8<--- cut here ---
Unable to handle kernel paging request at virtual address df000000 when read
[df000000] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: 206 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 6782 Comm: syz-executor.1 Not tainted 6.4.0-rc5-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at csum_partial+0x40/0x130 arch/arm/lib/csumpartial.S:120
LR is at 0x0
pc : [<817acd68>]    lr : [<00000000>]    psr: 00000013
sp : df9a9b38  ip : a6d2d000  fp : df9a9b94
r10: 813146b0  r9 : 813146b0  r8 : 00006c00
r7 : ffff93ff  r6 : 00006c00  r5 : 00000000  r4 : 00000000
r3 : 00000000  r2 : 4155265e  r1 : fffffef0  r0 : df000000
Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 85c90f00  DAC: 00000000
Register r0 information: non-paged memory
Register r1 information: non-paged memory
Register r2 information: non-paged memory
Register r3 information: NULL pointer
Register r4 information: NULL pointer
Register r5 information: NULL pointer
Register r6 information: non-paged memory
Register r7 information: non-paged memory
Register r8 information: non-paged memory
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xdf9a8000 allocated at kernel_clone+0x9c/0x3dc kernel/fork.c:2915
Register r12 information: non-slab/vmalloc memory
Process syz-executor.1 (pid: 6782, stack limit = 0xdf9a8000)
Stack: (0xdf9a9b38 to 0xdf9aa000)
9b20:                                                       85c4b840 85d2d110
9b40: 85d2d110 8150d5c4 85c4b480 00000000 85c4b480 85c4b840 81fdf65c 827e238f
9b60: 84727000 000004c0 00000000 85c4b480 00006869 00000000 00000000 00000000
9b80: 00000000 85e8c000 df9a9bd4 df9a9b98 815f7a30 8150d3ec 00000001 05200000
9ba0: 00c00000 e2a63566 84c527e8 85c4b480 0000000e 00000000 00006869 00000000
9bc0: 00000000 85e8c000 df9a9c1c df9a9bd8 816313f0 815f7974 80277e40 802a6108
9be0: 00000060 00000052 8491bac0 e2a63566 20001000 85c4b480 00000000 00006869
9c00: 0000dd86 81631960 df9a9cf7 00000058 df9a9c3c df9a9c20 816319a4 816312d4
9c20: 85c4b480 00000000 00006869 0000dd86 df9a9c6c df9a9c40 813785a4 8163196c
9c40: 0000000e e2a63566 df9a9cf7 85c4b480 00006869 00000001 00000000 84e80800
9c60: df9a9c8c df9a9c70 8133371c 813784ec 85c4b480 00006869 00000000 df9a9cf7
9c80: df9a9cc4 df9a9c90 8133b128 81333668 00000001 ffff0000 ffffdd86 00000000
9ca0: 00000000 84476c00 84e80800 00000000 df9a9cf7 00000058 df9a9cec df9a9cc8
9cc0: 8133b340 8133af98 846e8000 85c4b480 84476c00 84e80800 00000000 00000001
9ce0: df9a9d24 df9a9cf0 813aac28 8133b30c 846e8000 00e80800 00000010 e2a63566
9d00: 85c4b480 846e8000 00000000 00000001 a3ea32e0 846e80c4 df9a9d84 df9a9d28
9d20: 8133bf20 813aaa74 00000000 00000001 00000011 8260ee30 009a9da4 fffffff4
9d40: 00000000 8132cb8c 00000000 0000dd86 00000000 e2a63566 00000000 85c4b480
9d60: 00002378 84e80800 0000000a 85c4b480 84727000 85e8ff00 df9a9da4 df9a9d88
9d80: 816350ec 8133b9c4 84727000 00002378 84e80800 0000000a df9a9e5c df9a9da8
9da0: 81638840 8163505c df9a9e08 00000000 817fa874 80277f20 df9a9dec df9a9dc8
9dc0: df9a9ea8 832022c8 00002001 817fb15c 80200288 806b8594 df9a9e1c df9a9de8
9de0: 81a02a74 00000000 00000002 0000236e 00000060 00000300 00000000 0000000e
9e00: 00000000 0000000a 00000000 236e0500 07440064 0000030c 00000000 00000000
9e20: 00000000 00000000 8216d67c e2a63566 df9a9e5c 00000000 df9a9e98 85284000
9e40: 04000002 80200288 8491bac0 00000122 df9a9e7c df9a9e60 8130db78 81637984
9e60: 00000000 85284000 00000000 04000002 df9a9f8c df9a9e80 8130f9cc 8130db40
9e80: df9a9ea8 84919990 fffffff7 00000001 84919780 00000000 00000000 00000000
9ea0: df9a9ed4 df9a9eb0 01000006 00000001 00002378 20000080 00000000 00000000
9ec0: 00000001 00000000 00000000 00000000 04000002 00000000 00000000 00000000
9ee0: 00000000 ffffffff 00000000 00000000 00000001 e2a63566 00000005 00000000
9f00: 00000080 0014c288 00000000 00000000 8491bac0 000000f0 df9a9f4c df9a9f28
9f20: 80309a98 8030d218 ffffffff df9a9f38 8130ce7c 804f2224 00000000 00000000
9f40: df9a9fa4 df9a9f50 8030a05c 803099f4 df9a9f84 df9a9f60 80277e40 802a6108
9f60: 00000000 fffffff7 8491bac0 e2a63566 00000000 000002ff 0014c2c4 00000122
