Unable to handle kernel paging request at virtual address 0070000007b43a80
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[0070000007b43a80] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 776 Comm: kworker/u8:4 Not tainted 6.10.0-rc2-syzkaller-g8a92980606e3 #0
Hardware name: linux,dummy-virt (DT)
Workqueue: ipv6_addrconf addrconf_dad_work
pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __dev_queue_xmit+0x124/0xea8 net/core/dev.c:4358
lr : __dev_queue_xmit+0x11c/0xea8 net/core/dev.c:4353
sp : ffff80008323b930
x29: ffff80008323b930 x28: 0000000000000000 x27: 0000000000000000
x26: f7f0000007bbbec0 x25: f7f0000007bbb828 x24: f9f0000006e7ee28
x23: f1f0000007858000 x22: 0000000000000000 x21: f3f000000ceda000
x20: f070000007b43a80 x19: f9f0000006e7ee00 x18: ffff800082609c78
x17: fff07ffffd331000 x16: f1f0000007a45710 x15: 00004c4b40000000
x14: 0000000000000000 x13: 0000000000000004 x12: 0000000000000000
x11: 00000000e85f2e91 x10: 0000000000000008 x9 : 0000000000000000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000016000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : f4f0000007aab400
x2 : 0000000000000000 x1 : f1f0000007858000 x0 : f1f0000007858000
Call trace:
 __dev_queue_xmit+0x124/0xea8 net/core/dev.c:4355
 dev_queue_xmit include/linux/netdevice.h:3095 [inline]
 neigh_hh_output include/net/neighbour.h:526 [inline]
 neigh_output include/net/neighbour.h:540 [inline]
 ip6_finish_output2+0x3ac/0x914 net/ipv6/ip6_output.c:137
 __ip6_finish_output net/ipv6/ip6_output.c:211 [inline]
 ip6_finish_output+0x228/0x344 net/ipv6/ip6_output.c:222
 NF_HOOK_COND include/linux/netfilter.h:303 [inline]
 ip6_output+0x78/0x1c8 net/ipv6/ip6_output.c:243
 dst_output include/net/dst.h:450 [inline]
 NF_HOOK.constprop.0+0x50/0xe0 include/linux/netfilter.h:314
 mld_sendpack+0x204/0x408 net/ipv6/mcast.c:1818
 mld_send_initial_cr.part.0.isra.0+0x5c/0x70 net/ipv6/mcast.c:2236
 mld_send_initial_cr net/ipv6/mcast.c:2224 [inline]
 ipv6_mc_dad_complete+0x5c/0x110 net/ipv6/mcast.c:2244
 addrconf_dad_completed+0x338/0x3a4 net/ipv6/addrconf.c:4339
 addrconf_dad_work+0x27c/0x590 net/ipv6/addrconf.c:4267
 process_one_work+0x164/0x2a8 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x27c/0x38c kernel/workqueue.c:3393
 kthread+0x114/0x118 kernel/kthread.c:389
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Code: aa1503e0 97ffff72 aa0003f7 f9400af4 (f9400281) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	aa1503e0 	mov	x0, x21
   4:	97ffff72 	bl	0xfffffffffffffdcc
   8:	aa0003f7 	mov	x23, x0
   c:	f9400af4 	ldr	x20, [x23, #16]
* 10:	f9400281 	ldr	x1, [x20] <-- trapping instruction