8<--- cut here ---
Unable to handle kernel paging request at virtual address df000000 when read
[df000000] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: 206 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 8799 Comm: syz-executor.0 Not tainted 6.4.0-rc5-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at csum_partial+0x40/0x130 arch/arm/lib/csumpartial.S:120
LR is at 0x0
pc : [<817acc88>]    lr : [<00000000>]    psr: 80000013
sp : e05c5b38  ip : ab4d2000  fp : e05c5b94
r10: 813145d8  r9 : 813145d8  r8 : 0000a11c
r7 : ffff5ee3  r6 : 0000a11c  r5 : 00000000  r4 : 00000000
r3 : 00000000  r2 : 8c332356  r1 : fffffef0  r0 : df000000
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 85cb4700  DAC: fffffffd
Register r0 information: non-paged memory
Register r1 information: non-paged memory
Register r2 information: non-slab/vmalloc memory
Register r3 information: NULL pointer
Register r4 information: NULL pointer
Register r5 information: NULL pointer
Register r6 information: non-paged memory
Register r7 information: non-paged memory
Register r8 information: non-paged memory
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xe05c4000 allocated at kernel_clone+0x9c/0x3dc kernel/fork.c:2915
Register r12 information: non-slab/vmalloc memory
Process syz-executor.0 (pid: 8799, stack limit = 0xe05c4000)
Stack: (0xe05c5b38 to 0xe05c6000)
5b20:                                                       84d11600 8a4d2110
5b40: 8a4d2110 8150d4ec e05c5b74 e05c5b58 84d11540 84d11600 81fdf65c 827e238f
5b60: 8dd01000 000020c0 e05c5c1c 84d11540 00006869 00000000 00000000 00000000
5b80: 00000000 84a98000 e05c5bd4 e05c5b98 815f7958 8150d314 00000001 05200000
5ba0: 00c00000 ecbea7a6 84ac81b8 84d11540 0000000e 00000000 00006869 00000000
5bc0: 00000000 84a98000 e05c5c1c e05c5bd8 81631318 815f789c 80277e40 802a6108
5be0: 00000060 00000052 849469c0 ecbea7a6 20001000 84d11540 00000000 00006869
5c00: 0000dd86 81631888 e05c5cf7 00000001 e05c5c3c e05c5c20 816318cc 816311fc
5c20: 84d11540 00000000 00006869 0000dd86 e05c5c6c e05c5c40 813784cc 81631894
5c40: 0000000e ecbea7a6 e05c5cf7 84d11540 00006869 00000001 00000000 83291000
5c60: e05c5c8c e05c5c70 81333644 81378414 84d11540 00006869 00000000 e05c5cf7
5c80: e05c5cc4 e05c5c90 8133b050 81333590 00000001 ffff0000 ffffdd86 00000000
5ca0: 00000000 84ca4800 83291000 00000000 e05c5cf7 00000001 e05c5cec e05c5cc8
5cc0: 8133b268 8133aec0 83611000 84d11540 84ca4800 83291000 00000000 00000001
5ce0: e05c5d24 e05c5cf0 813aab50 8133b234 83611000 00291000 00000010 ecbea7a6
5d00: 84d11540 83611000 00000000 00000001 a3ea3290 836110c4 e05c5d84 e05c5d28
5d20: 8133be48 813aa99c 00000000 00000001 00000011 8260ee30 005c5da4 fffffff4
5d40: 00000000 8132cab4 00000000 0000dd86 00000000 ecbea7a6 00000000 84d11540
5d60: 00002378 83291000 0000000a 84d11540 8dd01000 84a9bf00 e05c5da4 e05c5d88
5d80: 81635014 8133b8ec 8dd01000 00002378 83291000 0000000a e05c5e5c e05c5da8
5da0: 81638768 81634f84 e05c5e08 00000000 817fa794 80277f20 e05c5dec e05c5dc8
5dc0: e05c5ea8 83203488 00002001 817fb07c 80200288 806b8594 e05c5e1c e05c5de8
5de0: 81a02a70 00000000 00000002 0000236e 00000060 00000300 00000000 0000000e
5e00: 00000000 0000000a 00000000 236e0500 07441c99 0000030c 00000000 00000000
5e20: 00000000 00000000 8216d67c ecbea7a6 e05c5e5c 00000000 e05c5e98 852d7680
5e40: 04000002 80200288 849469c0 00000122 e05c5e7c e05c5e60 8130daa0 816378ac
5e60: 00000000 852d7680 00000000 04000002 e05c5f8c e05c5e80 8130f8f4 8130da68
5e80: e05c5ea8 84940dd0 fffffff7 00000001 84940bc0 00000000 00000000 00000000
5ea0: e05c5ed4 e05c5eb0 01000006 00000001 00002378 20000080 00000000 00000000
5ec0: 00000001 00000000 00000000 00000000 04000002 00000000 00000000 00000000
5ee0: 00000000 ffffffff 00000000 00000000 8020d3ac ecbea7a6 00000005 00000000
5f00: 00000080 0014c288 00000000 00000000 849469c0 000000f0 e05c5f4c e05c5f28
5f20: 80309a98 8030d218 ffffffff e05c5f38 80277e58 802a6108 852d7680 00000000
5f40: e05c5fa4 e05c5f50 8030a05c 803099f4 e05c5f84 e05c5f60 80277e40 802a6108
5f60: 81803708 80276a30 849469c0 ecbea7a6 00000000 000002ff 0014c2c4 00000122
