================================================================== BUG: KASAN: out-of-bounds in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: out-of-bounds in atomic_dec include/linux/atomic/atomic-instrumented.h:244 [inline] BUG: KASAN: out-of-bounds in put_bh include/linux/buffer_head.h:319 [inline] BUG: KASAN: out-of-bounds in end_buffer_read_sync+0x3c/0x94 fs/buffer.c:160 Write of size 4 at addr ffff80001d4175c0 by task ksoftirqd/1/20 CPU: 1 PID: 20 Comm: ksoftirqd/1 Not tainted 5.15.149-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0x174/0x1e4 mm/kasan/report.c:451 kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189 __kasan_check_write+0x44/0x54 mm/kasan/shadow.c:37 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_dec include/linux/atomic/atomic-instrumented.h:244 [inline] put_bh include/linux/buffer_head.h:319 [inline] end_buffer_read_sync+0x3c/0x94 fs/buffer.c:160 end_bio_bh_io_sync+0xb0/0x1b4 fs/buffer.c:3007 bio_endio+0x780/0x7c4 block/bio.c:1475 req_bio_endio block/blk-core.c:261 [inline] blk_update_request+0x79c/0x1304 block/blk-core.c:1441 blk_mq_end_request+0x54/0x88 block/blk-mq.c:575 lo_complete_rq+0x140/0x258 drivers/block/loop.c:529 blk_complete_reqs block/blk-mq.c:587 [inline] blk_done_softirq+0x11c/0x168 block/blk-mq.c:592 __do_softirq+0x344/0xdb0 kernel/softirq.c:558 run_ksoftirqd+0x68/0x258 kernel/softirq.c:921 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164 kthread+0x37c/0x45c kernel/kthread.c:319 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 Memory state around the buggy address: ffff80001d417480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff80001d417500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff80001d417580: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffff80001d417600: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffff80001d417680: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ================================================================== Unable to handle kernel paging request at virtual address ffff80001d4175c0 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000007 CM = 0, WnR = 0 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001b495b000 [ffff80001d4175c0] pgd=100000023ffff003, p4d=100000023ffff003, pud=100000023fffe003, pmd=1000000108199003, pte=0000000000000000 Internal error: Oops: 0000000096000007 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 20 Comm: ksoftirqd/1 Tainted: G B 5.15.149-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __lse_atomic_sub arch/arm64/include/asm/atomic_lse.h:113 [inline] pc : arch_atomic_sub arch/arm64/include/asm/atomic.h:30 [inline] pc : arch_atomic_dec include/linux/atomic/atomic-arch-fallback.h:525 [inline] pc : atomic_dec include/linux/atomic/atomic-instrumented.h:245 [inline] pc : put_bh include/linux/buffer_head.h:319 [inline] pc : end_buffer_read_sync+0x50/0x94 fs/buffer.c:160 lr : arch_atomic_sub arch/arm64/include/asm/atomic.h:30 [inline] lr : arch_atomic_dec include/linux/atomic/atomic-arch-fallback.h:525 [inline] lr : atomic_dec include/linux/atomic/atomic-instrumented.h:245 [inline] lr : put_bh include/linux/buffer_head.h:319 [inline] lr : end_buffer_read_sync+0x48/0x94 fs/buffer.c:160 sp : ffff8000189e7aa0 x29: ffff8000189e7aa0 x28: ffff80001491d310 x27: ffff0000c0498000 x26: 1fffe00019fb8831 x25: ffff80000a7c770c x24: dfff800000000000 x23: 0000000000000680 x22: ffff800008a6798c x21: 0000000000000001 x20: ffff80001d417560 x19: ffff80001d4175c0 x18: 0000000000000102 x17: 0000000000000000 x16: ffff80000824c658 x15: 00000000ffffffff x14: ffff0000c0a78000 x13: 0000000000000001 x12: ffff700002de4b64 x11: 0000000000000100 x10: 0000000000000000 x9 : ffff0000c0a78000 x8 : 00000000ffffffff x7 : 0000000000000000 x6 : 0000000000000001 x5 : ffff8000189e7138 x4 : 0000000000000000 x3 : ffff80000819b844 x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000 Call trace: __lse_atomic_sub arch/arm64/include/asm/atomic_lse.h:113 [inline] arch_atomic_sub arch/arm64/include/asm/atomic.h:30 [inline] arch_atomic_dec include/linux/atomic/atomic-arch-fallback.h:525 [inline] atomic_dec include/linux/atomic/atomic-instrumented.h:245 [inline] put_bh include/linux/buffer_head.h:319 [inline] end_buffer_read_sync+0x50/0x94 fs/buffer.c:160 end_bio_bh_io_sync+0xb0/0x1b4 fs/buffer.c:3007 bio_endio+0x780/0x7c4 block/bio.c:1475 req_bio_endio block/blk-core.c:261 [inline] blk_update_request+0x79c/0x1304 block/blk-core.c:1441 blk_mq_end_request+0x54/0x88 block/blk-mq.c:575 lo_complete_rq+0x140/0x258 drivers/block/loop.c:529 blk_complete_reqs block/blk-mq.c:587 [inline] blk_done_softirq+0x11c/0x168 block/blk-mq.c:592 __do_softirq+0x344/0xdb0 kernel/softirq.c:558 run_ksoftirqd+0x68/0x258 kernel/softirq.c:921 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164 kthread+0x37c/0x45c kernel/kthread.c:319 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870 Code: d503201f 97e966aa 52800028 4b0803e8 (b828027f) ---[ end trace 00929dc6dfd5e6e3 ]--- ---------------- Code disassembly (best guess): 0: d503201f nop 4: 97e966aa bl 0xffffffffffa59aac 8: 52800028 mov w8, #0x1 // #1 c: 4b0803e8 neg w8, w8 * 10: b828027f stadd w8, [x19] <-- trapping instruction