[] io_allocate_scq_urings fs/io_uring.c:9377 [inline] [] io_uring_create fs/io_uring.c:9515 [inline] [] io_uring_setup+0x844/0x1c10 fs/io_uring.c:9599 [] __do_sys_io_uring_setup fs/io_uring.c:9605 [inline] [] sys_io_uring_setup+0x22/0x2e fs/io_uring.c:9602 [] ret_from_syscall+0x0/0x2 ================================================================== BUG: KASAN: null-ptr-deref in io_commit_cqring+0x3ea/0x8f6 fs/io_uring.c:1318 Write of size 4 at addr 00000000000000c0 by task syz-executor.1/8966 CPU: 0 PID: 8966 Comm: syz-executor.1 Not tainted 5.12.0-rc5-syzkaller #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:201 [] dump_backtrace+0x40/0x4e arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x22/0x2e arch/riscv/kernel/stacktrace.c:118 [] __dump_stack lib/dump_stack.c:79 [inline] [] dump_stack+0x148/0x1d8 lib/dump_stack.c:120 [] __kasan_report mm/kasan/report.c:403 [inline] [] kasan_report+0x146/0x18c mm/kasan/report.c:416 [] check_region_inline mm/kasan/generic.c:174 [inline] [] __asan_store4+0x4a/0x80 mm/kasan/generic.c:252 [] io_commit_cqring+0x3ea/0x8f6 fs/io_uring.c:1318 [] io_kill_timeouts+0x412/0x420 fs/io_uring.c:8606 [] io_ring_ctx_wait_and_kill+0x172/0x2a0 fs/io_uring.c:8629 [] io_uring_create fs/io_uring.c:9572 [inline] [] io_uring_setup+0xd9e/0x1c10 fs/io_uring.c:9599 [] __do_sys_io_uring_setup fs/io_uring.c:9605 [inline] [] sys_io_uring_setup+0x22/0x2e fs/io_uring.c:9602 [] ret_from_syscall+0x0/0x2 ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 8966 Comm: syz-executor.1 Tainted: G B 5.12.0-rc5-syzkaller #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:201 [] dump_backtrace+0x40/0x4e arch/riscv/kernel/stacktrace.c:113 [] show_stack+0x22/0x2e arch/riscv/kernel/stacktrace.c:118 [] __dump_stack lib/dump_stack.c:79 [inline] [] dump_stack+0x148/0x1d8 lib/dump_stack.c:120 [] panic+0x20a/0x5cc kernel/panic.c:231 [] end_report mm/kasan/report.c:102 [inline] [] print_address_description.constprop.0+0x0/0x31e mm/kasan/report.c:88 [] __kasan_report mm/kasan/report.c:406 [inline] [] kasan_report+0x150/0x18c mm/kasan/report.c:416 [] check_region_inline mm/kasan/generic.c:174 [inline] [] __asan_store4+0x4a/0x80 mm/kasan/generic.c:252 [] io_commit_cqring+0x3ea/0x8f6 fs/io_uring.c:1318 [] io_kill_timeouts+0x412/0x420 fs/io_uring.c:8606 [] io_ring_ctx_wait_and_kill+0x172/0x2a0 fs/io_uring.c:8629 [] io_uring_create fs/io_uring.c:9572 [inline] [] io_uring_setup+0xd9e/0x1c10 fs/io_uring.c:9599 [] __do_sys_io_uring_setup fs/io_uring.c:9605 [inline] [] sys_io_uring_setup+0x22/0x2e fs/io_uring.c:9602 [] ret_from_syscall+0x0/0x2 SMP: stopping secondary CPUs Rebooting in 86400 seconds..