syzbot

==================================================================
BUG: KASAN: out-of-bounds in csd_lock_record+0xcb/0xe0 kernel/smp.c:118
Read of size 8 at addr ffffc90001cc7bd0 by task syz-executor262/6818

CPU: 0 PID: 6818 Comm: syz-executor262 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x436 mm/kasan/report.c:383
 __kasan_report mm/kasan/report.c:513 [inline]
 kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
 csd_lock_record+0xcb/0xe0 kernel/smp.c:118
 flush_smp_call_function_queue+0x285/0x730 kernel/smp.c:391
 __sysvec_call_function_single+0x98/0x490 arch/x86/kernel/smp.c:248
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 sysvec_call_function_single+0xe0/0x120 arch/x86/kernel/smp.c:243
 asm_sysvec_call_function_single+0x12/0x20 arch/x86/include/asm/idtentry.h:604
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:765 [inline]
RIP: 0010:lock_acquire+0x270/0xad0 kernel/locking/lockdep.c:4962
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 f8 06 00 00 48 83 3d 6d c1 5a 08 00 0f 84 a6 05 00 00 48 8b 7c 24 08 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 03 44 24 10 48 c7
RSP: 0018:ffffc90000ea7a48 EFLAGS: 00000282
RAX: 1ffffffff1369fe0 RBX: ffff88809096e100 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: e668264dc84383e6 RDI: 0000000000000282
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8c5a7a27
R10: fffffbfff18b4f44 R11: 0000000000000000 R12: 0000000000000002
R13: ffffffff89bc3040 R14: 0000000000000000 R15: ffff88809096e100
 rcu_lock_acquire include/linux/rcupdate.h:241 [inline]
 rcu_read_lock include/linux/rcupdate.h:634 [inline]
 copy_namespaces+0x68/0x470 kernel/nsproxy.c:154
 copy_process+0x2921/0x6b90 kernel/fork.c:2083
 _do_fork+0x12c/0xa70 kernel/fork.c:2425
 __do_sys_clone+0xef/0x150 kernel/fork.c:2581
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x44510a
Code: Bad RIP value.
RSP: 002b:00007ffe4f21aa00 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffe4f21aa00 RCX: 000000000044510a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffe4f21aa40 R08: 0000000000001aa2 R09: 0000000000cf1880
R10: 0000000000cf1b50 R11: 0000000000000246 R12: 0000000000001aa2
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000


Memory state around the buggy address:
 ffffc90001cc7a80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
 ffffc90001cc7b00: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90001cc7b80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
                                                    ^
 ffffc90001cc7c00: 00 f2 f2 f2 00 f2 f2 f2 00 00 f3 f3 00 00 00 00
 ffffc90001cc7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================