softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000103, exited with 00000102?
================================================================================
UBSAN: array-index-out-of-bounds in kernel/bpf/helpers.c:776:13
index -2 is out of range for type 'char[3][512]'
CPU: 1 PID: 23 Comm: ksoftirqd/1 Tainted: G        W          6.1.75-syzkaller-00037-gdcb09569bbff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
 dump_stack+0x15/0x1b lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0x13a/0x160 lib/ubsan.c:282
 try_get_fmt_tmp_buf kernel/bpf/helpers.c:776 [inline]
 bpf_bprintf_prepare+0x132e/0x1360 kernel/bpf/helpers.c:818
 ____bpf_trace_printk kernel/trace/bpf_trace.c:385 [inline]
 bpf_trace_printk+0x14a/0x300 kernel/trace/bpf_trace.c:376
 bpf_prog_330576d32f01b34b+0x37/0x5f
 bpf_dispatcher_nop_func include/linux/bpf.h:987 [inline]
 __bpf_prog_run include/linux/filter.h:600 [inline]
 bpf_prog_run include/linux/filter.h:607 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2275 [inline]
 bpf_trace_run2+0x133/0x290 kernel/trace/bpf_trace.c:2314
 __bpf_trace_kfree+0x6f/0x90 include/trace/events/kmem.h:94
 __traceiter_kfree+0x2a/0x40 include/trace/events/kmem.h:94
 trace_kfree include/trace/events/kmem.h:94 [inline]
 kfree+0xce/0xf0 mm/slab_common.c:996
 security_task_free+0x9a/0xc0 security/security.c:1686
 __put_task_struct+0xed/0x3c0 kernel/fork.c:938
 put_task_struct include/linux/sched/task.h:145 [inline]
 delayed_put_task_struct+0x69/0x1c0 kernel/exit.c:227
 rcu_do_batch+0x518/0xb70 kernel/rcu/tree.c:2264
 rcu_core+0x4ee/0xf10 kernel/rcu/tree.c:2524
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2541
 __do_softirq+0x1d8/0x661 kernel/softirq.c:617
 run_ksoftirqd+0x23/0x30 kernel/softirq.c:990
 smpboot_thread_fn+0x466/0x8d0 kernel/smpboot.c:164
 kthread+0x26d/0x300 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
================================================================================
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON((val < PREEMPT_MASK) && !(preempt_count() & PREEMPT_MASK))
WARNING: CPU: 1 PID: 23 at kernel/sched/core.c:5909 preempt_count_sub+0xe5/0x160 kernel/sched/core.c:5908
Modules linked in:
CPU: 1 PID: 23 Comm: ksoftirqd/1 Tainted: G        W          6.1.75-syzkaller-00037-gdcb09569bbff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:preempt_count_sub+0xe5/0x160 kernel/sched/core.c:5908
Code: 87 48 c1 e8 03 42 0f b6 04 30 84 c0 75 6f 83 3d b8 de ff 05 00 75 94 48 c7 c7 e0 69 49 85 48 c7 c6 c0 6a 49 85 e8 db 1d f5 ff <0f> 0b e9 7a ff ff ff 48 c7 c1 80 4f 73 87 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc900001879c8 EFLAGS: 00010246
RAX: dcf61c9f61cbaa00 RBX: 0000000000000001 RCX: ffff88810039bcc0
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900001879d8 R08: ffffffff8144792e R09: fffff52000030e91
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff110252ced87 R14: dffffc0000000000 R15: 0000000000000010
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002000 CR3: 0000000121d9d000 CR4: 00000000003526a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x5b/0x80 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:405 [inline]
 cpufreq_task_times_exit+0x90/0xb0 drivers/cpufreq/cpufreq_times.c:100
 free_task+0x51/0x270 kernel/fork.c:612
 __put_task_struct+0x24e/0x3c0 kernel/fork.c:943
 put_task_struct include/linux/sched/task.h:145 [inline]
 delayed_put_task_struct+0x69/0x1c0 kernel/exit.c:227
 rcu_do_batch+0x518/0xb70 kernel/rcu/tree.c:2264
 rcu_core+0x4ee/0xf10 kernel/rcu/tree.c:2524
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2541
 __do_softirq+0x1d8/0x661 kernel/softirq.c:617
 run_ksoftirqd+0x23/0x30 kernel/softirq.c:990
 smpboot_thread_fn+0x466/0x8d0 kernel/smpboot.c:164
 kthread+0x26d/0x300 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
---[ end trace 0000000000000000 ]---
softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000101, exited with 00000100?
