kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 417 Comm: syz-executor.0 Not tainted 5.4.259-syzkaller-04800-gc0585bc7c835 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:skb_segment+0x2940/0x3f30 net/core/skbuff.c:3903
Code: 89 bc 24 90 00 00 00 81 7c 24 3c ff ff 00 00 0f 85 6b e2 ff ff e8 10 64 ea fd 48 8b 44 24 78 48 8d 58 70 48 89 d8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 47 08 00 00 8b 03 48 89 44 24 40 48 8b
RSP: 0018:ffff8881ee1a7060 EFLAGS: 00010202
RAX: 000000000000000e RBX: 0000000000000070 RCX: ffff8881f4bd6e40
RDX: 0000000000000000 RSI: ffff8881dc6166be RDI: 000000000000ffff
RBP: ffff8881ee1a72f0 R08: ffffffff8379c24e R09: ffffffff837dfe1b
R10: ffff8881f4bd6e40 R11: 0000000000000002 R12: 000000000000003e
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881ee3e5800
FS:  00007fee70db16c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 00000001ee174000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 udp6_ufo_fragment+0x866/0xcd0 net/ipv6/udp_offload.c:107
 ipv6_gso_segment+0x65e/0x1130 net/ipv6/ip6_offload.c:113
 skb_mac_gso_segment+0x27c/0x490 net/core/dev.c:2970
 __skb_gso_segment+0x305/0x4a0 net/core/dev.c:3043
 skb_gso_segment include/linux/netdevice.h:4488 [inline]
 validate_xmit_skb+0x30a/0xc50 net/core/dev.c:3283
 __dev_queue_xmit+0xf7d/0x27e0 net/core/dev.c:3786
 packet_snd net/packet/af_packet.c:3009 [inline]
 packet_sendmsg+0x4747/0x6100 net/packet/af_packet.c:3038
 sock_sendmsg_nosec net/socket.c:638 [inline]
 __sock_sendmsg net/socket.c:650 [inline]
 __sys_sendto+0x4f3/0x6c0 net/socket.c:1959
 __do_sys_sendto net/socket.c:1971 [inline]
 __se_sys_sendto net/socket.c:1967 [inline]
 __x64_sys_sendto+0xda/0xf0 net/socket.c:1967
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
Modules linked in:
---[ end trace 0336c935cc30fd9f ]---
RIP: 0010:skb_segment+0x2940/0x3f30 net/core/skbuff.c:3903
Code: 89 bc 24 90 00 00 00 81 7c 24 3c ff ff 00 00 0f 85 6b e2 ff ff e8 10 64 ea fd 48 8b 44 24 78 48 8d 58 70 48 89 d8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 47 08 00 00 8b 03 48 89 44 24 40 48 8b
RSP: 0018:ffff8881ee1a7060 EFLAGS: 00010202
RAX: 000000000000000e RBX: 0000000000000070 RCX: ffff8881f4bd6e40
RDX: 0000000000000000 RSI: ffff8881dc6166be RDI: 000000000000ffff
RBP: ffff8881ee1a72f0 R08: ffffffff8379c24e R09: ffffffff837dfe1b
R10: ffff8881f4bd6e40 R11: 0000000000000002 R12: 000000000000003e
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881ee3e5800
FS:  00007fee70db16c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 00000001ee174000 CR4: 00000000003406a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	89 bc 24 90 00 00 00 	mov    %edi,0x90(%rsp)
   7:	81 7c 24 3c ff ff 00 	cmpl   $0xffff,0x3c(%rsp)
   e:	00
   f:	0f 85 6b e2 ff ff    	jne    0xffffe280
  15:	e8 10 64 ea fd       	call   0xfdea642a
  1a:	48 8b 44 24 78       	mov    0x78(%rsp),%rax
  1f:	48 8d 58 70          	lea    0x70(%rax),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 28       	movzbl (%rax,%r13,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 85 47 08 00 00    	jne    0x87e
  37:	8b 03                	mov    (%rbx),%eax
  39:	48 89 44 24 40       	mov    %rax,0x40(%rsp)
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b