================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: null-ptr-deref in atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] BUG: KASAN: null-ptr-deref in io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:8968 Write of size 4 at addr 0000000000000110 by task iou-sqp-7595/7601 CPU: 1 PID: 7601 Comm: iou-sqp-7595 Not tainted 5.12.0-rc4-syzkaller-00223-ge138138003eb #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x0/0x3e0 arch/arm64/include/asm/pointer_auth.h:76 show_stack+0x18/0x70 arch/arm64/kernel/stacktrace.c:191 __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x120/0x1a8 lib/dump_stack.c:120 __kasan_report mm/kasan/report.c:403 [inline] kasan_report+0x128/0x200 mm/kasan/report.c:416 check_region_inline mm/kasan/generic.c:170 [inline] kasan_check_range+0xfc/0x1a4 mm/kasan/generic.c:186 __kasan_check_write+0x34/0x60 mm/kasan/shadow.c:37 instrument_atomic_read_write include/linux/instrumented.h:101 [inline] atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:8968 io_sq_thread+0x5ec/0x1170 fs/io_uring.c:6823 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:958 ================================================================== Unable to handle kernel NULL pointer dereference at virtual address 0000000000000110 Mem abort info: ESR = 0x96000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 Data abort info: ISV = 0, ISS = 0x00000006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000004d136000 [0000000000000110] pgd=00000000516b8003, p4d=00000000516b8003, pud=000000004915a003, pmd=0000000000000000 Internal error: Oops: 96000006 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 7601 Comm: iou-sqp-7595 Tainted: G B 5.12.0-rc4-syzkaller-00223-ge138138003eb #0 Hardware name: linux,dummy-virt (DT) pstate: 10000005 (nzcV daif -PAN -UAO -TCO BTYPE=--) pc : __arm64_sys_io_uring_register+0x3be4/0x3e40 include/linux/mm.h:970 lr : instrument_atomic_read_write include/linux/instrumented.h:101 [inline] lr : atomic_inc include/asm-generic/atomic-instrumented.h:240 [inline] lr : io_uring_cancel_sqpoll+0x118/0x230 fs/io_uring.c:8968 sp : ffff00000fe9fc00 x29: ffff00000fe9fc00 x28: 0000000000000000 x27: 0000000000000110 x26: 1fffe00001fd3f8c x25: 0000000000000000 x24: 0000000000000000 x23: ffff0000117d2000 x22: 0000000000000000 x21: ffff00000cb9b480 x20: ffff00000fe9fc90 x19: ffff00000949fc00 x18: ffff00006ab14b48 x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000172c8010 x14: ffff8000172c8000 x13: ffff00006ab3db70 x12: ffff600001fd3f07 x11: 1fffe00001fd3f06 x10: ffff600001fd3f06 x9 : dfff800000000000 x8 : ffff00000fe9f837 x7 : 0000000000000001 x6 : 00009ffffe02c0fa x5 : ffff00000fe9f830 x4 : 1fffe00001973691 x3 : dfff800000000000 x2 : 0000000000000110 x1 : ffff00000cb9b480 x0 : 0000000000000000 Call trace: __arm64_sys_io_uring_register+0x3be4/0x3e40 include/linux/mm.h:970 io_sq_thread+0x5ec/0x1170 fs/io_uring.c:6823 ret_from_fork+0x10/0x3c arch/arm64/kernel/entry.S:958 Code: 8803fea2 35ffffa3 17ffb2a3 f9800051 (885f7c40) ---[ end trace 6a8af0e6679c3e96 ]---