==================================================================
BUG: KASAN: null-ptr-deref in skb_end_pointer include/linux/skbuff.h:1471 [inline]
BUG: KASAN: null-ptr-deref in skb_is_gso include/linux/skbuff.h:4623 [inline]
BUG: KASAN: null-ptr-deref in bstats_update include/net/sch_generic.h:863 [inline]
BUG: KASAN: null-ptr-deref in mini_qdisc_bstats_cpu_update include/net/sch_generic.h:1314 [inline]
BUG: KASAN: null-ptr-deref in sch_handle_ingress net/core/dev.c:4995 [inline]
BUG: KASAN: null-ptr-deref in __netif_receive_skb_core+0x111e/0x2730 net/core/dev.c:5211
Read of size 8 at addr 0000000000000003 by task syz-executor.0/3482

CPU: 1 PID: 3482 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113
[<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119
[<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106
[<ffffffff80474da6>] __kasan_report mm/kasan/report.c:446 [inline]
[<ffffffff80474da6>] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459
[<ffffffff80475b20>] check_region_inline mm/kasan/generic.c:183 [inline]
[<ffffffff80475b20>] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256
[<ffffffff8273bc06>] skb_end_pointer include/linux/skbuff.h:1471 [inline]
[<ffffffff8273bc06>] skb_is_gso include/linux/skbuff.h:4623 [inline]
[<ffffffff8273bc06>] bstats_update include/net/sch_generic.h:863 [inline]
[<ffffffff8273bc06>] mini_qdisc_bstats_cpu_update include/net/sch_generic.h:1314 [inline]
[<ffffffff8273bc06>] sch_handle_ingress net/core/dev.c:4995 [inline]
[<ffffffff8273bc06>] __netif_receive_skb_core+0x111e/0x2730 net/core/dev.c:5211
[<ffffffff8273d2cc>] __netif_receive_skb_one_core+0xb4/0x13a net/core/dev.c:5349
[<ffffffff8273d534>] __netif_receive_skb+0x36/0xd8 net/core/dev.c:5465
[<ffffffff8273e15e>] process_backlog+0x206/0x4bc net/core/dev.c:5797
[<ffffffff82740c14>] __napi_poll+0x7c/0x358 net/core/dev.c:6365
[<ffffffff827418a0>] napi_poll net/core/dev.c:6432 [inline]
[<ffffffff827418a0>] net_rx_action+0x5d0/0x702 net/core/dev.c:6519
[<ffffffff831b082c>] __do_softirq+0x274/0x8fc kernel/softirq.c:558
[<ffffffff80060ea0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
[<ffffffff80060ea0>] do_softirq kernel/softirq.c:459 [inline]
[<ffffffff80060ea0>] do_softirq+0x158/0x15a kernel/softirq.c:446
[<ffffffff80061124>] __local_bh_enable_ip+0x282/0x2a4 kernel/softirq.c:383
[<ffffffff82af5eaa>] local_bh_enable include/linux/bottom_half.h:33 [inline]
[<ffffffff82af5eaa>] rcu_read_unlock_bh include/linux/rcupdate.h:764 [inline]
[<ffffffff82af5eaa>] ip_finish_output2+0x57c/0x1720 net/ipv4/ip_output.c:222
[<ffffffff82af8978>] __ip_finish_output net/ipv4/ip_output.c:299 [inline]
[<ffffffff82af8978>] __ip_finish_output+0x25a/0x3ee net/ipv4/ip_output.c:281
[<ffffffff82af8b4a>] ip_finish_output+0x3e/0x176 net/ipv4/ip_output.c:309
[<ffffffff82af8e52>] NF_HOOK_COND include/linux/netfilter.h:296 [inline]
[<ffffffff82af8e52>] ip_output+0x1d0/0x2d0 net/ipv4/ip_output.c:423
[<ffffffff82afbbce>] dst_output include/net/dst.h:451 [inline]
[<ffffffff82afbbce>] ip_local_out net/ipv4/ip_output.c:126 [inline]
[<ffffffff82afbbce>] __ip_queue_xmit+0x4a0/0xeb2 net/ipv4/ip_output.c:525
[<ffffffff82f2f3e0>] sctp_v4_xmit+0x4c2/0x590 net/sctp/protocol.c:1070
