netlink: 3 bytes leftover after parsing attributes in process `syz-executor1'.
==================================================================
BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328
Read of size 1 at addr ffff8801d1867106 by task syz-executor4/15718

CPU: 1 PID: 15718 Comm: syz-executor4 Not tainted 4.15.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_address_description+0x73/0x250 mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report+0x25b/0x340 mm/kasan/report.c:409
 __asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:427
 strcmp+0x96/0xb0 lib/string.c:328
 security_context_to_sid_core+0x437/0x620 security/selinux/ss/services.c:1420
 security_context_to_sid+0x32/0x40 security/selinux/ss/services.c:1479
 selinux_setprocattr+0x51c/0xb50 security/selinux/hooks.c:5985
 security_setprocattr+0x85/0xc0 security/security.c:1264
 proc_pid_attr_write+0x1e6/0x280 fs/proc/base.c:2545
 __vfs_write+0xef/0x970 fs/read_write.c:480
 __kernel_write+0xfe/0x350 fs/read_write.c:501
 write_pipe_buf+0x175/0x220 fs/splice.c:797
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x328/0x730 fs/splice.c:626
 splice_from_pipe+0x1e9/0x330 fs/splice.c:661
 default_file_splice_write+0x40/0x90 fs/splice.c:809
 do_splice_from fs/splice.c:851 [inline]
 direct_splice_actor+0x125/0x180 fs/splice.c:1018
 splice_direct_to_actor+0x2c1/0x820 fs/splice.c:973
 do_splice_direct+0x2a7/0x3d0 fs/splice.c:1061
 do_sendfile+0x5d5/0xe90 fs/read_write.c:1413
 SYSC_sendfile64 fs/read_write.c:1468 [inline]
 SyS_sendfile64+0xbd/0x160 fs/read_write.c:1460
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a39
RSP: 002b:00007efeeef62c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452a39
RDX: 0000000020a74000 RSI: 0000000000000014 RDI: 0000000000000014
RBP: 000000000000044a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000006 R11: 0000000000000212 R12: 00000000006f3790
R13: 00000000ffffffff R14: 00007efeeef636d4 R15: 0000000000000000

Allocated by task 15718:
 save_stack+0x43/0xd0 mm/kasan/kasan.c:447
 set_track mm/kasan/kasan.c:459 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551
 __do_kmalloc mm/slab.c:3711 [inline]
 __kmalloc_track_caller+0x15e/0x760 mm/slab.c:3726
 memdup_user+0x2c/0x90 mm/util.c:164
 proc_pid_attr_write+0x115/0x280 fs/proc/base.c:2534
 __vfs_write+0xef/0x970 fs/read_write.c:480
 __kernel_write+0xfe/0x350 fs/read_write.c:501
 write_pipe_buf+0x175/0x220 fs/splice.c:797
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x328/0x730 fs/splice.c:626
 splice_from_pipe+0x1e9/0x330 fs/splice.c:661
 default_file_splice_write+0x40/0x90 fs/splice.c:809
 do_splice_from fs/splice.c:851 [inline]
 direct_splice_actor+0x125/0x180 fs/splice.c:1018
 splice_direct_to_actor+0x2c1/0x820 fs/splice.c:973
 do_splice_direct+0x2a7/0x3d0 fs/splice.c:1061
 do_sendfile+0x5d5/0xe90 fs/read_write.c:1413
 SYSC_sendfile64 fs/read_write.c:1468 [inline]
 SyS_sendfile64+0xbd/0x160 fs/read_write.c:1460
 entry_SYSCALL_64_fastpath+0x1f/0x96

Freed by task 14231:
 save_stack+0x43/0xd0 mm/kasan/kasan.c:447
 set_track mm/kasan/kasan.c:459 [inline]
 kasan_slab_free+0x71/0xc0 mm/kasan/kasan.c:524
 __cache_free mm/slab.c:3491 [inline]
 kfree+0xca/0x250 mm/slab.c:3806
 single_release+0x88/0xb0 fs/seq_file.c:603
 close_pdeo+0x130/0x420 fs/proc/inode.c:165
 proc_reg_release+0x12b/0x170 fs/proc/inode.c:376
 __fput+0x333/0x7f0 fs/file_table.c:210
 ____fput+0x15/0x20 fs/file_table.c:244
 task_work_run+0x199/0x270 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x296/0x310 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:195 [inline]
 syscall_return_slowpath+0x490/0x550 arch/x86/entry/common.c:264
 entry_SYSCALL_64_fastpath+0x94/0x96

The buggy address belongs to the object at ffff8801d1867100
 which belongs to the cache kmalloc-32 of size 32
The buggy address is located 6 bytes inside of
 32-byte region [ffff8801d1867100, ffff8801d1867120)
The buggy address belongs to the page:
page:00000000ef7f1668 count:1 mapcount:0 mapping:0000000081a85545 index:0xffff8801d1867fc1
flags: 0x2fffc0000000100(slab)
raw: 02fffc0000000100 ffff8801d1867000 ffff8801d1867fc1 000000010000003a
raw: ffffea00072a69a0 ffffea000761ca20 ffff8801db0001c0 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801d1867000: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
 ffff8801d1867080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
>ffff8801d1867100: 06 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
                   ^
 ffff8801d1867180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
 ffff8801d1867200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
==================================================================