8<--- cut here ---
Unable to handle kernel paging request at virtual address df000000 when read
[df000000] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: 206 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 4876 Comm: syz-executor.0 Not tainted 6.4.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at csum_partial+0x40/0x130 arch/arm/lib/csumpartial.S:120
LR is at 0x0
pc : [<817abec8>]    lr : [<00000000>]    psr: 80000013
sp : ec891b38  ip : a5aa9b00  fp : ec891b94
r10: 81314164  r9 : 81314164  r8 : 00000d02
r7 : fffff2fd  r6 : 00000d02  r5 : 00000000  r4 : 00000000
r3 : 00000000  r2 : db108818  r1 : fffffef0  r0 : df000000
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 85dee5c0  DAC: 00000000
Register r0 information: non-paged memory
Register r1 information: non-paged memory
Register r2 information: non-slab/vmalloc memory
Register r3 information: NULL pointer
Register r4 information: NULL pointer
Register r5 information: NULL pointer
Register r6 information: non-paged memory
Register r7 information: non-paged memory
Register r8 information: non-paged memory
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xec890000 allocated at kernel_clone+0x9c/0x3dc kernel/fork.c:2918
Register r12 information: non-slab/vmalloc memory
Process syz-executor.0 (pid: 4876, stack limit = 0xec890000)
Stack: (0xec891b38 to 0xec892000)
1b20:                                                       83237840 84aa9c10
1b40: 84aa9c10 8150ce40 20001000 04200000 83237240 83237840 81fdf418 827e2390
1b60: 85b13000 00000505 84944630 83237240 00006869 00000000 00000000 00000000
1b80: 00000000 84aa9680 ec891bd4 ec891b98 815f6de4 8150cc68 00000001 802a6080
1ba0: 00000000 baca9c9a 83624680 83237240 0000000e 00000000 00006869 00000000
1bc0: 00000000 84aa9680 ec891c1c ec891bd8 81630798 815f6d28 80216210 802a5b54
1be0: 00000060 00000052 ec891cb0 baca9c9a 00000000 83237240 00000000 00006869
1c00: 0000dd86 81630d08 ec891cf7 00000011 ec891c3c ec891c20 81630d4c 8163067c
1c20: 83237240 00000000 00006869 0000dd86 ec891c6c ec891c40 81377ed8 81630d14
1c40: 0000000e baca9c9a ec891cf7 83237240 00006869 00000001 00000000 8591b800
1c60: ec891c8c ec891c70 81333158 81377e20 83237240 00006869 00000000 ec891cf7
1c80: ec891cc4 ec891c90 8133ab64 813330a4 00000001 00000000 0000007a 00000000
1ca0: 00000000 84439c00 8591b800 00000000 ec891cf7 00000011 ec891cec ec891cc8
1cc0: 8133ad7c 8133a9d4 84972400 83237240 84439c00 8591b800 00000000 00000001
1ce0: ec891d24 ec891cf0 813aa5b0 8133ad48 84972400 0091b800 00000010 baca9c9a
1d00: 83237240 84972400 00000000 00000001 a3ea3570 849724c4 ec891d84 ec891d28
1d20: 8133b95c 813aa3fc 00000000 00000001 00000011 8260ee34 00891da4 fffffff4
1d40: 00000000 81321070 00000000 0000dd86 00000000 baca9c9a 00000000 83237240
1d60: 00002378 8591b800 0000000a 83237240 85b13000 84aa97c0 ec891da4 ec891d88
1d80: 81634494 8133b400 85b13000 00002378 8591b800 0000000a ec891e5c ec891da8
1da0: 81637bec 81634404 ec891e08 00000000 817f99d4 80277e98 ec891dec ec891dc8
1dc0: ec891ea8 83204788 00002001 817fa2bc 80200288 806b84fc ec891e1c ec891de8
1de0: 81a02a74 00000000 00000002 0000004c 00000060 00000300 00000000 0000000e
1e00: 00000000 0000000a 00000000 004c0508 07440205 0000030c 00000000 00000000
1e20: 00000000 00000000 8216c67c baca9c9a ec891e5c 00000000 ec891e98 8516b400
1e40: 04000002 80200288 83624680 00000122 ec891e7c ec891e60 8130d628 81636d30
1e60: 00000000 8516b400 00000000 04000002 ec891f8c ec891e80 8130f478 8130d5f0
1e80: ec891ea8 83622550 fffffff7 00000001 83622340 00000000 00000000 00000000
1ea0: ec891ed4 ec891eb0 01000006 00000001 00002378 20000080 00000000 00000000
1ec0: 00000001 00000000 00000000 00000000 04000002 00000000 00000000 00000000
1ee0: 00000000 ffffffff 00000000 00000000 00000001 baca9c9a 00000005 00000000
1f00: 00000080 0014c288 00000000 00000000 83624680 000000f0 ec891f4c ec891f28
1f20: 80309a10 8030d190 ffffffff 80200288 8516b400 8163a0dc 8516b400 00000000
1f40: ec891fa4 ec891f50 80309fd4 8030996c ec891f84 ec891f60 80277db8 802a6080
1f60: 00000000 00000000 83624680 baca9c9a 00000000 000002ff 0014c2c4 00000122
