BUG: unable to handle page fault for address: ffffffff813a5d32
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
PGD 5e11067 P4D 5e11067 PUD 5e12063 PMD 12001e1 
Oops: 0003 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 162 Comm: udevd Not tainted 5.4.276-syzkaller-00021-g58de09405d1e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:__hlist_del include/linux/list.h:791 [inline]
RIP: 0010:detach_timer kernel/time/timer.c:824 [inline]
RIP: 0010:expire_timers kernel/time/timer.c:1482 [inline]
RIP: 0010:__run_timers+0x7be/0xbe0 kernel/time/timer.c:1817
Code: 74 2e e8 e5 68 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 62 4e 3f 00 <4d> 89 65 00 eb 05 e8 b7 68 0f 00 49 bd 00 00 00 00 00 fc ff df 42
RSP: 0018:ffff8881f6e09d60 EFLAGS: 00010046
RAX: 1ffffffff0274ba6 RBX: 1ffff1103ce0d639 RCX: dffffc0000000000
RDX: 0000000000000102 RSI: 0000000000000004 RDI: ffff8881f6e09ce0
RBP: ffff8881f6e09ec8 R08: dffffc0000000000 R09: 0000000000000003
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6e09e20
R13: ffffffff813a5d32 R14: 1ffff1103ce0d638 R15: ffff8881e706b1c8
FS:  00007f6d08f52c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff813a5d32 CR3: 00000001ece5b000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1830
 __do_softirq+0x23b/0x6b7 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x195/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:539 [inline]
 smp_apic_timer_interrupt+0x11a/0x460 arch/x86/kernel/apic/apic.c:1149
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>
RIP: 0010:__d_lookup+0x4ba/0x540 fs/dcache.c:2384
Code: c3 ff 49 bf 00 00 00 00 00 fc ff df 48 8b 1c 24 4c 8b 74 24 08 4c 8b 6c 24 20 48 83 c3 54 48 89 d8 48 c1 e8 03 42 0f b6 04 38 <84> c0 75 63 ff 03 4c 89 f7 e8 98 12 b0 02 e8 63 0a b1 ff 4c 89 e8
RSP: 0018:ffff8881ec97f5b8 EFLAGS: 00000a07 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: ffff8881ede4df3c RCX: ffff8881ec801f80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff8881f2fd8035 R08: ffffffff81a10763 R09: ffffed103dbc9be4
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000006b636f6c62
R13: ffff8881ede4dee0 R14: ffff8881ede4df38 R15: dffffc0000000000
 lookup_fast+0x119/0xa40 fs/namei.c:1694
 walk_component+0x138/0x590 fs/namei.c:1881
 link_path_walk+0x5c6/0x1040 fs/namei.c:2210
 path_openat+0x1a3/0x34b0 fs/namei.c:3682
 do_filp_open+0x20b/0x450 fs/namei.c:3713
 do_sys_open+0x39c/0x810 fs/open.c:1123
 do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7f6d0907d9a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffd5b7b6680 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f6d0907d9a4
RDX: 0000000000080241 RSI: 00007ffd5b7b6ab8 RDI: 00000000ffffff9c
RBP: 00007ffd5b7b6ab8 R08: 0000000000000004 R09: 0000000000000001
R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000080241
R13: 00005568276bb72e R14: 0000000000000001 R15: 0000000000000000
Modules linked in:
CR2: ffffffff813a5d32
---[ end trace 2a5c3b731ea29f5f ]---
RIP: 0010:__hlist_del include/linux/list.h:791 [inline]
RIP: 0010:detach_timer kernel/time/timer.c:824 [inline]
RIP: 0010:expire_timers kernel/time/timer.c:1482 [inline]
RIP: 0010:__run_timers+0x7be/0xbe0 kernel/time/timer.c:1817
Code: 74 2e e8 e5 68 0f 00 49 83 c5 08 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 62 4e 3f 00 <4d> 89 65 00 eb 05 e8 b7 68 0f 00 49 bd 00 00 00 00 00 fc ff df 42
RSP: 0018:ffff8881f6e09d60 EFLAGS: 00010046
RAX: 1ffffffff0274ba6 RBX: 1ffff1103ce0d639 RCX: dffffc0000000000
RDX: 0000000000000102 RSI: 0000000000000004 RDI: ffff8881f6e09ce0
RBP: ffff8881f6e09ec8 R08: dffffc0000000000 R09: 0000000000000003
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6e09e20
R13: ffffffff813a5d32 R14: 1ffff1103ce0d638 R15: ffff8881e706b1c8
FS:  00007f6d08f52c80(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff813a5d32 CR3: 00000001ece5b000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess):
   0:	74 2e                	je     0x30
   2:	e8 e5 68 0f 00       	call   0xf68ec
   7:	49 83 c5 08          	add    $0x8,%r13
   b:	4c 89 e8             	mov    %r13,%rax
   e:	48 c1 e8 03          	shr    $0x3,%rax
  12:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  19:	fc ff df
  1c:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1)
  20:	74 08                	je     0x2a
  22:	4c 89 ef             	mov    %r13,%rdi
  25:	e8 62 4e 3f 00       	call   0x3f4e8c
* 2a:	4d 89 65 00          	mov    %r12,0x0(%r13) <-- trapping instruction
  2e:	eb 05                	jmp    0x35
  30:	e8 b7 68 0f 00       	call   0xf68ec
  35:	49 bd 00 00 00 00 00 	movabs $0xdffffc0000000000,%r13
  3c:	fc ff df
  3f:	42                   	rex.X