BUG: unable to handle kernel NULL pointer dereference at 00000000000000d0
PGD 8000000101129067 P4D 8000000101129067 PUD 194fb6067 PMD 0 
Oops: 0000 [#1] SMP PTI
CPU: 0 PID: 20803 Comm: syz-executor0 Not tainted 4.18.0-rc8+ #34
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:slab_equal_or_root mm/slab.h:228 [inline]
RIP: 0010:cache_from_obj mm/slab.h:374 [inline]
RIP: 0010:kmem_cache_free+0x2c8/0x2b50 mm/slub.c:2989
Code: 33 4d 90 48 f7 d0 48 21 c8 0f 84 25 06 00 00 4c 3b 65 90 0f 84 32 01 00 00 49 8d 9c 24 d0 00 00 00 4d 85 ed 0f 85 88 06 00 00 <4c> 8b 33 48 89 df e8 ad 6d 03 00 48 8b 00 48 0b 45 c0 74 13 4c 89 
RSP: 0000:ffff88021fc0fb90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000000d0 RCX: 0000000000000000
RDX: ffffffff8a1af000 RSI: 0000000000000001 RDI: ffffea0006000018
RBP: ffff88021fc0fce0 R08: 0000000000000000 R09: 0000000000000000
R10: 000077ff80000000 R11: ffffffff815d6360 R12: 0000000000000000
R13: 0000000000000000 R14: dead0000000000ff R15: 0000000000000000
FS:  0000000002079940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000d0 CR3: 00000001a93be000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 free_task_struct kernel/fork.c:162 [inline]
 free_task kernel/fork.c:415 [inline]
 __put_task_struct+0x64e/0x8c0 kernel/fork.c:689
 put_task_struct include/linux/sched/task.h:96 [inline]
 delayed_put_task_struct+0x2a1/0x2e0 kernel/exit.c:181
 __rcu_reclaim kernel/rcu/rcu.h:178 [inline]
 rcu_do_batch kernel/rcu/tree.c:2558 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:2818 [inline]
 __rcu_process_callbacks kernel/rcu/tree.c:2785 [inline]
 rcu_process_callbacks+0x132d/0x1a90 kernel/rcu/tree.c:2802
 __do_softirq+0x582/0x969 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x208/0x240 kernel/softirq.c:414
 exiting_irq+0xe/0x10 arch/x86/include/asm/apic.h:527
 smp_apic_timer_interrupt+0x64/0x90 arch/x86/kernel/apic/apic.c:1058
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:868
 </IRQ>
RIP: 0010:native_restore_fl arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:78 [inline]
RIP: 0010:kmsan_alloc_page+0x92/0xd0 mm/kmsan/kmsan_hooks.c:252
Code: 89 e7 44 89 fe 44 89 f1 e8 bb c3 ff ff 41 83 85 ec 08 00 00 ff 75 33 89 c3 e8 aa f8 4b ff 48 8b 45 c8 48 89 45 c0 ff 75 c0 9d <89> d8 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 0f 0b 90 66 2e 
RSP: 0000:ffff8801a28cf768 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000246 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffea00045a7fa0 RSI: 0000000000080001 RDI: 0000000000080000
RBP: ffff8801a28cf7a8 R08: 0000000000480020 R09: 0000000000000003
R10: ffffffff88c01668 R11: 0000000000000000 R12: ffffea0004584000
R13: ffff880120280000 R14: 00000000000742ca R15: 0000000000000009
 __alloc_pages_nodemask+0xf6b/0x5c80 mm/page_alloc.c:4409
 __alloc_pages include/linux/gfp.h:458 [inline]
 __alloc_pages_node include/linux/gfp.h:471 [inline]
 alloc_pages_vma+0x1578/0x1830 mm/mempolicy.c:2049
 do_huge_pmd_anonymous_page+0xefa/0x2760 mm/huge_memory.c:719
 create_huge_pmd mm/memory.c:3863 [inline]
 __handle_mm_fault mm/memory.c:4067 [inline]
 handle_mm_fault+0x447b/0x7ea0 mm/memory.c:4133
 __do_page_fault+0xc8b/0x17e0 arch/x86/mm/fault.c:1397
 do_page_fault+0x98/0xd0 arch/x86/mm/fault.c:1474
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1169
RIP: 0033:0x40052d
Code: 8a 4c 24 10 d3 e0 09 f0 48 8b 74 24 08 66 89 06 e9 fe 00 00 00 48 8b 44 24 10 48 0b 44 24 28 75 10 48 8b 44 24 08 8b 54 24 20 <89> 10 e9 e2 00 00 00 8a 4c 24 28 b8 01 00 00 00 48 8b 74 24 08 48 
RSP: 002b:0000000000a3fbe0 EFLAGS: 00010246
RAX: 00000000204f9fe4 RBX: fffffffffffffffe RCX: 0000000000000000
RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000002079848
RBP: 0000000000930aa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000a3fcf0 R11: 0000000000000246 R12: 00000000000003e8
R13: 00000000009300ac R14: 0000000000069de0 R15: 0000000000069db3
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
CR2: 00000000000000d0
---[ end trace 6d6bb22485c7a5db ]---
RIP: 0010:slab_equal_or_root mm/slab.h:228 [inline]
RIP: 0010:cache_from_obj mm/slab.h:374 [inline]
RIP: 0010:kmem_cache_free+0x2c8/0x2b50 mm/slub.c:2989
Code: 33 4d 90 48 f7 d0 48 21 c8 0f 84 25 06 00 00 4c 3b 65 90 0f 84 32 01 00 00 49 8d 9c 24 d0 00 00 00 4d 85 ed 0f 85 88 06 00 00 <4c> 8b 33 48 89 df e8 ad 6d 03 00 48 8b 00 48 0b 45 c0 74 13 4c 89 
RSP: 0000:ffff88021fc0fb90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000000000d0 RCX: 0000000000000000
RDX: ffffffff8a1af000 RSI: 0000000000000001 RDI: ffffea0006000018
RBP: ffff88021fc0fce0 R08: 0000000000000000 R09: 0000000000000000
R10: 000077ff80000000 R11: ffffffff815d6360 R12: 0000000000000000
R13: 0000000000000000 R14: dead0000000000ff R15: 0000000000000000
FS:  0000000002079940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000d0 CR3: 00000001a93be000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600