BUG: workqueue leaked lock or atomic: kworker/1:1/0x7fffffff/39
     last function: bpf_prog_free_deferred
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000102, exited with 00000101?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000101, exited with 00000100?
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7262 at block/blk-mq.c:2168 __blk_mq_run_hw_queue+0x139/0x150
Modules linked in:
CPU: 1 PID: 7262 Comm: syz-executor.4 Tainted: G        W          6.1.75-syzkaller-00037-gdcb09569bbff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:__blk_mq_run_hw_queue+0x139/0x150 block/blk-mq.c:2168
Code: 3d d2 13 ff 41 83 fc 01 77 27 e8 82 ce 13 ff 4c 89 ff 44 89 e6 e8 a7 30 fe fe 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 67 ce 13 ff <0f> 0b e9 fc fe ff ff e8 5b ce 13 ff 0f 0b eb d5 0f 1f 80 00 00 00
RSP: 0018:ffffc9000315eb78 EFLAGS: 00010246
RAX: ffffffff82618fb9 RBX: 0000000000010000 RCX: ffff88812a42bcc0
RDX: 0000000080010000 RSI: 0000000000010000 RDI: 0000000000000000
RBP: ffffc9000315eba0 R08: ffffffff82618eab R09: ffffed102176661a
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810bb33000
R13: 0000000000000000 R14: 0000000000000001 R15: ffff88810bb33000
FS:  00007f23ee7096c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fc26000 CR3: 00000001543e8000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __blk_mq_delay_run_hw_queue+0x112/0x580 block/blk-mq.c:2246
 blk_mq_run_hw_queue+0x265/0x4c0 block/blk-mq.c:2294
 blk_mq_sched_insert_requests+0x2b1/0x420 block/blk-mq-sched.c:492
 blk_mq_dispatch_plug_list block/blk-mq.c:2755 [inline]
 blk_mq_flush_plug_list+0x7a0/0x9d0 block/blk-mq.c:2804
 __blk_flush_plug+0x442/0x4c0 block/blk-core.c:1152
 blk_finish_plug+0x5d/0x80 block/blk-core.c:1176
 read_pages+0x9e1/0xd40 mm/readahead.c:195
 page_cache_ra_unbounded+0x4c1/0x690 mm/readahead.c:281
 do_page_cache_ra mm/readahead.c:311 [inline]
 page_cache_ra_order+0x92f/0xb40 mm/readahead.c:571
 ondemand_readahead+0x92a/0xef0 mm/readahead.c:695
 page_cache_sync_ra+0x3d6/0x450 mm/readahead.c:722
 page_cache_sync_readahead include/linux/pagemap.h:1251 [inline]
 filemap_get_pages mm/filemap.c:2654 [inline]
 filemap_read+0x7a9/0x24b0 mm/filemap.c:2748
 generic_file_read_iter+0xad/0x4e0 mm/filemap.c:2903
 ext4_file_read_iter+0x330/0x470
 call_read_iter include/linux/fs.h:2252 [inline]
 generic_file_splice_read+0x23c/0x630 fs/splice.c:308
 do_splice_to fs/splice.c:792 [inline]
 splice_direct_to_actor+0x3fc/0xbb0 fs/splice.c:864
 do_splice_direct+0x27f/0x3c0 fs/splice.c:973
 do_sendfile+0x616/0xfe0 fs/read_write.c:1255
 __do_sys_sendfile64 fs/read_write.c:1323 [inline]
 __se_sys_sendfile64 fs/read_write.c:1309 [inline]
 __x64_sys_sendfile64+0x1ce/0x230 fs/read_write.c:1309
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f23eda7dea9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f23ee7090c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f23edbabf80 RCX: 00007f23eda7dea9
RDX: 0000000000000000 RSI: 000000000000000a RDI: 000000000000000b
RBP: 00007f23edaca4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000f03afffe R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f23edbabf80 R15: 00007ffd51e353d8
 </TASK>
---[ end trace 0000000000000000 ]---
BUG: scheduling while atomic: syz-executor.4/7262/0x00010001
Modules linked in:
Preemption disabled at:
[<ffffffff8145ef61>] irq_enter_rcu+0x11/0x80 kernel/softirq.c:659
