BUG: unable to handle page fault for address: ffffffff00000034
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD e93c067 P4D e93c067 PUD 0 
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5791 Comm: syz.2.71 Not tainted 6.14.0-rc5-syzkaller-00039-g848e07631744 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline]
RIP: 0010:raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline]
RIP: 0010:atomic_read include/linux/atomic/atomic-instrumented.h:33 [inline]
RIP: 0010:page_ref_count include/linux/page_ref.h:67 [inline]
RIP: 0010:page_ref_add_unless include/linux/page_ref.h:237 [inline]
RIP: 0010:folio_ref_add_unless include/linux/page_ref.h:248 [inline]
RIP: 0010:folio_try_get+0xf3/0x350 include/linux/page_ref.h:264
Code: d3 1f c7 ff 49 83 c7 34 4c 89 ff be 04 00 00 00 e8 82 5d 2e 00 4c 89 fd 48 c1 ed 03 42 0f b6 44 25 00 84 c0 0f 85 50 01 00 00 <41> 8b 1f 31 ff 89 de e8 e1 23 c7 ff 85 db 0f 84 8c 00 00 00 4c 89
RSP: 0000:ffffc9000283f740 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81faaf5e
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff00000034
RBP: 1fffffffe0000006 R08: ffffffff00000037 R09: 1fffffffe0000006
R10: dffffc0000000000 R11: fffffbffe0000007 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffffffff81faae9e R15: ffffffff00000034
FS:  000055556e882500(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff00000034 CR3: 00000000429f6000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 next_uptodate_folio+0xd3/0x5f0 mm/filemap.c:3638
 filemap_map_pages+0x2ea/0x1900 mm/filemap.c:3780
 do_fault_around mm/memory.c:5361 [inline]
 do_read_fault mm/memory.c:5394 [inline]
 do_fault mm/memory.c:5537 [inline]
 do_pte_missing mm/memory.c:4058 [inline]
 handle_pte_fault mm/memory.c:5900 [inline]
 __handle_mm_fault+0x4acb/0x70f0 mm/memory.c:6043
 handle_mm_fault+0x3e5/0x8d0 mm/memory.c:6212
 do_user_addr_fault arch/x86/mm/fault.c:1337 [inline]
 handle_page_fault arch/x86/mm/fault.c:1480 [inline]
 exc_page_fault+0x459/0x8b0 arch/x86/mm/fault.c:1538
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fe26a451465
Code: 00 00 00 66 90 53 48 8b 1d 58 67 35 00 45 31 d2 31 c9 48 8b 17 45 31 db 4c 8d 83 00 00 40 00 48 89 d0 0f 1f 00 4c 39 c0 73 6b <44> 0f b6 08 48 83 c0 01 4c 89 ce 83 e6 7f 48 d3 e6 49 09 f2 45 84
RSP: 002b:00007fff2d6f0f30 EFLAGS: 00010287
RAX: 00007fe26a000000 RBX: 00007fe26a000000 RCX: 0000000000000000
RDX: 00007fe26a000000 RSI: 00007fff2d6f0f20 RDI: 00007fff2d6f1008
RBP: 0000000000000000 R08: 00007fe26a400000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 00000000000927c0 R14: 00000000000216e4 R15: 00007fff2d6f11f0
 </TASK>
Modules linked in:
CR2: ffffffff00000034
---[ end trace 0000000000000000 ]---
RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline]
RIP: 0010:raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline]
RIP: 0010:atomic_read include/linux/atomic/atomic-instrumented.h:33 [inline]
RIP: 0010:page_ref_count include/linux/page_ref.h:67 [inline]
RIP: 0010:page_ref_add_unless include/linux/page_ref.h:237 [inline]
RIP: 0010:folio_ref_add_unless include/linux/page_ref.h:248 [inline]
RIP: 0010:folio_try_get+0xf3/0x350 include/linux/page_ref.h:264
Code: d3 1f c7 ff 49 83 c7 34 4c 89 ff be 04 00 00 00 e8 82 5d 2e 00 4c 89 fd 48 c1 ed 03 42 0f b6 44 25 00 84 c0 0f 85 50 01 00 00 <41> 8b 1f 31 ff 89 de e8 e1 23 c7 ff 85 db 0f 84 8c 00 00 00 4c 89
RSP: 0000:ffffc9000283f740 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81faaf5e
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff00000034
RBP: 1fffffffe0000006 R08: ffffffff00000037 R09: 1fffffffe0000006
R10: dffffc0000000000 R11: fffffbffe0000007 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffffffff81faae9e R15: ffffffff00000034
FS:  000055556e882500(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff00000034 CR3: 00000000429f6000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 4 bytes skipped:
   0:	49 83 c7 34          	add    $0x34,%r15
   4:	4c 89 ff             	mov    %r15,%rdi
   7:	be 04 00 00 00       	mov    $0x4,%esi
   c:	e8 82 5d 2e 00       	call   0x2e5d93
  11:	4c 89 fd             	mov    %r15,%rbp
  14:	48 c1 ed 03          	shr    $0x3,%rbp
  18:	42 0f b6 44 25 00    	movzbl 0x0(%rbp,%r12,1),%eax
  1e:	84 c0                	test   %al,%al
  20:	0f 85 50 01 00 00    	jne    0x176
* 26:	41 8b 1f             	mov    (%r15),%ebx <-- trapping instruction
  29:	31 ff                	xor    %edi,%edi
  2b:	89 de                	mov    %ebx,%esi
  2d:	e8 e1 23 c7 ff       	call   0xffc72413
  32:	85 db                	test   %ebx,%ebx
  34:	0f 84 8c 00 00 00    	je     0xc6
  3a:	4c                   	rex.WR
  3b:	89                   	.byte 0x89