Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 52-bit VAs, pgdp=000000004412ab00 [0000000000000050] pgd=080000004aac8403, p4d=0800000049f45403, pud=080000004f94a403, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: CPU: 0 UID: 0 PID: 9496 Comm: syz.2.1968 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT Hardware name: linux,dummy-virt (DT) pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : __list_del_entry_valid_or_report+0x18/0x128 lib/list_debug.c:49 lr : __list_del_entry_valid include/linux/list.h:124 [inline] lr : __list_del_entry include/linux/list.h:215 [inline] lr : list_del_init include/linux/list.h:287 [inline] lr : drr_qlen_notify+0x20/0x4c net/sched/sch_drr.c:238 sp : ffff80008b97b630 x29: ffff80008b97b630 x28: f0f000000d205b40 x27: f5f0000006655c00 x26: 00000000000affe0 x25: ffff80008b97b83c x24: ffff80008b97b9b8 x23: ffff8000820303d8 x22: 0000000000000000 x21: 0000000000000000 x20: 0000000000000050 x19: 0000000000000050 x18: 0000000000000014 x17: 00000000b4bbc05a x16: 00000000fe5a2bb1 x15: 00000000b3aea4d5 x14: 0000000028305ad7 x13: 00000000d1812c73 x12: 00000000bee5c93d x11: 00000000e55a9b58 x10: 000000002792afe0 x9 : 000000002a898337 x8 : ffff80008b97b738 x7 : 0000000000000000 x6 : 0000000000000000 x5 : f9f0000009f69000 x4 : 0000000000000003 x3 : f4f0000009cadf80 x2 : ffff8000817212b4 x1 : 0000000000000000 x0 : 0000000000000050 Call trace: __list_del_entry_valid_or_report+0x18/0x128 lib/list_debug.c:46 (P) __list_del_entry_valid include/linux/list.h:124 [inline] __list_del_entry include/linux/list.h:215 [inline] list_del_init include/linux/list.h:287 [inline] drr_qlen_notify+0x20/0x4c net/sched/sch_drr.c:238 qdisc_tree_reduce_backlog+0xa0/0x120 net/sched/sch_api.c:811 hhf_change+0x1c8/0x2a4 net/sched/sch_hhf.c:571 hhf_init+0x98/0x190 net/sched/sch_hhf.c:597 qdisc_create+0x110/0x430 net/sched/sch_api.c:1324 __tc_modify_qdisc net/sched/sch_api.c:1749 [inline] tc_modify_qdisc+0x4ec/0x81c net/sched/sch_api.c:1813 rtnetlink_rcv_msg+0x12c/0x398 net/core/rtnetlink.c:6953 netlink_rcv_skb+0x5c/0x128 net/netlink/af_netlink.c:2534 rtnetlink_rcv+0x18/0x24 net/core/rtnetlink.c:6971 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x1c8/0x2dc net/netlink/af_netlink.c:1339 netlink_sendmsg+0x194/0x400 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x54/0x60 net/socket.c:727 ____sys_sendmsg+0x234/0x29c net/socket.c:2566 ___sys_sendmsg+0xac/0x100 net/socket.c:2620 __sys_sendmsg+0x98/0xf8 net/socket.c:2652 __do_sys_sendmsg net/socket.c:2657 [inline] __se_sys_sendmsg net/socket.c:2655 [inline] __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2655 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:151 el0_svc+0xa8/0x124 arch/arm64/kernel/entry-common.c:767 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:786 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600 Code: 910003fd a90153f3 aa0003f3 a9025bf5 (a9405414) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: 910003fd mov x29, sp 4: a90153f3 stp x19, x20, [sp, #16] 8: aa0003f3 mov x19, x0 c: a9025bf5 stp x21, x22, [sp, #32] * 10: a9405414 ldp x20, x21, [x0] <-- trapping instruction