Unable to handle kernel paging request at virtual address dfff800000000005
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000005] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1]  SMP
Modules linked in:
CPU: 1 UID: 0 PID: 7801 Comm: syz.3.648 Tainted: G             L      syzkaller #0 PREEMPT 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : can_rx_unregister+0x124/0x560 net/can/af_can.c:537
lr : can_rx_unregister+0x11c/0x560 net/can/af_can.c:531
sp : ffff80009b717a40
x29: ffff80009b717a60 x28: dfff800000000000 x27: ffff7000136e2f5c
x26: ffff0000d7aaaac8 x25: ffff0000cbec0940 x24: 0000000000000000
x23: ffff80008597d660 x22: ffff0000f8670000 x21: ffff0000c9910000
x20: 0000000000000028 x19: ffff0000c9910108 x18: 1fffe00035c23420
x17: ffff8000888eb000 x16: ffff80008899dba0 x15: ffff0001ae11a10c
x14: 00000000ffff8000 x13: 0000000000000001 x12: 0000000000000004
x11: ffff7000136e2f30 x10: 0000000000ff0100 x9 : 0000000000000201
x8 : 0000000000000005 x7 : ffff80008594bef0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008594ba58
x2 : 0000000000000001 x1 : ffff0000d7ee5700 x0 : 0000000000000028
Call trace:
 can_rx_unregister+0x124/0x560 net/can/af_can.c:531 (P)
 isotp_release+0x500/0x9d8 net/can/isotp.c:1232
 __sock_release+0xa0/0x1d4 net/socket.c:722
 sock_close+0x24/0x38 net/socket.c:1514
 __fput+0x340/0x744 fs/file_table.c:510
 ____fput+0x20/0x30 fs/file_table.c:538
 task_work_run+0x1c4/0x254 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0x10c/0x17c kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
 arm64_syscall_exit_to_user_mode arch/arm64/kernel/entry-common.c:88 [inline]
 el0_svc+0x18c/0x260 arch/arm64/kernel/entry-common.c:741
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
Code: aa1803e2 97ffff00 d343fc08 aa0003f4 (387c6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	aa1803e2 	mov	x2, x24
   4:	97ffff00 	bl	0xfffffffffffffc04
   8:	d343fc08 	lsr	x8, x0, #3
   c:	aa0003f4 	mov	x20, x0
* 10:	387c6908 	ldrb	w8, [x8, x28] <-- trapping instruction