syzbot

 __cleanup_mnt+0x20/0x30 fs/namespace.c:1189
 task_work_run+0x1ec/0x270 kernel/task_work.c:203
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 do_notify_resume+0x1f70/0x2b0c arch/arm64/kernel/signal.c:1137
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x98/0x138 arch/arm64/kernel/entry-common.c:638
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Unable to handle kernel paging request at virtual address dfff800000000005
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000005] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4297 Comm: syz-executor Not tainted 6.1.141-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : gfs2_remove_from_journal+0x3ac/0x820 fs/gfs2/meta_io.c:350
lr : gfs2_remove_from_journal+0x3a0/0x820 fs/gfs2/meta_io.c:350
sp : ffff8000206e71d0
x29: ffff8000206e71f0 x28: dfff800000000000 x27: ffff0000e996f2c0
x26: ffff0000e996f170 x25: 1fffe0001e93d8f0 x24: 0000000000010000
x23: 000000000000002c x22: 0000000000000000 x21: ffff0000f49ec780
x20: ffff0000e996f150 x19: ffff0000f49ec740 x18: ffff800011a7bce0
x17: ffff8000181a1000 x16: ffff8000082e6f68 x15: ffff800017c81fc0
x14: ffff0000d8542658 x13: ffff0000d85426a8 x12: 0000000000ff0100
x11: ff0080000a1ad274 x10: 0000000000000000 x9 : ffff80000a1ad274
x8 : 0000000000000005 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000020 x4 : 0000000000000000 x3 : ffff80000a1ad154
x2 : ffff0000e996f168 x1 : 0000000000000000 x0 : 0000000000000001
Call trace:
 gfs2_remove_from_journal+0x3ac/0x820 fs/gfs2/meta_io.c:350
 gfs2_discard fs/gfs2/aops.c:622 [inline]
 gfs2_invalidate_folio+0x498/0x770 fs/gfs2/aops.c:656
 folio_invalidate mm/truncate.c:158 [inline]
 truncate_cleanup_folio+0x1b4/0x330 mm/truncate.c:178
 truncate_inode_pages_range+0x1f8/0xd20 mm/truncate.c:368
 truncate_inode_pages mm/truncate.c:451 [inline]
 truncate_inode_pages_final+0x8c/0xbc mm/truncate.c:486
 gfs2_evict_inode+0x890/0xe20 fs/gfs2/super.c:1511
 evict+0x3c8/0x810 fs/inode.c:705
 iput_final fs/inode.c:1834 [inline]
 iput+0x764/0x7f4 fs/inode.c:1860
 gfs2_put_super+0x330/0x764 fs/gfs2/super.c:616
 generic_shutdown_super+0x130/0x324 fs/super.c:501
 kill_block_super+0x70/0xdc fs/super.c:1470
 gfs2_kill_sb+0xc0/0xd4 fs/gfs2/ops_fstype.c:-1
 deactivate_locked_super+0xac/0x124 fs/super.c:332
 deactivate_super+0xe8/0x108 fs/super.c:363
 cleanup_mnt+0x37c/0x404 fs/namespace.c:1182
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1189
 task_work_run+0x1ec/0x270 kernel/task_work.c:203
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 do_notify_resume+0x1f70/0x2b0c arch/arm64/kernel/signal.c:1137
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x98/0x138 arch/arm64/kernel/entry-common.c:638
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 978bd055 a94067f6 9100b2d7 d343fee8 (38fc6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	978bd055 	bl	0xfffffffffe2f4154
   4:	a94067f6 	ldp	x22, x25, [sp]
   8:	9100b2d7 	add	x23, x22, #0x2c
   c:	d343fee8 	lsr	x8, x23, #3
* 10:	38fc6908 	ldrsb	w8, [x8, x28] <-- trapping instruction