[] pipe_ioctl+0xae/0x1fc fs/pipe.c:631 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:874 [inline] [] sys_ioctl+0x75c/0x139e fs/ioctl.c:860 [] ret_from_syscall+0x0/0x2 ================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:71 [inline] BUG: KASAN: null-ptr-deref in atomic_read include/linux/atomic/atomic-instrumented.h:27 [inline] BUG: KASAN: null-ptr-deref in page_ref_count include/linux/page_ref.h:67 [inline] BUG: KASAN: null-ptr-deref in put_page_testzero include/linux/mm.h:717 [inline] BUG: KASAN: null-ptr-deref in __free_pages+0x20/0x112 mm/page_alloc.c:5473 Read of size 4 at addr 0000000000000034 by task syz-executor.1/6833 CPU: 1 PID: 6833 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [] __dump_stack lib/dump_stack.c:88 [inline] [] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [] __kasan_report mm/kasan/report.c:446 [inline] [] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459 [] check_region_inline mm/kasan/generic.c:173 [inline] [] kasan_check_range+0x2a/0x136 mm/kasan/generic.c:189 [] __kasan_check_read+0x14/0x1c mm/kasan/shadow.c:31 [] instrument_atomic_read include/linux/instrumented.h:71 [inline] [] atomic_read include/linux/atomic/atomic-instrumented.h:27 [inline] [] page_ref_count include/linux/page_ref.h:67 [inline] [] put_page_testzero include/linux/mm.h:717 [inline] [] __free_pages+0x20/0x112 mm/page_alloc.c:5473 [] watch_queue_set_size+0x32c/0x372 kernel/watch_queue.c:276 [] pipe_ioctl+0xae/0x1fc fs/pipe.c:631 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:874 [inline] [] sys_ioctl+0x75c/0x139e fs/ioctl.c:860 [] ret_from_syscall+0x0/0x2 ================================================================== Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000034 Oops [#1] Modules linked in: CPU: 1 PID: 6833 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) epc : arch_atomic_read arch/riscv/include/asm/atomic.h:30 [inline] epc : atomic_read include/linux/atomic/atomic-instrumented.h:28 [inline] epc : page_ref_count include/linux/page_ref.h:67 [inline] epc : put_page_testzero include/linux/mm.h:717 [inline] epc : __free_pages+0x26/0x112 mm/page_alloc.c:5473 ra : arch_atomic_read arch/riscv/include/asm/atomic.h:30 [inline] ra : atomic_read include/linux/atomic/atomic-instrumented.h:28 [inline] ra : page_ref_count include/linux/page_ref.h:67 [inline] ra : put_page_testzero include/linux/mm.h:717 [inline] ra : __free_pages+0x26/0x112 mm/page_alloc.c:5473 epc : ffffffff80414662 ra : ffffffff80414662 sp : ffffaf8024813b70 gp : ffffffff85863ac0 tp : ffffaf800bf3e100 t0 : 0000000000000000 t1 : 0000000000006000 t2 : 00007fffdb6941b7 s0 : ffffaf8024813ba0 s1 : 0000000000000000 a0 : 0000000000000000 a1 : 0000000000000004 a2 : 0000000000000000 a3 : ffffffff80414662 a4 : ffffffff85892ec8 a5 : 0000000000000001 a6 : 0000000000f00000 a7 : ffffaf805a9e44c7 s2 : 0000000000000034 s3 : 0000000000000000 s4 : 0000000000000001 s5 : ffffaf8023234c00 s6 : 0000000000000000 s7 : ffffaf800ba9baa0 s8 : 0000000000000001 s9 : ffffaf800e064300 s10: 0000000000000cc0 s11: 0000000000000004 t3 : 000000007fffffff t4 : fffff5ef0b53c898 t5 : fffff5ef0b53c899 t6 : 0000000000040000 status: 0000000000000120 badaddr: 0000000000000034 cause: 000000000000000d [] watch_queue_set_size+0x32c/0x372 kernel/watch_queue.c:276 [] pipe_ioctl+0xae/0x1fc fs/pipe.c:631 [] vfs_ioctl fs/ioctl.c:51 [inline] [] __do_sys_ioctl fs/ioctl.c:874 [inline] [] sys_ioctl+0x75c/0x139e fs/ioctl.c:860 [] ret_from_syscall+0x0/0x2 ---[ end trace 0000000000000000 ]---