================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: null-ptr-deref in atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] BUG: KASAN: null-ptr-deref in io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:8985 Write of size 4 at addr 0000000000000110 by task iou-sqp-6391/6399 CPU: 0 PID: 6399 Comm: iou-sqp-6391 Not tainted 5.12.0-rc6-syzkaller-00006-g2d743660786e #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x0/0x3e0 arch/arm64/include/asm/pointer_auth.h:76 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:191 __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x120/0x1a8 lib/dump_stack.c:120 __kasan_report mm/kasan/report.c:403 [inline] kasan_report+0x128/0x200 mm/kasan/report.c:416 check_region_inline mm/kasan/generic.c:170 [inline] kasan_check_range+0xfc/0x1a4 mm/kasan/generic.c:186 __kasan_check_write+0x34/0x60 mm/kasan/shadow.c:37 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:8985 io_sq_thread+0x5a0/0xdb0 fs/io_uring.c:6818 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:958 ================================================================== Unable to handle kernel NULL pointer dereference at virtual address 0000000000000110 Mem abort info: ESR = 0x96000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000007 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000004de95000 [0000000000000110] pgd=0000000050998003, p4d=0000000050998003, pud=000000004c136003, pmd=00000000509ef003, pte=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 6399 Comm: iou-sqp-6391 Tainted: G B 5.12.0-rc6-syzkaller-00006-g2d743660786e #0 Hardware name: linux,dummy-virt (DT) pstate: 10000005 (nzcV daif -PAN -UAO -TCO BTYPE=--) pc : __arm64_sys_io_uring_register+0x3bfc/0x3e40 include/linux/mm.h:970 lr : instrument_atomic_read_write include/linux/instrumented.h:101 [inline] lr : atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] lr : io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:8985 sp : ffff00002aec7b80 x29: ffff00002aec7b80 x28: dfff800000000000 x27: 0000000000000110 x26: 1fffe000055d8f7c x25: 0000000000000000 x24: 0000000000000000 x23: ffff00000d4d4000 x22: 0000000000000000 x21: ffff00000f949a40 x20: ffff00002aec7c10 x19: ffff000009ba7000 x18: fffffbffeff9a788 x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000172c8810 x14: ffff8000172c8000 x13: 0000000000000000 x12: ffff6000055d8ef7 x11: 1fffe000055d8ef6 x10: ffff6000055d8ef6 x9 : dfff800000000000 x8 : ffff00002aec77b7 x7 : 0000000000000001 x6 : 00009ffffaa2710a x5 : ffff00002aec77b0 x4 : 1fffe00001f29349 x3 : dfff800000000000 x2 : 0000000000000110 x1 : ffff00000f949a40 x0 : 0000000000000000 Call trace: __arm64_sys_io_uring_register+0x3bfc/0x3e40 include/linux/mm.h:970 io_sq_thread+0x5a0/0xdb0 fs/io_uring.c:6818 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:958 Code: 35ffffa2 d5033bbf 17ffb408 f9800051 (885f7c40) ---[ end trace 7e47bf5cdedaebe2 ]---