kthread+0x421/0x510 kernel/kthread.c:337
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
---[ end trace 1145daedf6761d06 ]---
================================================================================
UBSAN: array-index-out-of-bounds in kernel/bpf/helpers.c:736:13
index -17 is out of range for type 'char[3][512]'
CPU: 1 PID: 25 Comm: ksoftirqd/1 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
dump_stack+0x15/0x17 lib/dump_stack.c:113
ubsan_epilogue lib/ubsan.c:151 [inline]
__ubsan_handle_out_of_bounds+0x118/0x140 lib/ubsan.c:282
try_get_fmt_tmp_buf kernel/bpf/helpers.c:736 [inline]
bpf_bprintf_prepare+0x132e/0x1360 kernel/bpf/helpers.c:778
____bpf_trace_printk kernel/trace/bpf_trace.c:377 [inline]
bpf_trace_printk+0x14a/0x300 kernel/trace/bpf_trace.c:368
bpf_prog_b3b54572e23ff2cd+0x30/0x3a8
bpf_dispatcher_nop_func include/linux/bpf.h:785 [inline]
__bpf_prog_run include/linux/filter.h:625 [inline]
bpf_prog_run include/linux/filter.h:632 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1883 [inline]
bpf_trace_run2+0xec/0x210 kernel/trace/bpf_trace.c:1920
__bpf_trace_kfree+0x6f/0x90 include/trace/events/kmem.h:118
trace_kfree include/trace/events/kmem.h:118 [inline]
kfree+0x1f3/0x220 mm/slub.c:4569
shmem_free_in_core_inode+0x75/0xc0 mm/shmem.c:3802
i_callback+0x4b/0x70 fs/inode.c:225
rcu_do_batch+0x57a/0xc10 kernel/rcu/tree.c:2523
rcu_core+0x517/0x1020 kernel/rcu/tree.c:2763
rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2776
__do_softirq+0x26d/0x5bf kernel/softirq.c:565
run_ksoftirqd+0x23/0x30 kernel/softirq.c:937
smpboot_thread_fn+0x466/0x8d0 kernel/smpboot.c:164
kthread+0x421/0x510 kernel/kthread.c:337
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
================================================================================
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000100, exited with 00010100?
------------[ cut here ]------------
timer: igmp_ifc_timer_expire+0x0/0xf50 preempt leak: 00000101 -> 00000100
WARNING: CPU: 1 PID: 9801 at kernel/time/timer.c:1434 call_timer_fn+0xa3/0x2d0 kernel/time/timer.c:1433
Modules linked in:
CPU: 1 PID: 9801 Comm: kworker/1:53 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Workqueue: wg-crypt-wg1 wg_packet_decrypt_worker
RIP: 0010:call_timer_fn+0xa3/0x2d0 kernel/time/timer.c:1433
Code: 73 b6 0f 00 c6 05 f8 fa a2 05 01 65 8b 0d 6d 02 a2 7e 81 e1 ff ff ff 7f 48 c7 c7 40 d1 29 85 4c 89 f6 44 89 ea e8 bd 0b e1 ff <0f> 0b eb 05 e8 44 b6 0f 00 65 8b 0d 45 02 a2 7e 89 ca 81 e2 00 00
RSP: 0018:ffffc900001d0d80 EFLAGS: 00010246
RAX: a3b980dfb0b3c800 RBX: 0000000000000100 RCX: ffff888111964f00
RDX: 0000000080000100 RSI: 0000000080000100 RDI: 0000000000000000
RBP: ffffc900001d0db0 R08: ffffffff81575f25 R09: fffff5200003a0d9
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000100005722
R13: 0000000000000101 R14: ffffffff84375180 R15: ffff88812c00d0a0
FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020004038 CR3: 000000000680f000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
expire_timers kernel/time/timer.c:1472 [inline]
__run_timers+0x72a/0xa10 kernel/time/timer.c:1743
run_timer_softirq+0x69/0xf0 kernel/time/timer.c:1756
__do_softirq+0x26d/0x5bf kernel/softirq.c:565
do_softirq+0xf6/0x150 kernel/softirq.c:452
__local_bh_enable_ip+0x75/0x80 kernel/softirq.c:379
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline]
_raw_spin_unlock_bh+0x51/0x60 kernel/locking/spinlock.c:210
spin_unlock_bh include/linux/spinlock.h:408 [inline]
ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
wg_packet_decrypt_worker+0x299/0xdd0 drivers/net/wireguard/receive.c:506
process_one_work+0x6bb/0xc10 kernel/workqueue.c:2325
worker_thread+0xad5/0x12a0 kernel/workqueue.c:2472
kthread+0x421/0x510 kernel/kthread.c:337
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
---[ end trace 1145daedf6761d07 ]---
softirq: huh, entered softirq 4 BLOCK ffffffff8252c040 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 4 BLOCK ffffffff8252c040 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000102, exited with 00000101?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000102, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
BUG: scheduling while atomic: syslogd/82/0x00010000
Modules linked in:
Preemption disabled at:
[] preempt_schedule_irq+0xbc/0x140 kernel/sched/core.c:6914
CPU: 1 PID: 82 Comm: syslogd Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
dump_stack+0x15/0x17 lib/dump_stack.c:113
__schedule_bug+0x195/0x260 kernel/sched/core.c:5707
schedule_debug kernel/sched/core.c:5734 [inline]
__schedule+0xd19/0x1590 kernel/sched/core.c:6402
schedule+0x11f/0x1e0 kernel/sched/core.c:6595
