All of
 help / color / mirror / Atom feed
From: syzbot <>
Subject: [syzbot] BUG: unable to handle kernel NULL pointer dereference in get_super
Date: Sun, 27 Nov 2022 17:36:34 -0800	[thread overview]
Message-ID: <> (raw)


syzbot found the following issue on:

HEAD commit:    6d464646530f Merge branch 'for-next/core' into for-kernelci
git tree:       git:// for-kernelci
console output:
kernel config:
dashboard link:
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro:

Downloadable assets:
disk image:
kernel image:
mounted in repro:

IMPORTANT: if you fix the issue, please add the following tag to the commit:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000180
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010bce7000
[0000000000000180] pgd=0800000111ba7003, p4d=0800000111ba7003, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3102 Comm: syz-executor.4 Not tainted 6.1.0-rc6-syzkaller-32662-g6d464646530f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hlist_unhashed include/linux/list.h:854 [inline]
pc : get_super+0x4c/0x144 fs/super.c:790
lr : get_super+0x7c/0x144 fs/super.c:789
sp : ffff800010fb3b40
x29: ffff800010fb3b40 x28: ffff0000c5400000 x27: 0000000000000000
x26: 00000000000000c0 x25: ffff0000c58c9500 x24: ffff800009ab2ee0
x23: ffff80000d4e4400 x22: 0000000000000001 x21: ffff80000d4e43c0
x20: 0000000000000000 x19: ffff0000c58c9500 x18: 000000000000035c
x17: ffff80000c0cd83c x16: ffff80000dbe6158 x15: ffff0000c5400000
x14: 0000000000000008 x13: 00000000ffffffff x12: ffff0000c5400000
x11: ff808000085c1d08 x10: 0000000000000000 x9 : ffff8000085c1d08
x8 : ffff0000c5400000 x7 : ffff8000085c1cbc x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 __invalidate_device+0x28/0xb8 block/bdev.c:1003
 disk_force_media_change+0xf0/0x198 block/disk-events.c:310
 __loop_clr_fd+0x164/0x2a0 drivers/block/loop.c:1174
 lo_release+0xb4/0xc8 drivers/block/loop.c:1745
 blkdev_put_whole block/bdev.c:695 [inline]
 blkdev_put+0x200/0x284 block/bdev.c:953
 kill_block_super+0x58/0x78 fs/super.c:1431
 deactivate_locked_super+0x70/0xe8 fs/super.c:332
 deactivate_super+0xd0/0xd4 fs/super.c:363
 cleanup_mnt+0x184/0x1c0 fs/namespace.c:1186
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193
 task_work_run+0x100/0x148 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 do_notify_resume+0x174/0x1f0 arch/arm64/kernel/signal.c:1127
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x9c/0x150 arch/arm64/kernel/entry-common.c:638
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: eb17029f 54000620 f0027915 910f02b5 (f940c288) 
---[ end trace 0000000000000000 ]---
Code disassembly (best guess):
   0:	eb17029f 	cmp	x20, x23
   4:	54000620 	b.eq	0xc8  // b.none
   8:	f0027915 	adrp	x21, 0x4f23000
   c:	910f02b5 	add	x21, x21, #0x3c0
* 10:	f940c288 	ldr	x8, [x20, #384] <-- trapping instruction

This report is generated by a bot. It may contain errors.
See for more information about syzbot.
syzbot engineers can be reached at

syzbot will keep track of this issue. See: for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:

                 reply	other threads:[~2022-11-28  1:36 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.