==================================================================
BUG: KASAN: stack-out-of-bounds in csd_lock_record+0xd2/0xe0 kernel/smp.c:119
Read of size 8 at addr ffffc90000cdfb78 by task systemd-journal/3856

CPU: 1 PID: 3856 Comm: systemd-journal Not tainted 5.8.0-rc3-next-20200703-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x436 mm/kasan/report.c:383
 __kasan_report mm/kasan/report.c:513 [inline]
 kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
 csd_lock_record+0xd2/0xe0 kernel/smp.c:119
 flush_smp_call_function_queue+0x285/0x730 kernel/smp.c:391
 __sysvec_call_function_single+0x98/0x490 arch/x86/kernel/smp.c:248
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 sysvec_call_function_single+0xe0/0x120 arch/x86/kernel/smp.c:243
 asm_sysvec_call_function_single+0x12/0x20 arch/x86/include/asm/idtentry.h:604
RIP: 0010:kernfs_refresh_inode+0x32/0x3a0 fs/kernfs/inode.c:172
Code: 41 54 49 89 f4 53 48 89 fb e8 ba 08 8c ff 48 8d bb a0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 0c 03 00 00 48 8d bb 9a 00 00 00 4c 8b ab a0 00 00 00 48 b8
RSP: 0018:ffffc90000e77b20 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff88821b776040 RCX: 0000000000000000
RDX: 1ffff110436eec1c RSI: ffffffff81e7fe46 RDI: ffff88821b7760e0
RBP: ffffc90000e77b40 R08: 0000000000000000 R09: ffffffff89cdc267
R10: fffffbfff139b84c R11: 0000000000000000 R12: ffff888098c049c0
R13: ffff88821b776040 R14: ffff888098c049c2 R15: 736275732f737973
 kernfs_iop_permission+0x6a/0xb0 fs/kernfs/inode.c:285
 do_inode_permission fs/namei.c:398 [inline]
 inode_permission.part.0+0x270/0x410 fs/namei.c:463
 inode_permission fs/namei.c:444 [inline]
 may_lookup fs/namei.c:1575 [inline]
 link_path_walk.part.0+0x7a9/0xc20 fs/namei.c:2125
 link_path_walk fs/namei.c:2111 [inline]
 path_lookupat+0xb7/0x830 fs/namei.c:2332
 filename_lookup+0x19f/0x560 fs/namei.c:2366
 user_path_at include/linux/namei.h:59 [inline]
 do_faccessat+0x129/0x820 fs/open.c:423
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f4f942b29c7
Code: Bad RIP value.
RSP: 002b:00007ffda1a1c388 EFLAGS: 00000246 ORIG_RAX: 0000000000000015
RAX: ffffffffffffffda RBX: 00007ffda1a1c3c0 RCX: 00007f4f942b29c7
RDX: 0000000000312d35 RSI: 0000000000000000 RDI: 00007ffda1a1c390
RBP: 00007ffda1a1d460 R08: 000055b299ee63c0 R09: 0000000000000120
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffda1a1d480
R13: 000055b299ef13b8 R14: 0000000000000018 R15: 00007ffda1a1c390


Memory state around the buggy address:
 ffffc90000cdfa00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
 ffffc90000cdfa80: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00
>ffffc90000cdfb00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
                                                                ^
 ffffc90000cdfb80: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
 ffffc90000cdfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
==================================================================