==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:317 at addr ffff8801d7a68678
Read of size 8192 by task syz-executor4/3850
=============================================================================
BUG kmalloc-512 (Not tainted): kasan: bad access detected
-----------------------------------------------------------------------------

netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
INFO: Allocated in __alloc_skb+0xf5/0x610 net/core/skbuff.c:230 age=0 cpu=0 pid=3850
	___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504
netlink: 3 bytes leftover after parsing attributes in process `syz-executor5'.
binder: 3876:3877 ioctl 40046205 d3 returned -22
binder: 3876:3877 not enough space to store 3 fds in buffer
binder: 3876:3877 transaction failed 29201/-22, size 72-32 line 3273
	slab_alloc_node mm/slub.c:2567 [inline]
	slab_alloc mm/slub.c:2609 [inline]
	__kmalloc_track_caller+0x19c/0x2b0 mm/slub.c:4118
	__kmalloc_reserve.isra.33+0x28/0xa0 net/core/skbuff.c:137
	__alloc_skb+0xf5/0x610 net/core/skbuff.c:230
binder: 3876:3879 ioctl 40046205 d3 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3876:3879 ioctl 40046207 0 returned -16
binder_alloc: 3876: binder_alloc_buf, no vma
binder: 3876:3878 transaction failed 29189/-3, size 72-32 line 3131
	alloc_skb include/linux/skbuff.h:815 [inline]
	pfkey_sendmsg+0x10f/0x6c0 net/key/af_key.c:3657
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075 age=1 cpu=1 pid=3855
	__slab_free+0x18c/0x2b0 mm/slub.c:2685
	slab_free mm/slub.c:2840 [inline]
	kfree+0x24f/0x2d0 mm/slub.c:3714
	load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075
	search_binary_handler+0x124/0x610 fs/exec.c:1471
	exec_binprm fs/exec.c:1513 [inline]
	do_execveat_common.isra.36+0x1370/0x1ef0 fs/exec.c:1635
	do_execve+0x27/0x30 fs/exec.c:1679
	call_usermodehelper_exec_async+0x288/0x4b0 kernel/kmod.c:252
	ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
INFO: Slab 0xffffea00075e9a00 objects=20 used=13 fp=0xffff8801d7a6a310 flags=0x8000000000004080
INFO: Object 0xffff8801d7a68660 @offset=1632 fp=0x0000000f03000202

Bytes b4 ffff8801d7a68650: 00 00 00 00 9a 07 00 00 f9 84 00 00 01 00 00 00  ................
Object ffff8801d7a68660: 02 02 00 03 0f 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a68670: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
Object ffff8801d7a68680: 0a 00 4e 30 00 00 00 00 00 00 00 00 00 00 00 00  ..N0............
Object ffff8801d7a68690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a686a0: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
Object ffff8801d7a686b0: 05 00 05 00 00 00 00 00 0a 00 4e 30 00 00 00 00  ..........N0....
Object ffff8801d7a686c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a686d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a686e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a686f0: 5c 36 01 00 00 00 00 00 5c 36 01 00 00 00 00 00  \6......\6......
Object ffff8801d7a68700: 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00  .. .............
Object ffff8801d7a68710: 30 42 01 00 00 00 00 00 30 42 21 00 00 00 00 00  0B......0B!.....
Object ffff8801d7a68720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a68730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a68740: 01 00 00 00 06 00 00 00 50 4d 01 00 00 00 00 00  ........PM......
Object ffff8801d7a68750: 50 4d 21 00 00 00 00 00 50 4d 21 00 00 00 00 00  PM!.....PM!.....
Object ffff8801d7a68760: f0 01 00 00 00 00 00 00 f0 01 00 00 00 00 00 00  ................
Object ffff8801d7a68770: 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00  ................
Object ffff8801d7a68780: 54 02 00 00 00 00 00 00 54 02 00 00 00 00 00 00  T.......T.......
Object ffff8801d7a68790: 54 02 00 00 00 00 00 00 44 00 00 00 00 00 00 00  T.......D.......
Object ffff8801d7a687a0: 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  D...............
Object ffff8801d7a687b0: 50 e5 74 64 04 00 00 00 b4 22 01 00 00 00 00 00  P.td....."......
Object ffff8801d7a687c0: b4 22 01 00 00 00 00 00 b4 22 01 00 00 00 00 00  ."......."......
Object ffff8801d7a687d0: 74 02 00 00 00 00 00 00 74 02 00 00 00 00 00 00  t.......t.......
Object ffff8801d7a687e0: 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00  ........Q.td....
Object ffff8801d7a687f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a68800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a68810: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00  ................
Object ffff8801d7a68820: 52 e5 74 64 04 00 00 00 30 42 01 00 00 00 00 00  R.td....0B......
Object ffff8801d7a68830: 30 42 21 00 00 00 00 00 30 42 21 00 00 00 00 00  0B!.....0B!.....
Object ffff8801d7a68840: d0 0d 00 00 00 00 00 00 d0 0d 00 00 00 00 00 00  ................
