BUG: unable to handle page fault for address: ffff8881e6a39000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7801067 P4D 7801067 PUD 1e1d5b063 PMD 1dd85b063 PTE ffff8881d7e3a268
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 164 Comm: udevd Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:qlist_free_all+0x3b/0xb0 mm/kasan/quarantine.c:165
Code: ff 0f 84 85 00 00 00 49 89 f5 49 bf 00 00 00 00 00 ea ff ff 49 bc 00 00 00 80 7f 77 00 00 eb 1a 48 ff c9 48 89 c8 48 8b 70 18 <48> 8b 1f e8 0d 05 00 00 48 89 df 48 85 db 74 3b 4c 89 ee 4d 85 ed
RSP: 0018:ffff8881ec1afa58 EFLAGS: 00010286
RAX: ffffea00079a8e00 RBX: ffff8881e6a39000 RCX: ffffea00079a8e00
RDX: 0000000080100009 RSI: ffff8881f5c0c000 RDI: ffff8881e6a39000
RBP: 00000000000002f2 R08: ffff8881e7ca1e00 R09: ffffffff81944010
R10: ffff8881e7ca1e00 R11: dffffc0000000001 R12: 0000777f80000000
R13: 0000000000000000 R14: ffff8881ec1afa88 R15: ffffea0000000000
FS:  00007fdffad17c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881e6a39000 CR3: 00000001edbbc000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 quarantine_reduce+0x1d9/0x210 mm/kasan/quarantine.c:260
 __kasan_kmalloc+0x41/0x210 mm/kasan/common.c:507
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc_node mm/slub.c:2829 [inline]
 slab_alloc mm/slub.c:2837 [inline]
 kmem_cache_alloc+0xd9/0x250 mm/slub.c:2842
 getname_flags+0xb8/0x4e0 fs/namei.c:141
 user_path_at_empty+0x28/0x50 fs/namei.c:2703
 do_readlinkat+0x114/0x3a0 fs/stat.c:398
 __do_sys_readlink fs/stat.c:431 [inline]
 __se_sys_readlink fs/stat.c:428 [inline]
 __x64_sys_readlink+0x7b/0x90 fs/stat.c:428
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7fdffae43d47
Code: 73 01 c3 48 8b 0d e1 90 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 59 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b1 90 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffd3bb06b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000059
RAX: ffffffffffffffda RBX: 00007ffd3bb06b38 RCX: 00007fdffae43d47
RDX: 0000000000000400 RSI: 00007ffd3bb06b38 RDI: 00007ffd3bb07018
RBP: 0000000000000400 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000007 R11: 0000000000000246 R12: 00007ffd3bb07018
R13: 00007ffd3bb06f88 R14: 0000562913b942c0 R15: 0000000000000000
Modules linked in:
CR2: ffff8881e6a39000
---[ end trace d2fbb6d0c28e2eb0 ]---
RIP: 0010:qlist_free_all+0x3b/0xb0 mm/kasan/quarantine.c:165
Code: ff 0f 84 85 00 00 00 49 89 f5 49 bf 00 00 00 00 00 ea ff ff 49 bc 00 00 00 80 7f 77 00 00 eb 1a 48 ff c9 48 89 c8 48 8b 70 18 <48> 8b 1f e8 0d 05 00 00 48 89 df 48 85 db 74 3b 4c 89 ee 4d 85 ed
RSP: 0018:ffff8881ec1afa58 EFLAGS: 00010286
RAX: ffffea00079a8e00 RBX: ffff8881e6a39000 RCX: ffffea00079a8e00
RDX: 0000000080100009 RSI: ffff8881f5c0c000 RDI: ffff8881e6a39000
RBP: 00000000000002f2 R08: ffff8881e7ca1e00 R09: ffffffff81944010
R10: ffff8881e7ca1e00 R11: dffffc0000000001 R12: 0000777f80000000
R13: 0000000000000000 R14: ffff8881ec1afa88 R15: ffffea0000000000
FS:  00007fdffad17c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881e6a39000 CR3: 00000001edbbc000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess):
   0:	ff 0f                	decl   (%rdi)
   2:	84 85 00 00 00 49    	test   %al,0x49000000(%rbp)
   8:	89 f5                	mov    %esi,%ebp
   a:	49 bf 00 00 00 00 00 	movabs $0xffffea0000000000,%r15
  11:	ea ff ff
  14:	49 bc 00 00 00 80 7f 	movabs $0x777f80000000,%r12
  1b:	77 00 00
  1e:	eb 1a                	jmp    0x3a
  20:	48 ff c9             	dec    %rcx
  23:	48 89 c8             	mov    %rcx,%rax
  26:	48 8b 70 18          	mov    0x18(%rax),%rsi
* 2a:	48 8b 1f             	mov    (%rdi),%rbx <-- trapping instruction
  2d:	e8 0d 05 00 00       	call   0x53f
  32:	48 89 df             	mov    %rbx,%rdi
  35:	48 85 db             	test   %rbx,%rbx
  38:	74 3b                	je     0x75
  3a:	4c 89 ee             	mov    %r13,%rsi
  3d:	4d 85 ed             	test   %r13,%r13