BUG: kernel NULL pointer dereference, address: 000000000000028e
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7f341067 P4D 7f341067 PUD 0 
Thread overran stack, or stack corrupted
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 17917 Comm: kworker/0:16 Not tainted 6.5.0-rc1-syzkaller-00033-geb26cbb1a754 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
Workqueue: mld mld_ifc_work
RIP: 0010:find_stack lib/stackdepot.c:350 [inline]
RIP: 0010:__stack_depot_save+0x157/0x490 lib/stackdepot.c:390
Code: 18 41 29 f7 eb 03 44 89 e7 48 8b 15 bb 6e ed 0a 8b 35 b1 6e ed 0a 44 21 fe 48 8b 1c f2 45 89 f4 eb 03 48 8b 1b 48 85 db 74 2b <44> 39 7b 08 75 f2 44 39 73 0c 75 ec 31 c0 49 8b 4c c5 00 48 3b 4c
RSP: 0018:ffff88811a5675a8 EFLAGS: 00010202
RAX: 000000001d0a77b0 RBX: 0000000000000286 RCX: 000000009ce336ef
RDX: ffff88823e498000 RSI: 00000000000323ee RDI: 0000000000000020
RBP: ffff88811a5675f0 R08: 0000000000000002 R09: 0000000000000001
R10: ffff888119d676e0 R11: 00000000abcd0100 R12: 0000000000000004
R13: ffff88811a567620 R14: 0000000000000004 R15: 000000002f6b23ee
FS:  0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000028e CR3: 000000006ba02000 CR4: 00000000003506f0
DR0: 00000000ffff070c DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 </TASK>
Modules linked in:
CR2: 000000000000028e
---[ end trace 0000000000000000 ]---
RIP: 0010:find_stack lib/stackdepot.c:350 [inline]
RIP: 0010:__stack_depot_save+0x157/0x490 lib/stackdepot.c:390
Code: 18 41 29 f7 eb 03 44 89 e7 48 8b 15 bb 6e ed 0a 8b 35 b1 6e ed 0a 44 21 fe 48 8b 1c f2 45 89 f4 eb 03 48 8b 1b 48 85 db 74 2b <44> 39 7b 08 75 f2 44 39 73 0c 75 ec 31 c0 49 8b 4c c5 00 48 3b 4c
RSP: 0018:ffff88811a5675a8 EFLAGS: 00010202

RAX: 000000001d0a77b0 RBX: 0000000000000286 RCX: 000000009ce336ef
RDX: ffff88823e498000 RSI: 00000000000323ee RDI: 0000000000000020
RBP: ffff88811a5675f0 R08: 0000000000000002 R09: 0000000000000001
R10: ffff888119d676e0 R11: 00000000abcd0100 R12: 0000000000000004
R13: ffff88811a567620 R14: 0000000000000004 R15: 000000002f6b23ee
FS:  0000000000000000(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000028e CR3: 000000006ba02000 CR4: 00000000003506f0
DR0: 00000000ffff070c DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	18 41 29             	sbb    %al,0x29(%rcx)
   3:	f7 eb                	imul   %ebx
   5:	03 44 89 e7          	add    -0x19(%rcx,%rcx,4),%eax
   9:	48 8b 15 bb 6e ed 0a 	mov    0xaed6ebb(%rip),%rdx        # 0xaed6ecb
  10:	8b 35 b1 6e ed 0a    	mov    0xaed6eb1(%rip),%esi        # 0xaed6ec7
  16:	44 21 fe             	and    %r15d,%esi
  19:	48 8b 1c f2          	mov    (%rdx,%rsi,8),%rbx
  1d:	45 89 f4             	mov    %r14d,%r12d
  20:	eb 03                	jmp    0x25
  22:	48 8b 1b             	mov    (%rbx),%rbx
  25:	48 85 db             	test   %rbx,%rbx
  28:	74 2b                	je     0x55
* 2a:	44 39 7b 08          	cmp    %r15d,0x8(%rbx) <-- trapping instruction
  2e:	75 f2                	jne    0x22
  30:	44 39 73 0c          	cmp    %r14d,0xc(%rbx)
  34:	75 ec                	jne    0x22
  36:	31 c0                	xor    %eax,%eax
  38:	49 8b 4c c5 00       	mov    0x0(%r13,%rax,8),%rcx
  3d:	48                   	rex.W
  3e:	3b                   	.byte 0x3b
  3f:	4c                   	rex.WR