BUG: unable to handle page fault for address: ffffffffff600000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 64a7067 P4D 64a7067 PUD 64a9067 PMD 64ab067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 85 Comm: klogd Not tainted 6.7.0-rc1-syzkaller-00019-gc42d9eeef8e5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:copy_from_kernel_nofault+0x8a/0x2e0 mm/maccess.c:36
Code: 48 89 55 d0 0f 85 de 01 00 00 ff 02 bf 07 00 00 00 4c 89 ee e8 47 4d cc ff 49 83 fd 07 76 58 4d 89 fe 49 83 c7 08 49 83 c5 f8 <49> 8b 1c 24 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80
RSP: 0018:ffffc9000075f950 EFLAGS: 00010257
RAX: 0000000000000000 RBX: 0000000000000008 RCX: ffff88810dfbd3c0
RDX: ffff88810dfbde64 RSI: 0000000000000008 RDI: 0000000000000007
RBP: ffffc9000075f988 R08: ffffffff81ac05a9 R09: 1ffff920000ebf4c
R10: fffff520000ebf4d R11: fffff520000ebf4d R12: ffffffffff600000
R13: 0000000000000000 R14: ffffc9000075f9c8 R15: ffffc9000075f9d0
FS:  00007ffbe8a48380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 000000010caf0000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 bpf_probe_read_kernel_common include/linux/bpf.h:2743 [inline]
 ____bpf_probe_read_kernel kernel/trace/bpf_trace.c:236 [inline]
 bpf_probe_read_kernel+0x2e/0x70 kernel/trace/bpf_trace.c:233
 bpf_prog_bd8b22826c103b08+0x42/0x44
 bpf_dispatcher_nop_func include/linux/bpf.h:1192 [inline]
 __bpf_prog_run include/linux/filter.h:651 [inline]
 bpf_prog_run include/linux/filter.h:658 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2307 [inline]
 bpf_trace_run2+0x137/0x290 kernel/trace/bpf_trace.c:2346
 __bpf_trace_kfree+0xd/0x10 include/trace/events/kmem.h:94
 trace_kfree include/trace/events/kmem.h:94 [inline]
 kfree+0xd6/0xf0 mm/slab_common.c:1043
 syslog_print+0x902/0x9a0 kernel/printk/printk.c:1642
 do_syslog+0x503/0x890 kernel/printk/printk.c:1728
 __do_sys_syslog kernel/printk/printk.c:1820 [inline]
 __se_sys_syslog kernel/printk/printk.c:1818 [inline]
 __x64_sys_syslog+0x80/0x90 kernel/printk/printk.c:1818
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0xe0 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7ffbe8ba9fa7
Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007fff2b3e5528 EFLAGS: 00000206 ORIG_RAX: 0000000000000067
RAX: ffffffffffffffda RBX: 00007ffbe8d484a0 RCX: 00007ffbe8ba9fa7
RDX: 00000000000003ff RSI: 00007ffbe8d484a0 RDI: 0000000000000002
RBP: 0000000000000000 R08: 0000000000000007 R09: de83617975e191a4
R10: 0000000000004000 R11: 0000000000000206 R12: 00007ffbe8d484a0
R13: 00007ffbe8d38212 R14: 00007ffbe8d485a7 R15: 00007ffbe8d485a7
 </TASK>
Modules linked in:
CR2: ffffffffff600000
---[ end trace 0000000000000000 ]---
RIP: 0010:copy_from_kernel_nofault+0x8a/0x2e0 mm/maccess.c:36
Code: 48 89 55 d0 0f 85 de 01 00 00 ff 02 bf 07 00 00 00 4c 89 ee e8 47 4d cc ff 49 83 fd 07 76 58 4d 89 fe 49 83 c7 08 49 83 c5 f8 <49> 8b 1c 24 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80
RSP: 0018:ffffc9000075f950 EFLAGS: 00010257

RAX: 0000000000000000 RBX: 0000000000000008 RCX: ffff88810dfbd3c0
RDX: ffff88810dfbde64 RSI: 0000000000000008 RDI: 0000000000000007
RBP: ffffc9000075f988 R08: ffffffff81ac05a9 R09: 1ffff920000ebf4c
R10: fffff520000ebf4d R11: fffff520000ebf4d R12: ffffffffff600000
R13: 0000000000000000 R14: ffffc9000075f9c8 R15: ffffc9000075f9d0
FS:  00007ffbe8a48380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 000000010caf0000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	48 89 55 d0          	mov    %rdx,-0x30(%rbp)
   4:	0f 85 de 01 00 00    	jne    0x1e8
   a:	ff 02                	incl   (%rdx)
   c:	bf 07 00 00 00       	mov    $0x7,%edi
  11:	4c 89 ee             	mov    %r13,%rsi
  14:	e8 47 4d cc ff       	call   0xffcc4d60
  19:	49 83 fd 07          	cmp    $0x7,%r13
  1d:	76 58                	jbe    0x77
  1f:	4d 89 fe             	mov    %r15,%r14
  22:	49 83 c7 08          	add    $0x8,%r15
  26:	49 83 c5 f8          	add    $0xfffffffffffffff8,%r13
* 2a:	49 8b 1c 24          	mov    (%r12),%rbx <-- trapping instruction
  2e:	4c 89 f0             	mov    %r14,%rax
  31:	48 c1 e8 03          	shr    $0x3,%rax
  35:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  3c:	fc ff df
  3f:	80                   	.byte 0x80