================================================================== BUG: KASAN: null-ptr-deref in blk_mq_map_queue_type block/blk-mq.h:96 [inline] BUG: KASAN: null-ptr-deref in blk_mq_get_sq_hctx block/blk-mq.c:1663 [inline] BUG: KASAN: null-ptr-deref in blk_mq_run_hw_queues+0x20e/0x248 block/blk-mq.c:1682 Read of size 4 at addr 0000000000000000 by task syz-executor.0/6390 CPU: 0 PID: 6390 Comm: syz-executor.0 Not tainted 5.14.0-rc1-syzkaller-00001-g1c8094e394bc #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:112 ================================================================== Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000000 Oops [#1] Modules linked in: CPU: 0 PID: 6390 Comm: syz-executor.0 Tainted: G B 5.14.0-rc1-syzkaller-00001-g1c8094e394bc #0 Hardware name: riscv-virtio,qemu (DT) epc : blk_mq_map_queue_type block/blk-mq.h:96 [inline] epc : blk_mq_get_sq_hctx block/blk-mq.c:1663 [inline] epc : blk_mq_run_hw_queues+0x20e/0x248 block/blk-mq.c:1682 ra : blk_mq_map_queue_type block/blk-mq.h:96 [inline] ra : blk_mq_get_sq_hctx block/blk-mq.c:1663 [inline] ra : blk_mq_run_hw_queues+0x20e/0x248 block/blk-mq.c:1682 epc : ffffffff809336b8 ra : ffffffff809336b8 sp : ffffffe0080b7690 gp : ffffffff83f95bc8 tp : ffffffe00e2cc740 t0 : 0000000000000000 t1 : 0000000000006000 t2 : 0000000000000008 s0 : ffffffe0080b76e0 s1 : 0000000000000000 a0 : 0000000000000001 a1 : 0000000000000007 a2 : 1ffffffc01c598e8 a3 : ffffffff82b9a282 a4 : 0000000000000000 a5 : ffffffe00e2cd740 a6 : 0000000000f00000 a7 : ffffffe05ada84af s2 : ffffffe00c4b0ca8 s3 : ffffffe00c804000 s4 : ffffffe00c810000 s5 : 0000000000000001 s6 : 0000000000000001 s7 : 0000000000000000 s8 : 0000000000000000 s9 : ffffffffffffffff s10: ffffffff83dc1840 s11: ffffffff810282d6 t3 : 0000003ff02b828c t4 : ffffffc40b5b5095 t5 : ffffffc40b5b5096 t6 : 672d313030000000 status: 0000000000000120 badaddr: 0000000000000000 cause: 000000000000000d [] blk_mq_map_queue_type block/blk-mq.h:96 [inline] [] blk_mq_get_sq_hctx block/blk-mq.c:1663 [inline] [] blk_mq_run_hw_queues+0x20e/0x248 block/blk-mq.c:1682 [] blk_freeze_queue_start+0xc2/0xc4 block/blk-mq.c:142 [] blk_set_queue_dying block/blk-core.c:351 [inline] [] blk_cleanup_queue+0x6c/0x198 block/blk-core.c:378 [] blk_cleanup_disk+0x26/0x5c block/genhd.c:1324 [] nbd_dev_remove drivers/block/nbd.c:243 [inline] [] nbd_put.part.0+0x70/0xf8 drivers/block/nbd.c:263 [] nbd_put drivers/block/nbd.c:2346 [inline] [] nbd_genl_connect+0xe42/0xfe0 drivers/block/nbd.c:1999 [] genl_family_rcv_msg_doit+0x12e/0x1b2 net/netlink/genetlink.c:739 [] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [] genl_rcv_msg+0x1c6/0x332 net/netlink/genetlink.c:800 [] netlink_rcv_skb+0x9c/0x248 net/netlink/af_netlink.c:2504 [] genl_rcv+0x36/0x4c net/netlink/genetlink.c:811 [] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] [] netlink_unicast+0x398/0x584 net/netlink/af_netlink.c:1340 [] netlink_sendmsg+0x44a/0x894 net/netlink/af_netlink.c:1929 [] sock_sendmsg_nosec net/socket.c:702 [inline] [] sock_sendmsg+0xa0/0xc4 net/socket.c:722 [] ____sys_sendmsg+0x3e0/0x3f6 net/socket.c:2385 [] ___sys_sendmsg+0xda/0x126 net/socket.c:2439 [] __sys_sendmsg+0x5a/0xd4 net/socket.c:2468 [] __do_sys_sendmsg net/socket.c:2477 [inline] [] sys_sendmsg+0x2c/0x3a net/socket.c:2475 [] ret_from_syscall+0x0/0x2 ---[ end trace ff02a3efcecf834e ]---