UBSAN: array-index-out-of-bounds in kernel/bpf/helpers.c:736:13 index -5 is out of range for type 'char[3][512]' CPU: 1 PID: 284 Comm: syz-fuzzer Tainted: G W 5.15.148-syzkaller-00718-g993bed180178 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106 dump_stack+0x15/0x17 lib/dump_stack.c:113 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0x118/0x140 lib/ubsan.c:282 try_get_fmt_tmp_buf kernel/bpf/helpers.c:736 [inline] bpf_bprintf_prepare+0x132e/0x1360 kernel/bpf/helpers.c:778 ____bpf_trace_printk kernel/trace/bpf_trace.c:377 [inline] bpf_trace_printk+0x14a/0x300 kernel/trace/bpf_trace.c:368 bpf_prog_b6ff6b9c07ea4265+0x56/0x234 bpf_dispatcher_nop_func include/linux/bpf.h:785 [inline] __bpf_prog_run include/linux/filter.h:618 [inline] bpf_prog_run include/linux/filter.h:632 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:1883 [inline] bpf_trace_run2+0x159/0x210 kernel/trace/bpf_trace.c:1920 __bpf_trace_sys_enter+0x62/0x70 include/trace/events/syscalls.h:18 trace_sys_enter include/trace/events/syscalls.h:18 [inline] syscall_trace_enter kernel/entry/common.c:77 [inline] __syscall_enter_from_user_work kernel/entry/common.c:90 [inline] syscall_enter_from_user_mode+0x14d/0x1b0 kernel/entry/common.c:108 do_syscall_64+0x1e/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x472e43 Code: 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14 4c 8b 54 24 18 4c 8b 44 24 20 44 8b 4c 24 28 b8 ca 00 00 00 0f 05 <89> 44 24 30 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc RSP: 002b:000000c000087f28 EFLAGS: 00000206 ORIG_RAX: 00000000000000ca RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000472e43 RDX: 0000000000000001 RSI: 0000000000000081 RDI: 00000000024d0d80 RBP: 000000c000087f78 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000206 R12: 000000c000087e10 R13: 0000000000000001 R14: 000000c000006d00 R15: 000000000000000f ================================================================================ softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000100, exited with 000000fe? softirq: huh, entered softirq 3 NET_RX ffffffff83e88890 with preempt_count 00000100, exited with 000000fe?