syzbot

Unable to handle kernel paging request at virtual address dfff80000000001b
KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff80000000001b] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 55 Comm: kworker/u4:3 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026
Workqueue: bat_events batadv_bla_periodic_work
pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : arp_create+0x5c/0x7ec net/ipv4/arp.c:553
lr : arp_create+0x4c/0x7ec net/ipv4/arp.c:549
sp : ffff80001cfd78c0
x29: ffff80001cfd7900 x28: 0000000000000000 x27: 0000000000000000
x26: 0000000000000000 x25: ffff0000cb79ab28 x24: dfff800000000000
x23: 0000000000000000 x22: ffff80001cfd7980 x21: ffff80001cfd79a0
x20: ffff0000d9a56380 x19: 0000000000000000 x18: ffff800011b8bf60
x17: 1fffe00033eac97e x16: ffff8000082d7ca0 x15: 0000000040000000
x14: ffff7000039faf34 x13: 1ffff000039faf34 x12: 0000000000ff0100
x11: ff008000105bb3f0 x10: 0000000000000000 x9 : 0000000000000007
x8 : 000000000000001b x7 : ffff80001cfd79a0 x6 : ffff0000cb79ab28
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000806 x0 : 00000000000000de
Call trace:
 arp_create+0x5c/0x7ec net/ipv4/arp.c:553
 batadv_bla_send_claim+0x134/0xa9c net/batman-adv/bridge_loop_avoidance.c:361
 batadv_bla_send_announce net/batman-adv/bridge_loop_avoidance.c:675 [inline]
 batadv_bla_periodic_work+0x498/0x994 net/batman-adv/bridge_loop_avoidance.c:1481
 process_one_work+0x7f8/0x13a4 kernel/workqueue.c:2292
 worker_thread+0x8c4/0xfec kernel/workqueue.c:2439
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:850
Code: 91037b60 d343fc08 12000809 11000529 (38f86908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	91037b60 	add	x0, x27, #0xde
   4:	d343fc08 	lsr	x8, x0, #3
   8:	12000809 	and	w9, w0, #0x7
   c:	11000529 	add	w9, w9, #0x1
* 10:	38f86908 	ldrsb	w8, [x8, x24] <-- trapping instruction