================================================================== BUG: KASAN: slab-out-of-bounds in user_mode arch/x86/include/asm/ptrace.h:131 [inline] BUG: KASAN: slab-out-of-bounds in trace_page_fault_entries arch/x86/mm/fault.c:1516 [inline] BUG: KASAN: slab-out-of-bounds in do_page_fault+0x6d/0x320 arch/x86/mm/fault.c:1528 Read of size 8 at addr ffff8881ed697e40 by task syz-executor155/390 CPU: 0 PID: 390 Comm: syz-executor155 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: Allocated by task 2262598088: ================================================================================ UBSAN: array-index-out-of-bounds in lib/stackdepot.c:205:15 index 2066561 is out of range for type 'void *[8192]' CPU: 0 PID: 390 Comm: syz-executor155 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: ================================================================================ invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 390 Comm: syz-executor155 Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:stack_depot_fetch+0x69/0x70 lib/stackdepot.c:205 Code: 0e 8b 44 18 0c 5b 41 5e 41 5f 5d c3 48 c7 c7 00 8c e7 85 49 89 f7 4c 89 f6 e8 23 39 00 00 4c 89 fe 41 81 fe ff 1f 00 00 76 be <67> 0f b9 40 05 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 RSP: 0018:ffff8881ed697b98 EFLAGS: 00010016 RAX: ffffffff84278211 RBX: 00000000ffff8881 RCX: ffff8881da010fc0 RDX: 0000000000000000 RSI: ffff8881ed697bc0 RDI: 0000000000000000 RBP: ffff8881ed697bb0 R08: dffffc0000000000 R09: ffffed103edc5262 R10: ffffed103edc5262 R11: 1ffff1103edc5261 R12: ffffffff812deaed R13: 0000000000000000 R14: 00000000001f8881 R15: ffff8881ed697bc0 FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe8ffffc11230 CR3: 00000001f5c2a000 CR4: 00000000003406b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: Modules linked in: ---[ end trace 1bb33c75599a94db ]--- RIP: 0010:stack_depot_fetch+0x69/0x70 lib/stackdepot.c:205 Code: 0e 8b 44 18 0c 5b 41 5e 41 5f 5d c3 48 c7 c7 00 8c e7 85 49 89 f7 4c 89 f6 e8 23 39 00 00 4c 89 fe 41 81 fe ff 1f 00 00 76 be <67> 0f b9 40 05 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 RSP: 0018:ffff8881ed697b98 EFLAGS: 00010016 RAX: ffffffff84278211 RBX: 00000000ffff8881 RCX: ffff8881da010fc0 RDX: 0000000000000000 RSI: ffff8881ed697bc0 RDI: 0000000000000000 RBP: ffff8881ed697bb0 R08: dffffc0000000000 R09: ffffed103edc5262 R10: ffffed103edc5262 R11: 1ffff1103edc5261 R12: ffffffff812deaed R13: 0000000000000000 R14: 00000000001f8881 R15: ffff8881ed697bc0 FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe8ffffc11230 CR3: 00000001f5c2a000 CR4: 00000000003406b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 8b 44 18 0c mov 0xc(%rax,%rbx,1),%eax 4: 5b pop %rbx 5: 41 5e pop %r14 7: 41 5f pop %r15 9: 5d pop %rbp a: c3 ret b: 48 c7 c7 00 8c e7 85 mov $0xffffffff85e78c00,%rdi 12: 49 89 f7 mov %rsi,%r15 15: 4c 89 f6 mov %r14,%rsi 18: e8 23 39 00 00 call 0x3940 1d: 4c 89 fe mov %r15,%rsi 20: 41 81 fe ff 1f 00 00 cmp $0x1fff,%r14d 27: 76 be jbe 0xffffffe7 * 29: 67 0f b9 40 05 ud1 0x5(%eax),%eax <-- trapping instruction 2e: 66 90 xchg %ax,%ax 30: 55 push %rbp 31: 48 89 e5 mov %rsp,%rbp 34: 41 57 push %r15 36: 41 56 push %r14 38: 41 55 push %r13 3a: 41 54 push %r12 3c: 53 push %rbx 3d: 48 rex.W 3e: 83 .byte 0x83