==================================================================
BUG: KASAN: slab-out-of-bounds in mqueue_get_tree+0x2ac/0x2e0 ipc/mqueue.c:362
Read of size 8 at addr ffff88015b930028 by task syz-executor1/14932

CPU: 1 PID: 14932 Comm: syz-executor1 Not tainted 4.19.0-rc3-next-20180912+ #72
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d3/0x2c4 lib/dump_stack.c:113
 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
 mqueue_get_tree+0x2ac/0x2e0 ipc/mqueue.c:362
 vfs_get_tree+0x1cb/0x5c0 fs/super.c:1787
 mq_create_mount+0xe3/0x190 ipc/mqueue.c:415
 mq_init_ns+0x15a/0x210 ipc/mqueue.c:1621
 create_ipc_ns ipc/namespace.c:58 [inline]
 copy_ipcs+0x3d2/0x580 ipc/namespace.c:84
 create_new_namespaces+0x376/0x900 kernel/nsproxy.c:87
 unshare_nsproxy_namespaces+0xc3/0x1f0 kernel/nsproxy.c:206
 ksys_unshare+0x79c/0x10b0 kernel/fork.c:2535
 __do_sys_unshare kernel/fork.c:2603 [inline]
 __se_sys_unshare kernel/fork.c:2601 [inline]
 __x64_sys_unshare+0x31/0x40 kernel/fork.c:2601
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459d87
Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 3d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 1d 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffcbc8e3458 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459d87
RDX: 0000000000000000 RSI: 00007ffcbc8e3460 RDI: 0000000008000000
RBP: 0000000000930b28 R08: 0000000000000000 R09: 0000000000000018
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000010
R13: 0000000000412cc0 R14: 0000000000000000 R15: 0000000000000000

Allocated by task 0:
(stack is not available)

Freed by task 0:
(stack is not available)

The buggy address belongs to the object at ffff88015b930000
 which belongs to the cache taskstats of size 328
The buggy address is located 40 bytes inside of
 328-byte region [ffff88015b930000, ffff88015b930148)
The buggy address belongs to the page:
page:ffffea00056e4c00 count:1 mapcount:0 mapping:ffff8801d9a04ac0 index:0x0
flags: 0x2fffc0000000100(slab)
raw: 02fffc0000000100 ffffea0007052bc8 ffff8801d9a03648 ffff8801d9a04ac0
raw: 0000000000000000 ffff88015b930000 000000010000000a 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88015b92ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88015b92ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88015b930000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                  ^
 ffff88015b930080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88015b930100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================