------------[ cut here ]------------
WARNING: CPU: 0 PID: 10881 at mm/gup.c:1299 __get_user_pages+0x364/0x604 mm/gup.c:1299
Modules linked in:
CPU: 0 PID: 10881 Comm: syz-executor.1 Not tainted 6.9.0-rc3-syzkaller-00344-g8f2c057754b2 #0
Hardware name: linux,dummy-virt (DT)
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __get_user_pages+0x364/0x604 mm/gup.c:1299
lr : __get_user_pages+0x35c/0x604 mm/gup.c:1297
sp : ffff80008c877610
x29: ffff80008c877610 x28: ffff00000ba4da00 x27: 0000000000000000
x26: 0000000000000001 x25: ffff00000fc2fc00 x24: 0000000020200700
x23: ffff000019bcc000 x22: 1ffff0001190eed8 x21: 0000000000000242
x20: ffff000017891800 x19: 0000000000080101 x18: ffff00000ba4e470
x17: 0000000000000000 x16: 0000000000000006 x15: 1fffe00001749c8d
x14: 1fffe00001749c9c x13: 1fffe00001749c8a x12: ffff7fbff83ec007
x11: 1fffffbff83ec006 x10: ffff7fbff83ec006 x9 : dfff800000000000
x8 : fffffdffc1f60037 x7 : 0000000000000001 x6 : ffff7fbff83ec006
x5 : fffffdffc1f60034 x4 : ffff7fbff83ec007 x3 : fffffdffc1f60000
x2 : fffffdffc1f60034 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
 __get_user_pages+0x364/0x604 mm/gup.c:1299
 __get_user_pages_locked mm/gup.c:1509 [inline]
 __gup_longterm_locked+0x430/0x18d4 mm/gup.c:2218
 pin_user_pages+0x128/0x138 mm/gup.c:3391
 io_pin_pages+0x98/0x200 io_uring/rsrc.c:891
 io_sqe_buffer_register+0x108/0xe3c io_uring/rsrc.c:927
 io_sqe_buffers_register+0x1d0/0x528 io_uring/rsrc.c:1045
 __io_uring_register io_uring/register.c:418 [inline]
 __do_sys_io_uring_register io_uring/register.c:613 [inline]
 __se_sys_io_uring_register io_uring/register.c:574 [inline]
 __arm64_sys_io_uring_register+0x244/0x20ec io_uring/register.c:574
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x6c/0x25c arch/arm64/kernel/syscall.c:48
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:133
 do_el0_svc_compat+0x40/0x64 arch/arm64/kernel/syscall.c:158
 el0_svc_compat+0x4c/0x17c arch/arm64/kernel/entry-common.c:852
 el0t_32_sync_handler+0x98/0x13c arch/arm64/kernel/entry-common.c:862
 el0t_32_sync+0x194/0x198 arch/arm64/kernel/entry.S:603
irq event stamp: 536
hardirqs last  enabled at (535): [<ffff8000807c4224>] count_memcg_events include/linux/memcontrol.h:1097 [inline]
hardirqs last  enabled at (535): [<ffff8000807c4224>] count_memcg_event_mm.part.0+0x1cc/0x1e0 include/linux/memcontrol.h:1120
hardirqs last disabled at (536): [<ffff800084e62700>] el1_dbg+0x24/0x9c arch/arm64/kernel/entry-common.c:470
softirqs last  enabled at (526): [<ffff800080011034>] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last  enabled at (526): [<ffff800080011034>] __do_softirq+0x8d4/0xde8 kernel/softirq.c:583
softirqs last disabled at (511): [<ffff80008001972c>] ____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:81
---[ end trace 0000000000000000 ]---