804][ T2961] ffff8880221c4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 54.739846][ T2961] >ffff8880221c5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.747885][ T2961] ^
[ 54.751932][ T2961] ffff8880221c5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.759973][ T2961] ffff8880221c5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 54.768012][ T2961] ==================================================================
[ 54.776412][ T2961] Kernel panic - not syncing: panic_on_warn set ...
[ 54.783000][ T2961] CPU: 1 PID: 2961 Comm: kworker/1:3 Not tainted 6.1.0-rc5-syzkaller-00307-gfe24a97cf254 #0
[ 54.793068][ T2961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 54.803108][ T2961] Workqueue: events p9_read_work
[ 54.808046][ T2961] Call Trace:
[ 54.811309][ T2961]
[ 54.814222][ T2961] dump_stack_lvl+0xd1/0x138
[ 54.818805][ T2961] panic+0x2cc/0x626
[ 54.822686][ T2961] ? panic_print_sys_info.part.0+0x110/0x110
[ 54.828654][ T2961] ? preempt_schedule_common+0x59/0xc0
[ 54.834106][ T2961] ? preempt_schedule_thunk+0x1a/0x1c
[ 54.839475][ T2961] end_report.part.0+0x3f/0x7c
[ 54.844225][ T2961] ? _copy_to_iter+0xd18/0x1140
[ 54.849061][ T2961] kasan_report.cold+0xa/0xf
[ 54.853640][ T2961] ? _copy_to_iter+0xd18/0x1140
[ 54.858481][ T2961] kasan_check_range+0x141/0x190
[ 54.863414][ T2961] memcpy+0x3d/0x60
[ 54.867214][ T2961] _copy_to_iter+0xd18/0x1140
[ 54.871878][ T2961] ? _copy_from_iter+0xf40/0xf40
[ 54.876803][ T2961] ? pipe_read+0x13d/0x1110
[ 54.881296][ T2961] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 54.886833][ T2961] ? lock_chain_count+0x20/0x20
[ 54.891679][ T2961] ? page_copy_sane+0x28f/0x410
[ 54.896516][ T2961] copy_page_to_iter+0xe0/0xa20
[ 54.901358][ T2961] pipe_read+0x50e/0x1110
[ 54.905682][ T2961] ? pipe_ioctl+0x2c0/0x2c0
[ 54.910175][ T2961] ? aa_file_perm+0x599/0x1240
[ 54.914927][ T2961] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 54.920903][ T2961] __kernel_read+0x2ca/0x7c0
[ 54.925485][ T2961] ? __ia32_sys_llseek+0x380/0x380
[ 54.930594][ T2961] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 54.936573][ T2961] ? fsnotify_perm.part.0+0x221/0x610
[ 54.941944][ T2961] ? apparmor_file_permission+0x268/0x4e0
[ 54.947678][ T2961] kernel_read+0xc3/0x1c0
[ 54.951995][ T2961] p9_read_work+0x2b0/0x1040
[ 54.956573][ T2961] ? do_raw_spin_lock+0x124/0x2b0
[ 54.961614][ T2961] ? p9_conn_cancel+0x8c0/0x8c0
[ 54.966458][ T2961] process_one_work+0x9bf/0x1710
[ 54.971392][ T2961] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 54.976755][ T2961] ? rwlock_bug.part.0+0x90/0x90
[ 54.981676][ T2961] ? _raw_spin_lock_irq+0x45/0x50
[ 54.986691][ T2961] worker_thread+0x669/0x1090
[ 54.991358][ T2961] ? __kthread_parkme+0x163/0x220
[ 54.996375][ T2961] ? process_one_work+0x1710/0x1710
[ 55.001563][ T2961] kthread+0x2e8/0x3a0
[ 55.005626][ T2961] ? kthread_complete_and_exit+0x40/0x40
[ 55.011245][ T2961] ret_from_fork+0x1f/0x30
[ 55.015659][ T2961]
[ 55.019680][ T2961] Kernel Offset: disabled
[ 55.024077][ T2961] Rebooting in 86400 seconds..