Object ffff8801d7a68850: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 0 PID: 3850 Comm: syz-executor4 Tainted: G    B           4.4.105-ge303a83 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 0902f8222084cc01 ffff8801da62f708 ffffffff81cc9b4f
 ffff8801d7a68010 ffff8801d7a68660 ffff8801da62f738 ffffffff814d3af4
 ffff8801da402a00 ffffea00075e9a00 ffff8801d7a68660 0000000000000000
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 mm/slub.c:682
 [<ffffffff814d945f>] object_err+0x2f/0x40 mm/slub.c:689
 [<ffffffff814db1f7>] print_address_description mm/kasan/report.c:139 [inline]
 [<ffffffff814db1f7>] kasan_report_error mm/kasan/report.c:237 [inline]
 [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262
 [<ffffffff814db760>] kasan_report+0x20/0x30 mm/kasan/report.c:249
 [<ffffffff814da257>] check_memory_region mm/kasan/kasan.c:284 [inline]
 [<ffffffff814da257>] __asan_loadN+0x117/0x180 mm/kasan/kasan.c:532
 [<ffffffff814daa8d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:317
 [<ffffffff8340e624>] pfkey_msg2xfrm_state net/key/af_key.c:1219 [inline]
 [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80 net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d7a68700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d7a68780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d7a68800: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
                                                       ^
 ffff8801d7a68880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d7a68900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
binder: 3918:3919 ioctl 40046205 d3 returned -22
device lo entered promiscuous mode
device lo left promiscuous mode
binder: 3918:3919 not enough space to store 3 fds in buffer
binder: 3918:3919 transaction failed 29201/-22, size 72-32 line 3273
device lo entered promiscuous mode
device lo left promiscuous mode
binder: 3918:3938 ioctl 40046205 d3 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 3918:3938 ioctl 40046207 0 returned -16
binder_alloc: 3918: binder_alloc_buf, no vma
binder: 3918:3935 transaction failed 29189/-3, size 72-32 line 3131
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:317 at addr ffff8801d7a6b648
device lo entered promiscuous mode
device lo left promiscuous mode
Read of size 8192 by task syz-executor4/3965
=============================================================================
BUG kmalloc-512 (Tainted: G    B          ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Allocated in __alloc_skb+0xf5/0x610 net/core/skbuff.c:230 age=0 cpu=0 pid=3965
device lo entered promiscuous mode
device lo left promiscuous mode
	___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504
	slab_alloc_node mm/slub.c:2567 [inline]
	slab_alloc mm/slub.c:2609 [inline]
	__kmalloc_track_caller+0x19c/0x2b0 mm/slub.c:4118
	__kmalloc_reserve.isra.33+0x28/0xa0 net/core/skbuff.c:137
	__alloc_skb+0xf5/0x610 net/core/skbuff.c:230
	alloc_skb include/linux/skbuff.h:815 [inline]
	pfkey_sendmsg+0x10f/0x6c0 net/key/af_key.c:3657
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075 age=0 cpu=0 pid=3967
	__slab_free+0x18c/0x2b0 mm/slub.c:2685
	slab_free mm/slub.c:2840 [inline]
	kfree+0x24f/0x2d0 mm/slub.c:3714
	load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075
	search_binary_handler+0x124/0x610 fs/exec.c:1471
	exec_binprm fs/exec.c:1513 [inline]
	do_execveat_common.isra.36+0x1370/0x1ef0 fs/exec.c:1635
	do_execve+0x27/0x30 fs/exec.c:1679
	call_usermodehelper_exec_async+0x288/0x4b0 kernel/kmod.c:252
	ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
INFO: Slab 0xffffea00075e9a00 objects=20 used=16 fp=0xffff8801d7a68660 flags=0x8000000000004080
INFO: Object 0xffff8801d7a6b630 @offset=13872 fp=0x0000000f03000202

Bytes b4 ffff8801d7a6b620: 01 00 00 00 6e 0f 00 00 4f 8b 00 00 01 00 00 00  ....n...O.......
Object ffff8801d7a6b630: 02 02 00 03 0f 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b640: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
Object ffff8801d7a6b650: 0a 00 4e 30 00 00 00 00 00 00 00 00 00 00 00 00  ..N0............
Object ffff8801d7a6b660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b670: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
Object ffff8801d7a6b680: 05 00 05 00 00 00 00 00 0a 00 4e 30 00 00 00 00  ..........N0....
Object ffff8801d7a6b690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b6a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b6c0: 5c 36 01 00 00 00 00 00 5c 36 01 00 00 00 00 00  \6......\6......
Object ffff8801d7a6b6d0: 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00  .. .............
Object ffff8801d7a6b6e0: 30 42 01 00 00 00 00 00 30 42 21 00 00 00 00 00  0B......0B!.....
Object ffff8801d7a6b6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b710: 01 00 00 00 06 00 00 00 50 4d 01 00 00 00 00 00  ........PM......
Object ffff8801d7a6b720: 50 4d 21 00 00 00 00 00 50 4d 21 00 00 00 00 00  PM!.....PM!.....
Object ffff8801d7a6b730: f0 01 00 00 00 00 00 00 f0 01 00 00 00 00 00 00  ................
Object ffff8801d7a6b740: 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00  ................
Object ffff8801d7a6b750: 54 02 00 00 00 00 00 00 54 02 00 00 00 00 00 00  T.......T.......
Object ffff8801d7a6b760: 54 02 00 00 00 00 00 00 44 00 00 00 00 00 00 00  T.......D.......
Object ffff8801d7a6b770: 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  D...............
Object ffff8801d7a6b780: 50 e5 74 64 04 00 00 00 b4 22 01 00 00 00 00 00  P.td....."......
Object ffff8801d7a6b790: b4 22 01 00 00 00 00 00 b4 22 01 00 00 00 00 00  ."......."......
Object ffff8801d7a6b7a0: 74 02 00 00 00 00 00 00 74 02 00 00 00 00 00 00  t.......t.......
Object ffff8801d7a6b7b0: 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00  ........Q.td....
Object ffff8801d7a6b7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b7d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b7e0: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00  ................
Object ffff8801d7a6b7f0: 52 e5 74 64 04 00 00 00 30 42 01 00 00 00 00 00  R.td....0B......
Object ffff8801d7a6b800: 30 42 21 00 00 00 00 00 30 42 21 00 00 00 00 00  0B!.....0B!.....
Object ffff8801d7a6b810: d0 0d 00 00 00 00 00 00 d0 0d 00 00 00 00 00 00  ................
