syzbot

Unable to handle kernel paging request at virtual address dfff80000000023d
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff80000000023d] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 5772 Comm: syz-executor908 Not tainted 5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : mem_cgroup_track_foreign_dirty_slowpath+0xe0/0x9f0 mm/memcontrol.c:4617
lr : trace_track_foreign_dirty include/trace/events/writeback.h:237 [inline]
lr : mem_cgroup_track_foreign_dirty_slowpath+0xd0/0x9f0 mm/memcontrol.c:4608
sp : ffff8000235e6e20
x29: ffff8000235e6e30 x28: 00000000ffffa082 x27: 0000000000000000
x26: dfff800000000000 x25: dfff800000000000 x24: 05ffc0000042210f
x23: ffff0000ccd645e0 x22: 0000000000000000 x21: 00000000000011e8
x20: ffff0000ccd64060 x19: 0000000000000000 x18: 0000000000000001
x17: 0000000000000000 x16: ffff800011ac23e0 x15: 0000000000000004
x14: 1ffff0000295806a x13: dfff800000000000 x12: 00000000a6e8df53
x11: 0000000000000002 x10: 0000000000000003 x9 : 0000000000000000
x8 : 000000000000023d x7 : ffff800008923530 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000010 x1 : ffff8000120c8040 x0 : 0000000000000001
Call trace:
 mem_cgroup_track_foreign_dirty_slowpath+0xe0/0x9f0 mm/memcontrol.c:4617
 mem_cgroup_track_foreign_dirty include/linux/memcontrol.h:1593 [inline]
 account_page_dirtied mm/page-writeback.c:2485 [inline]
 __set_page_dirty+0x8c0/0xc7c mm/page-writeback.c:2522
 mark_buffer_dirty+0x27c/0x574 fs/buffer.c:1108
 __block_commit_write+0x1f8/0x358 fs/buffer.c:2085
 block_write_end+0x60/0x114 fs/buffer.c:2164
 blkdev_write_end+0x64/0x274 block/fops.c:378
 generic_perform_write+0x354/0x520 mm/filemap.c:3796
 __generic_file_write_iter+0x230/0x454 mm/filemap.c:3912
 blkdev_write_iter+0x30c/0x470 block/fops.c:534
 do_iter_readv_writev+0x420/0x5f8
 do_iter_write+0x1b8/0x66c fs/read_write.c:855
 vfs_iter_write+0x88/0xac fs/read_write.c:896
 iter_file_splice_write+0x618/0xc48 fs/splice.c:689
 do_splice_from fs/splice.c:767 [inline]
 direct_splice_actor+0xe4/0x1c0 fs/splice.c:936
 splice_direct_to_actor+0x408/0x9a0 fs/splice.c:891
 do_splice_direct+0x1f4/0x334 fs/splice.c:979
 do_sendfile+0x4c0/0xcb0 fs/read_write.c:1249
 __do_sys_sendfile64 fs/read_write.c:1317 [inline]
 __se_sys_sendfile64 fs/read_write.c:1303 [inline]
 __arm64_sys_sendfile64+0x160/0x408 fs/read_write.c:1303
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 36002f20 52823d08 8b080275 d343fea8 (38796908) 
---[ end trace 1b371800688f5e89 ]---
----------------
Code disassembly (best guess):
   0:	36002f20 	tbz	w0, #0, 0x5e4
   4:	52823d08 	mov	w8, #0x11e8                	// #4584
   8:	8b080275 	add	x21, x19, x8
   c:	d343fea8 	lsr	x8, x21, #3
* 10:	38796908 	ldrb	w8, [x8, x25] <-- trapping instruction