================================================================== BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user include/linux/instrumented.h:118 [inline] BUG: KASAN: slab-out-of-bounds in _copy_to_user lib/usercopy.c:32 [inline] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0xc7/0x150 lib/usercopy.c:26 Read of size 42 at addr ffff8880180e6200 by task syz-executor926/8425 CPU: 0 PID: 8425 Comm: syz-executor926 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:232 __kasan_report mm/kasan/report.c:399 [inline] kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:416 check_region_inline mm/kasan/generic.c:180 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:186 instrument_copy_to_user include/linux/instrumented.h:118 [inline] _copy_to_user lib/usercopy.c:32 [inline] _copy_to_user+0xc7/0x150 lib/usercopy.c:26 copy_to_user include/linux/uaccess.h:200 [inline] __htab_map_lookup_and_delete_batch+0xef4/0x1860 kernel/bpf/hashtab.c:1588 bpf_map_do_batch+0x3d5/0x510 kernel/bpf/syscall.c:4001 __do_sys_bpf+0x1be4/0x4f40 kernel/bpf/syscall.c:4453 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x445ac9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6ef742d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00000000004cb410 RCX: 0000000000445ac9 RDX: 0000000000000038 RSI: 0000000020000080 RDI: 0000000000000019 RBP: 000000000049a8f0 R08: 00007f6ef742d700 R09: 0000000000000000 R10: 00007f6ef742d700 R11: 0000000000000246 R12: 00000000200031c0 R13: 000000000049a078 R14: 00000000200021c0 R15: 00000000004cb418 Allocated by task 8425: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:427 [inline] ____kasan_kmalloc mm/kasan/common.c:506 [inline] ____kasan_kmalloc mm/kasan/common.c:465 [inline] __kasan_kmalloc+0x99/0xc0 mm/kasan/common.c:515 kmalloc_node include/linux/slab.h:577 [inline] kvmalloc_node+0x61/0xf0 mm/util.c:587 kvmalloc include/linux/mm.h:785 [inline] __htab_map_lookup_and_delete_batch+0x513/0x1860 kernel/bpf/hashtab.c:1467 bpf_map_do_batch+0x3d5/0x510 kernel/bpf/syscall.c:4001 __do_sys_bpf+0x1be4/0x4f40 kernel/bpf/syscall.c:4453 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff8880180e6200 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes inside of 64-byte region [ffff8880180e6200, ffff8880180e6240) The buggy address belongs to the page: page:ffffea0000603980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x180e6 flags: 0xfff00000000200(slab) raw: 00fff00000000200 ffffea0005055900 0000000d0000000d ffff888010441640 raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880180e6100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc ffff8880180e6180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc >ffff8880180e6200: 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880180e6280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff8880180e6300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ==================================================================