==================================================================
BUG: KASAN: use-after-free in schedule_debug kernel/sched/core.c:3883 [inline]
BUG: KASAN: use-after-free in __schedule+0xf6/0x1700 kernel/sched/core.c:4016
Read of size 8 at addr ffff8881867e8000 by task syz-executor.1/13471
CPU: 0 PID: 13471 Comm: syz-executor.1 Tainted: G W 5.4.28-syzkaller-00758-g8398205ce446 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b0/0x228 lib/dump_stack.c:118
print_address_description+0x96/0x5d0 mm/kasan/report.c:374
__kasan_report+0x14b/0x1c0 mm/kasan/report.c:506
kasan_report+0x26/0x50 mm/kasan/common.c:634
__asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:132
schedule_debug kernel/sched/core.c:3883 [inline]
__schedule+0xf6/0x1700 kernel/sched/core.c:4016
preempt_schedule_common kernel/sched/core.c:4232 [inline]
preempt_schedule+0xcd/0x110 kernel/sched/core.c:4257
___preempt_schedule+0x16/0x20 arch/x86/entry/thunk_64.S:50
__raw_read_unlock include/linux/rwlock_api_smp.h:227 [inline]
_raw_read_unlock+0x2c/0x30 kernel/locking/spinlock.c:255
security_compute_sid+0x122f/0x1be0 security/selinux/ss/services.c:1857
security_transition_sid+0x7d/0x90 security/selinux/ss/services.c:1880
selinux_determine_inode_label security/selinux/hooks.c:1805 [inline]
may_create+0x5e0/0x930 security/selinux/hooks.c:1840
selinux_inode_symlink+0x22/0x30 security/selinux/hooks.c:2975
security_inode_symlink+0xa8/0x130 security/security.c:1140
vfs_symlink2+0x2f1/0x4f0 fs/namei.c:4260
do_symlinkat+0x1b6/0x3f0 fs/namei.c:4297
__do_sys_symlink fs/namei.c:4316 [inline]
__se_sys_symlink fs/namei.c:4314 [inline]
__x64_sys_symlink+0x60/0x70 fs/namei.c:4314
do_syscall_64+0xc0/0x100 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45c577
Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 6d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd375e5bb8 EFLAGS: 00000206 ORIG_RAX: 0000000000000058
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c577
RDX: 00007ffd375e5c53 RSI: 00000000004c2385 RDI: 00007ffd375e5c40
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013
R10: 0000000000000075 R11: 0000000000000206 R12: 0000000000000001
R13: 00007ffd375e5bf0 R14: 0000000000000000 R15: 00007ffd375e5c00
The buggy address belongs to the page:
page:ffffea000619fa00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x8000000000000000()
raw: 8000000000000000 ffffea00065cfac8 ffff8881dba35ad0 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881867e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8881867e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8881867e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff8881867e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8881867e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================