==================================================================
BUG: KASAN: use-after-free in __xfrm_state_lookup+0x695/0x6b0 net/xfrm/xfrm_state.c:833
Read of size 4 at addr ffff8801c4e8e338 by task syz-executor5/2084

CPU: 0 PID: 2084 Comm: syz-executor5 Not tainted 4.14.0-rc5+ #89
netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
netlink: 16 bytes leftover after parsing attributes in process `syz-executor3'.
 <IRQ>
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 print_address_description+0x73/0x250 mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report+0x25b/0x340 mm/kasan/report.c:409
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:429
 __xfrm_state_lookup+0x695/0x6b0 net/xfrm/xfrm_state.c:833
 xfrm_state_lookup+0x8a/0x160 net/xfrm/xfrm_state.c:1592
 xfrm_input+0x8e5/0x22f0 net/xfrm/xfrm_input.c:302
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
 xfrm6_rcv_spi net/ipv6/xfrm6_input.c:30 [inline]
 xfrm6_rcv_tnl+0x168/0x1d0 net/ipv6/xfrm6_input.c:64
 xfrm6_rcv+0x17/0x20 net/ipv6/xfrm6_input.c:71
 xfrm6_ah_rcv+0x166/0x300 net/ipv6/xfrm6_protocol.c:101
netlink: 3 bytes leftover after parsing attributes in process `syz-executor3'.
 ip6_input_finish+0x36f/0x1700 net/ipv6/ip6_input.c:284
 NF_HOOK include/linux/netfilter.h:249 [inline]
 ip6_input+0xe9/0x560 net/ipv6/ip6_input.c:327
 dst_input include/net/dst.h:465 [inline]
 ip6_rcv_finish+0x1a9/0x7a0 net/ipv6/ip6_input.c:71
 NF_HOOK include/linux/netfilter.h:249 [inline]
 ipv6_rcv+0xf28/0x1f80 net/ipv6/ip6_input.c:208
 __netif_receive_skb_core+0x1a3e/0x34b0 net/core/dev.c:4477