BUG: unable to handle page fault for address: ffff8880008a3300
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 10a01067 P4D 10a01067 PUD 10a02067 PMD 104063 PTE 770007707707770
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 10991 Comm: syz-executor.5 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:qlist_free_all+0x43/0xc0 mm/kasan/quarantine.c:163
Code: 00 00 00 49 be 00 00 00 00 00 ea ff ff 49 89 fd 49 bc 00 00 00 00 00 fc ff df eb 2d 48 63 87 c0 00 00 00 48 c7 c2 65 75 be 81 <4c> 8b 3e 48 29 c6 48 89 f0 48 c1 e8 03 42 c6 04 20 fb e8 f6 c2 ff
RSP: 0000:ffffc90006777b60 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff88807a3fc960 RCX: ffffea0000022800
RDX: ffffffff81be7565 RSI: ffff8880008a3300 RDI: ffff888010dd03c0
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e
R10: ffffffff8134ee7a R11: 000000000000003f R12: dffffc0000000000
R13: ffffc90006777b98 R14: ffffea0000000000 R15: ffff8880008a3300
FS:  0000555556b29400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880008a3300 CR3: 00000000474cd000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <TASK>
 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:272
 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:259 [inline]
 slab_post_alloc_hook mm/slab.h:519 [inline]
 slab_alloc_node mm/slub.c:3234 [inline]
 slab_alloc mm/slub.c:3242 [inline]
 kmem_cache_alloc+0x202/0x3a0 mm/slub.c:3247
 ptlock_alloc+0x1d/0x70 mm/memory.c:5448
 ptlock_init include/linux/mm.h:2332 [inline]
 pgtable_pte_page_ctor include/linux/mm.h:2359 [inline]
 __pte_alloc_one include/asm-generic/pgalloc.h:66 [inline]
 pte_alloc_one+0x68/0x230 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x69/0x250 mm/memory.c:464
 do_anonymous_page mm/memory.c:3728 [inline]
 handle_pte_fault mm/memory.c:4549 [inline]
 __handle_mm_fault+0x5016/0x5120 mm/memory.c:4686
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0033:0x7f12736c40af
Code: ff ff 4d 89 cd 48 85 c0 74 19 8b 95 44 ff ff ff 48 29 c6 48 01 c7 e8 80 fb 04 00 85 c0 0f 85 0b 03 00 00 48 8b 85 48 ff ff ff <41> c7 45 18 01 00 00 00 4c 89 ef 49 89 85 90 06 00 00 48 8b 85 50
RSP: 002b:00007f1273d5aad0 EFLAGS: 00010246
RAX: 00007f1272669000 RBX: 0000000000021000 RCX: 00007f1273713c27
RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f127266a000
RBP: 00007f1273d5aba0 R08: 00000000ffffffff R09: 00007f1272689700
R10: 0000000000020022 R11: 0000000000000206 R12: 00007f1273d5acb0
R13: 00007f1272689700 R14: 0000000000000000 R15: 0000000000022000
 </TASK>
Modules linked in:
CR2: ffff8880008a3300
---[ end trace 53d64d90222af5d5 ]---
RIP: 0010:qlist_free_all+0x43/0xc0 mm/kasan/quarantine.c:163
Code: 00 00 00 49 be 00 00 00 00 00 ea ff ff 49 89 fd 49 bc 00 00 00 00 00 fc ff df eb 2d 48 63 87 c0 00 00 00 48 c7 c2 65 75 be 81 <4c> 8b 3e 48 29 c6 48 89 f0 48 c1 e8 03 42 c6 04 20 fb e8 f6 c2 ff
RSP: 0000:ffffc90006777b60 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff88807a3fc960 RCX: ffffea0000022800
RDX: ffffffff81be7565 RSI: ffff8880008a3300 RDI: ffff888010dd03c0
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000002e
R10: ffffffff8134ee7a R11: 000000000000003f R12: dffffc0000000000
R13: ffffc90006777b98 R14: ffffea0000000000 R15: ffff8880008a3300
FS:  0000555556b29400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880008a3300 CR3: 00000000474cd000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	49 be 00 00 00 00 00 	movabs $0xffffea0000000000,%r14
   9:	ea ff ff
   c:	49 89 fd             	mov    %rdi,%r13
   f:	49 bc 00 00 00 00 00 	movabs $0xdffffc0000000000,%r12
  16:	fc ff df
  19:	eb 2d                	jmp    0x48
  1b:	48 63 87 c0 00 00 00 	movslq 0xc0(%rdi),%rax
  22:	48 c7 c2 65 75 be 81 	mov    $0xffffffff81be7565,%rdx
* 29:	4c 8b 3e             	mov    (%rsi),%r15 <-- trapping instruction
  2c:	48 29 c6             	sub    %rax,%rsi
  2f:	48 89 f0             	mov    %rsi,%rax
  32:	48 c1 e8 03          	shr    $0x3,%rax
  36:	42 c6 04 20 fb       	movb   $0xfb,(%rax,%r12,1)
  3b:	e8                   	.byte 0xe8
  3c:	f6 c2 ff             	test   $0xff,%dl