[   14.511055] random: sshd: uninitialized urandom read (32 bytes read, 32 bits of entropy available)
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.169551] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   19.664970] random: sshd: uninitialized urandom read (32 bytes read, 37 bits of entropy available)
[   20.353686] random: sshd: uninitialized urandom read (32 bytes read, 93 bits of entropy available)
[   20.504681] random: sshd: uninitialized urandom read (32 bytes read, 97 bits of entropy available)
Warning: Permanently added 'ci-android-44-kasan-gce-0,10.128.15.236' (ECDSA) to the list of known hosts.
[   25.876609] random: sshd: uninitialized urandom read (32 bytes read, 103 bits of entropy available)
executing program
[   25.979290] ==================================================================
[   25.986669] BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff8800b80a6988
[   25.994772] Read of size 8192 by task syzkaller154846/3310
[   26.000763] =============================================================================
[   26.009037] BUG kmalloc-512 (Not tainted): kasan: bad access detected
[   26.015575] -----------------------------------------------------------------------------
[   26.015575] 
[   26.025324] Disabling lock debugging due to kernel taint
[   26.030739] INFO: Allocated in __alloc_skb+0xf5/0x610 age=5 cpu=1 pid=3310
[   26.037713] 	___slab_alloc.constprop.78+0x4c6/0x530
[   26.042688] 	__slab_alloc.isra.74.constprop.77+0x50/0xa0
[   26.048096] 	__kmalloc_track_caller+0x19c/0x2b0
[   26.052723] 	__kmalloc_reserve.isra.33+0x28/0xa0
[   26.057438] 	__alloc_skb+0xf5/0x610
[   26.061028] 	pfkey_sendmsg+0x10f/0x6c0
[   26.064872] 	sock_sendmsg+0xb5/0xf0
[   26.068459] 	___sys_sendmsg+0x66d/0x7d0
[   26.072397] 	__sys_sendmsg+0xc3/0x160
[   26.077197] 	SyS_sendmsg+0xd/0x20
[   26.080610] 	entry_SYSCALL_64_fastpath+0x16/0x76
[   26.085329] INFO: Freed in load_elf_binary+0x2049/0x4b70 age=11 cpu=1 pid=3310
[   26.092646] 	__slab_free+0x18c/0x2b0
[   26.096321] 	kfree+0x24f/0x2d0
[   26.099473] 	load_elf_binary+0x2049/0x4b70
[   26.103667] 	search_binary_handler+0x124/0x610
[   26.108210] 	do_execveat_common.isra.36+0x1370/0x1ef0
[   26.113365] 	SyS_execve+0x35/0x40
[   26.116778] 	return_from_execve+0x0/0x23
[   26.120797] INFO: Slab 0xffffea0002e02900 objects=20 used=7 fp=0xffff8800b80a4660 flags=0x4000000000004080
[   26.130551] INFO: Object 0xffff8800b80a6970 @offset=10608 fp=0x0000000f00000302
[   26.130551] 
[   26.139435] Bytes b4 ffff8800b80a6960: 00 00 00 00 6b 07 00 00 f0 8d ff ff 00 00 00 00  ....k...........
[   26.149012] Object ffff8800b80a6970: 02 03 00 00 0f 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.158415] Object ffff8800b80a6980: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
[   26.167816] Object ffff8800b80a6990: 0a 00 4e 20 00 00 00 00 00 00 00 00 00 00 00 00  ..N ............
[   26.177220] Object ffff8800b80a69a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.186623] Object ffff8800b80a69b0: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
[   26.196037] Object ffff8800b80a69c0: 05 00 05 00 00 00 00 00 0a 00 4e 20 00 00 00 00  ..........N ....
[   26.205439] Object ffff8800b80a69d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.214840] Object ffff8800b80a69e0: 00 00 00 00 00 00 00 00 90 01 00 00 00 00 00 00  ................
[   26.225195] Object ffff8800b80a69f0: 90 01 40 00 00 00 00 00 90 01 40 00 00 00 00 00  ..@.......@.....
[   26.234596] Object ffff8800b80a6a00: 44 00 00 00 00 00 00 00 44 00 00 00 00 00 00 00  D.......D.......
[   26.243996] Object ffff8800b80a6a10: 04 00 00 00 00 00 00 00 07 00 00 00 04 00 00 00  ................
[   26.253397] Object ffff8800b80a6a20: b8 9e 0c 00 00 00 00 00 b8 9e 6c 00 00 00 00 00  ..........l.....
[   26.262799] Object ffff8800b80a6a30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.272201] Object ffff8800b80a6a40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.281600] Object ffff8800b80a6a50: 01 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.291001] Object ffff8800b80a6a60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.300402] Object ffff8800b80a6a70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.309802] Object ffff8800b80a6a80: 10 00 00 00 00 00 00 00 52 e5 74 64 04 00 00 00  ........R.td....
[   26.319205] Object ffff8800b80a6a90: b8 9e 0c 00 00 00 00 00 b8 9e 6c 00 00 00 00 00  ..........l.....