Object ffff8801d7a6b820: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 0 PID: 3965 Comm: syz-executor4 Tainted: G    B           4.4.105-ge303a83 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 1d211ea8b91fdf02 ffff8801d7b0f708 ffffffff81cc9b4f
 ffff8801d7a68010 ffff8801d7a6b630 ffff8801d7b0f738 ffffffff814d3af4
 ffff8801da402a00 ffffea00075e9a00 ffff8801d7a6b630 0000000000000000
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 mm/slub.c:682
 [<ffffffff814d945f>] object_err+0x2f/0x40 mm/slub.c:689
 [<ffffffff814db1f7>] print_address_description mm/kasan/report.c:139 [inline]
 [<ffffffff814db1f7>] kasan_report_error mm/kasan/report.c:237 [inline]
 [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262
 [<ffffffff814db760>] kasan_report+0x20/0x30 mm/kasan/report.c:249
 [<ffffffff814da257>] check_memory_region mm/kasan/kasan.c:284 [inline]
 [<ffffffff814da257>] __asan_loadN+0x117/0x180 mm/kasan/kasan.c:532
 [<ffffffff814daa8d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:317
 [<ffffffff8340e624>] pfkey_msg2xfrm_state net/key/af_key.c:1219 [inline]
 [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80 net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d7a6b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d7a6b780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d7a6b800: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
                                     ^
 ffff8801d7a6b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d7a6b900: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
==================================================================
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:317 at addr ffff8801d7a69668
Read of size 8192 by task syz-executor1/4170
=============================================================================
BUG kmalloc-512 (Tainted: G    B          ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Allocated in __alloc_skb+0xf5/0x610 net/core/skbuff.c:230 age=5 cpu=0 pid=4170
	___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504
	slab_alloc_node mm/slub.c:2567 [inline]
	slab_alloc mm/slub.c:2609 [inline]
	__kmalloc_track_caller+0x19c/0x2b0 mm/slub.c:4118
	__kmalloc_reserve.isra.33+0x28/0xa0 net/core/skbuff.c:137
	__alloc_skb+0xf5/0x610 net/core/skbuff.c:230
	alloc_skb include/linux/skbuff.h:815 [inline]
	pfkey_sendmsg+0x10f/0x6c0 net/key/af_key.c:3657
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075 age=10 cpu=1 pid=4188
	__slab_free+0x18c/0x2b0 mm/slub.c:2685
	slab_free mm/slub.c:2840 [inline]
	kfree+0x24f/0x2d0 mm/slub.c:3714
	load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075
	search_binary_handler+0x124/0x610 fs/exec.c:1471
	exec_binprm fs/exec.c:1513 [inline]
	do_execveat_common.isra.36+0x1370/0x1ef0 fs/exec.c:1635
binder: 4206:4207 ioctl 40046205 d3 returned -22
binder: 4206:4207 not enough space to store 3 fds in buffer
binder: 4206:4207 transaction failed 29201/-22, size 72-32 line 3273
	do_execve+0x27/0x30 fs/exec.c:1679
	call_usermodehelper_exec_async+0x288/0x4b0 kernel/kmod.c:252
	ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
INFO: Slab 0xffffea00075e9a00 objects=20 used=14 fp=0xffff8801d7a69320 flags=0x8000000000004080
binder: 4206:4209 ioctl 40046205 d3 returned -22
binder: BINDER_SET_CONTEXT_MGR already set
binder: 4206:4209 ioctl 40046207 0 returned -16
binder_alloc: 4206: binder_alloc_buf, no vma
binder: 4206:4209 transaction failed 29189/-3, size 72-32 line 3131
INFO: Object 0xffff8801d7a69650 @offset=5712 fp=0x0000000f03000202

Bytes b4 ffff8801d7a69640: 01 00 00 00 65 10 00 00 44 8c 00 00 01 00 00 00  ....e...D.......
Object ffff8801d7a69650: 02 02 00 03 0f 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69660: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
Object ffff8801d7a69670: 0a 00 4e 24 00 00 00 00 00 00 00 00 00 00 00 00  ..N$............
Object ffff8801d7a69680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69690: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
Object ffff8801d7a696a0: 05 00 05 00 00 00 00 00 0a 00 4e 24 00 00 00 00  ..........N$....
Object ffff8801d7a696b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a696c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a696d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a696e0: 5c 36 01 00 00 00 00 00 5c 36 01 00 00 00 00 00  \6......\6......
Object ffff8801d7a696f0: 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00  .. .............
Object ffff8801d7a69700: 30 42 01 00 00 00 00 00 30 42 21 00 00 00 00 00  0B......0B!.....
Object ffff8801d7a69710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69730: 01 00 00 00 06 00 00 00 50 4d 01 00 00 00 00 00  ........PM......
Object ffff8801d7a69740: 50 4d 21 00 00 00 00 00 50 4d 21 00 00 00 00 00  PM!.....PM!.....
Object ffff8801d7a69750: f0 01 00 00 00 00 00 00 f0 01 00 00 00 00 00 00  ................
Object ffff8801d7a69760: 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00  ................
Object ffff8801d7a69770: 54 02 00 00 00 00 00 00 54 02 00 00 00 00 00 00  T.......T.......
Object ffff8801d7a69780: 54 02 00 00 00 00 00 00 44 00 00 00 00 00 00 00  T.......D.......
Object ffff8801d7a69790: 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  D...............
Object ffff8801d7a697a0: 50 e5 74 64 04 00 00 00 b4 22 01 00 00 00 00 00  P.td....."......
Object ffff8801d7a697b0: b4 22 01 00 00 00 00 00 b4 22 01 00 00 00 00 00  ."......."......
Object ffff8801d7a697c0: 74 02 00 00 00 00 00 00 74 02 00 00 00 00 00 00  t.......t.......
Object ffff8801d7a697d0: 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00  ........Q.td....
Object ffff8801d7a697e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a697f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69800: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00  ................
Object ffff8801d7a69810: 52 e5 74 64 04 00 00 00 30 42 01 00 00 00 00 00  R.td....0B......
Object ffff8801d7a69820: 30 42 21 00 00 00 00 00 30 42 21 00 00 00 00 00  0B!.....0B!.....
Object ffff8801d7a69830: d0 0d 00 00 00 00 00 00 d0 0d 00 00 00 00 00 00  ................
