[   57.417233] audit: type=1800 audit(1539142610.459:27): pid=6036 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   58.866546] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   61.727792] random: sshd: uninitialized urandom read (32 bytes read)
[   62.119455] random: sshd: uninitialized urandom read (32 bytes read)
[   64.779015] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts.
[   70.613898] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/10 03:37:05 fuzzer started
[   75.385275] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/10 03:37:10 dialing manager at 10.128.0.26:44001
2018/10/10 03:37:10 syscalls: 1
2018/10/10 03:37:10 code coverage: enabled
2018/10/10 03:37:10 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/10 03:37:10 setuid sandbox: enabled
2018/10/10 03:37:10 namespace sandbox: enabled
2018/10/10 03:37:10 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/10 03:37:10 fault injection: enabled
2018/10/10 03:37:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/10 03:37:10 net packed injection: enabled
2018/10/10 03:37:10 net device setup: enabled
[   80.234620] random: crng init done
03:39:11 executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc-cast6-avx)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7da122b891bfc4e2f00000000000000", 0x10)
r1 = socket$inet6(0xa, 0x80003, 0x800000000000002)
ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070")
r2 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000c40)="cf592ff1794dd04b665f46c40efc6736fb68aefa0c0c544cfd1901ba51488a96c1", 0x21}], 0x1}], 0x1, 0x0)
read(r2, &(0x7f0000000bc0)=""/93, 0xfffffe0a)

[  199.452494] IPVS: ftp: loaded support on port[0] = 21
[  201.894851] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.901369] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.910192] device bridge_slave_0 entered promiscuous mode
[  202.056951] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.063546] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.072206] device bridge_slave_1 entered promiscuous mode
[  202.214110] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  202.355012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
03:39:15 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
recvmsg(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000001940)=[{&(0x7f0000000280)=""/56, 0x38}], 0x1, &(0x7f0000000380)=""/118, 0x76}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000900)=@getroute={0x14, 0x1a, 0x1c974209d04c2781}, 0x14}}, 0x0)

[  202.830961] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  203.018563] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  203.264566] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  203.271869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  203.412300] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  203.419482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  203.469642] IPVS: ftp: loaded support on port[0] = 21
[  204.101207] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  204.109652] team0: Port device team_slave_0 added
[  204.283790] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  204.292234] team0: Port device team_slave_1 added
[  204.516587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  204.524067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  204.533205] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  204.717471] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  204.724733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  204.733886] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  204.878795] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  204.886540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  204.895830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  205.128443] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  205.136220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  205.145589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  207.544521] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.551027] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.559681] device bridge_slave_0 entered promiscuous mode
[  207.623586] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.630112] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.637240] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.643806] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.653118] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  207.780976] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.787665] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.796339] device bridge_slave_1 entered promiscuous mode
[  208.032229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  208.206467] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
03:39:21 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x7, 0x4, 0x80, 0x805, 0x0, 0xffffffffffffffff, 0x0, [0x6]}, 0x2c)

[  208.493055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  208.962790] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  209.259594] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  209.509031] IPVS: ftp: loaded support on port[0] = 21
[  209.637841] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  209.645095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  209.872128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  209.879216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  210.566297] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  210.574574] team0: Port device team_slave_0 added
[  210.769252] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  210.777578] team0: Port device team_slave_1 added
[  211.027663] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  211.035040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  211.043969] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  211.357002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  211.364410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  211.373543] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  211.723272] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  211.731078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  211.740647] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  212.051743] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  212.059404] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  212.068728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  214.688223] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.694941] bridge0: port 1(bridge_slave_0) entered disabled state
[  214.703901] device bridge_slave_0 entered promiscuous mode
[  214.941467] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.948168] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.956681] device bridge_slave_1 entered promiscuous mode
[  215.183292] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  215.197561] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.204142] bridge0: port 2(bridge_slave_1) entered forwarding state
[  215.211083] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.217721] bridge0: port 1(bridge_slave_0) entered forwarding state
[  215.226635] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  215.489217] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  216.172204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  216.430295] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  216.768195] bond0: Enslaving bond_slave_1 as an active interface with an up link
03:39:29 executing program 3:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000))
timer_settime(0x0, 0x0, &(0x7f0000000280), &(0x7f00000002c0))

