================================================================================
UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9
index 16382 is out of range for type 'unsigned long[8]'
CPU: 1 PID: 25 Comm: ksoftirqd/1 Tainted: G        W         5.15.178-syzkaller-00193-g058abb720bd1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1c0 lib/dump_stack.c:106
 dump_stack+0x15/0x20 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0x118/0x140 lib/ubsan.c:282
 decode_tail kernel/locking/qspinlock.c:130 [inline]
 __pv_queued_spin_lock_slowpath+0xb9d/0xc40 kernel/locking/qspinlock.c:468
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:585 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock include/linux/spinlock.h:187 [inline]
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0x139/0x1b0 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:363 [inline]
 ptr_ring_produce include/linux/ptr_ring.h:128 [inline]
 cpu_map_generic_redirect+0x1d5/0x6d0 kernel/bpf/cpumap.c:786
 xdp_do_generic_redirect_map net/core/filter.c:4189 [inline]
 xdp_do_generic_redirect+0x3df/0xb40 net/core/filter.c:4236
 do_xdp_generic+0x50b/0x7c0 net/core/dev.c:4919
 __netif_receive_skb_core+0x1706/0x3640 net/core/dev.c:5324
 __netif_receive_skb_one_core net/core/dev.c:5499 [inline]
 __netif_receive_skb+0x11c/0x530 net/core/dev.c:5615
 process_backlog+0x31c/0x650 net/core/dev.c:6492
 __napi_poll+0xc4/0x5a0 net/core/dev.c:7051
 napi_poll net/core/dev.c:7118 [inline]
 net_rx_action+0x47d/0xc50 net/core/dev.c:7208
 handle_softirqs+0x25e/0x5c0 kernel/softirq.c:565
 run_ksoftirqd+0x28/0x40 kernel/softirq.c:941
 smpboot_thread_fn+0x466/0x8d0 kernel/smpboot.c:164
 kthread+0x421/0x510 kernel/kthread.c:337
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
================================================================================
general protection fault, probably for non-canonical address 0xe010f2fb9f81fd7d: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0x0087b7dcfc0febe8-0x0087b7dcfc0febef]
CPU: 1 PID: 25 Comm: ksoftirqd/1 Tainted: G        W         5.15.178-syzkaller-00193-g058abb720bd1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:__pv_queued_spin_lock_slowpath+0x2f3/0xc40 kernel/locking/qspinlock.c:471
Code: 74 1e 48 89 4c 24 10 48 8b 7c 24 10 e8 e6 98 5d 00 48 8b 4c 24 10 48 ba 00 00 00 00 00 fc ff df 4c 03 21 4c 89 e0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 e7 e8 5f 99 5d 00 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc900001a7440 EFLAGS: 00010206
RAX: 0010f6fb9f81fd7d RBX: ffff8881f7138ad4 RCX: ffffffff86286820
RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 00000000ffffffff
RBP: ffffc900001a7530 R08: ffffffff8141a9ab R09: 0000000000000003
R10: fffffbfff0e9aa4c R11: dffffc0000000001 R12: 0087b7dcfc0febe9
R13: 1ffff11022366ae2 R14: 1ffff1103ee27159 R15: ffff888111b35714
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f445f2eb178 CR3: 000000013d095000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 000000000000000c DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:585 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock include/linux/spinlock.h:187 [inline]
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0x139/0x1b0 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:363 [inline]
 ptr_ring_produce include/linux/ptr_ring.h:128 [inline]
 cpu_map_generic_redirect+0x1d5/0x6d0 kernel/bpf/cpumap.c:786
 xdp_do_generic_redirect_map net/core/filter.c:4189 [inline]
 xdp_do_generic_redirect+0x3df/0xb40 net/core/filter.c:4236
 do_xdp_generic+0x50b/0x7c0 net/core/dev.c:4919
 __netif_receive_skb_core+0x1706/0x3640 net/core/dev.c:5324
 __netif_receive_skb_one_core net/core/dev.c:5499 [inline]
 __netif_receive_skb+0x11c/0x530 net/core/dev.c:5615
 process_backlog+0x31c/0x650 net/core/dev.c:6492
 __napi_poll+0xc4/0x5a0 net/core/dev.c:7051
 napi_poll net/core/dev.c:7118 [inline]
 net_rx_action+0x47d/0xc50 net/core/dev.c:7208
 handle_softirqs+0x25e/0x5c0 kernel/softirq.c:565
 run_ksoftirqd+0x28/0x40 kernel/softirq.c:941
 smpboot_thread_fn+0x466/0x8d0 kernel/smpboot.c:164
 kthread+0x421/0x510 kernel/kthread.c:337
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Modules linked in:
---[ end trace 406cbee5f6fa0cb9 ]---
RIP: 0010:__pv_queued_spin_lock_slowpath+0x2f3/0xc40 kernel/locking/qspinlock.c:471
Code: 74 1e 48 89 4c 24 10 48 8b 7c 24 10 e8 e6 98 5d 00 48 8b 4c 24 10 48 ba 00 00 00 00 00 fc ff df 4c 03 21 4c 89 e0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 e7 e8 5f 99 5d 00 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc900001a7440 EFLAGS: 00010206
RAX: 0010f6fb9f81fd7d RBX: ffff8881f7138ad4 RCX: ffffffff86286820
RDX: dffffc0000000000 RSI: 0000000000000002 RDI: 00000000ffffffff
RBP: ffffc900001a7530 R08: ffffffff8141a9ab R09: 0000000000000003
R10: fffffbfff0e9aa4c R11: dffffc0000000001 R12: 0087b7dcfc0febe9
R13: 1ffff11022366ae2 R14: 1ffff1103ee27159 R15: ffff888111b35714
FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f445f2eb178 CR3: 000000013d095000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 000000000000000c DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	74 1e                	je     0x20
   2:	48 89 4c 24 10       	mov    %rcx,0x10(%rsp)
   7:	48 8b 7c 24 10       	mov    0x10(%rsp),%rdi
   c:	e8 e6 98 5d 00       	call   0x5d98f7
  11:	48 8b 4c 24 10       	mov    0x10(%rsp),%rcx
  16:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  1d:	fc ff df
  20:	4c 03 21             	add    (%rcx),%r12
  23:	4c 89 e0             	mov    %r12,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1) <-- trapping instruction
  2e:	74 12                	je     0x42
  30:	4c 89 e7             	mov    %r12,%rdi
  33:	e8 5f 99 5d 00       	call   0x5d9997
  38:	48                   	rex.W
  39:	ba 00 00 00 00       	mov    $0x0,%edx
  3e:	00 fc                	add    %bh,%ah