=================
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline]
BUG: KASAN: null-ptr-deref in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
BUG: KASAN: null-ptr-deref in buffer_busy fs/buffer.c:2886 [inline]
BUG: KASAN: null-ptr-deref in drop_buffers+0x70/0x468 fs/buffer.c:2898
Read of size 4 at addr 0000000000000060 by task syz.8.7353/8459

CPU: 0 UID: 0 PID: 8459 Comm: syz.8.7353 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 print_report+0x58/0x84 mm/kasan/report.c:485
 kasan_report+0xb0/0x110 mm/kasan/report.c:595
 check_region_inline mm/kasan/generic.c:-1 [inline]
 kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:200
 __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 buffer_busy fs/buffer.c:2886 [inline]
 drop_buffers+0x70/0x468 fs/buffer.c:2898
 try_to_free_buffers+0x15c/0x244 fs/buffer.c:2952
 filemap_release_folio+0x1ec/0x248 mm/filemap.c:4495
 shrink_folio_list+0x16b8/0x4528 mm/vmscan.c:1484
 shrink_inactive_list mm/vmscan.c:2016 [inline]
 shrink_list mm/vmscan.c:2253 [inline]
 shrink_lruvec+0x1114/0x2244 mm/vmscan.c:5818
 shrink_node_memcgs mm/vmscan.c:6020 [inline]
 shrink_node+0xdd4/0x20bc mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x55c/0x1440 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x2c4/0x978 mm/vmscan.c:6690
 try_charge_memcg+0x640/0xc00 mm/memcontrol.c:2388
 obj_cgroup_charge_pages mm/memcontrol.c:2823 [inline]
 __memcg_kmem_charge_page+0x174/0x2dc mm/memcontrol.c:2867
 __alloc_frozen_pages_noprof+0x1ac/0x318 mm/page_alloc.c:5227
 alloc_pages_mpol+0x1e4/0x460 mm/mempolicy.c:2486
 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline]
 alloc_pages_noprof+0xe0/0x308 mm/mempolicy.c:2577
 vm_area_alloc_pages mm/vmalloc.c:3718 [inline]
 __vmalloc_area_node mm/vmalloc.c:3863 [inline]
 __vmalloc_node_range_noprof+0xab8/0x132c mm/vmalloc.c:4051
 __bpf_map_area_alloc+0x1b4/0x230 kernel/bpf/syscall.c:401
 bpf_map_area_alloc+0x2c/0x3c kernel/bpf/syscall.c:408
 array_map_alloc+0x210/0x5b8 kernel/bpf/arraymap.c:142
 map_create+0x7a0/0x1254 kernel/bpf/syscall.c:1514
 __sys_bpf+0x21c/0x638 kernel/bpf/syscall.c:6146
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:6272
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
==================================================================
Unable to handle kernel paging request at virtual address dfff80000000000c
KASAN: null-ptr-deref in range [0x0000000000000060-0x0000000000000067]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff80000000000c] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1]  SMP
Modules linked in:
CPU: 0 UID: 0 PID: 8459 Comm: syz.8.7353 Tainted: G    B        L      syzkaller #0 PREEMPT 
Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline]
pc : atomic_read include/linux/atomic/atomic-instrumented.h:33 [inline]
pc : buffer_busy fs/buffer.c:2886 [inline]
pc : drop_buffers+0x7c/0x468 fs/buffer.c:2898
lr : instrument_atomic_read include/linux/instrumented.h:68 [inline]
lr : atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
lr : buffer_busy fs/buffer.c:2886 [inline]
lr : drop_buffers+0x70/0x468 fs/buffer.c:2898
sp : ffff80009d806590
x29: ffff80009d8065c0 x28: ffff0000d345ee88 x27: dfff800000000000
x26: 1fffffbff8931a51 x25: 1fffffbff8931a50 x24: 1fffffbff8931a51
x23: 0000000000000000 x22: dfff800000000000 x21: fffffdffc498d280
x20: 0000000000000060 x19: 0000000000000000 x18: 1fffe0003377d090
x17: ffff80008f86e000 x16: ffff800082e5e68c x15: 0000000000000001
x14: 1ffff0001261fd18 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000080000 x10: 000000000007ffff x9 : 0000000000000003
x8 : 000000000000000c x7 : 0000000000000000 x6 : ffff80008049ea88
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000803c8c30
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline] (P)
 atomic_read include/linux/atomic/atomic-instrumented.h:33 [inline] (P)
 buffer_busy fs/buffer.c:2886 [inline] (P)
 drop_buffers+0x7c/0x468 fs/buffer.c:2898 (P)
 try_to_free_buffers+0x15c/0x244 fs/buffer.c:2952
 filemap_release_folio+0x1ec/0x248 mm/filemap.c:4495
 shrink_folio_list+0x16b8/0x4528 mm/vmscan.c:1484
 shrink_inactive_list mm/vmscan.c:2016 [inline]
 shrink_list mm/vmscan.c:2253 [inline]
 shrink_lruvec+0x1114/0x2244 mm/vmscan.c:5818
 shrink_node_memcgs mm/vmscan.c:6020 [inline]
 shrink_node+0xdd4/0x20bc mm/vmscan.c:6061
 shrink_zones mm/vmscan.c:6300 [inline]
 do_try_to_free_pages+0x55c/0x1440 mm/vmscan.c:6362
 try_to_free_mem_cgroup_pages+0x2c4/0x978 mm/vmscan.c:6690
 try_charge_memcg+0x640/0xc00 mm/memcontrol.c:2388
 obj_cgroup_charge_pages mm/memcontrol.c:2823 [inline]
 __memcg_kmem_charge_page+0x174/0x2dc mm/memcontrol.c:2867
 __alloc_frozen_pages_noprof+0x1ac/0x318 mm/page_alloc.c:5227
 alloc_pages_mpol+0x1e4/0x460 mm/mempolicy.c:2486
 alloc_frozen_pages_noprof mm/mempolicy.c:2557 [inline]
 alloc_pages_noprof+0xe0/0x308 mm/mempolicy.c:2577
 vm_area_alloc_pages mm/vmalloc.c:3718 [inline]
 __vmalloc_area_node mm/vmalloc.c:3863 [inline]
 __vmalloc_node_range_noprof+0xab8/0x132c mm/vmalloc.c:4051
 __bpf_map_area_alloc+0x1b4/0x230 kernel/bpf/syscall.c:401
 bpf_map_area_alloc+0x2c/0x3c kernel/bpf/syscall.c:408
 array_map_alloc+0x210/0x5b8 kernel/bpf/arraymap.c:142
 map_create+0x7a0/0x1254 kernel/bpf/syscall.c:1514
 __sys_bpf+0x21c/0x638 kernel/bpf/syscall.c:6146
 __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]
 __arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:6272
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x5c/0x26c arch/arm64/kernel/entry-common.c:724
 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:743
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
Code: 97f7b505 d343fe88 12000a89 11000d29 (38fb6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97f7b505 	bl	0xffffffffffded414
   4:	d343fe88 	lsr	x8, x20, #3
   8:	12000a89 	and	w9, w20, #0x7
   c:	11000d29 	add	w9, w9, #0x3
* 10:	38fb6908 	ldrsb	w8, [x8, x27] <-- trapping instruction