------------[ cut here ]------------
WARNING: CPU: 1 PID: 4163 at mm/maccess.c:226 copy_from_user_nofault+0x15c/0x1c0
Modules linked in:
CPU: 1 PID: 4163 Comm: syz-executor282 Not tainted 5.15.176-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 mm/maccess.c:226
Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 cb ba d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b4 ba d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff
RSP: 0018:ffffc90000dd09f0 EFLAGS: 00010246
RAX: ffffffff81aaca2c RBX: 0000000000000000 RCX: ffff88802183d940
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffffffff81aac93d R09: ffffed1004307b29
R10: 0000000000000000 R11: dffffc0000000001 R12: 000000000a010000
R13: 0000000000000000 R14: 000000000a010000 R15: ffffc90000dd0a68
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f22f2f7c0f0 CR3: 000000007063f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 bpf_probe_read_user_common kernel/trace/bpf_trace.c:157 [inline]
 ____bpf_probe_read_compat kernel/trace/bpf_trace.c:281 [inline]
 bpf_probe_read_compat+0xe4/0x180 kernel/trace/bpf_trace.c:277
 bpf_prog_f8835795983ece0c+0x35/0x598
 bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
 bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1916
 __bpf_trace_kmem_cache_free+0x99/0xc0 include/trace/events/kmem.h:138
 trace_kmem_cache_free include/trace/events/kmem.h:138 [inline]
 kmem_cache_free+0x1ce/0x1f0 mm/slub.c:3516
 req_bio_endio block/blk-core.c:261 [inline]
 blk_update_request+0x87c/0x1470 block/blk-core.c:1441
 scsi_end_request+0x83/0x980 drivers/scsi/scsi_lib.c:544
 scsi_io_completion+0x1fa/0x540 drivers/scsi/scsi_lib.c:940
 blk_complete_reqs block/blk-mq.c:587 [inline]
 blk_done_softirq+0xf2/0x130 block/blk-mq.c:592
 handle_softirqs+0x3a7/0x930 kernel/softirq.c:558
 __do_softirq kernel/softirq.c:592 [inline]
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x157/0x240 kernel/softirq.c:641
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:653
 common_interrupt+0xb3/0xd0 arch/x86/kernel/irq.c:240
 </IRQ>
 <TASK>
 asm_common_interrupt+0x22/0x40 arch/x86/include/asm/idtentry.h:667
RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:207 [inline]
RIP: 0010:test_bit include/asm-generic/bitops/instrumented-non-atomic.h:135 [inline]
RIP: 0010:test_ti_thread_flag include/linux/thread_info.h:118 [inline]
RIP: 0010:need_resched include/linux/sched.h:2113 [inline]
RIP: 0010:zap_pte_range mm/memory.c:1351 [inline]
RIP: 0010:zap_pmd_range mm/memory.c:1505 [inline]
RIP: 0010:zap_pud_range mm/memory.c:1534 [inline]
RIP: 0010:zap_p4d_range mm/memory.c:1555 [inline]
RIP: 0010:unmap_page_range+0xa9a/0x2630 mm/memory.c:1576
Code: 7e 48 89 df be 08 00 00 00 e8 b2 d0 11 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 0c cf 11 00 48 8b 1b 48 89 de <48> 83 e6 08 31 ff e8 ab ea c7 ff 48 83 e3 08 0f 85 9b 12 00 00 4c
RSP: 0018:ffffc900010df760 EFLAGS: 00000246
RAX: 1ffff11004307b28 RBX: 0000000000000000 RCX: ffffffff81b89dee
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88802183d940
RBP: ffffc900010df990 R08: dffffc0000000000 R09: ffffed1004307b29
R10: 0000000000000000 R11: dffffc0000000001 R12: 00007f22f2f58000
R13: dffffc0000000000 R14: 1ffff11005658758 R15: 80000000b8ece025
 unmap_vmas+0x1f8/0x390 mm/memory.c:1653
 exit_mmap+0x3b6/0x620 mm/mmap.c:3204
 __mmput+0x112/0x3b0 kernel/fork.c:1127
 exit_mm+0x688/0x7f0 kernel/exit.c:550
 do_exit+0x626/0x2480 kernel/exit.c:861
 do_group_exit+0x144/0x310 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1005
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f22f2f00c89
Code: Unable to access opcode bytes at RIP 0x7f22f2f00c5f.
RSP: 002b:00007fff5512cc18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22f2f00c89
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f22f2f7b290 R08: ffffffffffffffb8 R09: 0000000000000006
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f22f2f7b290
R13: 0000000000000000 R14: 00007f22f2f7bce0 R15: 00007f22f2ed1ee0
 </TASK>
----------------
Code disassembly (best guess):
   0:	7e 48                	jle    0x4a
   2:	89 df                	mov    %ebx,%edi
   4:	be 08 00 00 00       	mov    $0x8,%esi
   9:	e8 b2 d0 11 00       	call   0x11d0c0
   e:	48 89 d8             	mov    %rbx,%rax
  11:	48 c1 e8 03          	shr    $0x3,%rax
  15:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  1a:	74 08                	je     0x24
  1c:	48 89 df             	mov    %rbx,%rdi
  1f:	e8 0c cf 11 00       	call   0x11cf30
  24:	48 8b 1b             	mov    (%rbx),%rbx
  27:	48 89 de             	mov    %rbx,%rsi
* 2a:	48 83 e6 08          	and    $0x8,%rsi <-- trapping instruction
  2e:	31 ff                	xor    %edi,%edi
  30:	e8 ab ea c7 ff       	call   0xffc7eae0
  35:	48 83 e3 08          	and    $0x8,%rbx
  39:	0f 85 9b 12 00 00    	jne    0x12da
  3f:	4c                   	rex.WR