exit_to_user_mode_loop+0x4d/0xe0 kernel/entry/common.c:163
exit_to_user_mode_prepare+0x5a/0xa0 kernel/entry/common.c:208
irqentry_exit_to_user_mode+0x9/0x20 kernel/entry/common.c:314
irqentry_exit+0x12/0x40 kernel/entry/common.c:405
sysvec_reschedule_ipi+0x7d/0x150 arch/x86/kernel/smp.c:225
asm_sysvec_reschedule_ipi+0x1b/0x20 arch/x86/include/asm/idtentry.h:643
RIP: 0033:0x7fe3149258f8
Code: 00 48 8b 05 92 76 16 00 31 c9 64 4c 8b 00 e9 22 00 00 00 48 8b 05 80 76 16 00 64 4c 8b 00 e9 44 03 00 00 48 8b 05 70 76 16 00 <31> c9 64 4c 8b 00 e9 32 03 00 00 41 57 41 89 ca 41 56 41 55 49 89
RSP: 002b:00007fffd503e178 EFLAGS: 00000293
RAX: ffffffffffffff70 RBX: 00007fffd503e1e0 RCX: 0000000000000004
RDX: 000000000000000a RSI: 00007fffd503e1e0 RDI: 0000560d42d59301
RBP: 00007fe31485e300 R08: 0000000000000000 R09: 00007fffd503da28
R10: 0000000000001000 R11: 0000000000000246 R12: 0000560d42d5933d
R13: 0000560d42d59300 R14: 0000000000000000 R15: 00007fe314b8fa80
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 4 BLOCK ffffffff8252c040 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
BUG: scheduling while atomic: syz-executor.4/20311/0x00010001
Modules linked in:
Preemption disabled at:
[] irq_enter_rcu+0x11/0x80 kernel/softirq.c:607
CPU: 1 PID: 20311 Comm: syz-executor.4 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
dump_stack+0x15/0x17 lib/dump_stack.c:113
__schedule_bug+0x195/0x260 kernel/sched/core.c:5707
schedule_debug kernel/sched/core.c:5734 [inline]
__schedule+0xd19/0x1590 kernel/sched/core.c:6402
do_task_dead+0x99/0xa0 kernel/sched/core.c:6530
do_exit+0x2089/0x2ca0 kernel/exit.c:929
do_group_exit+0x141/0x310 kernel/exit.c:1000
get_signal+0x7a3/0x1630 kernel/signal.c:2896
arch_do_signal_or_restart+0xbd/0x1680 arch/x86/kernel/signal.c:867
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop+0xa0/0xe0 kernel/entry/common.c:172
exit_to_user_mode_prepare+0x5a/0xa0 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x26/0x160 kernel/entry/common.c:301
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fb197073da9
Code: Unable to access opcode bytes at RIP 0x7fb197073d7f.
RSP: 002b:00007fb195df5178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00007fb1971a1f88 RCX: 00007fb197073da9
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fb1971a1f8c
RBP: 00007fb1971a1f80 R08: 00007ffe2e9d00b0 R09: 00007fb195df56c0
R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fb1971a1f8c
R13: 000000000000000b R14: 00007ffe2e9cc0a0 R15: 00007ffe2e9cc188
BUG: workqueue leaked lock or atomic: kworker/u4:4/0x7fffffff/347
last function: fsnotify_mark_destroy_workfn
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
BUG: scheduling while atomic: syz-executor.3/20312/0x00010001
Modules linked in:
Preemption disabled at:
[] is_module_text_address+0x1a/0x140 kernel/module.c:4811
CPU: 1 PID: 20312 Comm: syz-executor.3 Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
dump_stack+0x15/0x17 lib/dump_stack.c:113
__schedule_bug+0x195/0x260 kernel/sched/core.c:5707
schedule_debug kernel/sched/core.c:5734 [inline]
__schedule+0xd19/0x1590 kernel/sched/core.c:6402
do_task_dead+0x99/0xa0 kernel/sched/core.c:6530
do_exit+0x2089/0x2ca0 kernel/exit.c:929
do_group_exit+0x141/0x310 kernel/exit.c:1000
get_signal+0x7a3/0x1630 kernel/signal.c:2896
arch_do_signal_or_restart+0xbd/0x1680 arch/x86/kernel/signal.c:867
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop+0xa0/0xe0 kernel/entry/common.c:172
exit_to_user_mode_prepare+0x5a/0xa0 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x26/0x160 kernel/entry/common.c:301
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7eff30f2cda9
Code: Unable to access opcode bytes at RIP 0x7eff30f2cd7f.
RSP: 002b:00007eff2fcae178 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007eff3105af88 RCX: 00007eff30f2cda9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007eff3105af88
RBP: 00007eff3105af80 R08: 00007eff2fcae6c0 R09: 00007eff2fcae6c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff3105af8c
R13: 000000000000000b R14: 00007ffe590a89c0 R15: 00007ffe590a8aa8
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000102, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815caa40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
BUG: workqueue leaked lock or atomic: kworker/u4:2/0x7fffffff/45
last function: fsnotify_mark_destroy_workfn
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
BUG: workqueue leaked lock or atomic: kworker/u4:4/0x7fffffff/347
last function: fsnotify_connector_destroy_workfn
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000101, exited with 00000100?