================================================================== BUG: KASAN: null-ptr-deref in get_fuse_conn_super fs/fuse/fuse_i.h:844 [inline] BUG: KASAN: null-ptr-deref in fuse_test_super+0x42/0x58 fs/fuse/inode.c:1633 Read of size 8 at addr 0000000000000000 by task syz-executor.1/2983 CPU: 0 PID: 2983 Comm: syz-executor.1 Not tainted 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:112 ================================================================== Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Oops [#1] Modules linked in: CPU: 0 PID: 2983 Comm: syz-executor.1 Tainted: G B 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 Hardware name: riscv-virtio,qemu (DT) epc : fuse_test_super+0x42/0x58 fs/fuse/inode.c:1633 ra : get_fuse_conn_super fs/fuse/fuse_i.h:844 [inline] ra : fuse_test_super+0x42/0x58 fs/fuse/inode.c:1633 epc : ffffffff8077d842 ra : ffffffff8077d842 sp : ffffffe00e6fbc80 gp : ffffffff83f9a558 tp : ffffffe00c9497c0 t0 : ffffffff852b6bd7 t1 : ffffffc40b5b9114 t2 : 0000000000000000 s0 : ffffffe00e6fbca0 s1 : 0000000000000000 a0 : 0000000000000001 a1 : 0000000000000003 a2 : 1ffffffc019292f9 a3 : ffffffff82be4052 a4 : 0000000000000000 a5 : ffffffe00c94a7c0 a6 : 0000000000f00000 a7 : ffffffe05adc88a3 s2 : ffffffe00af2d000 s3 : ffffffe02338ec00 s4 : ffffffff8077d800 s5 : 0000000000000000 s6 : ffffffff83d573c0 s7 : ffffffe02338ec98 s8 : ffffffff83c42808 s9 : ffffffe02338ecf8 s10: ffffffff8077d7e4 s11: ffffffe0079dc000 t3 : 0000000061736944 t4 : ffffffc40b5b9114 t5 : ffffffc40b5b9115 t6 : ffffffe00e6fb8d8 status: 0000000000000120 badaddr: 0000000000000000 cause: 000000000000000d [] get_fuse_conn_super fs/fuse/fuse_i.h:844 [inline] [] fuse_test_super+0x42/0x58 fs/fuse/inode.c:1633 [] sget_fc+0x14a/0x3a0 fs/super.c:525 [] fuse_get_tree+0x170/0x254 fs/fuse/inode.c:1664 [] vfs_get_tree+0x4a/0x1a2 fs/super.c:1498 [] do_new_mount fs/namespace.c:2988 [inline] [] path_mount+0xdf6/0x1420 fs/namespace.c:3318 [] do_mount fs/namespace.c:3331 [inline] [] __do_sys_mount fs/namespace.c:3539 [inline] [] sys_mount+0x2a6/0x334 fs/namespace.c:3516 [] ret_from_syscall+0x0/0x2 ---[ end trace 7c2e6c1ff64c44bc ]---