================================================================== BUG: KASAN: global-out-of-bounds in do_page_fault+0x36/0xa3c arch/riscv/mm/fault.c:220 Read of size 8 at addr ffffffff858c4c90 by task ksoftirqd/1/19 CPU: 1 PID: 19 Comm: ksoftirqd/1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [] print_address_description.constprop.0+0x2a/0x330 mm/kasan/report.c:255 [] __kasan_report mm/kasan/report.c:442 [inline] [] kasan_report+0x184/0x1e0 mm/kasan/report.c:459 [] check_region_inline mm/kasan/generic.c:183 [inline] [] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256 [] do_page_fault+0x36/0xa3c arch/riscv/mm/fault.c:220 [] ret_from_exception+0x0/0x10 The buggy address belongs to the variable: __lockdep_no_validate__+0x30/0x40 Memory state around the buggy address: ffffffff858c4b80: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 ffffffff858c4c00: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 >ffffffff858c4c80: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffffffff858c4d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff858c4d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Unable to handle kernel paging request at virtual address 0000000000001ffe Oops [#1] Modules linked in: CPU: 1 PID: 19 Comm: ksoftirqd/1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) epc : 0x1ffe ra : 0x1fff epc : 0000000000001ffe ra : 0000000000001fff sp : ffffffff858c4ca0 gp : ffffffff85863ac0 tp : ffffaf8007416100 t0 : 00000000000003e0 t1 : fffff5ef01caf3ca t2 : 0000000000000000 s0 : 49eae69e17928400 s1 : ffffaf800cf49000 a0 : ffffaf800be03080 a1 : ffffaf8007416100 a2 : 1ffff5f000e877fc a3 : ffffaf800be04618 a4 : ffffaf8007417698 a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffaf800e579e53 s2 : ffffaf800cf48000 s3 : ffffaf800cf48a20 s4 : ffffffff866c2920 s5 : ffffaf800cf48c00 s6 : 0000000000001fff s7 : 0000000041b58ab3 s8 : ffffffff8451f630 s9 : ffffffff80110fdc s10: 0000000000000002 s11: 0000000000000014 t3 : fffffffff3f3f300 t4 : fffff5ef01caf3ca t5 : fffff5ef01caf3cb t6 : 0000000000082bbc status: 0000000000000100 badaddr: 0000000000001ffe cause: 000000000000000c