==================================================================
BUG: KASAN: global-out-of-bounds in __le32_to_cpup include/uapi/linux/byteorder/little_endian.h:58 [inline]
BUG: KASAN: global-out-of-bounds in le32_to_cpuvp crypto/chacha20_generic.c:19 [inline]
BUG: KASAN: global-out-of-bounds in crypto_chacha20_init crypto/chacha20_generic.c:59 [inline]
BUG: KASAN: global-out-of-bounds in crypto_chacha20_crypt+0xada/0xbd0 crypto/chacha20_generic.c:91
Read of size 4 at addr ffffffff8747a184 by task kworker/1:0/17

CPU: 1 PID: 17 Comm: kworker/1:0 Not tainted 4.15.0-rc3+ #156
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: crypto cryptd_queue_worker
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
sctp: [Deprecated]: syz-executor4 (pid 7024) Use of int in max_burst socket option deprecated.
Use struct sctp_assoc_value instead
netlink: 'syz-executor2': attribute type 7 has an invalid length.
 print_address_description+0x178/0x250 mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report+0x25b/0x340 mm/kasan/report.c:409
netlink: 'syz-executor2': attribute type 7 has an invalid length.
 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:429
 __le32_to_cpup include/uapi/linux/byteorder/little_endian.h:58 [inline]
 le32_to_cpuvp crypto/chacha20_generic.c:19 [inline]
 crypto_chacha20_init crypto/chacha20_generic.c:59 [inline]
 crypto_chacha20_crypt+0xada/0xbd0 crypto/chacha20_generic.c:91
 chacha20_simd+0xe4/0x410 arch/x86/crypto/chacha20_glue.c:78
 crypto_skcipher_decrypt include/crypto/skcipher.h:463 [inline]
 cryptd_skcipher_decrypt+0x2de/0x5a0 crypto/cryptd.c:523
 cryptd_queue_worker+0xff/0x1b0 crypto/cryptd.c:190
 process_one_work+0xbf3/0x1bc0 kernel/workqueue.c:2112
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pig=7037 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pig=7037 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=7037 comm=syz-executor5
 worker_thread+0x223/0x1990 kernel/workqueue.c:2246
audit: type=1400 audit(1513595511.917:62): avc:  denied  { accept } for  pid=7025 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
audit: type=1400 audit(1513595511.917:63): avc:  denied  { getopt } for  pid=6992 comm="syz-executor1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_connector_socket permissive=1
 kthread+0x33c/0x400 kernel/kthread.c:238
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:441

The buggy address belongs to the variable:
 oops_in_progress+0x4/0x40

Memory state around the buggy address:
 ffffffff8747a080: 04 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa
 ffffffff8747a100: 04 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa
>ffffffff8747a180: 04 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa
                   ^
 ffffffff8747a200: 00 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa
 ffffffff8747a280: 00 fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
==================================================================