================================================================================
UBSAN: array-index-out-of-bounds in kernel/bpf/helpers.c:736:13
index -2 is out of range for type 'char[3][512]'
CPU: 0 PID: 327 Comm: syz-fuzzer Tainted: G        W         5.15.149-syzkaller-00490-g5d96939590c0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
 dump_stack+0x15/0x17 lib/dump_stack.c:113
 ubsan_epilogue lib/ubsan.c:151 [inline]
 __ubsan_handle_out_of_bounds+0x118/0x140 lib/ubsan.c:282
 try_get_fmt_tmp_buf kernel/bpf/helpers.c:736 [inline]
 bpf_bprintf_prepare+0x132e/0x1360 kernel/bpf/helpers.c:778
 ____bpf_trace_printk kernel/trace/bpf_trace.c:377 [inline]
 bpf_trace_printk+0x14a/0x300 kernel/trace/bpf_trace.c:368
 bpf_prog_9e1c00255e17e72e+0x30/0xf18
 bpf_dispatcher_nop_func include/linux/bpf.h:785 [inline]
 __bpf_prog_run include/linux/filter.h:625 [inline]
 bpf_prog_run include/linux/filter.h:632 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:1883 [inline]
 bpf_trace_run2+0xec/0x210 kernel/trace/bpf_trace.c:1920
 __bpf_trace_kfree+0x6f/0x90 include/trace/events/kmem.h:118
 trace_kfree include/trace/events/kmem.h:118 [inline]
 kfree+0x1f3/0x220 mm/slub.c:4569
 skb_free_head net/core/skbuff.c:656 [inline]
 skb_release_data+0x8a9/0xa80 net/core/skbuff.c:678
 skb_release_all net/core/skbuff.c:743 [inline]
 __kfree_skb net/core/skbuff.c:757 [inline]
 kfree_skb_reason net/core/skbuff.c:778 [inline]
 kfree_skb+0xba/0x360 net/core/skbuff.c:792
 ip6_mc_input+0x233/0x2a0 net/ipv6/ip6_input.c:572
 dst_input include/net/dst.h:454 [inline]
 ip6_rcv_finish+0x186/0x350 net/ipv6/ip6_input.c:79
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ipv6_rcv+0xeb/0x270 net/ipv6/ip6_input.c:300
 __netif_receive_skb_one_core net/core/dev.c:5492 [inline]
 __netif_receive_skb+0x1c6/0x530 net/core/dev.c:5606
 process_backlog+0x31c/0x650 net/core/dev.c:6483
 __napi_poll+0xc4/0x5a0 net/core/dev.c:7042
 napi_poll net/core/dev.c:7109 [inline]
 net_rx_action+0x47d/0xc50 net/core/dev.c:7196
 __do_softirq+0x26d/0x5bf kernel/softirq.c:565
 do_softirq+0xf6/0x150 kernel/softirq.c:452
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x75/0x80 kernel/softirq.c:379
 local_bh_enable+0x1f/0x30 include/linux/bottom_half.h:32
 rcu_read_unlock_bh include/linux/rcupdate.h:766 [inline]
 ip_finish_output2+0xbef/0xf60 net/ipv4/ip_output.c:229
 __ip_finish_output+0x162/0x360
 ip_finish_output+0x31/0x210 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip_output+0x1d6/0x420 net/ipv4/ip_output.c:430
 dst_output include/net/dst.h:444 [inline]
 ip_local_out net/ipv4/ip_output.c:126 [inline]
 __ip_queue_xmit+0x1105/0x1c20 net/ipv4/ip_output.c:532
 ip_queue_xmit+0x4c/0x70 net/ipv4/ip_output.c:546
 __tcp_transmit_skb+0x1e84/0x3920 net/ipv4/tcp_output.c:1402
 tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
 tcp_write_xmit+0x144a/0x5e80 net/ipv4/tcp_output.c:2705
 __tcp_push_pending_frames+0x98/0x2f0 net/ipv4/tcp_output.c:2890
 tcp_push+0x477/0x620 net/ipv4/tcp.c:737
 tcp_sendmsg_locked+0x315c/0x3a90 net/ipv4/tcp.c:1428
 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1456
 inet_sendmsg+0xa1/0xc0 net/ipv4/af_inet.c:830
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 sock_write_iter+0x39b/0x530 net/socket.c:1079
 call_write_iter include/linux/fs.h:2202 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0xd5d/0x1110 fs/read_write.c:594
 ksys_write+0x199/0x2c0 fs/read_write.c:647
 __do_sys_write fs/read_write.c:659 [inline]
 __se_sys_write fs/read_write.c:656 [inline]
 __x64_sys_write+0x7b/0x90 fs/read_write.c:656
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x40720e
Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48
RSP: 002b:000000c000185738 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000040720e
RDX: 000000000000000c RSI: 000000c0010ba7a0 RDI: 0000000000000003
RBP: 000000c000185778 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000c0001858b8
R13: 0000000000000003 R14: 000000c000007a00 R15: 0000000000000003
 </TASK>
================================================================================
softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 9 RCU ffffffff815cac40 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000101, exited with 00000100?
softirq: huh, entered softirq 3 NET_RX ffffffff83e89ec0 with preempt_count 00000101, exited with 00000100?