8<--- cut here ---
Unable to handle kernel paging request at virtual address df000000 when read
[df000000] *pgd=80000080007003, *pmd=00000000
Internal error: Oops: 206 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 17332 Comm: syz-executor.0 Not tainted 6.4.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at csum_partial+0x40/0x130 arch/arm/lib/csumpartial.S:120
LR is at 0x0
pc : [<817abe48>]    lr : [<00000000>]    psr: 80000013
sp : e06adb38  ip : a5d1c800  fp : e06adb94
r10: 813140ec  r9 : 813140ec  r8 : 00000d02
r7 : fffff2fd  r6 : 00000d02  r5 : 00000000  r4 : 00000000
r3 : 00000000  r2 : 9b9ef2c4  r1 : fffffb70  r0 : df000000
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 30c5387d  Table: 85c50700  DAC: 00000000
Register r0 information: non-paged memory
Register r1 information: non-paged memory
Register r2 information: non-slab/vmalloc memory
Register r3 information: NULL pointer
Register r4 information: NULL pointer
Register r5 information: NULL pointer
Register r6 information: non-paged memory
Register r7 information: non-paged memory
Register r8 information: non-paged memory
Register r9 information: non-slab/vmalloc memory
Register r10 information: non-slab/vmalloc memory
Register r11 information: 2-page vmalloc region starting at 0xe06ac000 allocated at kernel_clone+0x9c/0x3dc kernel/fork.c:2918
Register r12 information: non-slab/vmalloc memory
Process syz-executor.0 (pid: 17332, stack limit = 0xe06ac000)
Stack: (0xe06adb38 to 0xe06ae000)
db20:                                                       85c38300 84d1cc90
db40: 84d1cc90 8150cdc8 817f7130 817f7018 85c38780 85c38300 81fdf3c8 827e2390
db60: 84d1f000 00000ac5 863ed420 85c38780 00006869 00000000 00000000 00000000
db80: 00000000 84d1a800 e06adbd4 e06adb98 815f6d6c 8150cbf0 00000001 e06adba8
dba0: 8020d3ac 9f2aa053 85e35240 85c38780 0000000e 00000000 00006869 00000000
dbc0: 00000000 84d1a800 e06adc1c e06adbd8 81630720 815f6cb0 e06adc0c e06adbe8
dbe0: 00000060 00000052 804a36fc 9f2aa053 ddde8848 85c38780 00000000 00006869
dc00: 0000dd86 81630c90 e06adcf7 0000000f e06adc3c e06adc20 81630cd4 81630604
dc20: 85c38780 00000000 00006869 0000dd86 e06adc6c e06adc40 81377e60 81630c9c
dc40: 0000000e 9f2aa053 e06adcf7 85c38780 00006869 00000001 00000000 84e96000
dc60: e06adc8c e06adc70 813330e0 81377da8 85c38780 00006869 00000000 e06adcf7
dc80: e06adcc4 e06adc90 8133aaec 8133302c 00000001 00000000 000003fa 00000000
dca0: 00000000 84d48200 84e96000 00000000 e06adcf7 0000000f e06adcec e06adcc8
dcc0: 8133ad04 8133a95c 85839c00 85c38780 84d48200 84e96000 00000000 00000001
dce0: e06add24 e06adcf0 813aa538 8133acd0 85839c00 00e96000 00000010 9f2aa053
dd00: 85c38780 85839c00 00000000 00000001 a3ea3920 85839cc4 e06add84 e06add28
dd20: 8133b8e4 813aa384 00000000 00000001 00000011 8260ee34 006adda4 fffffff4
dd40: 00000000 81320ff8 00000000 0000dd86 00000000 9f2aa053 00000000 85c38780
dd60: 00002378 84e96000 0000000a 85c38780 84d1f000 84adba00 e06adda4 e06add88
dd80: 8163441c 8133b388 84d1f000 00002378 84e96000 0000000a e06ade5c e06adda8
dda0: 81637b74 8163438c e06ade08 00000000 817f9954 80277e98 00002001 e06addc8
ddc0: e06adea8 83201248 00002001 817fa23c 80200288 806b84fc e06ade1c e06adde8
dde0: 81a02a74 00000000 00000002 0000004c 00000060 00000300 00000000 0000000e
de00: 00000000 0000000a 00000000 004c0500 07440205 0000030c 00000000 00000000
de20: 00000000 00000000 8216c67c 9f2aa053 e06ade5c 00000000 e06ade98 85266780
de40: 04000002 80200288 85e35240 00000122 e06ade7c e06ade60 8130d5b4 81636cb8
de60: 00000000 85266780 00000000 04000002 e06adf8c e06ade80 8130f404 8130d57c
de80: e06adea8 85e33110 fffffff7 00000001 85e32f00 00000000 00000000 00000000
dea0: e06aded4 e06adeb0 01000006 00000001 00002378 20000080 00000000 00000000
dec0: 00000001 00000000 00000000 00000000 04000002 00000000 00000000 00000000
dee0: 00000000 ffffffff 00000000 00000000 00000001 9f2aa053 00000005 00000000
df00: 00000080 0014c288 00000000 00000000 85e35240 000000f0 e06adf4c e06adf28
df20: 80309a10 8030d190 ffffffff 80200288 85266780 8163a064 85266780 00000000
df40: e06adfa4 e06adf50 80309fd4 8030996c e06adf84 e06adf60 80277db8 802a6080
