Unable to handle kernel paging request at virtual address 007fc1ffc01c13c8
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[007fc1ffc01c13c8] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:

CPU: 0 PID: 3194 Comm: syz-executor208 Not tainted 6.9.0-syzkaller-12220-g02c438bbfffe #0
Hardware name: linux,dummy-virt (DT)
pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : _compound_head include/linux/page-flags.h:245 [inline]
pc : mod_lruvec_page_state include/linux/vmstat.h:567 [inline]
pc : account_kernel_stack.isra.0+0x28/0x70 kernel/fork.c:541
lr : exit_task_stack_account+0x24/0x58 kernel/fork.c:554
sp : ffff80008909bcf0
x29: ffff80008909bcf0
 x28: f1f0000004970000
 x27: f5f0000002ce8000

x26: 0000000000000000
 x25: f1f00000049705a8
 x24: f1f0000004970600

x23: ffff80008909b7d8
 x22: f6f0000007025780
 x21: 00000000fffffffc

x20: f1f0000004970000
 x19: 0000000000000000
 x18: fff07ffffd331000

x17: 0000000000000001
 x16: ffff8000825c1e80
 x15: 0000000000000002

x14: 00000000000003e7
 x13: 0000000000000000
 x12: ffff8000825e0028

x11: 0000000000000001
 x10: 269097da788856a7
 x9 : ba2b45ada449d75b

x8 : f1f00000049711d8
 x7 : 0000000000000004
 x6 : 0000000000000190

x5 : 00000000000f0510
 x4 : 0000000000000041
 x3 : fbf0000006650900

x2 : 0000000000000001
 x1 : 00000000ffffffff
 x0 : ff7fc1ffc01c13c0

Call trace:
 account_kernel_stack.isra.0+0x28/0x70 kernel/fork.c:541
 exit_task_stack_account+0x24/0x58 kernel/fork.c:554
 do_exit+0x580/0x98c kernel/exit.c:915
 do_group_exit+0x34/0x90 kernel/exit.c:1023
 __do_sys_exit_group kernel/exit.c:1034 [inline]
 __se_sys_exit_group kernel/exit.c:1032 [inline]
 pid_child_should_wake+0x0/0x5c kernel/exit.c:1032
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x48/0x118 arch/arm64/kernel/syscall.c:48
 el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:152
 el0_svc+0x34/0xf8 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
Code: a90153f3 d2800013 f94012c3 f8736860 (f9400403) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	a90153f3 	stp	x19, x20, [sp, #16]
   4:	d2800013 	mov	x19, #0x0                   	// #0
   8:	f94012c3 	ldr	x3, [x22, #32]
   c:	f8736860 	ldr	x0, [x3, x19]
* 10:	f9400403 	ldr	x3, [x0, #8] <-- trapping instruction