program syz-executor4 is using a deprecated SCSI ioctl, please convert it to SG_IO ================================================================== BUG: KASAN: slab-out-of-bounds in __read_once_size include/linux/compiler.h:188 [inline] BUG: KASAN: slab-out-of-bounds in bpf_fd_array_map_lookup_elem+0x440/0x4c0 kernel/bpf/arraymap.c:374 Read of size 8 at addr ffff8801ca7fc2e0 by task syz-executor2/16789 CPU: 1 PID: 16789 Comm: syz-executor2 Not tainted 4.15.0-rc7-mm1+ #54 netlink: 'syz-executor6': attribute type 16 has an invalid length. netlink: 'syz-executor6': attribute type 16 has an invalid length. Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 sctp: [Deprecated]: syz-executor5 (pid 16803) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead sctp: [Deprecated]: syz-executor5 (pid 16807) Use of struct sctp_assoc_value in delayed_ack socket option. Use struct sctp_sack_info instead print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23b/0x360 mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 __read_once_size include/linux/compiler.h:188 [inline] bpf_fd_array_map_lookup_elem+0x440/0x4c0 kernel/bpf/arraymap.c:374 map_lookup_elem+0x6b5/0xbd0 kernel/bpf/syscall.c:577 SYSC_bpf kernel/bpf/syscall.c:1808 [inline] SyS_bpf+0x922/0x4400 kernel/bpf/syscall.c:1782 entry_SYSCALL_64_fastpath+0x29/0xa0 RIP: 0033:0x452ac9 RSP: 002b:00007f2659235c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9 RDX: 0000000000000018 RSI: 0000000020593fe8 RDI: 0000000000000001 RBP: 00000000000003d9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f3cf8 R13: 00000000ffffffff R14: 00007f26592366d4 R15: 0000000000000000 Allocated by task 14140: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:552 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489 kmem_cache_alloc+0x12e/0x760 mm/slab.c:3541 kmem_cache_zalloc include/linux/slab.h:694 [inline] get_empty_filp+0xfb/0x4f0 fs/file_table.c:122 path_openat+0xed/0x3530 fs/namei.c:3514 do_filp_open+0x25b/0x3b0 fs/namei.c:3572 do_sys_open+0x502/0x6d0 fs/open.c:1059 SYSC_open fs/open.c:1077 [inline] SyS_open+0x2d/0x40 fs/open.c:1072 entry_SYSCALL_64_fastpath+0x29/0xa0 Freed by task 14140: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:520 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:527 __cache_free mm/slab.c:3485 [inline] kmem_cache_free+0x86/0x2b0 mm/slab.c:3743 file_free_rcu+0x5c/0x70 fs/file_table.c:49 __rcu_reclaim kernel/rcu/rcu.h:172 [inline] rcu_do_batch kernel/rcu/tree.c:2674 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2933 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2900 [inline] rcu_process_callbacks+0xd6c/0x17f0 kernel/rcu/tree.c:2917 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 The buggy address belongs to the object at ffff8801ca7fc0c0 which belongs to the cache filp of size 456 The buggy address is located 88 bytes to the right of 456-byte region [ffff8801ca7fc0c0, ffff8801ca7fc288) The buggy address belongs to the page: page:ffffea000729ff00 count:1 mapcount:0 mapping:ffff8801ca7fc0c0 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffff8801ca7fc0c0 0000000000000000 0000000100000006 raw: ffffea00072ba220 ffffea0007294320 ffff8801dae30180 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801ca7fc180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8801ca7fc200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8801ca7fc280: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8801ca7fc300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ffff8801ca7fc380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================