------------[ cut here ]------------ WARNING: CPU: 0 PID: 5257 at mm/maccess.c:226 copy_from_user_nofault+0x15c/0x1c0 Modules linked in: CPU: 0 PID: 5257 Comm: syz.4.319 Not tainted 5.15.177-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 mm/maccess.c:226 Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 ab ba d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 94 ba d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff RSP: 0000:ffffc900033cf250 EFLAGS: 00010246 RAX: ffffffff81aacafc RBX: 0000000000000000 RCX: ffff88802752d940 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff81aaca0d R09: ffffed1004ea5b29 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 R13: 0000000000000008 R14: 0000000000000000 R15: ffffc900033cf2c8 FS: 00005555751cc500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020004b40 CR3: 0000000022b76000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: bpf_probe_read_user_common kernel/trace/bpf_trace.c:157 [inline] ____bpf_probe_read_compat kernel/trace/bpf_trace.c:281 [inline] bpf_probe_read_compat+0xe4/0x180 kernel/trace/bpf_trace.c:277 bpf_prog_a9d1eab64edc2dc9+0x56/0xc84 bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline] __bpf_prog_run include/linux/filter.h:628 [inline] bpf_prog_run include/linux/filter.h:635 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline] bpf_trace_run3+0x1d1/0x380 kernel/trace/bpf_trace.c:1916 __bpf_trace_kmem_cache_free+0x99/0xc0 include/trace/events/kmem.h:138 trace_kmem_cache_free include/trace/events/kmem.h:138 [inline] kmem_cache_free+0x1ce/0x1f0 mm/slub.c:3516 netlink_broadcast_filtered+0x1083/0x11a0 net/netlink/af_netlink.c:1521 netlink_broadcast net/netlink/af_netlink.c:1543 [inline] nlmsg_multicast include/net/netlink.h:1033 [inline] nlmsg_notify+0xf7/0x1b0 net/netlink/af_netlink.c:2532 neigh_cleanup_and_release+0xa5/0x260 net/core/neighbour.c:101 neigh_del net/core/neighbour.c:197 [inline] neigh_remove_one+0x4b1/0x5c0 net/core/neighbour.c:218 neigh_forced_gc net/core/neighbour.c:251 [inline] neigh_alloc net/core/neighbour.c:429 [inline] ___neigh_create+0x45a/0x2220 net/core/neighbour.c:591 ip6_finish_output2+0x11c5/0x15a0 net/ipv6/ip6_output.c:127 dst_output include/net/dst.h:443 [inline] NF_HOOK include/linux/netfilter.h:302 [inline] ndisc_send_skb+0xae0/0x13c0 net/ipv6/ndisc.c:511 addrconf_rs_timer+0x357/0x610 net/ipv6/addrconf.c:3959 call_timer_fn+0x16d/0x560 kernel/time/timer.c:1451 expire_timers kernel/time/timer.c:1496 [inline] __run_timers+0x67c/0x890 kernel/time/timer.c:1767 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1780 handle_softirqs+0x3a7/0x930 kernel/softirq.c:558 __do_softirq kernel/softirq.c:592 [inline] invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x157/0x240 kernel/softirq.c:641 irq_exit_rcu+0x5/0x20 kernel/softirq.c:653 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1108 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676 RIP: 0033:0x7f5ebcacc4e5 Code: 72 f3 48 83 e8 08 48 39 f2 73 17 66 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 48 39 c3 73 3e 48 89 33 <48> 83 c3 08 48 8b 70 f8 48 89 08 48 8b 0b 49 8b 14 24 eb bf 48 39 RSP: 002b:00007ffc0e4d6d00 EFLAGS: 00000297 RAX: 00007f5ebc27f438 RBX: 00007f5ebc27f160 RCX: ffffffff8174b2e4 RDX: ffffffff8174b2e4 RSI: ffffffff8174b2e4 RDI: 00007f5ebc27fa80 RBP: 00007f5ebc27eb20 R08: 00007f5ebc27f2c8 R09: 00007f5ebcdf8000 R10: 00007f5ebc265008 R11: 0000000000000001 R12: 00007f5ebc27eb18 R13: 0000000000000014 R14: 0000000000000226 R15: 00007f5ebc265008