------------[ cut here ]------------ WARNING: CPU: 1 PID: 20 at mm/maccess.c:226 copy_from_user_nofault+0x160/0x1c0 mm/maccess.c:226 Modules linked in: CPU: 1 PID: 20 Comm: ksoftirqd/1 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:copy_from_user_nofault+0x160/0x1c0 mm/maccess.c:226 Code: 24 45 31 f6 31 ff 89 de e8 0d f6 d8 ff 85 db 48 c7 c0 f2 ff ff ff 49 0f 44 c6 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 90 f2 d8 ff <0f> 0b e9 1c ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c ea fe RSP: 0018:ffffc90000da65b8 EFLAGS: 00010246 RAX: ffffffff819ed980 RBX: 0000000000000008 RCX: ffff888017568000 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed1002ead001 R10: ffffed1002ead001 R11: 1ffff11002ead000 R12: ffff888017569788 R13: 00007ffffffff000 R14: ffffc90000da6628 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000767a1000 CR4: 00000000003506e0 DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: bpf_probe_read_user_common kernel/trace/bpf_trace.c:157 [inline] ____bpf_probe_read_compat kernel/trace/bpf_trace.c:281 [inline] bpf_probe_read_compat+0xdd/0x170 kernel/trace/bpf_trace.c:277 bpf_prog_dafeb42eb5660805+0x5e/0x98c bpf_dispatcher_nop_func include/linux/bpf.h:888 [inline] __bpf_prog_run include/linux/filter.h:621 [inline] bpf_prog_run include/linux/filter.h:635 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:1878 [inline] bpf_trace_run3+0x26e/0x320 kernel/trace/bpf_trace.c:1916 __bpf_trace_kmem_cache_free+0x99/0xc0 include/trace/events/kmem.h:138 __traceiter_kmem_cache_free+0x30/0x50 include/trace/events/kmem.h:138 trace_kmem_cache_free include/trace/events/kmem.h:138 [inline] kmem_cache_free+0x1e7/0x210 mm/slub.c:3521 skb_ext_del include/linux/skbuff.h:4461 [inline] nf_bridge_info_free net/bridge/br_netfilter_hooks.c:152 [inline] br_nf_dev_queue_xmit+0x5a0/0x1c30 net/bridge/br_netfilter_hooks.c:848 NF_HOOK+0x590/0x610 include/linux/netfilter.h:302 br_nf_post_routing+0x915/0xcb0 net/bridge/br_netfilter_hooks.c:955 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_slow+0xb9/0x200 net/netfilter/core.c:584 nf_hook include/linux/netfilter.h:257 [inline] NF_HOOK+0x1eb/0x370 include/linux/netfilter.h:300 br_forward_finish+0x74/0x80 net/bridge/br_forward.c:66 br_nf_hook_thresh net/bridge/br_netfilter_hooks.c:-1 [inline] br_nf_forward_finish+0x986/0xd20 net/bridge/br_netfilter_hooks.c:662 NF_HOOK+0x590/0x610 include/linux/netfilter.h:302 br_nf_forward_ip+0xc5c/0x10a0 net/bridge/br_netfilter_hooks.c:732 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_slow+0xb9/0x200 net/netfilter/core.c:584 nf_hook include/linux/netfilter.h:257 [inline] NF_HOOK+0x1eb/0x370 include/linux/netfilter.h:300 __br_forward+0x41f/0x600 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver+0xb5/0x150 net/bridge/br_forward.c:190 br_flood+0x2fc/0x450 net/bridge/br_forward.c:232 br_handle_frame_finish+0x1018/0x12c0 net/bridge/br_input.c:180 br_nf_hook_thresh+0x3b2/0x480 net/bridge/br_netfilter_hooks.c:1155 br_nf_pre_routing_finish_ipv6+0x903/0xc80 net/bridge/br_netfilter_ipv6.c:-1 NF_HOOK include/linux/netfilter.h:302 [inline] br_nf_pre_routing_ipv6+0x359/0x650 net/bridge/br_netfilter_ipv6.c:237 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_bridge_pre net/bridge/br_input.c:242 [inline] br_handle_frame+0x89b/0x1180 net/bridge/br_input.c:384 __netif_receive_skb_core+0xfb0/0x35d0 net/core/dev.c:5419 __netif_receive_skb_one_core net/core/dev.c:5523 [inline] __netif_receive_skb+0x74/0x290 net/core/dev.c:5639 process_backlog+0x364/0x780 net/core/dev.c:6516 __napi_poll+0xc0/0x430 net/core/dev.c:7075 napi_poll net/core/dev.c:7142 [inline] net_rx_action+0x4a8/0x9c0 net/core/dev.c:7232 handle_softirqs+0x328/0x820 kernel/softirq.c:576 run_ksoftirqd+0x98/0xf0 kernel/softirq.c:943 smpboot_thread_fn+0x4f6/0x970 kernel/smpboot.c:164 kthread+0x436/0x520 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287