================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: null-ptr-deref in atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] BUG: KASAN: null-ptr-deref in io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:9000 Write of size 4 at addr 0000000000000110 by task iou-sqp-4021/4027 CPU: 0 PID: 4027 Comm: iou-sqp-4021 Not tainted 5.12.0-rc7-syzkaller-00032-g7f75285ca572 #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x0/0x3e0 arch/arm64/include/asm/pointer_auth.h:76 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:191 __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x120/0x1a8 lib/dump_stack.c:120 __kasan_report mm/kasan/report.c:403 [inline] kasan_report+0x128/0x200 mm/kasan/report.c:416 check_region_inline mm/kasan/generic.c:170 [inline] kasan_check_range+0xfc/0x1a4 mm/kasan/generic.c:186 __kasan_check_write+0x34/0x60 mm/kasan/shadow.c:37 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:9000 io_sq_thread+0x59c/0xdac fs/io_uring.c:6833 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:960 ================================================================== Unable to handle kernel NULL pointer dereference at virtual address 0000000000000110 Mem abort info: ESR = 0x96000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000007 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000004c97f000 [0000000000000110] pgd=000000005366f003, p4d=000000005366f003, pud=000000004dbdc003, pmd=000000004c962003, pte=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 4027 Comm: iou-sqp-4021 Tainted: G B 5.12.0-rc7-syzkaller-00032-g7f75285ca572 #0 Hardware name: linux,dummy-virt (DT) pstate: 10000005 (nzcV daif -PAN -UAO -TCO BTYPE=--) pc : __arm64_sys_io_uring_register+0x3be4/0x3e40 include/linux/mm.h:970 lr : instrument_atomic_read_write include/linux/instrumented.h:101 [inline] lr : atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] lr : io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:9000 sp : ffff00000e02fb80 x29: ffff00000e02fb80 x28: dfff800000000000 x27: 0000000000000110 x26: 1fffe00001c05f7c x25: 0000000000000000 x24: 0000000000000000 x23: ffff00000a070000 x22: 0000000000000000 x21: ffff000009771a40 x20: ffff00000e02fc10 x19: ffff00000d8d9000 x18: ffff00006ab14b48 x17: 00f87ad2f87ad274 x16: 72dcf859d0fb72d2 x15: ffff8000172c9810 x14: ffff8000172c9000 x13: ffff00006ab14b70 x12: ffff600001b040c3 x11: 1fffe00001b040c2 x10: ffff600001b040c2 x9 : dfff800000000000 x8 : ffff00000d820613 x7 : 0000000000000001 x6 : 00009ffffe4fbf3e x5 : ffff00000d820610 x4 : ffff600001b040c3 x3 : ffff00000d820610 x2 : 0000000000000110 x1 : ffff000009771a40 x0 : 0000000000000000 Call trace: __arm64_sys_io_uring_register+0x3be4/0x3e40 include/linux/mm.h:970 io_sq_thread+0x59c/0xdac fs/io_uring.c:6833 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:960 Code: 35ffffa2 d5033bbf 17ffa5f2 f9800051 (885f7c40) ---[ end trace cb36096909f25728 ]---