1f80: ec891fa4 ec891f90 8130f4e0 8130f3b4 00000000 000002ff 00000000 ec891fa8
1fa0: 80200060 8130f4d0 00000000 000002ff 00000003 20000080 00002378 04000002
1fc0: 00000000 000002ff 0014c2c4 00000122 7eb6b3c2 76b8e6d0 7eb6b534 76b8e20c
1fe0: 76b8e020 76b8e010 00017004 0004dfb0 60000010 00000003 00000000 00000000
Backtrace: 
[<8150cc5c>] (__udp_gso_segment) from [<815f6de4>] (udp6_ufo_fragment+0xc8/0x39c net/ipv6/udp_offload.c:47)
 r10:84aa9680 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:00006869
 r4:83237240
[<815f6d1c>] (udp6_ufo_fragment) from [<81630798>] (ipv6_gso_segment.part.0+0x128/0x42c net/ipv6/ip6_offload.c:119)
 r10:84aa9680 r9:00000000 r8:00000000 r7:00006869 r6:00000000 r5:0000000e
 r4:83237240
[<81630670>] (ipv6_gso_segment.part.0) from [<81630d4c>] (ipv6_gso_segment+0x44/0x48 net/ipv6/ip6_offload.c:91)
 r10:00000011 r9:ec891cf7 r8:81630d08 r7:0000dd86 r6:00006869 r5:00000000
 r4:83237240
[<81630d08>] (ipv6_gso_segment) from [<81377ed8>] (skb_mac_gso_segment+0xc4/0x1a4 net/core/gro.c:141)
 r7:0000dd86 r6:00006869 r5:00000000 r4:83237240
[<81377e14>] (skb_mac_gso_segment) from [<81333158>] (__skb_gso_segment+0xc0/0x16c net/core/dev.c:3401)
 r8:8591b800 r7:00000000 r6:00000001 r5:00006869 r4:83237240
[<81333098>] (__skb_gso_segment) from [<8133ab64>] (skb_gso_segment include/linux/netdevice.h:4859 [inline])
[<81333098>] (__skb_gso_segment) from [<8133ab64>] (validate_xmit_skb+0x19c/0x374 net/core/dev.c:3659)
 r7:ec891cf7 r6:00000000 r5:00006869 r4:83237240
[<8133a9c8>] (validate_xmit_skb) from [<8133ad7c>] (validate_xmit_skb_list+0x40/0x74 net/core/dev.c:3709)
 r10:00000011 r9:ec891cf7 r8:00000000 r7:8591b800 r6:84439c00 r5:00000000
 r4:00000000
[<8133ad3c>] (validate_xmit_skb_list) from [<813aa5b0>] (sch_direct_xmit+0x1c0/0x45c net/sched/sch_generic.c:327)
 r9:00000001 r8:00000000 r7:8591b800 r6:84439c00 r5:83237240 r4:84972400
[<813aa3f0>] (sch_direct_xmit) from [<8133b95c>] (__dev_xmit_skb net/core/dev.c:3805 [inline])
[<813aa3f0>] (sch_direct_xmit) from [<8133b95c>] (__dev_queue_xmit+0x568/0xdc8 net/core/dev.c:4210)
 r9:849724c4 r8:a3ea3570 r7:00000001 r6:00000000 r5:84972400 r4:83237240
[<8133b3f4>] (__dev_queue_xmit) from [<81634494>] (dev_queue_xmit include/linux/netdevice.h:3085 [inline])
[<8133b3f4>] (__dev_queue_xmit) from [<81634494>] (packet_xmit net/packet/af_packet.c:276 [inline])
[<8133b3f4>] (__dev_queue_xmit) from [<81634494>] (packet_xmit+0x9c/0x100 net/packet/af_packet.c:273)
 r10:84aa97c0 r9:85b13000 r8:83237240 r7:0000000a r6:8591b800 r5:00002378
 r4:83237240
[<816343f8>] (packet_xmit) from [<81637bec>] (packet_snd net/packet/af_packet.c:3081 [inline])
[<816343f8>] (packet_xmit) from [<81637bec>] (packet_sendmsg+0xec8/0x1448 net/packet/af_packet.c:3113)
 r7:0000000a r6:8591b800 r5:00002378 r4:85b13000
[<81636d24>] (packet_sendmsg) from [<8130d628>] (sock_sendmsg_nosec net/socket.c:724 [inline])
[<81636d24>] (packet_sendmsg) from [<8130d628>] (sock_sendmsg+0x44/0x78 net/socket.c:747)
 r10:00000122 r9:83624680 r8:80200288 r7:04000002 r6:8516b400 r5:ec891e98
 r4:00000000
[<8130d5e4>] (sock_sendmsg) from [<8130f478>] (__sys_sendto+0xd0/0x11c net/socket.c:2144)
 r7:04000002 r6:00000000 r5:8516b400 r4:00000000
[<8130f3a8>] (__sys_sendto) from [<8130f4e0>] (__do_sys_sendto net/socket.c:2156 [inline])
[<8130f3a8>] (__sys_sendto) from [<8130f4e0>] (sys_sendto+0x1c/0x24 net/socket.c:2152)
 r7:00000122 r6:0014c2c4 r5:000002ff r4:00000000
[<8130f4c4>] (sys_sendto) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xec891fa8 to 0xec891ff0)
1fa0:                   00000000 000002ff 00000003 20000080 00002378 04000002
1fc0: 00000000 000002ff 0014c2c4 00000122 7eb6b3c2 76b8e6d0 7eb6b534 76b8e20c
1fe0: 76b8e020 76b8e010 00017004 0004dfb0
Code: e0b22003 e0b22004 e0b22005 e0b2200e (e8b04038) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e0b22003 	adcs	r2, r2, r3
   4:	e0b22004 	adcs	r2, r2, r4
   8:	e0b22005 	adcs	r2, r2, r5
   c:	e0b2200e 	adcs	r2, r2, lr
* 10:	e8b04038 	ldm	r0!, {r3, r4, r5, lr} <-- trapping instruction