Unable to handle kernel paging request at virtual address fffffbffefdb1cec
KASAN: maybe wild-memory-access in range [0x0003dfff7ed8e760-0x0003dfff7ed8e767]
Mem abort info:
  ESR = 0x0000000096000007
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x07: level 3 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000007
  CM = 0, WnR = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001b184b000
[fffffbffefdb1cec] pgd=00000001b47dd003
, p4d=00000001b47dd003
, pud=00000001b47de003
, pmd=1000000108193003
, pte=0000000000000000

Internal error: Oops: 0000000096000007 [#1] PREEMPT SMP
Modules linked in:

CPU: 1 PID: 173 Comm: kworker/u4:3 Not tainted 6.1.46-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
Workqueue: bat_events batadv_nc_worker

pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __percpu_add_case_32 arch/arm64/include/asm/percpu.h:127 [inline]
pc : sock_prot_inuse_add include/net/sock.h:1548 [inline]
pc : inet_unhash+0x4e8/0x908 net/ipv4/inet_hashtables.c:788
lr : sock_prot_inuse_add include/net/sock.h:1548 [inline]
lr : inet_unhash+0x4d4/0x908 net/ipv4/inet_hashtables.c:788
sp : ffff8000080179d0
x29: ffff8000080179e0
 x28: ffff800019d4e0a0
 x27: 1fffe0001a6f5ac6

x26: 1fffe0001a6f5abd
 x25: dfff800000000000
 x24: 0000000000000304

x23: 1fffe00019225001
 x22: ffff0000c4de6cc0
 x21: 00007bfe51043cc8

x20: ffff0000c9128008
 x19: 0000000000000008
 x18: ffff800008017640

x17: ffff800010c01d78
 x16: ffff8000084fce08
 x15: 0000000000000100

x14: 1ffff00002b160b0
 x13: dfff800000000000
 x12: ffff700001002f20

x11: ff80800010bcef64
 x10: 0000000000000000
 x9 : 00000000ffffffff

x8 : fffffbffefdb1cec
 x7 : ffff800010bcec5c
 x6 : 0000000000000000

x5 : 0000000000000000
 x4 : 0000000000000001
 x3 : ffff800010bcef34

x2 : 0000000000000000
 x1 : 0000000000000008
 x0 : 0000000000000041

Call trace:
 sock_prot_inuse_add include/net/sock.h:1548 [inline]
 inet_unhash+0x4e8/0x908 net/ipv4/inet_hashtables.c:788
 tcp_set_state+0x48c/0x99c net/ipv4/tcp.c:2739
 tcp_done+0x188/0x2f4 net/ipv4/tcp.c:4646
 tcp_write_err net/ipv4/tcp_timer.c:74 [inline]
 tcp_probe_timer net/ipv4/tcp_timer.c:400 [inline]
 tcp_write_timer_handler+0x574/0x808 net/ipv4/tcp_timer.c:634
 tcp_write_timer+0x170/0x2e4 net/ipv4/tcp_timer.c:647
 call_timer_fn+0x1c0/0xa1c kernel/time/timer.c:1474
 expire_timers kernel/time/timer.c:1519 [inline]
 __run_timers+0x554/0x718 kernel/time/timer.c:1790
 run_timer_softirq+0x7c/0x114 kernel/time/timer.c:1803
 __do_softirq+0x30c/0xea0 kernel/softirq.c:571
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
 do_softirq+0x120/0x20c kernel/softirq.c:472
 __local_bh_enable_ip+0x2c0/0x4d0 kernel/softirq.c:396
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x48/0x58 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:395 [inline]
 batadv_nc_purge_paths+0x2f4/0x378 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x2e4/0x580 net/batman-adv/network-coding.c:720
 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Code: 8b130aa9 8b080128 12800009 91001108 (b829011f) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	8b130aa9 	add	x9, x21, x19, lsl #2
   4:	8b080128 	add	x8, x9, x8
   8:	12800009 	mov	w9, #0xffffffff            	// #-1
   c:	91001108 	add	x8, x8, #0x4
* 10:	b829011f 	stadd	w9, [x8] <-- trapping instruction