Object ffff8801d7a69840: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 0 PID: 4170 Comm: syz-executor1 Tainted: G    B           4.4.105-ge303a83 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 3d1d3a2ccd5b47fc ffff8801d3117708 ffffffff81cc9b4f
 ffff8801d7a68010 ffff8801d7a69650 ffff8801d3117738 ffffffff814d3af4
 ffff8801da402a00 ffffea00075e9a00 ffff8801d7a69650 0000000000000000
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 mm/slub.c:682
 [<ffffffff814d945f>] object_err+0x2f/0x40 mm/slub.c:689
 [<ffffffff814db1f7>] print_address_description mm/kasan/report.c:139 [inline]
 [<ffffffff814db1f7>] kasan_report_error mm/kasan/report.c:237 [inline]
 [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262
 [<ffffffff814db760>] kasan_report+0x20/0x30 mm/kasan/report.c:249
 [<ffffffff814da257>] check_memory_region mm/kasan/kasan.c:284 [inline]
 [<ffffffff814da257>] __asan_loadN+0x117/0x180 mm/kasan/kasan.c:532
 [<ffffffff814daa8d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:317
 [<ffffffff8340e624>] pfkey_msg2xfrm_state net/key/af_key.c:1219 [inline]
 [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80 net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d7a69700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d7a69780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d7a69800: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
                                                 ^
 ffff8801d7a69880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d7a69900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
binder: 4359:4361 ioctl 40046205 d3 returned -22
binder: 4359:4361 transaction failed 29189/-22, size 72-32 line 3008
binder: 4359:4368 ioctl 40046205 d3 returned -22
binder: 4359:4368 transaction failed 29189/-22, size 72-32 line 3008
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:317 at addr ffff8801d3ffa328
Read of size 8192 by task syz-executor5/4371
=============================================================================
BUG kmalloc-512 (Tainted: G    B          ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Allocated in __alloc_skb+0xf5/0x610 net/core/skbuff.c:230 age=0 cpu=1 pid=4371
	___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504
	slab_alloc_node mm/slub.c:2567 [inline]
	slab_alloc mm/slub.c:2609 [inline]
	__kmalloc_track_caller+0x19c/0x2b0 mm/slub.c:4118
	__kmalloc_reserve.isra.33+0x28/0xa0 net/core/skbuff.c:137
	__alloc_skb+0xf5/0x610 net/core/skbuff.c:230
	alloc_skb include/linux/skbuff.h:815 [inline]
	pfkey_sendmsg+0x10f/0x6c0 net/key/af_key.c:3657
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in load_elf_binary+0x203d/0x4b70 fs/binfmt_elf.c:1074 age=1 cpu=1 pid=4372
	__slab_free+0x18c/0x2b0 mm/slub.c:2685
	slab_free mm/slub.c:2840 [inline]
	kfree+0x24f/0x2d0 mm/slub.c:3714
	load_elf_binary+0x203d/0x4b70 fs/binfmt_elf.c:1074
	search_binary_handler+0x124/0x610 fs/exec.c:1471
	exec_binprm fs/exec.c:1513 [inline]
	do_execveat_common.isra.36+0x1370/0x1ef0 fs/exec.c:1635
	do_execve+0x27/0x30 fs/exec.c:1679
	call_usermodehelper_exec_async+0x288/0x4b0 kernel/kmod.c:252
	ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
INFO: Slab 0xffffea00074ffe00 objects=20 used=19 fp=0xffff8801d3ff9fe0 flags=0x8000000000004080
INFO: Object 0xffff8801d3ffa310 @offset=8976 fp=0x0000000f03000202

Bytes b4 ffff8801d3ffa300: 01 00 00 00 15 11 00 00 07 8d 00 00 01 00 00 00  ................
Object ffff8801d3ffa310: 02 02 00 03 0f 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa320: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
Object ffff8801d3ffa330: 0a 00 4e 34 00 00 00 00 00 00 00 00 00 00 00 00  ..N4............
Object ffff8801d3ffa340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa350: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
Object ffff8801d3ffa360: 05 00 05 00 00 00 00 00 0a 00 4e 34 00 00 00 00  ..........N4....
Object ffff8801d3ffa370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa380: 00 00 00 00 00 00 00 00 30 fe 01 00 00 00 00 00  ........0.......
Object ffff8801d3ffa390: 30 fe 21 00 00 00 00 00 30 fe 21 00 00 00 00 00  0.!.....0.!.....
Object ffff8801d3ffa3a0: 90 01 00 00 00 00 00 00 90 01 00 00 00 00 00 00  ................
Object ffff8801d3ffa3b0: 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00  ................
Object ffff8801d3ffa3c0: c8 01 00 00 00 00 00 00 c8 01 00 00 00 00 00 00  ................
Object ffff8801d3ffa3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa3f0: 01 00 00 00 04 00 00 00 80 d1 01 00 00 00 00 00  ................
Object ffff8801d3ffa400: 80 d1 01 00 00 00 00 00 80 d1 01 00 00 00 00 00  ................
Object ffff8801d3ffa410: 44 06 00 00 00 00 00 00 44 06 00 00 00 00 00 00  D.......D.......
Object ffff8801d3ffa420: 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00  ........Q.td....
Object ffff8801d3ffa430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa450: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa460: 52 e5 74 64 04 00 00 00 a8 fb 01 00 00 00 00 00  R.td............
Object ffff8801d3ffa470: a8 fb 21 00 00 00 00 00 a8 fb 21 00 00 00 00 00  ..!.......!.....
Object ffff8801d3ffa480: 58 04 00 00 00 00 00 00 58 04 00 00 00 00 00 00  X.......X.......