9f80: df9a9fa4 df9a9f90 8130fa34 8130f908 00000000 000002ff 00000000 df9a9fa8
9fa0: 80200060 8130fa24 00000000 000002ff 00000003 20000080 00002378 04000002
9fc0: 00000000 000002ff 0014c2c4 00000122 7e8e53c2 76b516d0 7e8e5534 76b5120c
9fe0: 76b51020 76b51010 00017004 0004dfb0 60000010 00000003 00000000 00000000
Backtrace: 
[<8150d3e0>] (__udp_gso_segment) from [<815f7a30>] (udp6_ufo_fragment+0xc8/0x39c net/ipv6/udp_offload.c:47)
 r10:85e8c000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:00006869
 r4:85c4b480
[<815f7968>] (udp6_ufo_fragment) from [<816313f0>] (ipv6_gso_segment.part.0+0x128/0x42c net/ipv6/ip6_offload.c:119)
 r10:85e8c000 r9:00000000 r8:00000000 r7:00006869 r6:00000000 r5:0000000e
 r4:85c4b480
[<816312c8>] (ipv6_gso_segment.part.0) from [<816319a4>] (ipv6_gso_segment+0x44/0x48 net/ipv6/ip6_offload.c:91)
 r10:00000058 r9:df9a9cf7 r8:81631960 r7:0000dd86 r6:00006869 r5:00000000
 r4:85c4b480
[<81631960>] (ipv6_gso_segment) from [<813785a4>] (skb_mac_gso_segment+0xc4/0x1a4 net/core/gro.c:141)
 r7:0000dd86 r6:00006869 r5:00000000 r4:85c4b480
[<813784e0>] (skb_mac_gso_segment) from [<8133371c>] (__skb_gso_segment+0xc0/0x16c net/core/dev.c:3401)
 r8:84e80800 r7:00000000 r6:00000001 r5:00006869 r4:85c4b480
[<8133365c>] (__skb_gso_segment) from [<8133b128>] (skb_gso_segment include/linux/netdevice.h:4859 [inline])
[<8133365c>] (__skb_gso_segment) from [<8133b128>] (validate_xmit_skb+0x19c/0x374 net/core/dev.c:3659)
 r7:df9a9cf7 r6:00000000 r5:00006869 r4:85c4b480
[<8133af8c>] (validate_xmit_skb) from [<8133b340>] (validate_xmit_skb_list+0x40/0x74 net/core/dev.c:3709)
 r10:00000058 r9:df9a9cf7 r8:00000000 r7:84e80800 r6:84476c00 r5:00000000
 r4:00000000
[<8133b300>] (validate_xmit_skb_list) from [<813aac28>] (sch_direct_xmit+0x1c0/0x45c net/sched/sch_generic.c:327)
 r9:00000001 r8:00000000 r7:84e80800 r6:84476c00 r5:85c4b480 r4:846e8000
[<813aaa68>] (sch_direct_xmit) from [<8133bf20>] (__dev_xmit_skb net/core/dev.c:3805 [inline])
[<813aaa68>] (sch_direct_xmit) from [<8133bf20>] (__dev_queue_xmit+0x568/0xdc8 net/core/dev.c:4210)
 r9:846e80c4 r8:a3ea32e0 r7:00000001 r6:00000000 r5:846e8000 r4:85c4b480
[<8133b9b8>] (__dev_queue_xmit) from [<816350ec>] (dev_queue_xmit include/linux/netdevice.h:3085 [inline])
[<8133b9b8>] (__dev_queue_xmit) from [<816350ec>] (packet_xmit net/packet/af_packet.c:276 [inline])
[<8133b9b8>] (__dev_queue_xmit) from [<816350ec>] (packet_xmit+0x9c/0x100 net/packet/af_packet.c:273)
 r10:85e8ff00 r9:84727000 r8:85c4b480 r7:0000000a r6:84e80800 r5:00002378
 r4:85c4b480
[<81635050>] (packet_xmit) from [<81638840>] (packet_snd net/packet/af_packet.c:3081 [inline])
[<81635050>] (packet_xmit) from [<81638840>] (packet_sendmsg+0xec8/0x1448 net/packet/af_packet.c:3113)
 r7:0000000a r6:84e80800 r5:00002378 r4:84727000
[<81637978>] (packet_sendmsg) from [<8130db78>] (sock_sendmsg_nosec net/socket.c:724 [inline])
[<81637978>] (packet_sendmsg) from [<8130db78>] (sock_sendmsg+0x44/0x78 net/socket.c:747)
 r10:00000122 r9:8491bac0 r8:80200288 r7:04000002 r6:85284000 r5:df9a9e98
 r4:00000000
[<8130db34>] (sock_sendmsg) from [<8130f9cc>] (__sys_sendto+0xd0/0x11c net/socket.c:2144)
 r7:04000002 r6:00000000 r5:85284000 r4:00000000
[<8130f8fc>] (__sys_sendto) from [<8130fa34>] (__do_sys_sendto net/socket.c:2156 [inline])
[<8130f8fc>] (__sys_sendto) from [<8130fa34>] (sys_sendto+0x1c/0x24 net/socket.c:2152)
 r7:00000122 r6:0014c2c4 r5:000002ff r4:00000000
[<8130fa18>] (sys_sendto) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xdf9a9fa8 to 0xdf9a9ff0)
9fa0:                   00000000 000002ff 00000003 20000080 00002378 04000002
9fc0: 00000000 000002ff 0014c2c4 00000122 7e8e53c2 76b516d0 7e8e5534 76b5120c
9fe0: 76b51020 76b51010 00017004 0004dfb0
Code: e0b22003 e0b22004 e0b22005 e0b2200e (e8b04038) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e0b22003 	adcs	r2, r2, r3
   4:	e0b22004 	adcs	r2, r2, r4
   8:	e0b22005 	adcs	r2, r2, r5
   c:	e0b2200e 	adcs	r2, r2, lr
* 10:	e8b04038 	ldm	r0!, {r3, r4, r5, lr} <-- trapping instruction