Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
ESR = 0x0000000096000005
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x05: level 1 translation fault
Data abort info:
ISV = 0, ISS = 0x00000005
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000014d5af000
[0000000000000000] pgd=0800000120506003, p4d=0800000120506003, pud=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3124 Comm: syz-executor.2 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : add_grec+0x58/0x844 net/ipv4/igmp.c:460
lr : add_grec+0x48/0x844 net/ipv4/igmp.c:459
sp : ffff80000800bcc0
x29: ffff80000800bd10 x28: 0000000000000003 x27: ffff80000d98f000
x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000006
x23: ffff0000fba19398 x22: 0000000000000000 x21: 0000000000000005
x20: 0000000000000000 x19: ffff0000fba19300 x18: 0000000000000000
x17: ffff8001f1cdd000 x16: ffff80000dc18158 x15: ffff0000e1ce4ec0
x14: 00000000000000a8 x13: 0000000000002000 x12: ffff0000e1ce4ec0
x11: ff8080000b6c1ac4 x10: 0000000000000000 x9 : ffff80000b6c1ac4
x8 : 0000000000000000 x7 : ffff80000b6c3874 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000005 x1 : ffff0000fba19300 x0 : 00000000010000e0
Call trace:
add_grec+0x58/0x844 net/ipv4/igmp.c:468
igmpv3_send_cr+0x49c/0x6bc net/ipv4/igmp.c:702
igmp_ifc_timer_expire+0x2c/0x364 net/ipv4/igmp.c:810
call_timer_fn+0x90/0x144 kernel/time/timer.c:1474
expire_timers kernel/time/timer.c:1519 [inline]
__run_timers+0x280/0x374 kernel/time/timer.c:1790
run_timer_softirq+0x34/0x5c kernel/time/timer.c:1803
_stext+0x168/0x37c
____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:892
do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85
invoke_softirq+0x70/0xbc kernel/softirq.c:452
__irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650
irq_exit_rcu+0x10/0x40 kernel/softirq.c:662
__el1_irq arch/arm64/kernel/entry-common.c:472 [inline]
el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:486
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:580
arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline]
mod_objcg_state+0x1ac/0x204 mm/memcontrol.c:3213
memcg_slab_post_alloc_hook+0x198/0x290 mm/slab.h:537
slab_post_alloc_hook mm/slab.h:745 [inline]
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x2a0/0x340 mm/slub.c:3422
anon_vma_chain_alloc mm/rmap.c:141 [inline]
anon_vma_clone+0x5c/0x248 mm/rmap.c:287
anon_vma_fork+0x3c/0x214 mm/rmap.c:350
dup_mmap+0x368/0x7c8 kernel/fork.c:657
dup_mm+0x68/0x1a4 kernel/fork.c:1526
copy_mm+0x68/0xe8 kernel/fork.c:1575
copy_process+0xb84/0x16ec kernel/fork.c:2253
kernel_clone+0x12c/0x380 kernel/fork.c:2671
__do_sys_clone kernel/fork.c:2812 [inline]
__se_sys_clone kernel/fork.c:2780 [inline]
__arm64_sys_clone+0x68/0x98 kernel/fork.c:2780
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: f9400268 b9400a76 52801c00 72a02000 (f940011b)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: f9400268 ldr x8, [x19]
4: b9400a76 ldr w22, [x19, #8]
8: 52801c00 mov w0, #0xe0 // #224
c: 72a02000 movk w0, #0x100, lsl #16
* 10: f940011b ldr x27, [x8] <-- trapping instruction