syzbot

SELinux: mount invalid.  Same superblock, different security settings for (dev tracefs, type tracefs)
==================================================================
BUG: KASAN: global-out-of-bounds in strscpy+0x20e/0x2c0 lib/string.c:206
Read of size 8 at addr ffffffff8677b0b8 by task syz-executor.3/7787

CPU: 0 PID: 7787 Comm: syz-executor.3 Not tainted 4.14.113 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c lib/dump_stack.c:53
 print_address_description.cold+0x5/0x1dc mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0xaf/0x2b5 mm/kasan/report.c:393
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:430
 strscpy+0x20e/0x2c0 lib/string.c:206
 prepare_error_buf+0x94/0x1aa0 fs/reiserfs/prints.c:213
 __reiserfs_warning+0x9f/0xb0 fs/reiserfs/prints.c:288
 reiserfs_getopt fs/reiserfs/super.c:1044 [inline]
 reiserfs_parse_options+0xa16/0x1820 fs/reiserfs/super.c:1194
 reiserfs_fill_super+0x461/0x2b20 fs/reiserfs/super.c:1946
 mount_bdev+0x2c1/0x370 fs/super.c:1134
 get_super_block+0x35/0x40 fs/reiserfs/super.c:2605
 mount_fs+0x9d/0x2a7 fs/super.c:1237
 vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x417/0x27d0 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3072
 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45b69a
RSP: 002b:00007f045322fa88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f045322fb40 RCX: 000000000045b69a
RDX: 00007f045322fae0 RSI: 00000000200000c0 RDI: 00007f045322fb00
kobject: 'loop4' (ffff8880a49c81a0): kobject_uevent_env
RBP: 0000000000000005 R08: 00007f045322fb40 R09: 00007f045322fae0
R10: 0000000000000080 R11: 0000000000000206 R12: 0000000000000004
R13: 00000000004c782d R14: 00000000004dd880 R15: 00000000ffffffff
kobject: 'loop4' (ffff8880a49c81a0): fill_kobj_path: path = '/devices/virtual/block/loop4'

The buggy address belongs to the variable:
 __func__.31266+0x798/0x3a60

Memory state around the buggy address:
 ffffffff8677af80: fa fa fa fa 00 02 fa fa fa fa fa fa 00 02 fa fa
 ffffffff8677b000: fa fa fa fa 06 fa fa fa fa fa fa fa 07 fa fa fa
>ffffffff8677b080: fa fa fa fa 00 00 00 02 fa fa fa fa 00 03 fa fa
                                        ^
 ffffffff8677b100: fa fa fa fa 00 00 03 fa fa fa fa fa 00 03 fa fa
 ffffffff8677b180: fa fa fa fa 00 03 fa fa fa fa fa fa 00 00 00 00
==================================================================