Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 52-bit VAs, pgdp=0000000043e89100 [0000000000000018] pgd=080000004b03e003, p4d=080000004aaa4003, pud=0800000047374003, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP Modules linked in: CPU: 0 UID: 0 PID: 10572 Comm: syz.1.2384 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 Hardware name: linux,dummy-virt (DT) pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __cpu_map_flush+0x44/0x94 kernel/bpf/cpumap.c:770 lr : __cpu_map_flush+0x3c/0x94 kernel/bpf/cpumap.c:767 sp : ffff800080003d90 x29: ffff800080003d90 x28: fff000007f8d7608 x27: ffff8000826b7000 x26: 000000010001ffb2 x25: fff000007f8d7800 x24: ffff80008269e500 x23: ffff800080003eb8 x22: ffff80008811bbd8 x21: ffff80008811bbb8 x20: 0800000049b8cfc3 x19: 0800000049b8cfc3 x18: 0000000000000001 x17: ffff800081548368 x16: ffff800081543eac x15: ffff8000815692f8 x14: ffff8000818696dc x13: ffff8000818696dc x12: ffff800081548360 x11: ffff800080010520 x10: ffff8000800adeb4 x9 : 0000000000000002 x8 : 0000000000000080 x7 : f1f00000050a2edc x6 : 0000000000000001 x5 : f9f0000007000000 x4 : fff000007f8ddb90 x3 : 0000000000000000 x2 : 0000000000000815 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: __cpu_map_flush+0x44/0x94 kernel/bpf/cpumap.c:770 xdp_do_check_flushed+0x6c/0x1d8 net/core/filter.c:4311 __napi_poll+0x44/0x198 net/core/dev.c:6774 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x344/0x3c8 net/core/dev.c:6962 handle_softirqs+0x10c/0x240 kernel/softirq.c:554 __do_softirq+0x14/0x20 kernel/softirq.c:588 ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:81 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889 do_softirq_own_stack+0x1c/0x28 arch/arm64/kernel/irq.c:86 invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0x8c/0xc0 kernel/softirq.c:649 __el1_irq arch/arm64/kernel/entry-common.c:537 [inline] el1_interrupt+0x38/0x64 arch/arm64/kernel/entry-common.c:551 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:556 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:594 clear_page+0x0/0x4c virt/lib/irqbypass.c:91 post_alloc_hook+0x168/0x194 mm/page_alloc.c:1491 prep_new_page mm/page_alloc.c:1501 [inline] get_page_from_freelist+0x818/0x15c8 mm/page_alloc.c:3442 __alloc_pages_noprof+0x170/0xd58 mm/page_alloc.c:4700 alloc_pages_mpol_noprof+0x8c/0x230 mm/mempolicy.c:2263 folio_alloc_mpol_noprof+0x14/0x64 mm/mempolicy.c:2281 vma_alloc_folio_noprof+0x7c/0xcc mm/mempolicy.c:2312 vma_alloc_zeroed_movable_folio+0x3c/0x48 arch/arm64/mm/fault.c:933 folio_prealloc mm/memory.c:1060 [inline] alloc_anon_folio mm/memory.c:4498 [inline] do_anonymous_page mm/memory.c:4555 [inline] do_pte_missing mm/memory.c:3945 [inline] handle_pte_fault mm/memory.c:5522 [inline] __handle_mm_fault+0x1404/0x1af0 mm/memory.c:5665 handle_mm_fault+0x64/0x218 mm/memory.c:5833 faultin_page mm/gup.c:1194 [inline] __get_user_pages+0x180/0x3e4 mm/gup.c:1493 __get_user_pages_locked mm/gup.c:1760 [inline] faultin_page_range+0x9c/0x2b8 mm/gup.c:1984 madvise_populate mm/madvise.c:943 [inline] do_madvise+0x2f0/0x418 mm/madvise.c:1464 __do_sys_madvise mm/madvise.c:1484 [inline] __se_sys_madvise mm/madvise.c:1482 [inline] __arm64_sys_madvise+0x24/0x34 mm/madvise.c:1482 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x48/0x110 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x3c/0xe8 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x20/0x2c arch/arm64/kernel/syscall.c:151 el0_svc+0x34/0xec arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598 Code: aa1303e0 97fffcbe f9402a61 aa1403f3 (f9400c20) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: aa1303e0 mov x0, x19 4: 97fffcbe bl 0xfffffffffffff2fc 8: f9402a61 ldr x1, [x19, #80] c: aa1403f3 mov x19, x20 * 10: f9400c20 ldr x0, [x1, #24] <-- trapping instruction