syzbot

Unable to handle kernel paging request at virtual address dfff800000000001
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000001] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 2959 Comm: udevd Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : list_add_tail include/linux/list.h:183 [inline]
pc : list_lru_add+0x138/0x314 mm/list_lru.c:97
lr : list_lru_from_memcg_idx mm/list_lru.c:56 [inline]
lr : list_lru_from_memcg_idx mm/list_lru.c:53 [inline]
lr : list_lru_add+0x284/0x314 mm/list_lru.c:96
sp : ffff80008dd27b80
x29: ffff80008dd27b80 x28: 0000000000000001 x27: 0000000000000000
x26: 0000000000000000 x25: ffff00000dd8a778 x24: 1fffe00003843dd9
x23: ffff00000eece000 x22: 0000000000000000 x21: 0000000000000000
x20: ffff000013bfd100 x19: ffff00001c21eec8 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000000000 x12: 000000000000f1f1
x11: dfff800000000000 x10: 00000000f3000000 x9 : 00000000f3f3f3f3
x8 : ffff700011ba4f42 x7 : 00000000f1f1f1f1 x6 : dfff800000000000
x5 : ffff700011ba4f46 x4 : 00000000f204f1f1 x3 : 1fffe0000d514138
x2 : 0000000000000000 x1 : 0000000000000008 x0 : dfff800000000000
Call trace:
 list_add_tail include/linux/list.h:183 [inline]
 list_lru_add+0x138/0x314 mm/list_lru.c:97
 list_lru_add_obj+0xd4/0x13c mm/list_lru.c:116
 d_lru_add+0x180/0x31c fs/dcache.c:430
 retain_dentry fs/dcache.c:712 [inline]
 fast_dput fs/dcache.c:799 [inline]
 dput.part.0+0x4f8/0x608 fs/dcache.c:839
 dput+0x14/0x24 fs/dcache.c:834
 __fput+0x268/0x92c fs/file_table.c:384
 __fput_sync+0x74/0x84 fs/file_table.c:461
 __do_sys_close fs/open.c:1554 [inline]
 __se_sys_close fs/open.c:1539 [inline]
 __arm64_sys_close+0x6c/0xbc fs/open.c:1539
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:51
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x58/0x140 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595
Code: d2d00000 f2fbffe0 f90037e1 d343fc3c (38e06b80) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	d2d00000 	mov	x0, #0x800000000000        	// #140737488355328
   4:	f2fbffe0 	movk	x0, #0xdfff, lsl #48
   8:	f90037e1 	str	x1, [sp, #104]
   c:	d343fc3c 	lsr	x28, x1, #3
* 10:	38e06b80 	ldrsb	w0, [x28, x0] <-- trapping instruction