df60: 00000000 00000000 85e35240 9f2aa053 00000000 000002ff 0014c2c4 00000122
df80: e06adfa4 e06adf90 8130f46c 8130f340 00000000 000002ff 00000000 e06adfa8
dfa0: 80200060 8130f45c 00000000 000002ff 00000003 20000080 00002378 04000002
dfc0: 00000000 000002ff 0014c2c4 00000122 7ec043c2 76bd86d0 7ec04534 76bd820c
dfe0: 76bd8020 76bd8010 00017004 0004dfb0 60000010 00000003 00000000 00000000
Backtrace: 
[<8150cbe4>] (__udp_gso_segment) from [<815f6d6c>] (udp6_ufo_fragment+0xc8/0x39c net/ipv6/udp_offload.c:47)
 r10:84d1a800 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:00006869
 r4:85c38780
[<815f6ca4>] (udp6_ufo_fragment) from [<81630720>] (ipv6_gso_segment.part.0+0x128/0x42c net/ipv6/ip6_offload.c:119)
 r10:84d1a800 r9:00000000 r8:00000000 r7:00006869 r6:00000000 r5:0000000e
 r4:85c38780
[<816305f8>] (ipv6_gso_segment.part.0) from [<81630cd4>] (ipv6_gso_segment+0x44/0x48 net/ipv6/ip6_offload.c:91)
 r10:0000000f r9:e06adcf7 r8:81630c90 r7:0000dd86 r6:00006869 r5:00000000
 r4:85c38780
[<81630c90>] (ipv6_gso_segment) from [<81377e60>] (skb_mac_gso_segment+0xc4/0x1a4 net/core/gro.c:141)
 r7:0000dd86 r6:00006869 r5:00000000 r4:85c38780
[<81377d9c>] (skb_mac_gso_segment) from [<813330e0>] (__skb_gso_segment+0xc0/0x16c net/core/dev.c:3401)
 r8:84e96000 r7:00000000 r6:00000001 r5:00006869 r4:85c38780
[<81333020>] (__skb_gso_segment) from [<8133aaec>] (skb_gso_segment include/linux/netdevice.h:4859 [inline])
[<81333020>] (__skb_gso_segment) from [<8133aaec>] (validate_xmit_skb+0x19c/0x374 net/core/dev.c:3659)
 r7:e06adcf7 r6:00000000 r5:00006869 r4:85c38780
[<8133a950>] (validate_xmit_skb) from [<8133ad04>] (validate_xmit_skb_list+0x40/0x74 net/core/dev.c:3709)
 r10:0000000f r9:e06adcf7 r8:00000000 r7:84e96000 r6:84d48200 r5:00000000
 r4:00000000
[<8133acc4>] (validate_xmit_skb_list) from [<813aa538>] (sch_direct_xmit+0x1c0/0x45c net/sched/sch_generic.c:327)
 r9:00000001 r8:00000000 r7:84e96000 r6:84d48200 r5:85c38780 r4:85839c00
[<813aa378>] (sch_direct_xmit) from [<8133b8e4>] (__dev_xmit_skb net/core/dev.c:3805 [inline])
[<813aa378>] (sch_direct_xmit) from [<8133b8e4>] (__dev_queue_xmit+0x568/0xdc8 net/core/dev.c:4210)
 r9:85839cc4 r8:a3ea3920 r7:00000001 r6:00000000 r5:85839c00 r4:85c38780
[<8133b37c>] (__dev_queue_xmit) from [<8163441c>] (dev_queue_xmit include/linux/netdevice.h:3085 [inline])
[<8133b37c>] (__dev_queue_xmit) from [<8163441c>] (packet_xmit net/packet/af_packet.c:276 [inline])
[<8133b37c>] (__dev_queue_xmit) from [<8163441c>] (packet_xmit+0x9c/0x100 net/packet/af_packet.c:273)
 r10:84adba00 r9:84d1f000 r8:85c38780 r7:0000000a r6:84e96000 r5:00002378
 r4:85c38780
[<81634380>] (packet_xmit) from [<81637b74>] (packet_snd net/packet/af_packet.c:3081 [inline])
[<81634380>] (packet_xmit) from [<81637b74>] (packet_sendmsg+0xec8/0x1448 net/packet/af_packet.c:3113)
 r7:0000000a r6:84e96000 r5:00002378 r4:84d1f000
[<81636cac>] (packet_sendmsg) from [<8130d5b4>] (sock_sendmsg_nosec net/socket.c:724 [inline])
[<81636cac>] (packet_sendmsg) from [<8130d5b4>] (sock_sendmsg+0x44/0x78 net/socket.c:747)
 r10:00000122 r9:85e35240 r8:80200288 r7:04000002 r6:85266780 r5:e06ade98
 r4:00000000
[<8130d570>] (sock_sendmsg) from [<8130f404>] (__sys_sendto+0xd0/0x11c net/socket.c:2144)
 r7:04000002 r6:00000000 r5:85266780 r4:00000000
[<8130f334>] (__sys_sendto) from [<8130f46c>] (__do_sys_sendto net/socket.c:2156 [inline])
[<8130f334>] (__sys_sendto) from [<8130f46c>] (sys_sendto+0x1c/0x24 net/socket.c:2152)
 r7:00000122 r6:0014c2c4 r5:000002ff r4:00000000
[<8130f450>] (sys_sendto) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xe06adfa8 to 0xe06adff0)
dfa0:                   00000000 000002ff 00000003 20000080 00002378 04000002
dfc0: 00000000 000002ff 0014c2c4 00000122 7ec043c2 76bd86d0 7ec04534 76bd820c
dfe0: 76bd8020 76bd8010 00017004 0004dfb0
Code: e0b22003 e0b22004 e0b22005 e0b2200e (e8b04038) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	e0b22003 	adcs	r2, r2, r3
   4:	e0b22004 	adcs	r2, r2, r4
   8:	e0b22005 	adcs	r2, r2, r5
   c:	e0b2200e 	adcs	r2, r2, lr
* 10:	e8b04038 	ldm	r0!, {r3, r4, r5, lr} <-- trapping instruction