------------[ cut here ]------------
kernel BUG at mm/memory.c:2103!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 3535 Comm: syz-executor.0 Not tainted 5.16.0-rc2-syzkaller-00082-g5f53fa508db0 #0
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vmf_insert_pfn_prot+0xdc/0x29c mm/memory.c:2103
lr : vmf_insert_pfn+0x38/0x60 mm/memory.c:2142
sp : ffff80001ccf76d0
x29: ffff80001ccf76d0 x28: ffff00002e4a6838 x27: ffff000014afee70
x26: 1ffff0000399ef1f x25: ffff80001ccf78f8 x24: ffff00000bdb4230
x23: ffff00000fe58000 x22: ffff000014afee70 x21: ffff80001589b000
x20: fffffc00003f8280 x19: ffff000014afee70 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: ffff80001018ac50
x14: 1ffff0000399ee8c x13: 1ffff0000399ee0a x12: ffff70000399eeb7
x11: 1ffff0000399eeb6 x10: ffff70000399eeb6 x9 : dfff800000000000
x8 : ffff80001ccf75b7 x7 : 0000000000000001 x6 : 00008ffffc66114a
x5 : 0000000000000400 x4 : 0000000000000020 x3 : 0020000000000fc3
x2 : 000000000004fe0a x1 : 0000000020ffd000 x0 : 0000000000040474
Call trace:
 vmf_insert_pfn_prot+0xdc/0x29c mm/memory.c:2103
 vmf_insert_pfn+0x38/0x60 mm/memory.c:2142
 drm_gem_shmem_fault+0x184/0x220 drivers/gpu/drm/drm_gem_shmem_helper.c:566
 __do_fault+0xc8/0x590 mm/memory.c:3849
 do_read_fault mm/memory.c:4164 [inline]
 do_fault mm/memory.c:4293 [inline]
 handle_pte_fault mm/memory.c:4551 [inline]
 __handle_mm_fault+0x1124/0x21e0 mm/memory.c:4686
 handle_mm_fault+0x1dc/0x4f0 mm/memory.c:4784
 __do_page_fault arch/arm64/mm/fault.c:499 [inline]
 do_page_fault+0x228/0x910 arch/arm64/mm/fault.c:599
 do_translation_fault+0x1a4/0x210 arch/arm64/mm/fault.c:680
 do_mem_abort+0x64/0x1c0 arch/arm64/mm/fault.c:813
 el1_abort+0x3c/0x60 arch/arm64/kernel/entry-common.c:346
 el1h_64_sync_handler+0xb4/0xd0 arch/arm64/kernel/entry-common.c:397
 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:567
 __arch_copy_from_user+0xb8/0x230 arch/arm64/lib/copy_template.S:110
 __do_compat_sys_sigaltstack kernel/signal.c:4276 [inline]
 __se_compat_sys_sigaltstack kernel/signal.c:4272 [inline]
 __arm64_compat_sys_sigaltstack+0x50/0x74 kernel/signal.c:4272
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x6c/0x260 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0xc4/0x254 arch/arm64/kernel/syscall.c:142
 do_el0_svc_compat+0x40/0x80 arch/arm64/kernel/syscall.c:187
 el0_svc_compat+0x64/0x290 arch/arm64/kernel/entry-common.c:736
 el0t_32_sync_handler+0x90/0x140 arch/arm64/kernel/entry-common.c:746
 el0t_32_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:577
Code: 8a040004 f100809f 54fffbc1 a9025bf5 (d4210000) 
---[ end trace 0860f54edfa9b5a7 ]---