IPVS: Creating netns size=2536 id=1 ================================================================== BUG: KASAN: use-after-free in take_option security/selinux/hooks.c:2634 [inline] BUG: KASAN: use-after-free in selinux_sb_copy_data+0x25f/0x390 security/selinux/hooks.c:2689 Write of size 10 at addr ffff8801da1ee000 by task syz-executor0/3789 CPU: 0 PID: 3789 Comm: syz-executor0 Not tainted 4.9.92-g13b40d3 #12 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801b6c0f4b0 ffffffff81d95109 ffffea0007687b80 ffff8801da1ee000 0000000000000001 ffff8801da1ee000 dffffc0000000000 ffff8801b6c0f4e8 ffffffff8153d5d3 ffff8801da1ee000 000000000000000a 0000000000000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] print_address_description+0x73/0x280 mm/kasan/report.c:256 [] kasan_report_error mm/kasan/report.c:355 [inline] [] kasan_report+0x255/0x380 mm/kasan/report.c:412 [] check_memory_region_inline mm/kasan/kasan.c:318 [inline] [] check_memory_region+0x137/0x190 mm/kasan/kasan.c:325 [] memcpy+0x37/0x50 mm/kasan/kasan.c:361 [] take_option security/selinux/hooks.c:2634 [inline] [] selinux_sb_copy_data+0x25f/0x390 security/selinux/hooks.c:2689 [] security_sb_copy_data+0x75/0xb0 security/security.c:283 [] parse_security_options+0x36/0x90 fs/btrfs/super.c:1493 [] btrfs_mount+0xa02/0x2c00 fs/btrfs/super.c:1572 [] mount_fs+0x27f/0x350 fs/super.c:1206 [] vfs_kern_mount.part.21+0xd0/0x3e0 fs/namespace.c:991 [] vfs_kern_mount+0x40/0x60 fs/namespace.c:973 [] mount_subvol fs/btrfs/super.c:1395 [inline] [] btrfs_mount+0x2ee/0x2c00 fs/btrfs/super.c:1566 [] mount_fs+0x27f/0x350 fs/super.c:1206 [] vfs_kern_mount.part.21+0xd0/0x3e0 fs/namespace.c:991 [] vfs_kern_mount fs/namespace.c:2509 [inline] [] do_new_mount fs/namespace.c:2512 [inline] [] do_mount+0x3e1/0x28b0 fs/namespace.c:2834 [] C_SYSC_mount fs/compat.c:810 [inline] [] compat_SyS_mount+0xd0/0x1070 fs/compat.c:775 [] do_syscall_32_irqs_on arch/x86/entry/common.c:325 [inline] [] do_fast_syscall_32+0x2f5/0x870 arch/x86/entry/common.c:387 [] entry_SYSENTER_compat+0x90/0xa2 arch/x86/entry/entry_64_compat.S:137 The buggy address belongs to the page: page:ffffea0007687b80 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x8000000000000000() page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801da1edf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8801da1edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8801da1ee000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff8801da1ee080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff8801da1ee100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================