BUG: unable to handle page fault for address: ffffffffa06007c0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD ba8f067 P4D ba8f067 PUD ba90063 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 9728 Comm: kworker/0:59 Tainted: G W 5.17.0-syzkaller-13577-gb02d196c44ea #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events bpf_prog_free_deferred RIP: 0010:bpf_jit_binary_pack_free kernel/bpf/core.c:1165 [inline] RIP: 0010:bpf_jit_free+0x116/0x2b0 kernel/bpf/core.c:1196 Code: f2 ff 48 83 e3 c0 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 89 df 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 5c 01 00 00 <8b> 1f e8 33 b2 ff ff 31 ff e8 bc 77 24 00 be 08 00 00 00 48 c7 c7 RSP: 0018:ffffc9000373fc88 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffffffffa06007c0 RCX: ffffffff818650db RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffa06007c0 RBP: ffffc90005b75000 R08: 0000000000000000 R09: 0000000000000001 R10: ffffffff81864f40 R11: 0000000000000000 R12: ffffc90005b75038 R13: 0000000000000001 R14: ffff888016130c00 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffa06007c0 CR3: 000000007c911000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: bpf_prog_free_deferred+0x5c1/0x790 kernel/bpf/core.c:2569 process_one_work+0x996/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e9/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 Modules linked in: CR2: ffffffffa06007c0 ---[ end trace 0000000000000000 ]--- RIP: 0010:bpf_jit_binary_pack_free kernel/bpf/core.c:1165 [inline] RIP: 0010:bpf_jit_free+0x116/0x2b0 kernel/bpf/core.c:1196 Code: f2 ff 48 83 e3 c0 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 89 df 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 5c 01 00 00 <8b> 1f e8 33 b2 ff ff 31 ff e8 bc 77 24 00 be 08 00 00 00 48 c7 c7 RSP: 0018:ffffc9000373fc88 EFLAGS: 00010296 RAX: 0000000000000000 RBX: ffffffffa06007c0 RCX: ffffffff818650db RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffffa06007c0 RBP: ffffc90005b75000 R08: 0000000000000000 R09: 0000000000000001 R10: ffffffff81864f40 R11: 0000000000000000 R12: ffffc90005b75038 R13: 0000000000000001 R14: ffff888016130c00 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffa06007c0 CR3: 000000007c911000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 ---------------- Code disassembly (best guess): 0: f2 ff 48 83 repnz decl -0x7d(%rax) 4: e3 c0 jrcxz 0xffffffc6 6: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax d: fc ff df 10: 48 89 da mov %rbx,%rdx 13: 48 89 df mov %rbx,%rdi 16: 48 c1 ea 03 shr $0x3,%rdx 1a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax 1e: 84 c0 test %al,%al 20: 74 08 je 0x2a 22: 3c 03 cmp $0x3,%al 24: 0f 8e 5c 01 00 00 jle 0x186 * 2a: 8b 1f mov (%rdi),%ebx <-- trapping instruction 2c: e8 33 b2 ff ff callq 0xffffb264 31: 31 ff xor %edi,%edi 33: e8 bc 77 24 00 callq 0x2477f4 38: be 08 00 00 00 mov $0x8,%esi 3d: 48 rex.W 3e: c7 .byte 0xc7 3f: c7 .byte 0xc7