BUG: kernel NULL pointer dereference, address: 0000000000000007
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 876f7067 P4D 876f7067 PUD 4ca6a067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 25898 Comm: syz-executor.1 Not tainted 5.9.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__seqcount_assert include/linux/seqlock.h:211 [inline]
RIP: 0010:update_pvclock_gtod arch/x86/kvm/x86.c:1738 [inline]
RIP: 0010:pvclock_gtod_notify+0x3e/0x570 arch/x86/kvm/x86.c:7452
Code: 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 08 84 d2 0f 85 63 04 00 00 8b 2d ae 1f 00 00 <00> 00 70 07 70 07 77 00 70 07 00 77 70 07 00 00 00 00 00 00 00 00
RSP: 0018:ffffc90000007bf0 EFLAGS: 00010046
RAX: 0000000000000007 RBX: ffffffff8d437980 RCX: 1ffffffff16b2a37
RDX: 0000000000000000 RSI: ffffffff810c31da RDI: ffffffff89f02dc0
RBP: 00000000b60f03e8 R08: 0000000000000000 R09: ffffffff8d0b79e7
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff89f02dc0
FS:  0000000000000000(0000) GS:ffff8880ae400000(0063) knlGS:00000000f55ecb40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000000000007 CR3: 000000005d898000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 update_pvclock_gtod kernel/time/timekeeping.c:581 [inline]
 timekeeping_update+0x28a/0x4a0 kernel/time/timekeeping.c:675
 timekeeping_advance+0x6ad/0xa40 kernel/time/timekeeping.c:2122
 tick_do_update_jiffies64.part.0+0x1ec/0x330 kernel/time/tick-sched.c:101
 tick_do_update_jiffies64 kernel/time/tick-sched.c:64 [inline]
 tick_sched_do_timer kernel/time/tick-sched.c:147 [inline]
 tick_sched_timer+0x236/0x2a0 kernel/time/tick-sched.c:1321
 __run_hrtimer kernel/time/hrtimer.c:1524 [inline]
 __hrtimer_run_queues+0x1d5/0xfc0 kernel/time/hrtimer.c:1588
 hrtimer_interrupt+0x334/0x940 kernel/time/hrtimer.c:1650
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
 __sysvec_apic_timer_interrupt+0x147/0x5f0 arch/x86/kernel/apic/apic.c:1097
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 sysvec_apic_timer_interrupt+0xb2/0xf0 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:102 [inline]
RIP: 0010:__local_bh_enable_ip+0x13f/0x1f0 kernel/softirq.c:202
Code: 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 96 00 00 00 48 83 3d 82 5b b4 08 00 74 3a fb 66 0f 1f 44 00 00 <65> 8b 05 3a ee b9 7e 85 c0 74 51 5b 5d 41 5c c3 e8 3c fd 33 00 eb
RSP: 0018:ffffc9000968f1c0 EFLAGS: 00000282
RAX: 1ffffffff13f8d77 RBX: 0000000000000200 RCX: ffffc9000b2c8000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000200 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff86a91296
R13: 0000000080000001 R14: 0000000000000000 R15: 1ffff920012d1e41
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 init_conntrack.constprop.0+0xc89/0x1070 net/netfilter/nf_conntrack_core.c:1635
 resolve_normal_ct net/netfilter/nf_conntrack_core.c:1674 [inline]
 nf_conntrack_in+0x9b9/0x12a0 net/netfilter/nf_conntrack_core.c:1834
 nf_hook_entry_hookfn include/linux/netfilter.h:136 [inline]
 nf_hook_slow+0xc5/0x1e0 net/netfilter/core.c:512
 nf_hook include/linux/netfilter.h:256 [inline]
 __ip6_local_out+0x419/0x890 net/ipv6/output_core.c:167
 ip6_local_out+0x26/0x1a0 net/ipv6/output_core.c:177
 ip6_send_skb+0xb7/0x340 net/ipv6/ip6_output.c:1867
 udp_v6_send_skb+0x7c2/0x15d0 net/ipv6/udp.c:1233
 udpv6_sendmsg+0x2300/0x2b90 net/ipv6/udp.c:1531
 inet6_sendmsg+0x99/0xe0 net/ipv6/af_inet6.c:638
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:671
 ____sys_sendmsg+0x331/0x810 net/socket.c:2353
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2407
 __sys_sendmmsg+0x296/0x480 net/socket.c:2490
 __compat_sys_sendmmsg net/compat.c:361 [inline]
 __do_compat_sys_sendmmsg net/compat.c:368 [inline]
 __se_compat_sys_sendmmsg net/compat.c:365 [inline]
 __ia32_compat_sys_sendmmsg+0x9b/0x100 net/compat.c:365
 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline]
 __do_fast_syscall_32+0x60/0x90 arch/x86/entry/common.c:137
 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:160
 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
RIP: 0023:0xf7ff2549
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f55ec0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000159
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020006d00
RDX: 00000000000000c6 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
CR2: 0000000000000007
---[ end trace 4770d3ab13c5b4fa ]---
RIP: 0010:__seqcount_assert include/linux/seqlock.h:211 [inline]
RIP: 0010:update_pvclock_gtod arch/x86/kvm/x86.c:1738 [inline]
RIP: 0010:pvclock_gtod_notify+0x3e/0x570 arch/x86/kvm/x86.c:7452
Code: 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 38 d0 7c 08 84 d2 0f 85 63 04 00 00 8b 2d ae 1f 00 00 <00> 00 70 07 70 07 77 00 70 07 00 77 70 07 00 00 00 00 00 00 00 00
RSP: 0018:ffffc90000007bf0 EFLAGS: 00010046
RAX: 0000000000000007 RBX: ffffffff8d437980 RCX: 1ffffffff16b2a37
RDX: 0000000000000000 RSI: ffffffff810c31da RDI: ffffffff89f02dc0
RBP: 00000000b60f03e8 R08: 0000000000000000 R09: ffffffff8d0b79e7
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff89f02dc0
FS:  0000000000000000(0000) GS:ffff8880ae400000(0063) knlGS:00000000f55ecb40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000000000007 CR3: 000000005d898000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400