5f80: e05c5fa4 e05c5f90 8130f95c 8130f830 00000000 000002ff 00000000 e05c5fa8
5fa0: 80200060 8130f94c 00000000 000002ff 00000003 20000080 00002378 04000002
5fc0: 00000000 000002ff 0014c2c4 00000122 7ef243c2 76b8b6d0 7ef24534 76b8b20c
5fe0: 76b8b020 76b8b010 00017004 0004dfb0 60000010 00000003 00000000 00000000
Backtrace: 
[<8150d308>] (__udp_gso_segment) from [<815f7958>] (udp6_ufo_fragment+0xc8/0x39c net/ipv6/udp_offload.c:47)
 r10:84a98000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:00006869
 r4:84d11540
[<815f7890>] (udp6_ufo_fragment) from [<81631318>] (ipv6_gso_segment.part.0+0x128/0x42c net/ipv6/ip6_offload.c:119)
 r10:84a98000 r9:00000000 r8:00000000 r7:00006869 r6:00000000 r5:0000000e
 r4:84d11540
[<816311f0>] (ipv6_gso_segment.part.0) from [<816318cc>] (ipv6_gso_segment+0x44/0x48 net/ipv6/ip6_offload.c:91)
 r10:00000001 r9:e05c5cf7 r8:81631888 r7:0000dd86 r6:00006869 r5:00000000
 r4:84d11540
[<81631888>] (ipv6_gso_segment) from [<813784cc>] (skb_mac_gso_segment+0xc4/0x1a4 net/core/gro.c:141)
 r7:0000dd86 r6:00006869 r5:00000000 r4:84d11540
[<81378408>] (skb_mac_gso_segment) from [<81333644>] (__skb_gso_segment+0xc0/0x16c net/core/dev.c:3401)
 r8:83291000 r7:00000000 r6:00000001 r5:00006869 r4:84d11540
[<81333584>] (__skb_gso_segment) from [<8133b050>] (skb_gso_segment include/linux/netdevice.h:4859 [inline])
[<81333584>] (__skb_gso_segment) from [<8133b050>] (validate_xmit_skb+0x19c/0x374 net/core/dev.c:3659)
 r7:e05c5cf7 r6:00000000 r5:00006869 r4:84d11540
[<8133aeb4>] (validate_xmit_skb) from [<8133b268>] (validate_xmit_skb_list+0x40/0x74 net/core/dev.c:3709)
 r10:00000001 r9:e05c5cf7 r8:00000000 r7:83291000 r6:84ca4800 r5:00000000
 r4:00000000
[<8133b228>] (validate_xmit_skb_list) from [<813aab50>] (sch_direct_xmit+0x1c0/0x45c net/sched/sch_generic.c:327)
 r9:00000001 r8:00000000 r7:83291000 r6:84ca4800 r5:84d11540 r4:83611000
[<813aa990>] (sch_direct_xmit) from [<8133be48>] (__dev_xmit_skb net/core/dev.c:3805 [inline])
[<813aa990>] (sch_direct_xmit) from [<8133be48>] (__dev_queue_xmit+0x568/0xdc8 net/core/dev.c:4210)
 r9:836110c4 r8:a3ea3290 r7:00000001 r6:00000000 r5:83611000 r4:84d11540
[<8133b8e0>] (__dev_queue_xmit) from [<81635014>] (dev_queue_xmit include/linux/netdevice.h:3085 [inline])
[<8133b8e0>] (__dev_queue_xmit) from [<81635014>] (packet_xmit net/packet/af_packet.c:276 [inline])
[<8133b8e0>] (__dev_queue_xmit) from [<81635014>] (packet_xmit+0x9c/0x100 net/packet/af_packet.c:273)
 r10:84a9bf00 r9:8dd01000 r8:84d11540 r7:0000000a r6:83291000 r5:00002378
 r4:84d11540
[<81634f78>] (packet_xmit) from [<81638768>] (packet_snd net/packet/af_packet.c:3081 [inline])
[<81634f78>] (packet_xmit) from [<81638768>] (packet_sendmsg+0xec8/0x1448 net/packet/af_packet.c:3113)
 r7:0000000a r6:83291000 r5:00002378 r4:8dd01000
[<816378a0>] (packet_sendmsg) from [<8130daa0>] (sock_sendmsg_nosec net/socket.c:724 [inline])
[<816378a0>] (packet_sendmsg) from [<8130daa0>] (sock_sendmsg+0x44/0x78 net/socket.c:747)
 r10:00000122 r9:849469c0 r8:80200288 r7:04000002 r6:852d7680 r5:e05c5e98
 r4:00000000
[<8130da5c>] (sock_sendmsg) from [<8130f8f4>] (__sys_sendto+0xd0/0x11c net/socket.c:2144)
 r7:04000002 r6:00000000 r5:852d7680 r4:00000000
[<8130f824>] (__sys_sendto) from [<8130f95c>] (__do_sys_sendto net/socket.c:2156 [inline])
[<8130f824>] (__sys_sendto) from [<8130f95c>] (sys_sendto+0x1c/0x24 net/socket.c:2152)
 r7:00000122 r6:0014c2c4 r5:000002ff r4:00000000
[<8130f940>] (sys_sendto) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xe05c5fa8 to 0xe05c5ff0)
5fa0:                   00000000 000002ff 00000003 20000080 00002378 04000002
5fc0: 00000000 000002ff 0014c2c4 00000122 7ef243c2 76b8b6d0 7ef24534 76b8b20c
5fe0: 76b8b020 76b8b010 00017004 0004dfb0
Code: e0b22003 e0b22004 e0b22005 e0b2200e (e8b04038) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e0b22003 	adcs	r2, r2, r3
   4:	e0b22004 	adcs	r2, r2, r4
   8:	e0b22005 	adcs	r2, r2, r5
   c:	e0b2200e 	adcs	r2, r2, lr
* 10:	e8b04038 	ldm	r0!, {r3, r4, r5, lr} <-- trapping instruction