==================================================================
BUG: KASAN: slab-out-of-bounds in ____bpf_clone_redirect /net/core/filter.c:1768 [inline]
BUG: KASAN: slab-out-of-bounds in bpf_clone_redirect+0x2de/0x2f0 /net/core/filter.c:1759
Read of size 8 at addr ffff8880a1388ed0 by task syz-executor.2/24932

CPU: 0 PID: 24932 Comm: syz-executor.2 Not tainted 4.14.133 #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack /lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c /lib/dump_stack.c:53
 print_address_description.cold+0x7c/0x1dc /mm/kasan/report.c:252
 kasan_report_error /mm/kasan/report.c:351 [inline]
 kasan_report /mm/kasan/report.c:409 [inline]
 kasan_report.cold+0xa9/0x2af /mm/kasan/report.c:393
 __asan_report_load8_noabort+0x14/0x20 /mm/kasan/report.c:430
 ____bpf_clone_redirect /net/core/filter.c:1768 [inline]
 bpf_clone_redirect+0x2de/0x2f0 /net/core/filter.c:1759
 bpf_prog_952a9deb36fe58b9+0x7e7/0x1000

Allocated by task 7383:
 save_stack_trace+0x16/0x20 /arch/x86/kernel/stacktrace.c:59
 save_stack+0x45/0xd0 /mm/kasan/kasan.c:447
 set_track /mm/kasan/kasan.c:459 [inline]
 kasan_kmalloc /mm/kasan/kasan.c:551 [inline]
 kasan_kmalloc+0xce/0xf0 /mm/kasan/kasan.c:529
 kasan_slab_alloc+0xf/0x20 /mm/kasan/kasan.c:489
 kmem_cache_alloc+0x12e/0x780 /mm/slab.c:3552
 kmem_cache_zalloc /./include/linux/slab.h:651 [inline]
 get_empty_filp+0x8c/0x3b0 /fs/file_table.c:123
 alloc_file+0x23/0x440 /fs/file_table.c:164
 create_pipe_files+0x527/0x880 /fs/pipe.c:783
 __do_pipe_flags+0x38/0x210 /fs/pipe.c:816
 SYSC_pipe2 /fs/pipe.c:864 [inline]
 SyS_pipe2+0x69/0x120 /fs/pipe.c:858
 do_syscall_64+0x1e8/0x640 /arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7

Freed by task 7240:
 save_stack_trace+0x16/0x20 /arch/x86/kernel/stacktrace.c:59
 save_stack+0x45/0xd0 /mm/kasan/kasan.c:447
 set_track /mm/kasan/kasan.c:459 [inline]
 kasan_slab_free+0x75/0xc0 /mm/kasan/kasan.c:524
 __cache_free /mm/slab.c:3496 [inline]
 kmem_cache_free+0x83/0x2b0 /mm/slab.c:3758
 file_free_rcu+0x63/0xa0 /fs/file_table.c:50
 __rcu_reclaim /kernel/rcu/rcu.h:195 [inline]
 rcu_do_batch /kernel/rcu/tree.c:2699 [inline]
 invoke_rcu_callbacks /kernel/rcu/tree.c:2962 [inline]
 __rcu_process_callbacks /kernel/rcu/tree.c:2929 [inline]
 rcu_process_callbacks+0x7b8/0x12b0 /kernel/rcu/tree.c:2946
 __do_softirq+0x244/0x9a0 /kernel/softirq.c:288

The buggy address belongs to the object at ffff8880a1388cc0
 which belongs to the cache filp of size 456
The buggy address is located 72 bytes to the right of
 456-byte region [ffff8880a1388cc0, ffff8880a1388e88)
The buggy address belongs to the page:
page:ffffea000284e200 count:1 mapcount:0 mapping:ffff8880a1388040 index:0x0
flags: 0x1fffc0000000100(slab)
raw: 01fffc0000000100 ffff8880a1388040 0000000000000000 0000000100000006
raw: ffffea00029f2f60 ffffea00027fd3a0 ffff8880aa9e09c0 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8880a1388d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880a1388e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8880a1388e80: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                 ^
 ffff8880a1388f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8880a1388f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================