================================================================== BUG: KASAN: stack-out-of-bounds in csd_lock_wait_toolong kernel/smp.c:184 [inline] BUG: KASAN: stack-out-of-bounds in csd_lock_wait kernel/smp.c:221 [inline] BUG: KASAN: stack-out-of-bounds in smp_call_function_single+0x106c/0x1080 kernel/smp.c:507 Read of size 8 at addr ffffc900051b7bd8 by task syz-executor.2/28239 CPU: 0 PID: 28239 Comm: syz-executor.2 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x436 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 csd_lock_wait_toolong kernel/smp.c:184 [inline] csd_lock_wait kernel/smp.c:221 [inline] smp_call_function_single+0x106c/0x1080 kernel/smp.c:507 smp_call_function_many_cond+0x1aa/0x1540 kernel/smp.c:643 smp_call_function_many kernel/smp.c:706 [inline] smp_call_function kernel/smp.c:728 [inline] on_each_cpu+0x4a/0x240 kernel/smp.c:828 clock_was_set+0x18/0x20 kernel/time/hrtimer.c:872 do_settimeofday64 kernel/time/timekeeping.c:1257 [inline] do_settimeofday64+0x350/0x4e0 kernel/time/timekeeping.c:1223 do_sys_settimeofday64 kernel/time/time.c:195 [inline] do_sys_settimeofday64+0x1de/0x260 kernel/time/time.c:169 __do_sys_clock_settime kernel/time/posix-timers.c:1079 [inline] __se_sys_clock_settime kernel/time/posix-timers.c:1067 [inline] __x64_sys_clock_settime+0x197/0x260 kernel/time/posix-timers.c:1067 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45cb29 Code: Bad RIP value. RSP: 002b:00007f5f70bb4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3 RAX: ffffffffffffffda RBX: 00000000004db560 RCX: 000000000045cb29 RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000000 RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 000000000000007b R14: 00000000004c34ac R15: 00007f5f70bb56d4 Memory state around the buggy address: ffffc900051b7a80: 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 ffffc900051b7b00: 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 >ffffc900051b7b80: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 ^ ffffc900051b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc900051b7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 ==================================================================