Unable to handle kernel NULL pointer dereference at virtual address 000000000000000b
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010d1b7000
[000000000000000b] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 13 Comm: kworker/0:1 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Workqueue: mld mld_ifc_work
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : tcf_get_base_ptr include/net/pkt_cls.h:523 [inline]
pc : em_cmp_match+0x30/0x264 net/sched/em_cmp.c:25
lr : em_cmp_match+0x24/0x264 net/sched/em_cmp.c:23
sp : ffff80000f2c3250
x29: ffff80000f2c3250 x28: 0000000000000000 x27: 0000000000000000
x26: ffff80000f2c32a8 x25: ffff0000cc6fbd80 x24: 0000000000000001
x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000
x20: ffff0000cc6fbd80 x19: ffff0000c998f700 x18: 00000000000000c0
x17: ffff80000dda8198 x16: ffff80000dbe6158 x15: ffff0000c0310000
x14: 0000000000000000 x13: 000000000000001f x12: ffff0000c0310000
x11: ff8080000b40e1e0 x10: 0000000000000000 x9 : ffff80000b40e1e0
x8 : ffff0000c0310000 x7 : ffff80000b26471c x6 : 0000000000000000
x5 : ffff80000e0d3c80 x4 : 0000000000000000 x3 : ffff80000f2c3458
x2 : 0000000000000000 x1 : ffff80000d893c70 x0 : ffff0000c998f700
Call trace:
 tcf_get_base_ptr include/net/pkt_cls.h:523 [inline]
 em_cmp_match+0x30/0x264 net/sched/em_cmp.c:25
 tcf_em_match net/sched/ematch.c:492 [inline]
 __tcf_em_tree_match+0xb0/0x340 net/sched/ematch.c:518
 tcf_em_tree_match include/net/pkt_cls.h:502 [inline]
 basic_classify+0xa8/0x1d4 net/sched/cls_basic.c:48
 __tcf_classify net/sched/cls_api.c:1567 [inline]
 tcf_classify+0x11c/0x4ac net/sched/cls_api.c:1633
 prio_classify net/sched/sch_prio.c:42 [inline]
 prio_enqueue+0xd8/0x38c net/sched/sch_prio.c:75
 dev_qdisc_enqueue net/core/dev.c:3785 [inline]
 __dev_xmit_skb+0x1b8/0x928 net/core/dev.c:3874
 __dev_queue_xmit+0x414/0xdb8 net/core/dev.c:4222
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 neigh_hh_output include/net/neighbour.h:530 [inline]
 neigh_output include/net/neighbour.h:544 [inline]
 ip_finish_output2+0x670/0x818 net/ipv4/ip_output.c:228
 __ip_finish_output+0x108/0x29c
 ip_finish_output+0x168/0x188 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip_output+0x1d4/0x234 net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:445 [inline]
 ip_local_out+0xc0/0xf0 net/ipv4/ip_output.c:126
 iptunnel_xmit+0x194/0x314 net/ipv4/ip_tunnel_core.c:82
 udp_tunnel_xmit_skb+0x108/0x140 net/ipv4/udp_tunnel_core.c:172
 geneve_xmit_skb drivers/net/geneve.c:996 [inline]
 geneve_xmit+0x16ac/0x1aac drivers/net/geneve.c:1108
 __netdev_start_xmit include/linux/netdevice.h:4840 [inline]
 netdev_start_xmit include/linux/netdevice.h:4854 [inline]
 xmit_one net/core/dev.c:3590 [inline]
 dev_hard_start_xmit+0xd4/0x1ec net/core/dev.c:3606
 __dev_queue_xmit+0x83c/0xdb8 net/core/dev.c:4256
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 neigh_resolve_output+0x350/0x3bc net/core/neighbour.c:1571
 neigh_output include/net/neighbour.h:546 [inline]
 ip6_finish_output2+0x704/0xbec net/ipv6/ip6_output.c:134
 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
 ip6_finish_output+0x448/0x4c4 net/ipv6/ip6_output.c:206
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip6_output+0x180/0x2dc net/ipv6/ip6_output.c:227
 dst_output include/net/dst.h:445 [inline]
 NF_HOOK include/linux/netfilter.h:302 [inline]
 mld_sendpack+0x514/0x924 net/ipv6/mcast.c:1820
 mld_send_cr+0x4e8/0x5a8 net/ipv6/mcast.c:2121
 mld_ifc_work+0x38/0x290 net/ipv6/mcast.c:2653
 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
 worker_thread+0x340/0x610 kernel/workqueue.c:2436
 kthread+0x12c/0x158 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863
Code: 973a6212 f9400695 b0012421 9131c021 (39402ea8) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	973a6212 	bl	0xfffffffffce98848
   4:	f9400695 	ldr	x21, [x20, #8]
   8:	b0012421 	adrp	x1, 0x2485000
   c:	9131c021 	add	x1, x1, #0xc70
* 10:	39402ea8 	ldrb	w8, [x21, #11] <-- trapping instruction