BUG: unable to handle page fault for address: ffff888274883ac0 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 5001067 P4D 5001067 PUD 0 Oops: 0002 [#1] SMP CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 5.15.120-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 Workqueue: mld mld_ifc_work RIP: 0010:__build_skb_around net/core/skbuff.c:212 [inline] RIP: 0010:__alloc_skb+0x130/0x240 net/core/skbuff.c:443 Code: 00 41 c7 84 24 d4 00 00 00 01 00 00 00 41 c7 84 24 b8 00 00 00 00 00 00 00 41 89 94 24 bc 00 00 00 66 41 89 8c 24 b2 00 00 00 <48> c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 c7 43 10 00 00 00 RSP: 0018:ffffc90000043bf0 EFLAGS: 00010286 RAX: 00000000ffffffff RBX: ffff888274883ac0 RCX: 00000000ffffffff RDX: 00000000ffffff40 RSI: 0000000000000000 RDI: ffffea0005d220c0 RBP: 0000000000000cc0 R08: ffffc90000043ba8 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000018 R12: ffff88810afbc200 R13: 00000000ffffffff R14: 0000000000000000 R15: ffff8881085fc300 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff888274883ac0 CR3: 0000000174a57000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: alloc_skb include/linux/skbuff.h:1167 [inline] alloc_skb_with_frags+0x46/0x1a0 net/core/skbuff.c:6121 sock_alloc_send_pskb+0x1ea/0x230 net/core/sock.c:2497 mld_newpack.isra.0+0x76/0x190 net/ipv6/mcast.c:1748 add_grhead+0x85/0xa0 net/ipv6/mcast.c:1851 skb_availroom include/linux/skbuff.h:2509 [inline] add_grec+0x479/0x4c0 net/ipv4/igmp.c:495 mld_send_cr net/ipv6/mcast.c:2115 [inline] mld_ifc_work+0x15a/0x460 net/ipv6/mcast.c:2653 process_one_work+0x252/0x440 kernel/workqueue.c:2307 worker_thread+0x4d/0x330 kernel/workqueue.c:2454 kthread+0x10b/0x130 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 Modules linked in: CR2: ffff888274883ac0 ---[ end trace 322fd8796facec8f ]--- RIP: 0010:__build_skb_around net/core/skbuff.c:212 [inline] RIP: 0010:__alloc_skb+0x130/0x240 net/core/skbuff.c:443 Code: 00 41 c7 84 24 d4 00 00 00 01 00 00 00 41 c7 84 24 b8 00 00 00 00 00 00 00 41 89 94 24 bc 00 00 00 66 41 89 8c 24 b2 00 00 00 <48> c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 c7 43 10 00 00 00 RSP: 0018:ffffc90000043bf0 EFLAGS: 00010286 RAX: 00000000ffffffff RBX: ffff888274883ac0 RCX: 00000000ffffffff RDX: 00000000ffffff40 RSI: 0000000000000000 RDI: ffffea0005d220c0 RBP: 0000000000000cc0 R08: ffffc90000043ba8 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000018 R12: ffff88810afbc200 R13: 00000000ffffffff R14: 0000000000000000 R15: ffff8881085fc300 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff888274883ac0 CR3: 0000000174a57000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 00 41 c7 add %al,-0x39(%rcx) 3: 84 24 d4 test %ah,(%rsp,%rdx,8) 6: 00 00 add %al,(%rax) 8: 00 01 add %al,(%rcx) a: 00 00 add %al,(%rax) c: 00 41 c7 add %al,-0x39(%rcx) f: 84 24 b8 test %ah,(%rax,%rdi,4) 12: 00 00 add %al,(%rax) 14: 00 00 add %al,(%rax) 16: 00 00 add %al,(%rax) 18: 00 41 89 add %al,-0x77(%rcx) 1b: 94 xchg %eax,%esp 1c: 24 bc and $0xbc,%al 1e: 00 00 add %al,(%rax) 20: 00 66 41 add %ah,0x41(%rsi) 23: 89 8c 24 b2 00 00 00 mov %ecx,0xb2(%rsp) * 2a: 48 c7 03 00 00 00 00 movq $0x0,(%rbx) <-- trapping instruction 31: 48 c7 43 08 00 00 00 movq $0x0,0x8(%rbx) 38: 00 39: 48 rex.W 3a: c7 .byte 0xc7 3b: 43 10 00 rex.XB adc %al,(%r8)