Index: lib/hwasan/hwasan.cc
===================================================================
--- lib/hwasan/hwasan.cc
+++ lib/hwasan/hwasan.cc
@@ -335,14 +335,14 @@
   if (sz == 0)
     return -1;
   tag_t ptr_tag = GetTagFromPointer((uptr)p);
-  if (ptr_tag == 0)
-    return -1;
   uptr ptr_raw = UntagAddr(reinterpret_cast<uptr>(p));
   uptr shadow_first = MemToShadow(ptr_raw);
   uptr shadow_last = MemToShadow(ptr_raw + sz - 1);
   for (uptr s = shadow_first; s <= shadow_last; ++s)
-    if (*(tag_t*)s != ptr_tag)
-      return ShadowToMem(s) - ptr_raw;
+    if (*(tag_t *)s != ptr_tag) {
+      sptr offset = ShadowToMem(s) - ptr_raw;
+      return offset < 0 ? 0 : offset;
+    }
   return -1;
 }
 
Index: lib/hwasan/hwasan_checks.h
===================================================================
--- lib/hwasan/hwasan_checks.h
+++ lib/hwasan/hwasan_checks.h
@@ -15,6 +15,7 @@
 #define HWASAN_CHECKS_H
 
 #include "hwasan_mapping.h"
+#include "sanitizer_common/sanitizer_common.h"
 
 namespace __hwasan {
 template <unsigned X>
@@ -23,8 +24,8 @@
   (void)p;
   // 0x900 is added to do not interfere with the kernel use of lower values of
   // brk immediate.
-  // FIXME: Add a constraint to put the pointer into x0, the same as x86 branch.
-  asm("brk %0\n\t" ::"n"(0x900 + X));
+  register uptr x0 asm("x0") = p;
+  asm("brk %1\n\t" ::"r"(x0), "n"(0x900 + X));
 #elif defined(__x86_64__)
   // INT3 + NOP DWORD ptr [EAX + X] to pass X to our signal handler, 5 bytes
   // total. The pointer is passed via rdi.
@@ -42,6 +43,25 @@
   // __builtin_unreachable();
 }
 
+// Version with access size which is not power of 2
+template <unsigned X>
+__attribute__((always_inline)) static void SigTrap(uptr p, uptr size) {
+#if defined(__aarch64__)
+  register uptr x0 asm("x0") = p;
+  register uptr x1 asm("x1") = size;
+  asm("brk %2\n\t" ::"r"(x0), "r"(x1), "n"(0x900 + X));
+#elif defined(__x86_64__)
+  // Size is stored in rsi.
+  asm volatile(
+      "int3\n"
+      "nopl %c0(%%rax)\n" ::"n"(0x40 + X),
+      "D"(p), "S"(size));
+#else
+  __builtin_trap();
+#endif
+  // __builtin_unreachable();
+}
+
 enum class ErrorAction { Abort, Recover };
 enum class AccessType { Load, Store };
 
@@ -70,7 +90,7 @@
   for (tag_t *t = shadow_first; t <= shadow_last; ++t)
     if (UNLIKELY(ptr_tag != *t)) {
       SigTrap<0x20 * (EA == ErrorAction::Recover) +
-              0x10 * (AT == AccessType::Store) + 0xf>(p);
+              0x10 * (AT == AccessType::Store) + 0xf>(p, sz);
       if (EA == ErrorAction::Abort)
         __builtin_unreachable();
     }
Index: lib/hwasan/hwasan_report.cc
===================================================================
--- lib/hwasan/hwasan_report.cc
+++ lib/hwasan/hwasan_report.cc
@@ -400,13 +400,22 @@
 
   Thread *t = GetCurrentThread();
 
+  sptr offset =
+      __hwasan_test_shadow(reinterpret_cast<void *>(tagged_addr), access_size);
+  CHECK(offset >= 0 && offset < static_cast<sptr>(access_size));
   tag_t ptr_tag = GetTagFromPointer(tagged_addr);
-  tag_t *tag_ptr = reinterpret_cast<tag_t*>(MemToShadow(untagged_addr));
+  tag_t *tag_ptr =
+      reinterpret_cast<tag_t *>(MemToShadow(untagged_addr + offset));
   tag_t mem_tag = *tag_ptr;
+
   Printf("%s", d.Access());
   Printf("%s of size %zu at %p tags: %02x/%02x (ptr/mem) in thread T%zd\n",
          is_store ? "WRITE" : "READ", access_size, untagged_addr, ptr_tag,
          mem_tag, t->unique_id());
+  Printf("Offset to first bad byte is in range [%zu, %zu)\n", offset,
+         Min(access_size,
+             RoundUpTo(untagged_addr + 1 + offset, 1 << kShadowScale) -
+                 untagged_addr));
   Printf("%s", d.Default());
 
   stack->Print();
Index: test/hwasan/TestCases/mem-intrinsics.c
===================================================================
--- test/hwasan/TestCases/mem-intrinsics.c
+++ test/hwasan/TestCases/mem-intrinsics.c
@@ -21,15 +21,17 @@
 #endif
   write(STDOUT_FILENO, "recovered\n", 10);
   // WRITE: ERROR: HWAddressSanitizer: tag-mismatch on address
-  // WRITE: WRITE {{.*}} tags: [[PTR_TAG:..]]/[[MEM_TAG:..]] (ptr/mem)
+  // WRITE: WRITE of size 32 at {{.*}} tags: [[PTR_TAG:..]]/[[MEM_TAG:..]] (ptr/mem)
+  // WRITE: Offset to first bad byte is in range [16, 32)
   // WRITE: Memory tags around the buggy address (one tag corresponds to 16 bytes):
-  // WRITE: =>{{.*}}[[MEM_TAG]]
+  // WRITE: =>{{.*}}[[PTR_TAG]]{{[[:space:]]\[}}[[MEM_TAG]]
   // WRITE-NOT: recovered
 
   // READ: ERROR: HWAddressSanitizer: tag-mismatch on address
-  // READ: READ {{.*}} tags: [[PTR_TAG:..]]/[[MEM_TAG:..]] (ptr/mem)
+  // READ: READ of size 16 at {{.*}} tags: [[PTR_TAG:..]]/[[MEM_TAG:..]] (ptr/mem)
+  // READ: Offset to first bad byte is in range [0, 16)
   // READ: Memory tags around the buggy address (one tag corresponds to 16 bytes):
-  // READ: =>{{.*}}[[MEM_TAG]]
+  // READ: =>{{.*}}[[PTR_TAG]]{{[[:space:]]\[}}[[MEM_TAG]]
   // READ-NOT: recovered
 
   // RECOVER: recovered
Index: test/hwasan/TestCases/rich-stack.c
===================================================================
--- test/hwasan/TestCases/rich-stack.c
+++ test/hwasan/TestCases/rich-stack.c
@@ -60,6 +60,7 @@
 
 // R321: HWAddressSanitizer: tag-mismatch
 // R321-NEXT: WRITE of size 8
+// R321-NEXT: Offset to first bad byte is in range [0, 8)
 // R321-NEXT: in BAR
 // R321-NEXT: in FOO
 // R321-NEXT: in main