------------[ cut here ]------------
WARNING: CPU: 0 PID: 4205 at mm/maccess.c:226 copy_from_user_nofault+0x15c/0x1c0
Modules linked in:
CPU: 0 PID: 4205 Comm: kworker/0:3 Not tainted 5.15.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: mld mld_ifc_work
RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 mm/maccess.c:226
Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 cb c6 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff
RSP: 0000:ffffc900000073c8 EFLAGS: 00010246
RAX: ffffffff81aaacec RBX: 0000000000000000 RCX: ffff88802d17bb80
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffffffff81aaabfd R09: fffffbfff20ec821
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90000007428
FS:  0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f45b8d5eed8 CR3: 000000002b079000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 bpf_probe_read_user_common kernel/trace/bpf_trace.c:157 [inline]
 ____bpf_probe_read_user kernel/trace/bpf_trace.c:166 [inline]
 bpf_probe_read_user+0x26/0x70 kernel/trace/bpf_trace.c:163
 bpf_prog_690f12e098ef46de+0x32/0x980
 bpf_dispatcher_nop_func include/linux/bpf.h:790 [inline]
 __bpf_prog_run include/linux/filter.h:628 [inline]
 bpf_prog_run include/linux/filter.h:635 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline]
 bpf_trace_run2+0x19e/0x340 kernel/trace/bpf_trace.c:1915
 __bpf_trace_kfree+0x6e/0x90 include/trace/events/kmem.h:118
 trace_kfree include/trace/events/kmem.h:118 [inline]
 kfree+0x22f/0x270 mm/slub.c:4549
 skb_free_head net/core/skbuff.c:655 [inline]
 skb_release_data+0x73a/0x8a0 net/core/skbuff.c:677
 skb_release_all net/core/skbuff.c:742 [inline]
 __kfree_skb net/core/skbuff.c:756 [inline]
 kfree_skb_reason+0xb3/0x170 net/core/skbuff.c:776
 kfree_skb include/linux/skbuff.h:1118 [inline]
 ip6_mc_input+0x97a/0xb80 net/ipv6/ip6_input.c:572
 dst_input include/net/dst.h:453 [inline]
 ip6_sublist_rcv_finish net/ipv6/ip6_input.c:88 [inline]
 ip6_list_rcv_finish net/ipv6/ip6_input.c:145 [inline]
 ip6_sublist_rcv+0xf80/0x12d0 net/ipv6/ip6_input.c:310
 ipv6_list_rcv+0x424/0x470 net/ipv6/ip6_input.c:345
 __netif_receive_skb_list_ptype net/core/dev.c:5536 [inline]
 __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5584
 __netif_receive_skb_list net/core/dev.c:5636 [inline]
 netif_receive_skb_list_internal+0x9ed/0xdf0 net/core/dev.c:5727
 netif_receive_skb_list+0x51/0x440 net/core/dev.c:5779
 ieee80211_rx_napi+0x333/0x380 net/mac80211/rx.c:5009
 ieee80211_rx include/net/mac80211.h:4571 [inline]
 ieee80211_handle_queued_frames+0x103/0x1b0 net/mac80211/main.c:235
 tasklet_action_common+0x3cb/0x4a0
 handle_softirqs+0x3a7/0x930 kernel/softirq.c:558
 do_softirq+0x162/0x240 kernel/softirq.c:459
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1b1/0x1f0 kernel/softirq.c:383
 rcu_read_unlock_bh include/linux/rcupdate.h:809 [inline]
 ip6_finish_output2+0x103e/0x15a0 net/ipv6/ip6_output.c:131
 dst_output include/net/dst.h:443 [inline]
 NF_HOOK+0x166/0x4f0 include/linux/netfilter.h:302
 mld_sendpack+0x70e/0xc10 net/ipv6/mcast.c:1820
 mld_send_cr net/ipv6/mcast.c:2121 [inline]
 mld_ifc_work+0x7d7/0xc90 net/ipv6/mcast.c:2653
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>