Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000014d5af000 [0000000000000000] pgd=0800000120506003, p4d=0800000120506003, pud=0000000000000000 Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 3124 Comm: syz-executor.2 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : add_grec+0x58/0x844 net/ipv4/igmp.c:460 lr : add_grec+0x48/0x844 net/ipv4/igmp.c:459 sp : ffff80000800bcc0 x29: ffff80000800bd10 x28: 0000000000000003 x27: ffff80000d98f000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000006 x23: ffff0000fba19398 x22: 0000000000000000 x21: 0000000000000005 x20: 0000000000000000 x19: ffff0000fba19300 x18: 0000000000000000 x17: ffff8001f1cdd000 x16: ffff80000dc18158 x15: ffff0000e1ce4ec0 x14: 00000000000000a8 x13: 0000000000002000 x12: ffff0000e1ce4ec0 x11: ff8080000b6c1ac4 x10: 0000000000000000 x9 : ffff80000b6c1ac4 x8 : 0000000000000000 x7 : ffff80000b6c3874 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000005 x1 : ffff0000fba19300 x0 : 00000000010000e0 Call trace: add_grec+0x58/0x844 net/ipv4/igmp.c:468 igmpv3_send_cr+0x49c/0x6bc net/ipv4/igmp.c:702 igmp_ifc_timer_expire+0x2c/0x364 net/ipv4/igmp.c:810 call_timer_fn+0x90/0x144 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [inline] __run_timers+0x280/0x374 kernel/time/timer.c:1790 run_timer_softirq+0x34/0x5c kernel/time/timer.c:1803 _stext+0x168/0x37c ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80 call_on_irq_stack+0x2c/0x54 arch/arm64/kernel/entry.S:892 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:85 invoke_softirq+0x70/0xbc kernel/softirq.c:452 __irq_exit_rcu+0xf0/0x140 kernel/softirq.c:650 irq_exit_rcu+0x10/0x40 kernel/softirq.c:662 __el1_irq arch/arm64/kernel/entry-common.c:472 [inline] el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:486 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:580 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:122 [inline] mod_objcg_state+0x1ac/0x204 mm/memcontrol.c:3213 memcg_slab_post_alloc_hook+0x198/0x290 mm/slab.h:537 slab_post_alloc_hook mm/slab.h:745 [inline] slab_alloc_node mm/slub.c:3398 [inline] slab_alloc mm/slub.c:3406 [inline] __kmem_cache_alloc_lru mm/slub.c:3413 [inline] kmem_cache_alloc+0x2a0/0x340 mm/slub.c:3422 anon_vma_chain_alloc mm/rmap.c:141 [inline] anon_vma_clone+0x5c/0x248 mm/rmap.c:287 anon_vma_fork+0x3c/0x214 mm/rmap.c:350 dup_mmap+0x368/0x7c8 kernel/fork.c:657 dup_mm+0x68/0x1a4 kernel/fork.c:1526 copy_mm+0x68/0xe8 kernel/fork.c:1575 copy_process+0xb84/0x16ec kernel/fork.c:2253 kernel_clone+0x12c/0x380 kernel/fork.c:2671 __do_sys_clone kernel/fork.c:2812 [inline] __se_sys_clone kernel/fork.c:2780 [inline] __arm64_sys_clone+0x68/0x98 kernel/fork.c:2780 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Code: f9400268 b9400a76 52801c00 72a02000 (f940011b) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: f9400268 ldr x8, [x19] 4: b9400a76 ldr w22, [x19, #8] 8: 52801c00 mov w0, #0xe0 // #224 c: 72a02000 movk w0, #0x100, lsl #16 * 10: f940011b ldr x27, [x8] <-- trapping instruction