==================================================================
BUG: KASAN: slab-out-of-bounds in xfrm_hash_rebuild+0xa08/0xad0 net/xfrm/xfrm_policy.c:652
Read of size 2 at addr ffff8801c991c0cc by task kworker/1:2/1554

CPU: 1 PID: 1554 Comm: kworker/1:2 Not tainted 4.9.71-g2506378 #113
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events xfrm_hash_rebuild
 ffff8801d0a5fb10 ffffffff81d922b9 ffffea0007264600 ffff8801c991c0cc
 0000000000000000 ffff8801c991c0cc 0000000000000002 ffff8801d0a5fb48
 ffffffff8153bab3 ffff8801c991c0cc 0000000000000002 0000000000000000
Call Trace:
 [<ffffffff81d922b9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d922b9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153bab3>] print_address_description+0x73/0x280 mm/kasan/report.c:252
 [<ffffffff8153bfd5>] kasan_report_error mm/kasan/report.c:351 [inline]
 [<ffffffff8153bfd5>] kasan_report+0x275/0x360 mm/kasan/report.c:408
 [<ffffffff8153c0f4>] __asan_report_load2_noabort+0x14/0x20 mm/kasan/report.c:427
 [<ffffffff833b6278>] xfrm_hash_rebuild+0xa08/0xad0 net/xfrm/xfrm_policy.c:652
 [<ffffffff81187a80>] process_one_work+0x7e0/0x1610 kernel/workqueue.c:2091
 [<ffffffff81188990>] worker_thread+0xe0/0x10d0 kernel/workqueue.c:2225
 [<ffffffff8119898d>] kthread+0x26d/0x300 kernel/kthread.c:211
 [<ffffffff838af22a>] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433

Allocated by task 3335:
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:505
 set_track mm/kasan/kasan.c:517 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:609
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 sk_prot_alloc+0x101/0x2a0 net/core/sock.c:1338
 sk_alloc+0x3a/0x3a0 net/core/sock.c:1394
 pfkey_create+0x1da/0x8d0 net/key/af_key.c:158
 __sock_create+0x3ab/0x640 net/socket.c:1182
 sock_create net/socket.c:1222 [inline]
 SYSC_socket net/socket.c:1252 [inline]
 SyS_socket+0xf0/0x1b0 net/socket.c:1232
 entry_SYSCALL_64_fastpath+0x23/0xc6

Freed by task 0:
(stack is not available)

The buggy address belongs to the object at ffff8801c991bb80
 which belongs to the cache kmalloc-2048 of size 2048
The buggy address is located 1356 bytes inside of
 2048-byte region [ffff8801c991bb80, ffff8801c991c380)
The buggy address belongs to the page:
page:ffffea0007264600 count:1 mapcount:0 mapping:          (null) index:0x0 compound_mapcount: 0
flags: 0x8000000000004080(slab|head)
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801c991bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801c991c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801c991c080: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
                                              ^
 ffff8801c991c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8801c991c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================