================================================================== BUG: KASAN: slab-out-of-bounds in ____bpf_clone_redirect net/core/filter.c:1768 [inline] BUG: KASAN: slab-out-of-bounds in bpf_clone_redirect+0x2a7/0x2b0 net/core/filter.c:1759 Read of size 8 at addr ffff8881ca107710 by task syz-executor.3/20853 CPU: 0 PID: 20853 Comm: syz-executor.3 Not tainted 4.14.155-syzkaller #0 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe5/0x154 lib/dump_stack.c:58 print_address_description+0x60/0x226 mm/kasan/report.c:187 __kasan_report.cold+0x1a/0x41 mm/kasan/report.c:316 ____bpf_clone_redirect net/core/filter.c:1768 [inline] bpf_clone_redirect+0x2a7/0x2b0 net/core/filter.c:1759 ___bpf_prog_run+0x2478/0x5510 kernel/bpf/core.c:1095 Allocated by task 0: (stack is not available) Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8881ca107640 which belongs to the cache skbuff_head_cache of size 224 The buggy address is located 208 bytes inside of 224-byte region [ffff8881ca107640, ffff8881ca107720) The buggy address belongs to the page: page:ffffea00072841c0 count:1 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000000200(slab) raw: 4000000000000200 0000000000000000 0000000000000000 00000001800c000c raw: dead000000000100 dead000000000200 ffff8881dab70200 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881ca107600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8881ca107680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8881ca107700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8881ca107780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8881ca107800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================