syzbot

Unable to handle kernel paging request at virtual address dfff800000000039
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000039] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4029 Comm: syz-executor220 Not tainted 5.15.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : errseq_set+0x30/0x198 lib/errseq.c:72
lr : errseq_set+0x24/0x198 lib/errseq.c:60
sp : ffff80001ffb6c90
x29: ffff80001ffb6c90 x28: dfff800000000000 x27: ffff80001ffb6e80
x26: fffffc00039a4940 x25: 0000000000000800 x24: 1fffff8000734929

x23: 0000000000007000 x22: fffffc00039a4908 x21: 00000000ffffff8b

x20: 00000000ffffff8b x19: 00000000000001c8 x18: 1fffe00036831b8e

x17: 1fffe00036831b8e x16: ffff8000082ec8b8 x15: ffff800014b5fa40
x14: 1ffff0000295806a x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000039
x8 : dfff800000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080
 x4 : 0000000000000000
 x3 : ffff80000804605c

x2 : 0000000000000007 x1 : 00000000ffffff8b
 x0 : 00000000000001c8
Call trace:
 errseq_set+0x30/0x198 lib/errseq.c:72
 __filemap_set_wb_err+0x3c/0x3a4 mm/filemap.c:730
 mapping_set_error include/linux/pagemap.h:60 [inline]
 iomap_writepage_map fs/iomap/buffered-io.c:1383 [inline]
 iomap_do_writepage+0x19e0/0x1db8 fs/iomap/buffered-io.c:1485
 write_cache_pages+0x878/0xf58 mm/page-writeback.c:2277
 iomap_writepages+0x6c/0x1f4 fs/iomap/buffered-io.c:1516
 xfs_vm_writepages+0x124/0x180 fs/xfs/xfs_aops.c:488
 do_writepages+0x39c/0x5ec mm/page-writeback.c:2386
 filemap_fdatawrite_wbc+0x1c8/0x228 mm/filemap.c:400
 __filemap_fdatawrite_range mm/filemap.c:433 [inline]
 file_write_and_wait_range+0x18c/0x274 mm/filemap.c:810
 xfs_file_fsync+0x1a8/0x930 fs/xfs/xfs_file.c:182
 vfs_fsync_range+0x168/0x188 fs/sync.c:188
 generic_write_sync include/linux/fs.h:2991 [inline]
 xfs_file_buffered_write+0x998/0xb08 fs/xfs/xfs_file.c:793
 xfs_file_write_iter+0x2b4/0x604 fs/xfs/xfs_file.c:833
 do_iter_readv_writev+0x420/0x5f8
 do_iter_write+0x1b8/0x66c fs/read_write.c:855
 vfs_writev fs/read_write.c:928 [inline]
 do_pwritev+0x1ec/0x334 fs/read_write.c:1025
 __do_sys_pwritev2 fs/read_write.c:1084 [inline]
 __se_sys_pwritev2 fs/read_write.c:1075 [inline]
 __arm64_sys_pwritev2+0xd4/0x108 fs/read_write.c:1075
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 976cc7ed d2d00008 d343fe69 f2fbffe8 (38e86928) 
---[ end trace 86474f80933242ce ]---
----------------
Code disassembly (best guess):
   0:	976cc7ed 	bl	0xfffffffffdb31fb4
   4:	d2d00008 	mov	x8, #0x800000000000        	// #140737488355328
   8:	d343fe69 	lsr	x9, x19, #3
   c:	f2fbffe8 	movk	x8, #0xdfff, lsl #48
* 10:	38e86928 	ldrsb	w8, [x9, x8] <-- trapping instruction