------------[ cut here ]------------
WARNING: CPU: 1 PID: 4291 at mm/maccess.c:226 copy_from_user_nofault+0x160/0x1c0 mm/maccess.c:226
Modules linked in:
CPU: 1 PID: 4291 Comm: kworker/1:11 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:copy_from_user_nofault+0x160/0x1c0 mm/maccess.c:226
Code: 24 45 31 f6 31 ff 89 de e8 8d f6 d8 ff 85 db 48 c7 c0 f2 ff ff ff 49 0f 44 c6 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 10 f3 d8 ff <0f> 0b e9 1c ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ea fe
RSP: 0018:ffffc90000dd0b50 EFLAGS: 00010006
RAX: ffffffff819ed900 RBX: 0000000000000008 RCX: ffff888026d9bb80
RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed1004db3771
R10: ffffed1004db3771 R11: 1ffff11004db3770 R12: ffff888026d9d308
R13: 00007ffffffff000 R14: ffffc90000dd0bc8 R15: 0000000020000000
FS:  0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000001abbb000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 bpf_probe_read_user_common kernel/trace/bpf_trace.c:157 [inline]
 ____bpf_probe_read_compat kernel/trace/bpf_trace.c:281 [inline]
 bpf_probe_read_compat+0xdd/0x170 kernel/trace/bpf_trace.c:277
 bpf_prog_5552427ec2450e15+0x40/0xa84
 bpf_dispatcher_nop_func include/linux/bpf.h:888 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
 bpf_trace_run2+0x15b/0x2d0 kernel/trace/bpf_trace.c:1915
 __traceiter_hrtimer_start+0x6a/0xb0 include/trace/events/timer.h:199
 trace_hrtimer_start include/trace/events/timer.h:199 [inline]
 debug_activate kernel/time/hrtimer.c:466 [inline]
 enqueue_hrtimer+0x314/0x370 kernel/time/hrtimer.c:1069
 __run_hrtimer kernel/time/hrtimer.c:1702 [inline]
 __hrtimer_run_queues+0x65a/0xc40 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline]
 __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:__kasan_check_read+0x6/0x10 mm/kasan/shadow.c:31
Code: 41 5f 5d c3 48 c7 c7 dd 27 b9 8b eb 0a 48 c7 c7 cb 42 a3 8b 48 89 de e8 48 b9 e2 07 31 ed eb d7 00 00 cc cc 89 f6 48 8b 0c 24 <31> d2 e9 43 ef ff ff 0f 1f 00 89 f6 48 8b 0c 24 ba 01 00 00 00 e9
RSP: 0018:ffffc9000316f868 EFLAGS: 00000246
RAX: ffff8880b9000000 RBX: 1ffffffff1a47124 RCX: ffffffff815b3da0
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8d238920
RBP: ffffffff8d238970 R08: dffffc0000000000 R09: ffffed1004db3771
R10: ffffed1004db3771 R11: 1ffff11004db3770 R12: ffff88802ba91dc0
R13: ffffffff8d238920 R14: ffffffff8d238970 R15: dffffc0000000000
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 atomic_long_read include/linux/atomic/atomic-instrumented.h:1183 [inline]
 __mutex_owner kernel/locking/mutex.c:78 [inline]
 mutex_spin_on_owner+0x290/0x380 kernel/locking/mutex.c:352
 mutex_optimistic_spin+0x38/0x300 kernel/locking/mutex.c:469
 __mutex_lock_common+0x210/0x2390 kernel/locking/mutex.c:599
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 addrconf_dad_work+0xc4/0x1520 net/ipv6/addrconf.c:4110
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
----------------
Code disassembly (best guess):
   0:	41 5f                	pop    %r15
   2:	5d                   	pop    %rbp
   3:	c3                   	ret
   4:	48 c7 c7 dd 27 b9 8b 	mov    $0xffffffff8bb927dd,%rdi
   b:	eb 0a                	jmp    0x17
   d:	48 c7 c7 cb 42 a3 8b 	mov    $0xffffffff8ba342cb,%rdi
  14:	48 89 de             	mov    %rbx,%rsi
  17:	e8 48 b9 e2 07       	call   0x7e2b964
  1c:	31 ed                	xor    %ebp,%ebp
  1e:	eb d7                	jmp    0xfffffff7
  20:	00 00                	add    %al,(%rax)
  22:	cc                   	int3
  23:	cc                   	int3
  24:	89 f6                	mov    %esi,%esi
  26:	48 8b 0c 24          	mov    (%rsp),%rcx
* 2a:	31 d2                	xor    %edx,%edx <-- trapping instruction
  2c:	e9 43 ef ff ff       	jmp    0xffffef74
  31:	0f 1f 00             	nopl   (%rax)
  34:	89 f6                	mov    %esi,%esi
  36:	48 8b 0c 24          	mov    (%rsp),%rcx
  3a:	ba 01 00 00 00       	mov    $0x1,%edx
  3f:	e9                   	.byte 0xe9