================================================================== BUG: KASAN: stack-out-of-bounds in csd_lock_record+0xd2/0xe0 kernel/smp.c:119 Read of size 8 at addr ffffc90000cdfb78 by task systemd-journal/3856 CPU: 1 PID: 3856 Comm: systemd-journal Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x436 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 csd_lock_record+0xd2/0xe0 kernel/smp.c:119 flush_smp_call_function_queue+0x285/0x730 kernel/smp.c:391 __sysvec_call_function_single+0x98/0x490 arch/x86/kernel/smp.c:248 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_call_function_single+0xe0/0x120 arch/x86/kernel/smp.c:243 asm_sysvec_call_function_single+0x12/0x20 arch/x86/include/asm/idtentry.h:604 RIP: 0010:kernfs_refresh_inode+0x32/0x3a0 fs/kernfs/inode.c:172 Code: 41 54 49 89 f4 53 48 89 fb e8 ba 08 8c ff 48 8d bb a0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 0c 03 00 00 48 8d bb 9a 00 00 00 4c 8b ab a0 00 00 00 48 b8 RSP: 0018:ffffc90000e77b20 EFLAGS: 00000246 RAX: dffffc0000000000 RBX: ffff88821b776040 RCX: 0000000000000000 RDX: 1ffff110436eec1c RSI: ffffffff81e7fe46 RDI: ffff88821b7760e0 RBP: ffffc90000e77b40 R08: 0000000000000000 R09: ffffffff89cdc267 R10: fffffbfff139b84c R11: 0000000000000000 R12: ffff888098c049c0 R13: ffff88821b776040 R14: ffff888098c049c2 R15: 736275732f737973 kernfs_iop_permission+0x6a/0xb0 fs/kernfs/inode.c:285 do_inode_permission fs/namei.c:398 [inline] inode_permission.part.0+0x270/0x410 fs/namei.c:463 inode_permission fs/namei.c:444 [inline] may_lookup fs/namei.c:1575 [inline] link_path_walk.part.0+0x7a9/0xc20 fs/namei.c:2125 link_path_walk fs/namei.c:2111 [inline] path_lookupat+0xb7/0x830 fs/namei.c:2332 filename_lookup+0x19f/0x560 fs/namei.c:2366 user_path_at include/linux/namei.h:59 [inline] do_faccessat+0x129/0x820 fs/open.c:423 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f4f942b29c7 Code: Bad RIP value. RSP: 002b:00007ffda1a1c388 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 RAX: ffffffffffffffda RBX: 00007ffda1a1c3c0 RCX: 00007f4f942b29c7 RDX: 0000000000312d35 RSI: 0000000000000000 RDI: 00007ffda1a1c390 RBP: 00007ffda1a1d460 R08: 000055b299ee63c0 R09: 0000000000000120 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffda1a1d480 R13: 000055b299ef13b8 R14: 0000000000000018 R15: 00007ffda1a1c390 Memory state around the buggy address: ffffc90000cdfa00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 ffffc90000cdfa80: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 >ffffc90000cdfb00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 ^ ffffc90000cdfb80: 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 ffffc90000cdfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 ==================================================================