================================================================== BUG: KASAN: use-after-free in schedule_debug kernel/sched/core.c:3883 [inline] BUG: KASAN: use-after-free in __schedule+0xf6/0x1700 kernel/sched/core.c:4016 Read of size 8 at addr ffff8881867e8000 by task syz-executor.1/13471 CPU: 0 PID: 13471 Comm: syz-executor.1 Tainted: G W 5.4.28-syzkaller-00758-g8398205ce446 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b0/0x228 lib/dump_stack.c:118 print_address_description+0x96/0x5d0 mm/kasan/report.c:374 __kasan_report+0x14b/0x1c0 mm/kasan/report.c:506 kasan_report+0x26/0x50 mm/kasan/common.c:634 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:132 schedule_debug kernel/sched/core.c:3883 [inline] __schedule+0xf6/0x1700 kernel/sched/core.c:4016 preempt_schedule_common kernel/sched/core.c:4232 [inline] preempt_schedule+0xcd/0x110 kernel/sched/core.c:4257 ___preempt_schedule+0x16/0x20 arch/x86/entry/thunk_64.S:50 __raw_read_unlock include/linux/rwlock_api_smp.h:227 [inline] _raw_read_unlock+0x2c/0x30 kernel/locking/spinlock.c:255 security_compute_sid+0x122f/0x1be0 security/selinux/ss/services.c:1857 security_transition_sid+0x7d/0x90 security/selinux/ss/services.c:1880 selinux_determine_inode_label security/selinux/hooks.c:1805 [inline] may_create+0x5e0/0x930 security/selinux/hooks.c:1840 selinux_inode_symlink+0x22/0x30 security/selinux/hooks.c:2975 security_inode_symlink+0xa8/0x130 security/security.c:1140 vfs_symlink2+0x2f1/0x4f0 fs/namei.c:4260 do_symlinkat+0x1b6/0x3f0 fs/namei.c:4297 __do_sys_symlink fs/namei.c:4316 [inline] __se_sys_symlink fs/namei.c:4314 [inline] __x64_sys_symlink+0x60/0x70 fs/namei.c:4314 do_syscall_64+0xc0/0x100 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45c577 Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 6d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd375e5bb8 EFLAGS: 00000206 ORIG_RAX: 0000000000000058 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c577 RDX: 00007ffd375e5c53 RSI: 00000000004c2385 RDI: 00007ffd375e5c40 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013 R10: 0000000000000075 R11: 0000000000000206 R12: 0000000000000001 R13: 00007ffd375e5bf0 R14: 0000000000000000 R15: 00007ffd375e5c00 The buggy address belongs to the page: page:ffffea000619fa00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x8000000000000000() raw: 8000000000000000 ffffea00065cfac8 ffff8881dba35ad0 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881867e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8881867e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8881867e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8881867e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8881867e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================