Oops: general protection fault, probably for non-canonical address 0xdffffc0000000098: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x00000000000004c0-0x00000000000004c7]
CPU: 1 UID: 0 PID: 5888 Comm: sshd-session Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:netdev_get_tx_queue include/linux/netdevice.h:2636 [inline]
RIP: 0010:veth_xdp_rcv.constprop.0+0x142/0xda0 drivers/net/veth.c:912
Code: 84 91 2f fb 45 85 e4 0f 85 db 08 00 00 e8 36 96 2f fb 48 8d bd c0 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 18 0c 00 00 44 8b a5 c0 04 00
RSP: 0018:ffffc900006a09b8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff868c8936
RDX: 0000000000000098 RSI: ffffffff868c804a RDI: 00000000000004c0
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: ffffc900006a0ff8 R12: 0000000000000001
R13: 1ffff920000d4145 R14: ffffc900006a0e58 R15: ffff888059ce8000
FS:  00007f70a4145300(0000) GS:ffff8880d6854000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556e63c808 CR3: 0000000029cc0000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 veth_poll+0x19c/0x9c0 drivers/net/veth.c:979
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7414
 napi_poll net/core/dev.c:7478 [inline]
 net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:579
 do_softirq kernel/softirq.c:480 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:467
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407
 lock_sock include/net/sock.h:1667 [inline]
 tcp_recvmsg+0x115/0x680 net/ipv4/tcp.c:2907
 inet_recvmsg+0x12a/0x6a0 net/ipv4/af_inet.c:883
 sock_recvmsg_nosec net/socket.c:1017 [inline]
 sock_recvmsg+0x1b2/0x250 net/socket.c:1039
 sock_read_iter+0x2b9/0x3b0 net/socket.c:1109
 new_sync_read fs/read_write.c:491 [inline]
 vfs_read+0xa98/0xc60 fs/read_write.c:572
 ksys_read+0x1f8/0x250 fs/read_write.c:715
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f70a3aa7407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007ffe75e0e890 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007f70a4145300 RCX: 00007f70a3aa7407
RDX: 0000000000008000 RSI: 00007f70a36b4010 RDI: 0000000000000009
RBP: 00007ffe75e0e948 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000009 R14: 000055d4c67ceac0 R15: 000055d4c67d2710
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:netdev_get_tx_queue include/linux/netdevice.h:2636 [inline]
RIP: 0010:veth_xdp_rcv.constprop.0+0x142/0xda0 drivers/net/veth.c:912
Code: 84 91 2f fb 45 85 e4 0f 85 db 08 00 00 e8 36 96 2f fb 48 8d bd c0 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 18 0c 00 00 44 8b a5 c0 04 00
RSP: 0018:ffffc900006a09b8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff868c8936
RDX: 0000000000000098 RSI: ffffffff868c804a RDI: 00000000000004c0
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: ffffc900006a0ff8 R12: 0000000000000001
R13: 1ffff920000d4145 R14: ffffc900006a0e58 R15: ffff888059ce8000
FS:  00007f70a4145300(0000) GS:ffff8880d6854000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055556e63c808 CR3: 0000000029cc0000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	fb                   	sti
   1:	45 85 e4             	test   %r12d,%r12d
   4:	0f 85 db 08 00 00    	jne    0x8e5
   a:	e8 36 96 2f fb       	call   0xfb2f9645
   f:	48 8d bd c0 04 00 00 	lea    0x4c0(%rbp),%rdi
  16:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1d:	fc ff df
  20:	48 89 fa             	mov    %rdi,%rdx
  23:	48 c1 ea 03          	shr    $0x3,%rdx
* 27:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax <-- trapping instruction
  2b:	84 c0                	test   %al,%al
  2d:	74 08                	je     0x37
  2f:	3c 03                	cmp    $0x3,%al
  31:	0f 8e 18 0c 00 00    	jle    0xc4f
  37:	44                   	rex.R
  38:	8b                   	.byte 0x8b
  39:	a5                   	movsl  %ds:(%rsi),%es:(%rdi)
  3a:	c0                   	.byte 0xc0
  3b:	04 00                	add    $0x0,%al