Object ffff8801d3ffa490: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa4a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa4b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa4c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa4d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa4e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa4f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d3ffa500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 1 PID: 4371 Comm: syz-executor5 Tainted: G    B           4.4.105-ge303a83 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 96925e5642ca12ab ffff8800b6a37708 ffffffff81cc9b4f
 ffff8801d3ff8010 ffff8801d3ffa310 ffff8800b6a37738 ffffffff814d3af4
 ffff8801da402a00 ffffea00074ffe00 ffff8801d3ffa310 0000000000000000
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 mm/slub.c:682
 [<ffffffff814d945f>] object_err+0x2f/0x40 mm/slub.c:689
 [<ffffffff814db1f7>] print_address_description mm/kasan/report.c:139 [inline]
 [<ffffffff814db1f7>] kasan_report_error mm/kasan/report.c:237 [inline]
 [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262
 [<ffffffff814db760>] kasan_report+0x20/0x30 mm/kasan/report.c:249
 [<ffffffff814da257>] check_memory_region mm/kasan/kasan.c:284 [inline]
 [<ffffffff814da257>] __asan_loadN+0x117/0x180 mm/kasan/kasan.c:532
 [<ffffffff814daa8d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:317
 [<ffffffff8340e624>] pfkey_msg2xfrm_state net/key/af_key.c:1219 [inline]
 [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80 net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d3ffa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d3ffa480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d3ffa500: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                         ^
 ffff8801d3ffa580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d3ffa600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:317 at addr ffff8801d7a69cc8
Read of size 8192 by task syz-executor5/4378
=============================================================================
BUG kmalloc-512 (Tainted: G    B          ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Allocated in __alloc_skb+0xf5/0x610 net/core/skbuff.c:230 age=0 cpu=1 pid=4378
	___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504
	slab_alloc_node mm/slub.c:2567 [inline]
	slab_alloc mm/slub.c:2609 [inline]
	__kmalloc_track_caller+0x19c/0x2b0 mm/slub.c:4118
	__kmalloc_reserve.isra.33+0x28/0xa0 net/core/skbuff.c:137
	__alloc_skb+0xf5/0x610 net/core/skbuff.c:230
	alloc_skb include/linux/skbuff.h:815 [inline]
	pfkey_sendmsg+0x10f/0x6c0 net/key/af_key.c:3657
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in crypto_larval_destroy+0xb5/0x130 crypto/api.c:106 age=0 cpu=1 pid=4376
	__slab_free+0x18c/0x2b0 mm/slub.c:2685
	slab_free mm/slub.c:2840 [inline]
	kfree+0x24f/0x2d0 mm/slub.c:3714
	crypto_larval_destroy+0xb5/0x130 crypto/api.c:106
	crypto_alg_put+0x3e/0x50 crypto/internal.h:116
	cryptomgr_probe+0x198/0x220 crypto/algboss.c:90
	kthread+0x245/0x310 kernel/kthread.c:211
	ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
INFO: Slab 0xffffea00075e9a00 objects=20 used=11 fp=0xffff8801d7a6a310 flags=0x8000000000004080
INFO: Object 0xffff8801d7a69cb0 @offset=7344 fp=0x0000000f03000202

Bytes b4 ffff8801d7a69ca0: 00 00 00 00 ad 76 00 00 84 bd ff ff 00 00 00 00  .....v..........
Object ffff8801d7a69cb0: 02 02 00 03 0f 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69cc0: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
Object ffff8801d7a69cd0: 0a 00 4e 34 00 00 00 00 00 00 00 00 00 00 00 00  ..N4............
Object ffff8801d7a69ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69cf0: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
Object ffff8801d7a69d00: 05 00 05 00 00 00 00 00 0a 00 4e 34 00 00 00 00  ..........N4....
Object ffff8801d7a69d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d90: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69db0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69dc0: 80 57 b9 81 ff ff ff ff 00 00 00 00 00 00 00 00  .W..............
Object ffff8801d7a69dd0: d8 89 a6 d7 01 88 ff ff fc ff ff ff 00 00 00 00  ................
Object ffff8801d7a69de0: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
Object ffff8801d7a69df0: ff ff ff ff ff ff ff ff 20 c2 72 85 ff ff ff ff  ........ .r.....
Object ffff8801d7a69e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e10: c0 a6 9d 83 ff ff ff ff 18 9e a6 d7 01 88 ff ff  ................
Object ffff8801d7a69e20: 18 9e a6 d7 01 88 ff ff 0f 24 00 00 00 00 00 00  .........$......
Object ffff8801d7a69e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 1 PID: 4378 Comm: syz-executor5 Tainted: G    B           4.4.105-ge303a83 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 a64c6a4ae047205e ffff8800b86bf708 ffffffff81cc9b4f
 ffff8801d7a68010 ffff8801d7a69cb0 ffff8800b86bf738 ffffffff814d3af4
 ffff8801da402a00 ffffea00075e9a00 ffff8801d7a69cb0 0000000000000000
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 mm/slub.c:682
 [<ffffffff814d945f>] object_err+0x2f/0x40 mm/slub.c:689
 [<ffffffff814db1f7>] print_address_description mm/kasan/report.c:139 [inline]
 [<ffffffff814db1f7>] kasan_report_error mm/kasan/report.c:237 [inline]
 [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262
 [<ffffffff814db760>] kasan_report+0x20/0x30 mm/kasan/report.c:249
 [<ffffffff814da257>] check_memory_region mm/kasan/kasan.c:284 [inline]
 [<ffffffff814da257>] __asan_loadN+0x117/0x180 mm/kasan/kasan.c:532
 [<ffffffff814daa8d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:317
 [<ffffffff8340e624>] pfkey_msg2xfrm_state net/key/af_key.c:1219 [inline]
 [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80 net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d7a69d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d7a69e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d7a69e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
                                     ^
 ffff8801d7a69f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d7a69f80: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
==================================================================
device lo entered promiscuous mode
device lo left promiscuous mode
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:317 at addr ffff8801d7a69cc8
Read of size 8192 by task syz-executor1/4425
=============================================================================
BUG kmalloc-512 (Tainted: G    B          ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Allocated in __alloc_skb+0xf5/0x610 net/core/skbuff.c:230 age=0 cpu=1 pid=4425
	___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504
	slab_alloc_node mm/slub.c:2567 [inline]
	slab_alloc mm/slub.c:2609 [inline]
	__kmalloc_track_caller+0x19c/0x2b0 mm/slub.c:4118
	__kmalloc_reserve.isra.33+0x28/0xa0 net/core/skbuff.c:137
	__alloc_skb+0xf5/0x610 net/core/skbuff.c:230
	alloc_skb include/linux/skbuff.h:815 [inline]
	pfkey_sendmsg+0x10f/0x6c0 net/key/af_key.c:3657
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075 age=1 cpu=1 pid=4427
	__slab_free+0x18c/0x2b0 mm/slub.c:2685
	slab_free mm/slub.c:2840 [inline]
	kfree+0x24f/0x2d0 mm/slub.c:3714
	load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075
	search_binary_handler+0x124/0x610 fs/exec.c:1471
	exec_binprm fs/exec.c:1513 [inline]
	do_execveat_common.isra.36+0x1370/0x1ef0 fs/exec.c:1635
	do_execve+0x27/0x30 fs/exec.c:1679
	call_usermodehelper_exec_async+0x288/0x4b0 kernel/kmod.c:252
	ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
INFO: Slab 0xffffea00075e9a00 objects=20 used=13 fp=0xffff8801d7a6a640 flags=0x8000000000004080
INFO: Object 0xffff8801d7a69cb0 @offset=7344 fp=0x0000000f03000202

Bytes b4 ffff8801d7a69ca0: 00 00 00 00 ad 76 00 00 84 bd ff ff 00 00 00 00  .....v..........
