Unable to handle kernel paging request at virtual address dfff80000000000e
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff80000000000e] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_segment+0x2104/0x33a8 net/core/skbuff.c:4590
lr : skb_segment+0x20f8/0x33a8 net/core/skbuff.c:4590
sp : ffff8000939e59a0
x29: ffff8000939e5be0 x28: dfff800000000000 x27: 0000000000000001
x26: 000000000000004a x25: 0000000000000000 x24: 00000000000000f6
x23: 000000000000004a x22: 0000000000000000 x21: 0000000000020048
x20: 000000000000ffff x19: 0000000000000070 x18: ffff8000939e5500
x17: 00005f0000002100 x16: ffff800080529618 x15: 0000000000000008
x14: 0000000000000000 x13: 000000000000a888 x12: ffff0000c19c5a00
x11: ffff0000d9794a00 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 000000000000000e x7 : 0c60dd860aaaaaaa x6 : aaaa0aaaaaaaaaaa
x5 : ffff0000dba6932c x4 : ffff0000dba69324 x3 : ffff800089c01e30
x2 : 0000000000000036 x1 : 000000000000ffff x0 : 000000000000ffff
Call trace:
 skb_segment+0x2104/0x33a8 net/core/skbuff.c:4590
 tcp_gso_segment+0x2cc/0x16b4 net/ipv4/tcp_offload.c:100
 tcp6_gso_segment+0x12c/0x36c net/ipv6/tcpv6_offload.c:67
 ipv6_gso_segment+0x92c/0x1acc net/ipv6/ip6_offload.c:152
 skb_mac_gso_segment+0x2d0/0x5bc net/core/gso.c:53
 __skb_gso_segment+0x250/0x3cc net/core/gso.c:124
 skb_gso_segment include/net/gso.h:83 [inline]
 validate_xmit_skb+0x3cc/0xd10 net/core/dev.c:3628
 validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3678
 sch_direct_xmit+0xe8/0x57c net/sched/sch_generic.c:327
 qdisc_restart net/sched/sch_generic.c:407 [inline]
 __qdisc_run+0x8f8/0x2358 net/sched/sch_generic.c:415
 __dev_xmit_skb net/core/dev.c:3839 [inline]
 __dev_queue_xmit+0xcac/0x329c net/core/dev.c:4317
 dev_queue_xmit include/linux/netdevice.h:3171 [inline]
 neigh_hh_output include/net/neighbour.h:526 [inline]
 neigh_output include/net/neighbour.h:540 [inline]
 ip6_finish_output2+0x1004/0x1ec8 net/ipv6/ip6_output.c:137
 ip6_finish_output+0x428/0x7a0 net/ipv6/ip6_output.c:222
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0x270/0x594 net/ipv6/ip6_output.c:243
 dst_output include/net/dst.h:451 [inline]
 NF_HOOK include/linux/netfilter.h:314 [inline]
 ip6_xmit+0xfd0/0x1a90 net/ipv6/ip6_output.c:358
 inet6_csk_xmit+0x3b8/0x61c net/ipv6/inet6_connection_sock.c:135
 __tcp_transmit_skb+0x1930/0x34a0 net/ipv4/tcp_output.c:1462
 tcp_transmit_skb net/ipv4/tcp_output.c:1480 [inline]
 tcp_write_xmit+0x11c0/0x4bac net/ipv4/tcp_output.c:2792
 __tcp_push_pending_frames+0x98/0x228 net/ipv4/tcp_output.c:2977
 tcp_push_pending_frames include/net/tcp.h:2061 [inline]
 tcp_data_snd_check+0x84/0xc0 net/ipv4/tcp_input.c:5653
 tcp_rcv_state_process+0x2128/0x3ee8 net/ipv4/tcp_input.c:6866
 tcp_v6_do_rcv+0x9fc/0x1484 net/ipv6/tcp_ipv6.c:1669
 tcp_v6_rcv+0x1fd4/0x294c net/ipv6/tcp_ipv6.c:1910
 ip6_protocol_deliver_rcu+0x930/0x11c4 net/ipv6/ip6_input.c:438
 ip6_input_finish+0x164/0x298 net/ipv6/ip6_input.c:483
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:314
 ip6_input+0x90/0xa8 net/ipv6/ip6_input.c:492
 dst_input include/net/dst.h:461 [inline]
 ip6_rcv_finish+0x1f0/0x21c net/ipv6/ip6_input.c:79
 NF_HOOK+0x328/0x3d4 include/linux/netfilter.h:314
 ipv6_rcv+0x9c/0xbc net/ipv6/ip6_input.c:310
 __netif_receive_skb_one_core net/core/dev.c:5534 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5648
 process_backlog+0x3c0/0x70c net/core/dev.c:5976
 __napi_poll+0xb4/0x654 net/core/dev.c:6576
 napi_poll net/core/dev.c:6645 [inline]
 net_rx_action+0x5e4/0xdc4 net/core/dev.c:6778
 __do_softirq+0x2d8/0xce4 kernel/softirq.c:553
 run_ksoftirqd+0x6c/0x14c kernel/softirq.c:921
 smpboot_thread_fn+0x4b0/0x90c kernel/smpboot.c:164
 kthread+0x288/0x310 kernel/kthread.c:388
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Code: 97c12dab f940cbe8 9101c113 d343fe68 (38fc6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97c12dab 	bl	0xffffffffff04b6ac
   4:	f940cbe8 	ldr	x8, [sp, #400]
   8:	9101c113 	add	x19, x8, #0x70
   c:	d343fe68 	lsr	x8, x19, #3
* 10:	38fc6908 	ldrsb	w8, [x8, x28] <-- trapping instruction