[<ffffffff82f7ca4c>] sctp_packet_transmit+0x1126/0x170c net/sctp/output.c:652
[<ffffffff82f503c8>] sctp_outq_flush_transports+0x2f2/0x568 net/sctp/outqueue.c:1166
[<ffffffff82f55372>] sctp_outq_flush net/sctp/outqueue.c:1214 [inline]
[<ffffffff82f55372>] sctp_outq_uncork+0x144/0x182 net/sctp/outqueue.c:761
[<ffffffff82f2ca74>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1320 [inline]
[<ffffffff82f2ca74>] sctp_side_effects net/sctp/sm_sideeffect.c:1195 [inline]
[<ffffffff82f2ca74>] sctp_do_sm+0x28d6/0x2ef4 net/sctp/sm_sideeffect.c:1166
[<ffffffff82f79c0c>] sctp_primitive_ABORT+0x6a/0x82 net/sctp/primitive.c:104
[<ffffffff82f61582>] sctp_close+0x1b8/0x664 net/sctp/socket.c:1523
[<ffffffff82bb8360>] inet_release+0xd4/0x15c net/ipv4/af_inet.c:428
[<ffffffff826d0a98>] __sock_release+0x88/0x17e net/socket.c:650
[<ffffffff826d0bac>] sock_close+0x1e/0x2a net/socket.c:1318
[<ffffffff804cb3c0>] __fput+0x164/0x502 fs/file_table.c:311
[<ffffffff804cb7d2>] ____fput+0x1a/0x24 fs/file_table.c:344
[<ffffffff800a0530>] task_work_run+0xdc/0x154 kernel/task_work.c:164
[<ffffffff80008c12>] tracehook_notify_resume include/linux/tracehook.h:188 [inline]
[<ffffffff80008c12>] do_notify_resume+0x894/0xa56 arch/riscv/kernel/signal.c:320
[<ffffffff80005724>] ret_from_exception+0x0/0x10
==================================================================
Unable to handle kernel paging request at virtual address fffff5ef1aeb5000
Oops [#2]
Modules linked in:
CPU: 1 PID: 3482 Comm: syz-executor.0 Tainted: G    B D           5.17.0-rc1-syzkaller-00002-g0966d385830d #0
Hardware name: riscv-virtio,qemu (DT)
epc : bytes_is_nonzero mm/kasan/generic.c:85 [inline]
epc : memory_is_nonzero mm/kasan/generic.c:102 [inline]
epc : memory_is_poisoned_n mm/kasan/generic.c:128 [inline]
epc : memory_is_poisoned mm/kasan/generic.c:159 [inline]
epc : check_region_inline mm/kasan/generic.c:180 [inline]
epc : kasan_check_range+0x102/0x136 mm/kasan/generic.c:189
 ra : __kasan_check_write+0x14/0x1c mm/kasan/shadow.c:37
epc : ffffffff80475f7a ra : ffffffff8047658a sp : ffffaf800ccfea60
 gp : ffffffff85863ac0 tp : ffffaf800bc3b080 t0 : ffffffff86bcb657
 t1 : fffff5ef1aeb5000 t2 : 0000000000000000 s0 : ffffaf800ccfea70
 s1 : ffffaf800f791140 a0 : fffff5ef1aeb5001 a1 : 0000000000000008
 a2 : 0000000000000001 a3 : ffffffff8273bc6e a4 : 0000000000000010
 a5 : fffff5ef1aeb5000 a6 : ffffaf80d75a8000 a7 : ffffaf80d75a8007
 s2 : ffffaf80216830c0 s3 : ffffaf80d75a8000 s4 : ffffaf800ccfec20
 s5 : ffffffff85889780 s6 : ffffaf80100e0000 s7 : ffffaf805a9f5c90
 s8 : ffffffff8273e0b0 s9 : ffffaf800ccfece0 s10: 0000000000000000
 s11: ffffaf800ccfece0 t3 : 0000000066663c5b t4 : fffff5ef1aeb5000
 t5 : fffff5ef1aeb5001 t6 : ffffaf800ccfe4d8
status: 0000000000000120 badaddr: fffff5ef1aeb5000 cause: 000000000000000d
[<ffffffff8273bc6e>] instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
[<ffffffff8273bc6e>] atomic_long_add include/linux/atomic/atomic-instrumented.h:1294 [inline]
[<ffffffff8273bc6e>] u64_stats_add include/linux/u64_stats_sync.h:93 [inline]
[<ffffffff8273bc6e>] _bstats_update include/net/sch_generic.h:853 [inline]
[<ffffffff8273bc6e>] bstats_update include/net/sch_generic.h:861 [inline]