Object ffff8801d7a69cb0: 02 02 00 03 0f 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69cc0: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
Object ffff8801d7a69cd0: 0a 00 4e 24 00 00 00 00 00 00 00 00 00 00 00 00  ..N$............
Object ffff8801d7a69ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69cf0: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
Object ffff8801d7a69d00: 05 00 05 00 00 00 00 00 0a 00 4e 24 00 00 00 00  ..........N$....
Object ffff8801d7a69d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d40: 5c 36 01 00 00 00 00 00 5c 36 01 00 00 00 00 00  \6......\6......
Object ffff8801d7a69d50: 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00  .. .............
Object ffff8801d7a69d60: 30 42 01 00 00 00 00 00 30 42 21 00 00 00 00 00  0B......0B!.....
Object ffff8801d7a69d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d90: 01 00 00 00 06 00 00 00 50 4d 01 00 00 00 00 00  ........PM......
Object ffff8801d7a69da0: 50 4d 21 00 00 00 00 00 50 4d 21 00 00 00 00 00  PM!.....PM!.....
Object ffff8801d7a69db0: f0 01 00 00 00 00 00 00 f0 01 00 00 00 00 00 00  ................
Object ffff8801d7a69dc0: 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00  ................
Object ffff8801d7a69dd0: 54 02 00 00 00 00 00 00 54 02 00 00 00 00 00 00  T.......T.......
Object ffff8801d7a69de0: 54 02 00 00 00 00 00 00 44 00 00 00 00 00 00 00  T.......D.......
Object ffff8801d7a69df0: 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  D...............
Object ffff8801d7a69e00: 50 e5 74 64 04 00 00 00 b4 22 01 00 00 00 00 00  P.td....."......
Object ffff8801d7a69e10: b4 22 01 00 00 00 00 00 b4 22 01 00 00 00 00 00  ."......."......
Object ffff8801d7a69e20: 74 02 00 00 00 00 00 00 74 02 00 00 00 00 00 00  t.......t.......
Object ffff8801d7a69e30: 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00  ........Q.td....
Object ffff8801d7a69e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e60: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e70: 52 e5 74 64 04 00 00 00 30 42 01 00 00 00 00 00  R.td....0B......
Object ffff8801d7a69e80: 30 42 21 00 00 00 00 00 30 42 21 00 00 00 00 00  0B!.....0B!.....
Object ffff8801d7a69e90: d0 0d 00 00 00 00 00 00 d0 0d 00 00 00 00 00 00  ................
Object ffff8801d7a69ea0: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 1 PID: 4425 Comm: syz-executor1 Tainted: G    B           4.4.105-ge303a83 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 514e43e454c20a51 ffff8801d796f708 ffffffff81cc9b4f
 ffff8801d7a68010 ffff8801d7a69cb0 ffff8801d796f738 ffffffff814d3af4
 ffff8801da402a00 ffffea00075e9a00 ffff8801d7a69cb0 0000000000000000
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 mm/slub.c:682
 [<ffffffff814d945f>] object_err+0x2f/0x40 mm/slub.c:689
 [<ffffffff814db1f7>] print_address_description mm/kasan/report.c:139 [inline]
 [<ffffffff814db1f7>] kasan_report_error mm/kasan/report.c:237 [inline]
 [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262
 [<ffffffff814db760>] kasan_report+0x20/0x30 mm/kasan/report.c:249
 [<ffffffff814da257>] check_memory_region mm/kasan/kasan.c:284 [inline]
 [<ffffffff814da257>] __asan_loadN+0x117/0x180 mm/kasan/kasan.c:532
 [<ffffffff814daa8d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:317
 [<ffffffff8340e624>] pfkey_msg2xfrm_state net/key/af_key.c:1219 [inline]
 [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80 net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d7a69d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d7a69e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d7a69e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
                                     ^
 ffff8801d7a69f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d7a69f80: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:317 at addr ffff8801d7a69cc8
Read of size 8192 by task syz-executor1/4428
=============================================================================
BUG kmalloc-512 (Tainted: G    B          ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Allocated in __alloc_skb+0xf5/0x610 net/core/skbuff.c:230 age=0 cpu=1 pid=4428
	___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504
	slab_alloc_node mm/slub.c:2567 [inline]
	slab_alloc mm/slub.c:2609 [inline]
	__kmalloc_track_caller+0x19c/0x2b0 mm/slub.c:4118
	__kmalloc_reserve.isra.33+0x28/0xa0 net/core/skbuff.c:137
	__alloc_skb+0xf5/0x610 net/core/skbuff.c:230
	alloc_skb include/linux/skbuff.h:815 [inline]
	pfkey_sendmsg+0x10f/0x6c0 net/key/af_key.c:3657
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in skb_free_head net/core/skbuff.c:571 [inline] age=0 cpu=1 pid=4425
INFO: Freed in skb_release_data+0x2aa/0x380 net/core/skbuff.c:602 age=0 cpu=1 pid=4425
	__slab_free+0x18c/0x2b0 mm/slub.c:2685
	slab_free mm/slub.c:2840 [inline]
	kfree+0x24f/0x2d0 mm/slub.c:3714
	skb_free_head net/core/skbuff.c:571 [inline]
	skb_release_data+0x2aa/0x380 net/core/skbuff.c:602
	skb_release_all+0x3d/0x50 net/core/skbuff.c:661
	__kfree_skb+0xd/0x20 net/core/skbuff.c:675
	kfree_skb+0xdd/0x350 net/core/skbuff.c:696
	pfkey_sendmsg+0x55c/0x6c0 net/key/af_key.c:3676
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Slab 0xffffea00075e9a00 objects=20 used=14 fp=0xffff8801d7a6a310 flags=0x8000000000004080
INFO: Object 0xffff8801d7a69cb0 @offset=7344 fp=0x0000000f03000202

Bytes b4 ffff8801d7a69ca0: 00 00 00 00 ad 76 00 00 84 bd ff ff 00 00 00 00  .....v..........
