================================================================== BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: wild-memory-access in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: wild-memory-access in __lock_acquire+0xc94/0x2100 kernel/locking/lockdep.c:5198 Read of size 8 at addr 1fffffff88cf7980 by task syz.0.7416/1580 CPU: 1 UID: 0 PID: 1580 Comm: syz.0.7416 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_report+0xe3/0x5b0 mm/kasan/report.c:524 kasan_report+0x143/0x180 mm/kasan/report.c:634 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] __lock_acquire+0xc94/0x2100 kernel/locking/lockdep.c:5198 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378 raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:606 raw_spin_rq_lock kernel/sched/sched.h:1521 [inline] rq_lock kernel/sched/sched.h:1852 [inline] __schedule+0x357/0x4c90 kernel/sched/core.c:6688 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7087 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707 RIP: 0010:__handle_mm_fault+0x3a8/0x70f0 Code: 18 00 4c 8b 3b 4c 89 fe 48 83 e6 9f 31 ff e8 2f b4 b1 ff 49 83 e7 9f 0f 84 b4 45 00 00 e8 40 af b1 ff 4c 8d bc 24 60 03 00 00 <49> 8d 47 38 48 89 44 24 20 43 80 3c 2c 00 74 08 48 89 df e8 60 e9 RSP: 0018:ffffc9000c3ffa00 EFLAGS: 00000293 RAX: ffffffff82105b8d RBX: ffff88804bd80400 RCX: ffff888052d6bc00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000c3ffe60 R08: ffffffff821055ab R09: 1ffff110102b9026 R10: dffffc0000000000 R11: ffffed10102b9027 R12: 1ffff110097b0080 R13: dffffc0000000000 R14: ffff88807e517aa8 R15: ffffc9000c3ffd60 handle_mm_fault+0x3e5/0x8d0 mm/memory.c:6212 do_user_addr_fault arch/x86/mm/fault.c:1337 [inline] handle_page_fault arch/x86/mm/fault.c:1480 [inline] exc_page_fault+0x459/0x8b0 arch/x86/mm/fault.c:1538 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7fc87d263799 Code: ff ff ff 01 64 48 8b 04 25 00 00 00 00 48 8d b8 c8 fe ff ff e8 48 59 0c 00 85 c0 75 10 48 8b 44 24 68 48 8b b4 24 98 00 00 00 <48> 89 30 64 f0 83 2c 25 90 ff ff ff 01 48 8b 84 24 80 00 00 00 48 RSP: 002b:00007ffd45729050 EFLAGS: 00010246 RAX: 0000400000000100 RBX: 0000000000000002 RCX: ffffc00000000000 RDX: d1a0b83899c19c16 RSI: 0000000000000000 RDI: 0000555589b563c8 RBP: 00007fc87d5a7ba0 R08: 00007fc87d200000 R09: 000000000000001f R10: 0000000000000001 R11: 0000000000000006 R12: 00007fc87d5a5fac R13: 00007ffd45729140 R14: fffffffffffffffe R15: 00007ffd45729160 ================================================================== ---------------- Code disassembly (best guess): 0: 18 00 sbb %al,(%rax) 2: 4c 8b 3b mov (%rbx),%r15 5: 4c 89 fe mov %r15,%rsi 8: 48 83 e6 9f and $0xffffffffffffff9f,%rsi c: 31 ff xor %edi,%edi e: e8 2f b4 b1 ff call 0xffb1b442 13: 49 83 e7 9f and $0xffffffffffffff9f,%r15 17: 0f 84 b4 45 00 00 je 0x45d1 1d: e8 40 af b1 ff call 0xffb1af62 22: 4c 8d bc 24 60 03 00 lea 0x360(%rsp),%r15 29: 00 * 2a: 49 8d 47 38 lea 0x38(%r15),%rax <-- trapping instruction 2e: 48 89 44 24 20 mov %rax,0x20(%rsp) 33: 43 80 3c 2c 00 cmpb $0x0,(%r12,%r13,1) 38: 74 08 je 0x42 3a: 48 89 df mov %rbx,%rdi 3d: e8 .byte 0xe8 3e: 60 (bad) 3f: e9 .byte 0xe9