================================================================== BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: wild-memory-access in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: wild-memory-access in __lock_acquire+0xc8b/0x2050 kernel/locking/lockdep.c:5169 Read of size 8 at addr 1fffffff92db9a30 by task syz.2.1789/18282 CPU: 0 UID: 0 PID: 18282 Comm: syz.2.1789 Not tainted 6.11.0-syzkaller-04003-gfc1dc0d50780 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_report+0xe8/0x550 mm/kasan/report.c:491 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] __lock_acquire+0xc8b/0x2050 kernel/locking/lockdep.c:5169 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5822 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378 raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:568 raw_spin_rq_lock kernel/sched/sched.h:1415 [inline] rq_lock kernel/sched/sched.h:1714 [inline] __schedule+0x357/0x4a60 kernel/sched/core.c:6436 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:6851 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707 RIP: 0010:lock_release+0x658/0xa30 kernel/locking/lockdep.c:5847 Code: 3c 3b 00 74 08 4c 89 f7 e8 15 1f 8b 00 f6 84 24 91 00 00 00 02 75 77 41 f7 c5 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 27 00 00 00 00 4b c7 44 27 08 00 00 00 00 65 48 8b 04 25 RSP: 0018:ffffc90004447760 EFLAGS: 00000206 RAX: 0000000000000001 RBX: 1ffff92000888efe RCX: ffffc90004447703 RDX: 0000000000000001 RSI: ffffffff8c0aea60 RDI: ffffffff8c60ac40 RBP: ffffc900044478a0 R08: ffffffff901bb8ef R09: 1ffffffff203771d R10: dffffc0000000000 R11: fffffbfff203771e R12: 1ffff92000888ef8 R13: 0000000000000246 R14: ffffc900044477f0 R15: dffffc0000000000 might_alloc include/linux/sched/mm.h:334 [inline] slab_pre_alloc_hook mm/slub.c:3940 [inline] slab_alloc_node mm/slub.c:4018 [inline] kmem_cache_alloc_noprof+0x3d/0x2a0 mm/slub.c:4045 alloc_empty_file+0x9e/0x1d0 fs/file_table.c:209 path_openat+0x107/0x3590 fs/namei.c:3919 do_filp_open+0x235/0x490 fs/namei.c:3960 do_sys_openat2+0x13e/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_openat fs/open.c:1446 [inline] __se_sys_openat fs/open.c:1441 [inline] __x64_sys_openat+0x247/0x2a0 fs/open.c:1441 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdff397c890 Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44 RSP: 002b:00007fdff33bcf60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdff397c890 RDX: 0000000000000000 RSI: 00007fdff39f0c8e RDI: 00000000ffffff9c RBP: 00007fdff39f0c8e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fdff3b36130 R15: 00007ffec2d623c8 ================================================================== ---------------- Code disassembly (best guess): 0: 3c 3b cmp $0x3b,%al 2: 00 74 08 4c add %dh,0x4c(%rax,%rcx,1) 6: 89 f7 mov %esi,%edi 8: e8 15 1f 8b 00 call 0x8b1f22 d: f6 84 24 91 00 00 00 testb $0x2,0x91(%rsp) 14: 02 15: 75 77 jne 0x8e 17: 41 f7 c5 00 02 00 00 test $0x200,%r13d 1e: 74 01 je 0x21 20: fb sti 21: 48 c7 44 24 60 0e 36 movq $0x45e0360e,0x60(%rsp) 28: e0 45 * 2a: 4b c7 04 27 00 00 00 movq $0x0,(%r15,%r12,1) <-- trapping instruction 31: 00 32: 4b c7 44 27 08 00 00 movq $0x0,0x8(%r15,%r12,1) 39: 00 00 3b: 65 gs 3c: 48 rex.W 3d: 8b .byte 0x8b 3e: 04 25 add $0x25,%al