Object ffff8801d7a69cb0: 02 02 00 03 0f 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69cc0: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
Object ffff8801d7a69cd0: 0a 00 4e 24 00 00 00 00 00 00 00 00 00 00 00 00  ..N$............
Object ffff8801d7a69ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69cf0: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
Object ffff8801d7a69d00: 05 00 05 00 00 00 00 00 0a 00 4e 24 00 00 00 00  ..........N$....
Object ffff8801d7a69d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d40: 5c 36 01 00 00 00 00 00 5c 36 01 00 00 00 00 00  \6......\6......
Object ffff8801d7a69d50: 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00  .. .............
Object ffff8801d7a69d60: 30 42 01 00 00 00 00 00 30 42 21 00 00 00 00 00  0B......0B!.....
Object ffff8801d7a69d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69d90: 01 00 00 00 06 00 00 00 50 4d 01 00 00 00 00 00  ........PM......
Object ffff8801d7a69da0: 50 4d 21 00 00 00 00 00 50 4d 21 00 00 00 00 00  PM!.....PM!.....
Object ffff8801d7a69db0: f0 01 00 00 00 00 00 00 f0 01 00 00 00 00 00 00  ................
Object ffff8801d7a69dc0: 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00  ................
Object ffff8801d7a69dd0: 54 02 00 00 00 00 00 00 54 02 00 00 00 00 00 00  T.......T.......
Object ffff8801d7a69de0: 54 02 00 00 00 00 00 00 44 00 00 00 00 00 00 00  T.......D.......
Object ffff8801d7a69df0: 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  D...............
Object ffff8801d7a69e00: 50 e5 74 64 04 00 00 00 b4 22 01 00 00 00 00 00  P.td....."......
Object ffff8801d7a69e10: b4 22 01 00 00 00 00 00 b4 22 01 00 00 00 00 00  ."......."......
Object ffff8801d7a69e20: 74 02 00 00 00 00 00 00 74 02 00 00 00 00 00 00  t.......t.......
Object ffff8801d7a69e30: 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00  ........Q.td....
Object ffff8801d7a69e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e60: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00  ................
Object ffff8801d7a69e70: 52 e5 74 64 04 00 00 00 30 42 01 00 00 00 00 00  R.td....0B......
Object ffff8801d7a69e80: 30 42 21 00 00 00 00 00 30 42 21 00 00 00 00 00  0B!.....0B!.....
Object ffff8801d7a69e90: d0 0d 00 00 00 00 00 00 d0 0d 00 00 00 00 00 00  ................
Object ffff8801d7a69ea0: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 1 PID: 4428 Comm: syz-executor1 Tainted: G    B           4.4.105-ge303a83 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 7d2e4685c106bb6d ffff8800b6adf708 ffffffff81cc9b4f
 ffff8801d7a68010 ffff8801d7a69cb0 ffff8800b6adf738 ffffffff814d3af4
 ffff8801da402a00 ffffea00075e9a00 ffff8801d7a69cb0 0000000000000000
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 mm/slub.c:682
 [<ffffffff814d945f>] object_err+0x2f/0x40 mm/slub.c:689
 [<ffffffff814db1f7>] print_address_description mm/kasan/report.c:139 [inline]
 [<ffffffff814db1f7>] kasan_report_error mm/kasan/report.c:237 [inline]
 [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262
 [<ffffffff814db760>] kasan_report+0x20/0x30 mm/kasan/report.c:249
 [<ffffffff814da257>] check_memory_region mm/kasan/kasan.c:284 [inline]
 [<ffffffff814da257>] __asan_loadN+0x117/0x180 mm/kasan/kasan.c:532
 [<ffffffff814daa8d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:317
 [<ffffffff8340e624>] pfkey_msg2xfrm_state net/key/af_key.c:1219 [inline]
 [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80 net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d7a69d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d7a69e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d7a69e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
                                     ^
 ffff8801d7a69f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d7a69f80: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00
==================================================================
netlink: 5 bytes leftover after parsing attributes in process `syz-executor4'.
==================================================================
BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 mm/kasan/kasan.c:317 at addr ffff8801d7a6bca8
Read of size 8192 by task syz-executor1/4487
=============================================================================
BUG kmalloc-512 (Tainted: G    B          ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Allocated in __alloc_skb+0xf5/0x610 net/core/skbuff.c:230 age=5 cpu=1 pid=4487
	___slab_alloc.constprop.78+0x4c6/0x530 mm/slub.c:2475
	__slab_alloc.isra.74.constprop.77+0x50/0xa0 mm/slub.c:2504
	slab_alloc_node mm/slub.c:2567 [inline]
	slab_alloc mm/slub.c:2609 [inline]
	__kmalloc_track_caller+0x19c/0x2b0 mm/slub.c:4118
	__kmalloc_reserve.isra.33+0x28/0xa0 net/core/skbuff.c:137
	__alloc_skb+0xf5/0x610 net/core/skbuff.c:230
	alloc_skb include/linux/skbuff.h:815 [inline]
	pfkey_sendmsg+0x10f/0x6c0 net/key/af_key.c:3657
	sock_sendmsg_nosec net/socket.c:625 [inline]
	sock_sendmsg+0xb5/0xf0 net/socket.c:635
	___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
	__sys_sendmsg+0xc3/0x160 net/socket.c:1995
	SYSC_sendmsg net/socket.c:2006 [inline]
	SyS_sendmsg+0xd/0x20 net/socket.c:2002
	entry_SYSCALL_64_fastpath+0x16/0x76
INFO: Freed in load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075 age=10 cpu=1 pid=4490
	__slab_free+0x18c/0x2b0 mm/slub.c:2685
	slab_free mm/slub.c:2840 [inline]
	kfree+0x24f/0x2d0 mm/slub.c:3714
	load_elf_binary+0x2049/0x4b70 fs/binfmt_elf.c:1075
	search_binary_handler+0x124/0x610 fs/exec.c:1471
	exec_binprm fs/exec.c:1513 [inline]
	do_execveat_common.isra.36+0x1370/0x1ef0 fs/exec.c:1635
	do_execve+0x27/0x30 fs/exec.c:1679
	call_usermodehelper_exec_async+0x288/0x4b0 kernel/kmod.c:252
	ret_from_fork+0x3f/0x70 arch/x86/entry/entry_64.S:468
INFO: Slab 0xffffea00075e9a00 objects=20 used=12 fp=0xffff8801d7a69650 flags=0x8000000000004080
INFO: Object 0xffff8801d7a6bc90 @offset=15504 fp=0x0000000f03000202

Bytes b4 ffff8801d7a6bc80: 01 00 00 00 d2 4b 00 00 ad fa ff ff 00 00 00 00  .....K..........