[   26.328606] Object ffff8800b80a6aa0: b8 9e 6c 00 00 00 00 00 48 01 00 00 00 00 00 00  ..l.....H.......
[   26.338007] Object ffff8800b80a6ab0: 48 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00  H...............
[   26.347411] Object ffff8800b80a6ac0: 50 e5 74 64 04 00 00 00 b0 d1 0c 00 00 00 00 00  P.td............
[   26.356813] Object ffff8800b80a6ad0: b0 d1 4c 00 00 00 00 00 b0 d1 4c 00 00 00 00 00  ..L.......L.....
[   26.367435] Object ffff8800b80a6ae0: ac 3c 00 00 00 00 00 00 ac 3c 00 00 00 00 00 00  .<.......<......
[   26.376838] Object ffff8800b80a6af0: 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00  ........Q.td....
[   26.386239] Object ffff8800b80a6b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.395640] Object ffff8800b80a6b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.405042] Object ffff8800b80a6b20: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00  ................
[   26.414449] Object ffff8800b80a6b30: 52 e5 74 64 04 00 00 00 c8 4d 0e 00 00 00 00 00  R.td.....M......
[   26.423863] Object ffff8800b80a6b40: c8 4d 6e 00 00 00 00 00 c8 4d 6e 00 00 00 00 00  .Mn......Mn.....
[   26.433273] Object ffff8800b80a6b50: 38 02 00 00 00 00 00 00 38 02 00 00 00 00 00 00  8.......8.......
[   26.442677] Object ffff8800b80a6b60: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   26.452093] CPU: 1 PID: 3310 Comm: syzkaller154846 Tainted: G    B           4.4.105-ge303a83 #5
[   26.460984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.470302]  0000000000000000 4bb036a223f67d9f ffff8800b8167708 ffffffff81cc9b4f
[   26.478241]  ffff8800b80a4010 ffff8800b80a6970 ffff8800b8167738 ffffffff814d3af4
[   26.486182]  ffff8801da402a00 ffffea0002e02900 ffff8800b80a6970 0000000000000000
[   26.494144] Call Trace:
[   26.496705]  [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf
[   26.501949]  [<ffffffff814d3af4>] print_trailer+0x114/0x1a0
[   26.507618]  [<ffffffff814d945f>] object_err+0x2f/0x40
[   26.512856]  [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530
[   26.519055]  [<ffffffff814daa8d>] ? memcpy+0x1d/0x40
[   26.524130]  [<ffffffff812754e3>] ? rcu_read_lock_sched_held+0x103/0x120
[   26.530930]  [<ffffffff8145cb41>] ? kmalloc_order_trace+0x81/0x1a0
[   26.537208]  [<ffffffff814db760>] kasan_report+0x20/0x30
[   26.543230]  [<ffffffff814da257>] __asan_loadN+0x117/0x180
[   26.548812]  [<ffffffff814daa8d>] memcpy+0x1d/0x40
[   26.553702]  [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80
[   26.559199]  [<ffffffff82dad4d5>] ? __kfree_skb+0x15/0x20
[   26.564697]  [<ffffffff83411347>] ? pfkey_broadcast+0x357/0x540
[   26.570722]  [<ffffffff8340d270>] ? pfkey_delete+0x340/0x340
[   26.576481]  [<ffffffff83410ff0>] ? pfkey_add+0x3d80/0x3d80
[   26.582152]  [<ffffffff82dab582>] ? __skb_clone+0x92/0x7b0
[   26.587735]  [<ffffffff834134bd>] pfkey_process+0x58d/0x900
[   26.593407]  [<ffffffff83412f30>] ? pfkey_send_new_mapping+0x1180/0x1180
[   26.600211]  [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0
[   26.605880]  [<ffffffff83414c90>] ? pfkey_spdget+0x890/0x890
[   26.611649]  [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0
[   26.617060]  [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0
[   26.622815]  [<ffffffff82d95470>] ? copy_msghdr_from_user+0x590/0x590
[   26.629355]  [<ffffffff814e95e7>] ? do_huge_pmd_anonymous_page+0x487/0x980
[   26.636328]  [<ffffffff8374a0bc>] ? _raw_spin_unlock+0x2c/0x50
[   26.642258]  [<ffffffff814e95e7>] ? do_huge_pmd_anonymous_page+0x487/0x980
[   26.649233]  [<ffffffff812752e7>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   26.655947]  [<ffffffff8154faaf>] ? __fget_light+0x12f/0x1b0
[   26.661702]  [<ffffffff8154fb3e>] ? __fdget+0xe/0x10
[   26.666762]  [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160
[   26.672348]  [<ffffffff82d977a0>] ? SyS_shutdown+0x190/0x190
[   26.678106]  [<ffffffff810d7bb0>] ? __do_page_fault+0x2f0/0x910
[   26.684557]  [<ffffffff81003017>] ? trace_hardirqs_on_thunk+0x17/0x19
[   26.691095]  [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20
[   26.696337]  [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
[   26.702874] Memory state around the buggy address:
[   26.707761]  ffff8800b80a6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.715079]  ffff8800b80a6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.722396] >ffff8800b80a6b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[   26.729713]