CPU: 1 PID: 7262 Comm: syz-executor.4 Tainted: G        W          6.1.75-syzkaller-00037-gdcb09569bbff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
 dump_stack+0x15/0x1b lib/dump_stack.c:113
 __schedule_bug+0x195/0x260 kernel/sched/core.c:5960
 schedule_debug kernel/sched/core.c:5987 [inline]
 __schedule+0xcf7/0x1550 kernel/sched/core.c:6622
 schedule+0xc3/0x180 kernel/sched/core.c:6805
 exit_to_user_mode_loop+0x4e/0xa0 kernel/entry/common.c:159
 exit_to_user_mode_prepare+0x5a/0xa0 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:297
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f23eda7dea9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f23ee7090c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: 0000000000348000 RBX: 00007f23edbabf80 RCX: 00007f23eda7dea9
RDX: 0000000000000000 RSI: 000000000000000a RDI: 000000000000000b
RBP: 00007f23edaca4a4 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000f03afffe R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f23edbabf80 R15: 00007ffd51e353d8
 </TASK>
------------[ cut here ]------------
timer: addrconf_rs_timer+0x0/0x600 net/ipv6/addrconf.c:6591 preempt leak: 00000101 -> 00000100
WARNING: CPU: 1 PID: 27602 at kernel/time/timer.c:1487 call_timer_fn+0xa3/0x2d0 kernel/time/timer.c:1486
Modules linked in:
CPU: 1 PID: 27602 Comm: kworker/1:7 Tainted: G        W          6.1.75-syzkaller-00037-gdcb09569bbff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: wg-crypt-wg1 wg_packet_decrypt_worker
RIP: 0010:call_timer_fn+0xa3/0x2d0 kernel/time/timer.c:1486
Code: 93 b6 0e 00 c6 05 5c 80 e5 05 01 65 8b 0d 2d c6 9b 7e 81 e1 ff ff ff 7f 48 c7 c7 00 ee 4a 85 4c 89 f6 44 89 ea e8 ed ce dd ff <0f> 0b eb 05 e8 64 b6 0e 00 65 8b 0d 05 c6 9b 7e 89 ca 81 e2 00 00
RSP: 0018:ffffc900001b0d80 EFLAGS: 00010246
RAX: 3cbeff8bcf8ccf00 RBX: 0000000000000100 RCX: ffff88812c546540
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900001b0db0 R08: ffffffff8144792e R09: fffff52000036109
R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000100014680
R13: 0000000000000101 R14: ffffffff847631b0 R15: ffff88815a3894f0
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fc26000 CR3: 0000000006c0f000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 expire_timers kernel/time/timer.c:1525 [inline]
 __run_timers+0x72a/0xa10 kernel/time/timer.c:1796
 run_timer_softirq+0x69/0xf0 kernel/time/timer.c:1809
 __do_softirq+0x1d8/0x661 kernel/softirq.c:617
 do_softirq+0xf6/0x150 kernel/softirq.c:499
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x75/0x80 kernel/softirq.c:423
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]
 _raw_spin_unlock_bh+0x50/0x60 kernel/locking/spinlock.c:210
 spin_unlock_bh include/linux/spinlock.h:395 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
 wg_packet_decrypt_worker+0x299/0xda0 drivers/net/wireguard/receive.c:499
 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299
 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446
 kthread+0x26d/0x300 kernel/kthread.c:386
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
---[ end trace 0000000000000000 ]---
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000102, exited with 00000101?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff840adb50 with preempt_count 00000101, exited with 00000100?
BUG: workqueue leaked lock or atomic: kworker/1:7/0x7fffffff/27602
     last function: update_stats_workfn
softirq: huh, entered softirq 9 RCU ffffffff8160c090 with preempt_count 00000101, exited with 00000100?