Object ffff8801d7a6bc90: 02 02 00 03 0f 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6bca0: 01 00 09 00 ff ff 00 00 05 00 06 00 00 00 00 00  ................
Object ffff8801d7a6bcb0: 0a 00 4e 24 00 00 00 00 00 00 00 00 00 00 00 00  ..N$............
Object ffff8801d7a6bcc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6bcd0: 02 00 01 00 00 00 00 00 00 00 00 0b 00 00 00 00  ................
Object ffff8801d7a6bce0: 05 00 05 00 00 00 00 00 0a 00 4e 24 00 00 00 00  ..........N$....
Object ffff8801d7a6bcf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6bd10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6bd20: 5c 36 01 00 00 00 00 00 5c 36 01 00 00 00 00 00  \6......\6......
Object ffff8801d7a6bd30: 00 00 20 00 00 00 00 00 01 00 00 00 06 00 00 00  .. .............
Object ffff8801d7a6bd40: 30 42 01 00 00 00 00 00 30 42 21 00 00 00 00 00  0B......0B!.....
Object ffff8801d7a6bd50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6bd60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6bd70: 01 00 00 00 06 00 00 00 50 4d 01 00 00 00 00 00  ........PM......
Object ffff8801d7a6bd80: 50 4d 21 00 00 00 00 00 50 4d 21 00 00 00 00 00  PM!.....PM!.....
Object ffff8801d7a6bd90: f0 01 00 00 00 00 00 00 f0 01 00 00 00 00 00 00  ................
Object ffff8801d7a6bda0: 08 00 00 00 00 00 00 00 04 00 00 00 04 00 00 00  ................
Object ffff8801d7a6bdb0: 54 02 00 00 00 00 00 00 54 02 00 00 00 00 00 00  T.......T.......
Object ffff8801d7a6bdc0: 54 02 00 00 00 00 00 00 44 00 00 00 00 00 00 00  T.......D.......
Object ffff8801d7a6bdd0: 44 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  D...............
Object ffff8801d7a6bde0: 50 e5 74 64 04 00 00 00 b4 22 01 00 00 00 00 00  P.td....."......
Object ffff8801d7a6bdf0: b4 22 01 00 00 00 00 00 b4 22 01 00 00 00 00 00  ."......."......
Object ffff8801d7a6be00: 74 02 00 00 00 00 00 00 74 02 00 00 00 00 00 00  t.......t.......
Object ffff8801d7a6be10: 04 00 00 00 00 00 00 00 51 e5 74 64 06 00 00 00  ........Q.td....
Object ffff8801d7a6be20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6be30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffff8801d7a6be40: 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00  ................
Object ffff8801d7a6be50: 52 e5 74 64 04 00 00 00 30 42 01 00 00 00 00 00  R.td....0B......
Object ffff8801d7a6be60: 30 42 21 00 00 00 00 00 30 42 21 00 00 00 00 00  0B!.....0B!.....
Object ffff8801d7a6be70: d0 0d 00 00 00 00 00 00 d0 0d 00 00 00 00 00 00  ................
Object ffff8801d7a6be80: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 1 PID: 4487 Comm: syz-executor1 Tainted: G    B           4.4.105-ge303a83 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 7708f23c84611566 ffff8800b5b57708 ffffffff81cc9b4f
 ffff8801d7a68010 ffff8801d7a6bc90 ffff8800b5b57738 ffffffff814d3af4
 ffff8801da402a00 ffffea00075e9a00 ffff8801d7a6bc90 0000000000000000
Call Trace:
 [<ffffffff81cc9b4f>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81cc9b4f>] dump_stack+0x8e/0xcf lib/dump_stack.c:51
 [<ffffffff814d3af4>] print_trailer+0x114/0x1a0 mm/slub.c:682
 [<ffffffff814d945f>] object_err+0x2f/0x40 mm/slub.c:689
 [<ffffffff814db1f7>] print_address_description mm/kasan/report.c:139 [inline]
 [<ffffffff814db1f7>] kasan_report_error mm/kasan/report.c:237 [inline]
 [<ffffffff814db1f7>] kasan_report.part.2+0x227/0x530 mm/kasan/report.c:262
 [<ffffffff814db760>] kasan_report+0x20/0x30 mm/kasan/report.c:249
 [<ffffffff814da257>] check_memory_region mm/kasan/kasan.c:284 [inline]
 [<ffffffff814da257>] __asan_loadN+0x117/0x180 mm/kasan/kasan.c:532
 [<ffffffff814daa8d>] memcpy+0x1d/0x40 mm/kasan/kasan.c:317
 [<ffffffff8340e624>] pfkey_msg2xfrm_state net/key/af_key.c:1219 [inline]
 [<ffffffff8340e624>] pfkey_add+0x13b4/0x3d80 net/key/af_key.c:1498
 [<ffffffff834134bd>] pfkey_process+0x58d/0x900 net/key/af_key.c:2826
 [<ffffffff83414feb>] pfkey_sendmsg+0x35b/0x6c0 net/key/af_key.c:3670
 [<ffffffff82d94005>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82d94005>] sock_sendmsg+0xb5/0xf0 net/socket.c:635
 [<ffffffff82d95add>] ___sys_sendmsg+0x66d/0x7d0 net/socket.c:1961
 [<ffffffff82d97863>] __sys_sendmsg+0xc3/0x160 net/socket.c:1995
 [<ffffffff82d9790d>] SYSC_sendmsg net/socket.c:2006 [inline]
 [<ffffffff82d9790d>] SyS_sendmsg+0xd/0x20 net/socket.c:2002
 [<ffffffff8374ab36>] entry_SYSCALL_64_fastpath+0x16/0x76
Memory state around the buggy address:
 ffff8801d7a6bd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d7a6be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d7a6be80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                         ^
 ffff8801d7a6bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801d7a6bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode