A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. ================================================================== BUG: KASAN: slab-out-of-bounds in ____bpf_clone_redirect net/core/filter.c:1768 [inline] BUG: KASAN: slab-out-of-bounds in bpf_clone_redirect+0x2a7/0x2b0 net/core/filter.c:1759 Read of size 8 at addr ffff8881d4565950 by task syz-executor.1/26107 CPU: 1 PID: 26107 Comm: syz-executor.1 Not tainted 4.14.154+ #0 A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0xe5/0x154 lib/dump_stack.c:58 print_address_description+0x60/0x226 mm/kasan/report.c:187 __kasan_report.cold+0x1a/0x41 mm/kasan/report.c:316 ____bpf_clone_redirect net/core/filter.c:1768 [inline] bpf_clone_redirect+0x2a7/0x2b0 net/core/filter.c:1759 ___bpf_prog_run+0x2478/0x5510 kernel/bpf/core.c:1095 Allocated by task 2145: save_stack mm/kasan/common.c:76 [inline] set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.part.0+0x53/0xc0 mm/kasan/common.c:501 slab_post_alloc_hook mm/slab.h:439 [inline] slab_alloc_node mm/slub.c:2792 [inline] slab_alloc mm/slub.c:2800 [inline] kmem_cache_alloc+0xee/0x360 mm/slub.c:2805 kmem_cache_zalloc include/linux/slab.h:651 [inline] __delayacct_tsk_init+0x1b/0x80 kernel/delayacct.c:45 delayacct_tsk_init include/linux/delayacct.h:112 [inline] copy_process.part.0+0x2b78/0x66c0 kernel/fork.c:1777 copy_process kernel/fork.c:1679 [inline] _do_fork+0x197/0xce0 kernel/fork.c:2220 kernel_thread+0x2f/0x40 kernel/fork.c:2284 call_usermodehelper_exec_sync kernel/umh.c:123 [inline] call_usermodehelper_exec_work+0xa7/0x230 kernel/umh.c:175 process_one_work+0x7f1/0x1580 kernel/workqueue.c:2134 worker_thread+0xdd/0xdf0 kernel/workqueue.c:2271 kthread+0x31f/0x430 kernel/kthread.c:232 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:404 0xffffffffffffffff Freed by task 17: save_stack mm/kasan/common.c:76 [inline] set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x164/0x210 mm/kasan/common.c:463 slab_free_hook mm/slub.c:1407 [inline] slab_free_freelist_hook mm/slub.c:1458 [inline] slab_free mm/slub.c:3039 [inline] kmem_cache_free+0xd7/0x3b0 mm/slub.c:3055 delayacct_tsk_free include/linux/delayacct.h:121 [inline] __put_task_struct+0x12f/0x490 kernel/fork.c:426 put_task_struct include/linux/sched/task.h:96 [inline] delayed_put_task_struct+0xb4/0x310 kernel/exit.c:180 __rcu_reclaim kernel/rcu/rcu.h:195 [inline] rcu_do_batch kernel/rcu/tree.c:2699 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2962 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2929 [inline] rcu_process_callbacks+0x59f/0xf60 kernel/rcu/tree.c:2946 __do_softirq+0x234/0x9ec kernel/softirq.c:288 The buggy address belongs to the object at ffff8881d4565898 which belongs to the cache task_delay_info of size 136 The buggy address is located 48 bytes to the right of 136-byte region [ffff8881d4565898, ffff8881d4565920) The buggy address belongs to the page: page:ffffea0007515940 count:1 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000000200(slab) raw: 4000000000000200 0000000000000000 0000000000000000 0000000100140014 raw: ffffea0007645000 0000000400000004 ffff8881da97f400 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881d4565800: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc ffff8881d4565880: fc fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8881d4565900: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb ^ ffff8881d4565980: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc ffff8881d4565a00: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 ==================================================================