8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = 86f19d40 [00000000] *pgd=86e6a003, *pmd=fe78b003 Internal error: Oops: 207 [#1] PREEMPT SMP ARM Modules linked in: CPU: 0 PID: 6841 Comm: syz-executor.0 Not tainted 5.12.0-rc3-syzkaller #0 Hardware name: ARM-Versatile Express PC is at __list_del_entry_valid+0x28/0x9c lib/list_debug.c:51 LR is at __list_del_entry include/linux/list.h:132 [inline] LR is at list_del_init include/linux/list.h:204 [inline] LR is at __fw_load_abort drivers/base/firmware_loader/fallback.c:97 [inline] LR is at __fw_load_abort drivers/base/firmware_loader/fallback.c:88 [inline] LR is at kill_pending_fw_fallback_reqs+0x64/0xb4 drivers/base/firmware_loader/fallback.c:119 pc : [<808072e4>] lr : [<80a3996c>] psr: 80000013 sp : 86c95c00 ip : 86c95c10 fp : 86c95c0c r10: 833ba640 r9 : 86d88c80 r8 : 00000003 r7 : 00000001 r6 : 82b6b2d0 r5 : ffffff94 r4 : 86d88cec r3 : 00000000 r2 : 00000000 r1 : 00000122 r0 : 86d88cec Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 30c5387d Table: 86f19d40 DAC: fffffffd Process syz-executor.0 (pid: 6841, stack limit = 0x86c94210) Stack: (0x86c95c00 to 0x86c96000) 5c00: 86c95c34 86c95c10 80a3996c 808072c8 82b85378 00000001 fffffffa 86c95c90 5c20: 00000001 00000000 86c95c4c 86c95c38 80a37988 80a39914 82b85378 00000001 5c40: 86c95c84 86c95c50 80275934 80a37958 81f4aaf0 81f4aad4 81825014 82b0a558 5c60: 82a40bb0 00000000 00000002 00000000 82a40c00 81a0367c 86c95cbc 86c95c88 5c80: 80275bf8 802758dc 86c95c90 83c835e8 00000004 56b92eae 83278a04 00000000 5ca0: 858d1c80 82b65e18 83c835e8 000000e7 86c95ccc 86c95cc0 802c7910 80275b9c 5cc0: 86c95ce4 86c95cd0 802d05c4 802c78f8 82a41068 82b65e64 86c95d14 86c95ce8 5ce0: 8098d3d0 802d0524 8098d290 8376c1c0 83c835e8 81b1e1fc 858d1c80 804e0074 5d00: 858d1c88 00000000 86c95d44 86c95d18 804e013c 8098d29c 806f319c 56b92eae 5d20: 858d1c80 83c835e8 00000000 86c95e58 804e0074 858d1c88 86c95d6c 86c95d48 5d40: 804d565c 804e0080 00000000 86c95f20 82a3c39c 86c95e58 858d1c80 00000000 5d60: 86c95d7c 86c95d70 804d7564 804d5520 86c95e54 86c95d80 804ec9dc 804d753c 5d80: 00000002 00000000 86c95da4 86c95d98 8181dacc 8181d97c 00000041 81f713c8 5da0: 82b09c84 56b92eae 86c94000 828a2680 828a2680 00000000 00000000 00000000 5dc0: 00000002 83c835e8 86c95e4c 86c95dd8 802bfb9c 8181dabc 00000001 00000000 5de0: 00000000 80502990 86b5c7a8 00000001 82b09c84 828a2680 86c95e14 86c95e08 5e00: 8181dacc 8181d97c 86c95e44 86c95e18 8181c9a4 86b5c788 836c0310 86c95e68 5e20: 86c95e54 56b92eae 60000013 86c95f58 86c95e58 86c95f20 00000001 80200224 5e40: 86c94000 00000142 86c95f0c 86c95e58 804ef4ac 804ec438 857ec910 841d3cc0 5e60: 3bb95240 00000008 85b4d015 56b92eae 00000000 838310c0 83c835e8 00000101 5e80: 00000002 000002ba 00001caa 00000000 00000000 00000000 86c95e9c 8027e0bc 5ea0: 00000003 00000001 86c95efc 86c95eb8 80502a5c 81826a2c 86c95ef4 81f9199c 5ec0: 81f40284 00000000 836c0300 85b4d000 00000000 00000002 ffffff9c 00000000 5ee0: ffff41ed 80200224 86c94000 56b92eae 86c95f58 85b4d000 00000003 ffffff9c 5f00: 86c95f54 86c95f10 804d782c 804ef43c 802b4aec 802b463c 86c95fb0 76f84fd4 5f20: 00000000 86c90000 00000004 00000100 00000001 56b92eae ffffff9c 200002c0 5f40: 00000000 00000142 86c95fa4 86c95f58 804d7cd0 804d7790 00000000 00000000 5f60: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 5f80: 00000000 00000000 80384db8 56b92eae 00000000 00000000 00000000 86c95fa8 5fa0: 80200060 804d7c38 00000000 00000000 ffffff9c 200002c0 00000000 00000000 5fc0: 00000000 00000000 00000000 00000142 7e9fe332 76f856d0 7e9fe4ac 76f8520c 5fe0: 76f85048 76f85038 00018d70 0004b620 60000010 ffffff9c 00000000 00000000 Backtrace: [<808072bc>] (__list_del_entry_valid) from [<80a3996c>] (__list_del_entry include/linux/list.h:132 [inline]) [<808072bc>] (__list_del_entry_valid) from [<80a3996c>] (list_del_init include/linux/list.h:204 [inline]) [<808072bc>] (__list_del_entry_valid) from [<80a3996c>] (__fw_load_abort drivers/base/firmware_loader/fallback.c:97 [inline]) [<808072bc>] (__list_del_entry_valid) from [<80a3996c>] (__fw_load_abort drivers/base/firmware_loader/fallback.c:88 [inline]) [<808072bc>] (__list_del_entry_valid) from [<80a3996c>] (kill_pending_fw_fallback_reqs+0x64/0xb4 drivers/base/firmware_loader/fallback.c:119) [<80a39908>] (kill_pending_fw_fallback_reqs) from [<80a37988>] (fw_pm_notify+0x3c/0x104 drivers/base/firmware_loader/main.c:1448) r9:00000000 r8:00000001 r7:86c95c90 r6:fffffffa r5:00000001 r4:82b85378 [<80a3794c>] (fw_pm_notify) from [<80275934>] (notifier_call_chain+0x64/0xe0 kernel/notifier.c:83) r5:00000001 r4:82b85378 [<802758d0>] (notifier_call_chain) from [<80275bf8>] (notifier_call_chain_robust kernel/notifier.c:118 [inline]) [<802758d0>] (notifier_call_chain) from [<80275bf8>] (blocking_notifier_call_chain_robust kernel/notifier.c:302 [inline]) [<802758d0>] (notifier_call_chain) from [<80275bf8>] (blocking_notifier_call_chain_robust+0x68/0xc8 kernel/notifier.c:290) r10:81a0367c r9:82a40c00 r8:00000000 r7:00000002 r6:00000000 r5:82a40bb0 r4:82b0a558 [<80275b90>] (blocking_notifier_call_chain_robust) from [<802c7910>] (pm_notifier_call_chain_robust+0x24/0x38 kernel/power/main.c:87) r9:000000e7 r8:83c835e8 r7:82b65e18 r6:858d1c80 r5:00000000 r4:83278a04 [<802c78ec>] (pm_notifier_call_chain_robust) from [<802d05c4>] (snapshot_open+0xac/0x12c kernel/power/user.c:75) [<802d0518>] (snapshot_open) from [<8098d3d0>] (misc_open+0x140/0x178 drivers/char/misc.c:141) r5:82b65e64 r4:82a41068 [<8098d290>] (misc_open) from [<804e013c>] (chrdev_open+0xc8/0x244 fs/char_dev.c:414) r10:00000000 r9:858d1c88 r8:804e0074 r7:858d1c80 r6:81b1e1fc r5:83c835e8 r4:8376c1c0 r3:8098d290 [<804e0074>] (chrdev_open) from [<804d565c>] (do_dentry_open+0x148/0x3e8 fs/open.c:826) r9:858d1c88 r8:804e0074 r7:86c95e58 r6:00000000 r5:83c835e8 r4:858d1c80 [<804d5514>] (do_dentry_open) from [<804d7564>] (vfs_open+0x34/0x38 fs/open.c:940) r9:00000000 r8:858d1c80 r7:86c95e58 r6:82a3c39c r5:86c95f20 r4:00000000 [<804d7530>] (vfs_open) from [<804ec9dc>] (do_open fs/namei.c:3365 [inline]) [<804d7530>] (vfs_open) from [<804ec9dc>] (path_openat+0x5b0/0x10f8 fs/namei.c:3498) [<804ec42c>] (path_openat) from [<804ef4ac>] (do_filp_open+0x7c/0x12c fs/namei.c:3525) r10:00000142 r9:86c94000 r8:80200224 r7:00000001 r6:86c95f20 r5:86c95e58 r4:86c95f58 [<804ef430>] (do_filp_open) from [<804d782c>] (do_sys_openat2+0xa8/0x160 fs/open.c:1187) r7:ffffff9c r6:00000003 r5:85b4d000 r4:86c95f58 [<804d7784>] (do_sys_openat2) from [<804d7cd0>] (do_sys_open fs/open.c:1203 [inline]) [<804d7784>] (do_sys_openat2) from [<804d7cd0>] (__do_sys_openat fs/open.c:1219 [inline]) [<804d7784>] (do_sys_openat2) from [<804d7cd0>] (sys_openat+0xa4/0xcc fs/open.c:1214) r7:00000142 r6:00000000 r5:200002c0 r4:ffffff9c [<804d7c2c>] (sys_openat) from [<80200060>] (ret_fast_syscall+0x0/0x2c arch/arm/mm/proc-v7.S:64) Exception stack(0x86c95fa8 to 0x86c95ff0) 5fa0: 00000000 00000000 ffffff9c 200002c0 00000000 00000000 5fc0: 00000000 00000000 00000000 00000142 7e9fe332 76f856d0 7e9fe4ac 76f8520c 5fe0: 76f85048 76f85038 00018d70 0004b620 r5:00000000 r4:00000000 Code: 0a00000a e3001122 e1520001 0a000017 (e5921000) ---[ end trace ad50c8cd5410d72b ]--- ---------------- Code disassembly (best guess): 0: 0a00000a beq 0x30 4: e3001122 movw r1, #290 ; 0x122 8: e1520001 cmp r2, r1 c: 0a000017 beq 0x70 * 10: e5921000 ldr r1, [r2] <-- trapping instruction