Warning: Permanently added '10.128.10.50' (ECDSA) to the list of known hosts.
[   42.775569] random: sshd: uninitialized urandom read (32 bytes read)
[   42.892951] audit: type=1400 audit(1556616047.931:36): avc:  denied  { map } for  pid=7089 comm="syz-executor114" path="/root/syz-executor114686096" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   43.620189] IPVS: ftp: loaded support on port[0] = 21
executing program
[   44.670224] IPVS: ftp: loaded support on port[0] = 21
executing program
[   45.670230] IPVS: ftp: loaded support on port[0] = 21
executing program
[   46.660269] IPVS: ftp: loaded support on port[0] = 21
executing program
[   47.700219] IPVS: ftp: loaded support on port[0] = 21
executing program
[   48.770214] IPVS: ftp: loaded support on port[0] = 21
executing program
[   50.640338] ==================================================================
[   50.647914] BUG: KASAN: use-after-free in xfrm6_tunnel_destroy+0x52e/0x5d0
[   50.655192] Read of size 8 at addr ffff8880818595f8 by task kworker/1:1/23
[   50.662365] 
[   50.665305] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.14.114 #4
[   50.671788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.681473] Workqueue: events xfrm_state_gc_task
[   50.686490] Call Trace:
[   50.689130]  dump_stack+0x138/0x19c
[   50.693046]  ? xfrm6_tunnel_destroy+0x52e/0x5d0
[   50.697703]  print_address_description.cold+0x7c/0x1dc
[   50.703105]  ? xfrm6_tunnel_destroy+0x52e/0x5d0
[   50.707806]  kasan_report.cold+0xaf/0x2b5
[   50.712038]  __asan_report_load8_noabort+0x14/0x20
[   50.716965]  xfrm6_tunnel_destroy+0x52e/0x5d0
[   50.721460]  xfrm_state_gc_task+0x3ef/0x660
[   50.725770]  ? xfrm_state_unregister_afinfo+0x1a0/0x1a0
[   50.731123]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[   50.736564]  process_one_work+0x868/0x1610
[   50.740877]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   50.745530]  worker_thread+0x5d9/0x1050
[   50.749882]  kthread+0x31c/0x430
[   50.753487]  ? process_one_work+0x1610/0x1610
[   50.757988]  ? kthread_create_on_node+0xd0/0xd0
[   50.762657]  ret_from_fork+0x3a/0x50
[   50.766670] 
[   50.768287] Allocated by task 7097:
[   50.771941]  save_stack_trace+0x16/0x20
[   50.776012]  save_stack+0x45/0xd0
[   50.779453]  kasan_kmalloc+0xce/0xf0
[   50.783161]  __kmalloc+0x15d/0x7a0
[   50.786690]  ops_init+0xee/0x3d0
[   50.790046]  setup_net+0x237/0x530
[   50.793679]  copy_net_ns+0x19f/0x440
[   50.797658]  create_new_namespaces+0x37b/0x720
[   50.802323]  unshare_nsproxy_namespaces+0xab/0x1e0
[   50.807399]  SyS_unshare+0x2f3/0x7e0
[   50.811101]  do_syscall_64+0x1eb/0x630
[   50.814980]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   50.820156] 
[   50.821770] Freed by task 22:
[   50.824865]  save_stack_trace+0x16/0x20
[   50.828825]  save_stack+0x45/0xd0
[   50.832552]  kasan_slab_free+0x75/0xc0
[   50.836515]  kfree+0xcc/0x270
[   50.840147]  ops_free_list.part.0+0x1f6/0x320
[   50.844638]  cleanup_net+0x458/0x880
[   50.848516]  process_one_work+0x868/0x1610
[   50.852830]  worker_thread+0x5d9/0x1050
[   50.856786]  kthread+0x31c/0x430
[   50.860144]  ret_from_fork+0x3a/0x50
[   50.863864] 
[   50.865480] The buggy address belongs to the object at ffff888081859540
[   50.865480]  which belongs to the cache kmalloc-8192 of size 8192
[   50.878495] The buggy address is located 184 bytes inside of
[   50.878495]  8192-byte region [ffff888081859540, ffff88808185b540)
[   50.890446] The buggy address belongs to the page:
[   50.895490] page:ffffea0002061600 count:1 mapcount:0 mapping:ffff888081859540 index:0x0 compound_mapcount: 0
[   50.905713] flags: 0x1fffc0000008100(slab|head)
[   50.910901] raw: 01fffc0000008100 ffff888081859540 0000000000000000 0000000100000001
[   50.927651] raw: ffffea000227fb20 ffffea0002a38320 ffff8880aa802080 0000000000000000
[   50.935613] page dumped because: kasan: bad access detected
[   50.941496] 
[   50.943106] Memory state around the buggy address:
[   50.948018]  ffff888081859480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   50.955369]  ffff888081859500: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   50.962721] >ffff888081859580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.970309]                                                                 ^
[   50.977583]  ffff888081859600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.985042]  ffff888081859680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.992391] ==================================================================
[   50.999742] Disabling lock debugging due to kernel taint
[   51.005237] Kernel panic - not syncing: panic_on_warn set ...
[   51.005237] 
[   51.012643] CPU: 1 PID: 23 Comm: kworker/1:1 Tainted: G    B           4.14.114 #4
[   51.020335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.030109] Workqueue: events xfrm_state_gc_task
[   51.034884] Call Trace:
[   51.037458]  dump_stack+0x138/0x19c
[   51.041069]  ? xfrm6_tunnel_destroy+0x52e/0x5d0
[   51.045727]  panic+0x1f2/0x438
[   51.048901]  ? add_taint.cold+0x16/0x16
[   51.052876]  kasan_end_report+0x47/0x4f
[   51.056927]  kasan_report.cold+0x136/0x2b5
[   51.061462]  __asan_report_load8_noabort+0x14/0x20
[   51.067030]  xfrm6_tunnel_destroy+0x52e/0x5d0
[   51.071674]  xfrm_state_gc_task+0x3ef/0x660
[   51.076004]  ? xfrm_state_unregister_afinfo+0x1a0/0x1a0
[   51.081633]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[   51.087092]  process_one_work+0x868/0x1610
[   51.091320]  ? pwq_dec_nr_in_flight+0x2e0/0x2e0
[   51.095986]  worker_thread+0x5d9/0x1050
[   51.100048]  kthread+0x31c/0x430
[   51.103413]  ? process_one_work+0x1610/0x1610
[   51.107902]  ? kthread_create_on_node+0xd0/0xd0
[   51.112562]  ret_from_fork+0x3a/0x50
[   51.117258] Kernel Offset: disabled
[   51.120883] Rebooting in 86400 seconds..