[<ffffffe0004e3894>] io_allocate_scq_urings fs/io_uring.c:9377 [inline] [<ffffffe0004e3894>] io_uring_create fs/io_uring.c:9515 [inline] [<ffffffe0004e3894>] io_uring_setup+0x844/0x1c10 fs/io_uring.c:9599 [<ffffffe0004e8670>] __do_sys_io_uring_setup fs/io_uring.c:9605 [inline] [<ffffffe0004e8670>] sys_io_uring_setup+0x22/0x2e fs/io_uring.c:9602 [<ffffffe000005572>] ret_from_syscall+0x0/0x2 ================================================================== BUG: KASAN: null-ptr-deref in io_commit_cqring+0x3ea/0x8f6 fs/io_uring.c:1318 Write of size 4 at addr 00000000000000c0 by task syz-executor.1/5957 CPU: 0 PID: 5957 Comm: syz-executor.1 Not tainted 5.12.0-rc5-syzkaller #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffe000009706>] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:201 [<ffffffe002a5f182>] dump_backtrace+0x40/0x4e arch/riscv/kernel/stacktrace.c:113 [<ffffffe002a5f1b2>] show_stack+0x22/0x2e arch/riscv/kernel/stacktrace.c:118 [<ffffffe002a68a3e>] __dump_stack lib/dump_stack.c:79 [inline] [<ffffffe002a68a3e>] dump_stack+0x148/0x1d8 lib/dump_stack.c:120 [<ffffffe0003bccfc>] __kasan_report mm/kasan/report.c:403 [inline] [<ffffffe0003bccfc>] kasan_report+0x146/0x18c mm/kasan/report.c:416 [<ffffffe0003bd4e4>] check_region_inline mm/kasan/generic.c:174 [inline] [<ffffffe0003bd4e4>] __asan_store4+0x4a/0x80 mm/kasan/generic.c:252 [<ffffffe0004d1950>] io_commit_cqring+0x3ea/0x8f6 fs/io_uring.c:1318 [<ffffffe0004d3044>] io_kill_timeouts+0x412/0x420 fs/io_uring.c:8606 [<ffffffe0004e2eea>] io_ring_ctx_wait_and_kill+0x172/0x2a0 fs/io_uring.c:8629 [<ffffffe0004e3dee>] io_uring_create fs/io_uring.c:9572 [inline] [<ffffffe0004e3dee>] io_uring_setup+0xd9e/0x1c10 fs/io_uring.c:9599 [<ffffffe0004e8670>] __do_sys_io_uring_setup fs/io_uring.c:9605 [inline] [<ffffffe0004e8670>] sys_io_uring_setup+0x22/0x2e fs/io_uring.c:9602 [<ffffffe000005572>] ret_from_syscall+0x0/0x2 ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 5957 Comm: syz-executor.1 Tainted: G B 5.12.0-rc5-syzkaller #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffe000009706>] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:201 [<ffffffe002a5f182>] dump_backtrace+0x40/0x4e arch/riscv/kernel/stacktrace.c:113 [<ffffffe002a5f1b2>] show_stack+0x22/0x2e arch/riscv/kernel/stacktrace.c:118 [<ffffffe002a68a3e>] __dump_stack lib/dump_stack.c:79 [inline] [<ffffffe002a68a3e>] dump_stack+0x148/0x1d8 lib/dump_stack.c:120 [<ffffffe002a5f57a>] panic+0x20a/0x5cc kernel/panic.c:231 [<ffffffe0003bc7b0>] end_report mm/kasan/report.c:102 [inline] [<ffffffe0003bc7b0>] print_address_description.constprop.0+0x0/0x31e mm/kasan/report.c:88 [<ffffffe0003bcd06>] __kasan_report mm/kasan/report.c:406 [inline] [<ffffffe0003bcd06>] kasan_report+0x150/0x18c mm/kasan/report.c:416 [<ffffffe0003bd4e4>] check_region_inline mm/kasan/generic.c:174 [inline] [<ffffffe0003bd4e4>] __asan_store4+0x4a/0x80 mm/kasan/generic.c:252 [<ffffffe0004d1950>] io_commit_cqring+0x3ea/0x8f6 fs/io_uring.c:1318 [<ffffffe0004d3044>] io_kill_timeouts+0x412/0x420 fs/io_uring.c:8606 [<ffffffe0004e2eea>] io_ring_ctx_wait_and_kill+0x172/0x2a0 fs/io_uring.c:8629 [<ffffffe0004e3dee>] io_uring_create fs/io_uring.c:9572 [inline] [<ffffffe0004e3dee>] io_uring_setup+0xd9e/0x1c10 fs/io_uring.c:9599 [<ffffffe0004e8670>] __do_sys_io_uring_setup fs/io_uring.c:9605 [inline] [<ffffffe0004e8670>] sys_io_uring_setup+0x22/0x2e fs/io_uring.c:9602 [<ffffffe000005572>] ret_from_syscall+0x0/0x2 SMP: stopping secondary CPUs Rebooting in 86400 seconds..