Unable to handle kernel paging request at virtual address 0000001100000010
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000109562000
[0000001100000010] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 8919 Comm: udevd Not tainted 6.1.0-rc4-syzkaller-31872-g1621b6eaebf7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __rb_erase_augmented include/linux/rbtree_augmented.h:266 [inline]
pc : rb_erase_augmented include/linux/rbtree_augmented.h:303 [inline]
pc : rb_erase_augmented_cached include/linux/rbtree_augmented.h:314 [inline]
pc : __anon_vma_interval_tree_remove mm/interval_tree.c:71 [inline]
pc : anon_vma_interval_tree_remove+0x5c/0x3f0 mm/interval_tree.c:88
lr : rb_erase_augmented_cached include/linux/rbtree_augmented.h:312 [inline]
lr : __anon_vma_interval_tree_remove mm/interval_tree.c:71 [inline]
lr : anon_vma_interval_tree_remove+0x40/0x3f0 mm/interval_tree.c:88
sp : ffff800014943a00
x29: ffff800014943a00 x28: ffff0000c9ca9e58 x27: ffff0000c9ca9e58
x26: ffff000115d29020 x25: ffff0000c9ca9e58 x24: 0000001100000000
x23: ffff000115d29020 x22: ffff0000caa0fd70 x21: ffff0000caa0fd90
x20: 0000001100000000 x19: ffff0000c9ca9f18 x18: fffffffffffffff5
x17: 0000000000000000 x16: ffff80000db1a158 x15: ffff000118c69a40
x14: 0000000000000000 x13: 00000000ffffffff x12: ffff000118c69a40
x11: ff80800008456904 x10: 0000000000000000 x9 : ffff800008456904
x8 : ffff000118c69a40 x7 : ffff8000095f3074 x6 : 0000000000000000
x5 : 000000008033000f x4 : fffffc00032a83e0 x3 : 000000008033000f
x2 : ffff0000caa0f780 x1 : ffff0000c9ca9f18 x0 : ffff0000caa0fd70
Call trace:
 rb_erase_augmented include/linux/rbtree_augmented.h:303 [inline]
 rb_erase_augmented_cached include/linux/rbtree_augmented.h:314 [inline]
 __anon_vma_interval_tree_remove mm/interval_tree.c:71 [inline]
 anon_vma_interval_tree_remove+0x5c/0x3f0 mm/interval_tree.c:88
 unlink_anon_vmas+0x84/0x298 mm/rmap.c:408
 free_pgtables+0x118/0x478 mm/memory.c:430
 exit_mmap+0x124/0x390 mm/mmap.c:3099
 __mmput+0x90/0x204 kernel/fork.c:1185
 mmput+0x64/0xa0 kernel/fork.c:1207
 exit_mm+0x16c/0x1c0 kernel/exit.c:516
 do_exit+0x264/0xcac kernel/exit.c:807
 __arm64_sys_exit_group+0x0/0x18 kernel/exit.c:950
 __do_sys_exit_group kernel/exit.c:961 [inline]
 __se_sys_exit_group kernel/exit.c:959 [inline]
 __wake_up_parent+0x0/0x40 kernel/exit.c:959
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
 el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: f9400af8 b4000cb8 aa1703fa aa1803f4 (f9400b18) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	f9400af8 	ldr	x24, [x23, #16]
   4:	b4000cb8 	cbz	x24, 0x198
   8:	aa1703fa 	mov	x26, x23
   c:	aa1803f4 	mov	x20, x24
* 10:	f9400b18 	ldr	x24, [x24, #16] <-- trapping instruction