Unable to handle kernel paging request at virtual address dfff800000000000
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000000] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 10019 Comm: syz-executor.3 Tainted: G        W          6.10.0-rc2-syzkaller-g8867bbd4a056 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : dev_map_generic_redirect+0x98/0x59c kernel/bpf/devmap.c:681
lr : dev_map_generic_redirect+0x94/0x59c kernel/bpf/devmap.c:678
sp : ffff80009ae37440
x29: ffff80009ae37570 x28: ffff7000135c6e94 x27: ffff80009b831000
x26: ffff0000fcd0c000 x25: ffff0001b3da6448 x24: ffff80009ae374a0
x23: 1fffe000367b4c8c x22: dfff800000000000 x21: 0000000000000000
x20: 0000000000000000 x19: ffff0000ee548a00 x18: ffff80009ae36d40
x17: 0000000000008000 x16: ffff80008075fadc x15: 0000000000000001
x14: 0000000000000002 x13: 0000000000000019 x12: ffff0000c4cfbc80
x11: 0000000000040000 x10: 00000000000044a1 x9 : ffff800099409000
x8 : 00000000000044a2 x7 : 0019000000000004 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80009b831000
x2 : ffff80009b831000 x1 : ffff0000ee548a00 x0 : 0000000000000000
Call trace:
 dev_map_generic_redirect+0x98/0x59c kernel/bpf/devmap.c:681
 xdp_do_generic_redirect_map net/core/filter.c:4485 [inline]
 xdp_do_generic_redirect+0x418/0x6a4 net/core/filter.c:4544
 do_xdp_generic+0x75c/0xa80 net/core/dev.c:5107
 tun_get_user+0x1ff8/0x3978 drivers/net/tun.c:1924
 tun_chr_write_iter+0xfc/0x204 drivers/net/tun.c:2048
 new_sync_write fs/read_write.c:497 [inline]
 vfs_write+0x828/0xc78 fs/read_write.c:590
 ksys_write+0x15c/0x26c fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:652
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Code: b800f389 39004f8a 97f7ed40 d343feb4 (38766a88) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	b800f389 	stur	w9, [x28, #15]
   4:	39004f8a 	strb	w10, [x28, #19]
   8:	97f7ed40 	bl	0xffffffffffdfb508
   c:	d343feb4 	lsr	x20, x21, #3
* 10:	38766a88 	ldrb	w8, [x20, x22] <-- trapping instruction