==================================================================
BUG: KASAN: slab-out-of-bounds in user_mode arch/x86/include/asm/ptrace.h:131 [inline]
BUG: KASAN: slab-out-of-bounds in trace_page_fault_entries arch/x86/mm/fault.c:1516 [inline]
BUG: KASAN: slab-out-of-bounds in do_page_fault+0x6d/0x320 arch/x86/mm/fault.c:1528
Read of size 8 at addr ffff8881df917ee0 by task syz.9.2420/8973

CPU: 1 PID: 8973 Comm: syz.9.2420 Tainted: G        W         5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:

Allocated by task 0:
(stack is not available)

Freed by task 3756265408:
================================================================================
UBSAN: array-index-out-of-bounds in lib/stackdepot.c:205:15
index 2066561 is out of range for type 'void *[8192]'
CPU: 1 PID: 8973 Comm: syz.9.2420 Tainted: G        W         5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
================================================================================
------------[ cut here ]------------
Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLUB object 'skbuff_head_cache' (offset 128, size 2)!
WARNING: CPU: 1 PID: 8973 at mm/usercopy.c:80 usercopy_warn+0xb7/0xc0 mm/usercopy.c:75
Modules linked in:
CPU: 1 PID: 8973 Comm: syz.9.2420 Tainted: G        W         5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:usercopy_warn+0xb7/0xc0 mm/usercopy.c:75
Code: c6 05 3a 6f 97 04 01 49 c7 c2 40 7a c3 84 4c 0f 44 d0 48 c7 c7 c0 78 c3 84 4d 89 f9 41 56 53 41 52 e8 bd a0 94 02 48 83 c4 18 <0f> 0b e9 71 ff ff ff 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53
RSP: 0018:ffff8881df917958 EFLAGS: 00010082
RAX: 229ef74ecaf51400 RBX: 0000000000000080 RCX: ffff8881dfe40fc0
RDX: 0000000000000000 RSI: 000000008000003f RDI: 0000000000000000
RBP: ffff8881df917980 R08: dffffc0000000000 R09: ffffed103ede5262
R10: ffffed103ede5262 R11: 1ffff1103ede5261 R12: ffffffff853d3440
R13: 0000000000000000 R14: 0000000000000002 R15: ffffffff85049d40
FS:  0000555575e50500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffd15650 CR3: 00000001f5c2a000 CR4: 00000000003406a0
DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000200000000300
DR3: 0000200000000300 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
---[ end trace 96c6bdc9f4976ef2 ]---
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8973 Comm: syz.9.2420 Tainted: G        W         5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:stack_depot_fetch+0x69/0x70 lib/stackdepot.c:205
usercopy: Kernel memory overwrite attempt detected to SLUB object 'skbuff_head_cache' (offset 224, size 64)!
------------[ cut here ]------------
kernel BUG at mm/usercopy.c:99!
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
CPU: 1 PID: 8973 Comm: syz.9.2420 Tainted: G        W         5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:usercopy_abort+0x85/0x90 mm/usercopy.c:87
usercopy: Kernel memory overwrite attempt detected to SLUB object 'skbuff_head_cache' (offset 288, size 64)!
usercopy: Kernel memory overwrite attempt detected to SLUB object 'skbuff_head_cache' (offset 256, size 2)!
------------[ cut here ]------------
kernel BUG at mm/usercopy.c:99!
invalid opcode: 0000 [#3] PREEMPT SMP KASAN
CPU: 1 PID: 8973 Comm: syz.9.2420 Tainted: G        W         5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:usercopy_abort+0x85/0x90 mm/usercopy.c:87
Code: 89 cb 49 c7 c6 40 7a c3 84 4c 0f 44 f6 48 c7 c7 80 7a c3 84 4c 89 de 4c 89 c9 4d 89 d1 50 53 41 56 e8 7f c1 ff ff 48 83 c4 18 <0f> 0b 00 00 90 90 00 00 90 90 00 55 48 89 e5 53 48 89 fb e8 d3 1e
RSP: 0018:ffff8881df917270 EFLAGS: 00010092
RAX: 000000000000006b RBX: 0000000000000100 RCX: 229ef74ecaf51400
RDX: 0000000000000000 RSI: 000000008000003f RDI: 0000000000000000
RBP: ffff8881df917280 R08: dffffc0000000000 R09: ffffed103ede5262
R10: ffffed103ede5262 R11: 1ffff1103ede5261 R12: ffff8881f1ccc000
R13: 0000000000000200 R14: ffffffff84c37a40 R15: 0000000000000100
FS:  0000555575e50500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffd15650 CR3: 00000001f5c2a000 CR4: 00000000003406a0
DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000200000000300
DR3: 0000200000000300 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
Modules linked in:
---[ end trace 96c6bdc9f4976ef3 ]---
RIP: 0010:stack_depot_fetch+0x69/0x70 lib/stackdepot.c:205
Code: 0e 8b 44 18 0c 5b 41 5e 41 5f 5d c3 48 c7 c7 00 8c e7 85 49 89 f7 4c 89 f6 e8 23 39 00 00 4c 89 fe 41 81 fe ff 1f 00 00 76 be <67> 0f b9 40 05 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83
RSP: 0018:ffff8881df917c38 EFLAGS: 00010016
RAX: ffffffff84278211 RBX: 00000000ffff8881 RCX: ffff8881dfe40fc0
RDX: 0000000000000000 RSI: ffff8881df917c60 RDI: 0000000000000000
RBP: ffff8881df917c50 R08: dffffc0000000000 R09: ffffed103ede5262
R10: ffffed103ede5262 R11: 1ffff1103ede5261 R12: ffffffff812deaed
R13: 0000000000000000 R14: 00000000001f8881 R15: ffff8881df917c60
FS:  0000555575e50500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffd15650 CR3: 00000001f5c2a000 CR4: 00000000003406a0
DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000200000000300
DR3: 0000200000000300 DR6: 00000000fffe0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	8b 44 18 0c          	mov    0xc(%rax,%rbx,1),%eax
   4:	5b                   	pop    %rbx
   5:	41 5e                	pop    %r14
   7:	41 5f                	pop    %r15
   9:	5d                   	pop    %rbp
   a:	c3                   	ret
   b:	48 c7 c7 00 8c e7 85 	mov    $0xffffffff85e78c00,%rdi
  12:	49 89 f7             	mov    %rsi,%r15
  15:	4c 89 f6             	mov    %r14,%rsi
  18:	e8 23 39 00 00       	call   0x3940
  1d:	4c 89 fe             	mov    %r15,%rsi
  20:	41 81 fe ff 1f 00 00 	cmp    $0x1fff,%r14d
  27:	76 be                	jbe    0xffffffe7
* 29:	67 0f b9 40 05       	ud1    0x5(%eax),%eax <-- trapping instruction
  2e:	66 90                	xchg   %ax,%ax
  30:	55                   	push   %rbp
  31:	48 89 e5             	mov    %rsp,%rbp
  34:	41 57                	push   %r15
  36:	41 56                	push   %r14
  38:	41 55                	push   %r13
  3a:	41 54                	push   %r12
  3c:	53                   	push   %rbx
  3d:	48                   	rex.W
  3e:	83                   	.byte 0x83