[<ffffffff8273bc6e>] mini_qdisc_bstats_cpu_update include/net/sch_generic.h:1314 [inline]
[<ffffffff8273bc6e>] sch_handle_ingress net/core/dev.c:4995 [inline]
[<ffffffff8273bc6e>] __netif_receive_skb_core+0x1186/0x2730 net/core/dev.c:5211
[<ffffffff8273d2cc>] __netif_receive_skb_one_core+0xb4/0x13a net/core/dev.c:5349
[<ffffffff8273d534>] __netif_receive_skb+0x36/0xd8 net/core/dev.c:5465
[<ffffffff8273e15e>] process_backlog+0x206/0x4bc net/core/dev.c:5797
[<ffffffff82740c14>] __napi_poll+0x7c/0x358 net/core/dev.c:6365
[<ffffffff827418a0>] napi_poll net/core/dev.c:6432 [inline]
[<ffffffff827418a0>] net_rx_action+0x5d0/0x702 net/core/dev.c:6519
[<ffffffff831b082c>] __do_softirq+0x274/0x8fc kernel/softirq.c:558
[<ffffffff80060ea0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
[<ffffffff80060ea0>] do_softirq kernel/softirq.c:459 [inline]
[<ffffffff80060ea0>] do_softirq+0x158/0x15a kernel/softirq.c:446
[<ffffffff80061124>] __local_bh_enable_ip+0x282/0x2a4 kernel/softirq.c:383
[<ffffffff82af5eaa>] local_bh_enable include/linux/bottom_half.h:33 [inline]
[<ffffffff82af5eaa>] rcu_read_unlock_bh include/linux/rcupdate.h:764 [inline]
[<ffffffff82af5eaa>] ip_finish_output2+0x57c/0x1720 net/ipv4/ip_output.c:222
[<ffffffff82af8978>] __ip_finish_output net/ipv4/ip_output.c:299 [inline]
[<ffffffff82af8978>] __ip_finish_output+0x25a/0x3ee net/ipv4/ip_output.c:281
[<ffffffff82af8b4a>] ip_finish_output+0x3e/0x176 net/ipv4/ip_output.c:309
[<ffffffff82af8e52>] NF_HOOK_COND include/linux/netfilter.h:296 [inline]
[<ffffffff82af8e52>] ip_output+0x1d0/0x2d0 net/ipv4/ip_output.c:423
[<ffffffff82afbbce>] dst_output include/net/dst.h:451 [inline]
[<ffffffff82afbbce>] ip_local_out net/ipv4/ip_output.c:126 [inline]
[<ffffffff82afbbce>] __ip_queue_xmit+0x4a0/0xeb2 net/ipv4/ip_output.c:525
[<ffffffff82f2f3e0>] sctp_v4_xmit+0x4c2/0x590 net/sctp/protocol.c:1070
[<ffffffff82f7ca4c>] sctp_packet_transmit+0x1126/0x170c net/sctp/output.c:652
[<ffffffff82f503c8>] sctp_outq_flush_transports+0x2f2/0x568 net/sctp/outqueue.c:1166
[<ffffffff82f55372>] sctp_outq_flush net/sctp/outqueue.c:1214 [inline]
[<ffffffff82f55372>] sctp_outq_uncork+0x144/0x182 net/sctp/outqueue.c:761
[<ffffffff82f2ca74>] sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1320 [inline]
[<ffffffff82f2ca74>] sctp_side_effects net/sctp/sm_sideeffect.c:1195 [inline]
[<ffffffff82f2ca74>] sctp_do_sm+0x28d6/0x2ef4 net/sctp/sm_sideeffect.c:1166
[<ffffffff82f79c0c>] sctp_primitive_ABORT+0x6a/0x82 net/sctp/primitive.c:104
[<ffffffff82f61582>] sctp_close+0x1b8/0x664 net/sctp/socket.c:1523
[<ffffffff82bb8360>] inet_release+0xd4/0x15c net/ipv4/af_inet.c:428
[<ffffffff826d0a98>] __sock_release+0x88/0x17e net/socket.c:650
[<ffffffff826d0bac>] sock_close+0x1e/0x2a net/socket.c:1318
[<ffffffff804cb3c0>] __fput+0x164/0x502 fs/file_table.c:311
[<ffffffff804cb7d2>] ____fput+0x1a/0x24 fs/file_table.c:344
[<ffffffff800a0530>] task_work_run+0xdc/0x154 kernel/task_work.c:164
[<ffffffff80008c12>] tracehook_notify_resume include/linux/tracehook.h:188 [inline]
[<ffffffff80008c12>] do_notify_resume+0x894/0xa56 arch/riscv/kernel/signal.c:320
[<ffffffff80005724>] ret_from_exception+0x0/0x10