================================================================== BUG: KASAN: out-of-bounds in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: out-of-bounds in atomic_dec include/linux/atomic/atomic-instrumented.h:244 [inline] BUG: KASAN: out-of-bounds in put_bh include/linux/buffer_head.h:319 [inline] BUG: KASAN: out-of-bounds in end_buffer_read_sync+0x3c/0x94 fs/buffer.c:160 Write of size 4 at addr ffff800022f17660 by task ksoftirqd/1/20 CPU: 1 PID: 20 Comm: ksoftirqd/1 Not tainted 5.15.186-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call trace: dump_backtrace+0x0/0x43c arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack+0x30/0x40 lib/dump_stack.c:88 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106 print_address_description+0x78/0x30c mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0xec/0x15c mm/kasan/report.c:451 check_region_inline mm/kasan/generic.c:-1 [inline] kasan_check_range+0x270/0x2b0 mm/kasan/generic.c:189 __kasan_check_write+0x44/0x54 mm/kasan/shadow.c:37 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_dec include/linux/atomic/atomic-instrumented.h:244 [inline] put_bh include/linux/buffer_head.h:319 [inline] end_buffer_read_sync+0x3c/0x94 fs/buffer.c:160 end_bio_bh_io_sync+0xb0/0x1b4 fs/buffer.c:3007 bio_endio+0x744/0x788 block/bio.c:1475 req_bio_endio block/blk-core.c:261 [inline] blk_update_request+0x7a4/0x1100 block/blk-core.c:1441 blk_mq_end_request+0x54/0x88 block/blk-mq.c:575 lo_complete_rq+0x1ec/0x250 drivers/block/loop.c:529 blk_complete_reqs block/blk-mq.c:587 [inline] blk_done_softirq+0x11c/0x168 block/blk-mq.c:592 handle_softirqs+0x344/0xbf0 kernel/softirq.c:576 run_ksoftirqd+0x7c/0x2a0 kernel/softirq.c:943 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 Memory state around the buggy address: ffff800022f17500: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffff800022f17580: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffff800022f17600: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffff800022f17680: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffff800022f17700: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ================================================================== Unable to handle kernel paging request at virtual address ffff800022f17660 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000007 CM = 0, WnR = 0 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000002113a9000 [ffff800022f17660] pgd=100000023ffff003, p4d=100000023ffff003, pud=100000023fffe003, pmd=1000000109cfe003, pte=0000000000000000 Internal error: Oops: 0000000096000007 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 20 Comm: ksoftirqd/1 Tainted: G B 5.15.186-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __lse_atomic_sub arch/arm64/include/asm/atomic_lse.h:113 [inline] pc : arch_atomic_sub arch/arm64/include/asm/atomic.h:30 [inline] pc : arch_atomic_dec include/linux/atomic/atomic-arch-fallback.h:525 [inline] pc : atomic_dec include/linux/atomic/atomic-instrumented.h:245 [inline] pc : put_bh include/linux/buffer_head.h:319 [inline] pc : end_buffer_read_sync+0x50/0x94 fs/buffer.c:160 lr : __lse_atomic_sub arch/arm64/include/asm/atomic_lse.h:113 [inline] lr : arch_atomic_sub arch/arm64/include/asm/atomic.h:30 [inline] lr : arch_atomic_dec include/linux/atomic/atomic-arch-fallback.h:525 [inline] lr : atomic_dec include/linux/atomic/atomic-instrumented.h:245 [inline] lr : put_bh include/linux/buffer_head.h:319 [inline] lr : end_buffer_read_sync+0x48/0x94 fs/buffer.c:160 sp : ffff80001b387a90 x29: ffff80001b387a90 x28: ffff80001415d310 x27: ffff80000a5add1c x26: 1fffe0001a776671 x25: 1fffe0001a776672 x24: dfff800000000000 x23: ffff0000cba73458 x22: ffff8000089d235c x21: 0000000000000001 x20: ffff800022f17600 x19: ffff800022f17660 x18: 0000000000000101 x17: 0000000000000000 x16: ffff8000082d6448 x15: 0000000000000063 x14: 0000000000ff0100 x13: 746e696174206c65 x12: 0000000000ff0100 x11: 0000000000000100 x10: 0000000000000000 x9 : ffff8000089d23a4 x8 : 00000000ffffffff x7 : 0000000000000000 x6 : ffff8000082f6fc4 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800008185e38 x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000 Call trace: __lse_atomic_sub arch/arm64/include/asm/atomic_lse.h:113 [inline] arch_atomic_sub arch/arm64/include/asm/atomic.h:30 [inline] arch_atomic_dec include/linux/atomic/atomic-arch-fallback.h:525 [inline] atomic_dec include/linux/atomic/atomic-instrumented.h:245 [inline] put_bh include/linux/buffer_head.h:319 [inline] end_buffer_read_sync+0x50/0x94 fs/buffer.c:160 end_bio_bh_io_sync+0xb0/0x1b4 fs/buffer.c:3007 bio_endio+0x744/0x788 block/bio.c:1475 req_bio_endio block/blk-core.c:261 [inline] blk_update_request+0x7a4/0x1100 block/blk-core.c:1441 blk_mq_end_request+0x54/0x88 block/blk-mq.c:575 lo_complete_rq+0x1ec/0x250 drivers/block/loop.c:529 blk_complete_reqs block/blk-mq.c:587 [inline] blk_done_softirq+0x11c/0x168 block/blk-mq.c:592 handle_softirqs+0x344/0xbf0 kernel/softirq.c:576 run_ksoftirqd+0x7c/0x2a0 kernel/softirq.c:943 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164 kthread+0x374/0x454 kernel/kthread.c:334 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:855 Code: d503201f 97ea9faf 52800028 4b0803e8 (b828027f) ---[ end trace 88972e16b128dcec ]--- ---------------- Code disassembly (best guess): 0: d503201f nop 4: 97ea9faf bl 0xffffffffffaa7ec0 8: 52800028 mov w8, #0x1 // #1 c: 4b0803e8 neg w8, w8 * 10: b828027f stadd w8, [x19] <-- trapping instruction