[  216.983535] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  216.990691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  217.348910] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  217.358468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  218.309370] IPVS: ftp: loaded support on port[0] = 21
[  218.550748] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  218.559128] team0: Port device team_slave_0 added
[  218.980895] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  218.989448] team0: Port device team_slave_1 added
[  219.356716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  219.364080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  219.373128] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  219.671019] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  219.678439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  219.687612] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  220.057215] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  220.065052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  220.074178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  220.402451] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  220.410504] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  220.420012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  220.531285] 8021q: adding VLAN 0 to HW filter on device bond0
[  221.836564] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  223.210516] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  223.217223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  223.225768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  224.438835] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.445408] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.453903] device bridge_slave_0 entered promiscuous mode
[  224.479246] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.485792] bridge0: port 2(bridge_slave_1) entered forwarding state
[  224.492785] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.499222] bridge0: port 1(bridge_slave_0) entered forwarding state
[  224.507895] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  224.582120] 8021q: adding VLAN 0 to HW filter on device team0
[  224.652138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  224.854421] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.860876] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.869467] device bridge_slave_1 entered promiscuous mode
[  225.179705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  225.523288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  226.672682] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  227.021135] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  227.353725] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  227.360868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
03:39:40 executing program 4:
r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x100082)
r1 = memfd_create(&(0x7f0000000380)="000000000000000100000001000000768e05f7c155ad7dc6947c573e5a69244e76382c0aa63d575ea3597f8b1728277ef76b30544d7ba92dcf978f1f81dc1b7f8f7b3451dada02ecb4f1ddcc8b5241da8945666e0073c25a6201004dbea37aabd3eb9888c4c629419f50937a6848e0d281dbee568c4de9a036c26f1922f64971d4df97fbab04e8ce4938b31dcf259b4bc60901e18661fab8fb2988cd2bc260c2f572353e6bb0a002fc164d4f189b068062d10100000000000000400c0c4ca57b546b9430172ea5362ee0141b3df06ad235e815d89eead3d9473409c09c2e27a952337a24f20188c013123cc0316a33d8b443453773e4a09edd8031124dee13ce9c75288f2ec833c7e66af5b19a00000000000000", 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x0)
sendfile(r0, r1, &(0x7f0000000240), 0x20000102000007)

[  227.709132] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  227.716409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  229.044069] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  229.052491] team0: Port device team_slave_0 added
[  229.104767] IPVS: ftp: loaded support on port[0] = 21
[  229.534721] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  229.542902] team0: Port device team_slave_1 added
[  230.037267] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  230.044562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  230.053779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  230.321149] 8021q: adding VLAN 0 to HW filter on device bond0
[  230.537634] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  230.545073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  230.554175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  230.922123] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  230.929759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  230.939447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  231.348700] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  231.356563] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  231.365895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  231.892477] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  233.592020] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  233.598456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  233.606813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
03:39:48 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffbff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000006c0)=ANY=[@ANYBLOB], &(0x7f0000009140)=0x1)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x200}, 0x2)
r4 = gettid()
r5 = getpgrp(0xffffffffffffffff)
kcmp(r4, r5, 0x0, r2, r3)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f0000000540)=ANY=[@ANYBLOB], &(0x7f0000000080)=0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_GET_DEBUGREGS(0xffffffffffffffff, 0x8080aea1, &(0x7f0000000640))

[  235.360364] 8021q: adding VLAN 0 to HW filter on device team0
[  235.483788] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  235.694214] ==================================================================
[  235.701659] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830
[  235.709322] CPU: 1 PID: 6950 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #65
[  235.716534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  235.725912] Call Trace:
[  235.728540]  dump_stack+0x306/0x460
[  235.732201]  ? vmx_set_constant_host_state+0x1778/0x1830
[  235.737700]  kmsan_report+0x1a2/0x2e0
[  235.741603]  __msan_warning+0x7c/0xe0
[  235.745454]  vmx_set_constant_host_state+0x1778/0x1830
[  235.750784]  vmx_create_vcpu+0x3e6f/0x7870
[  235.755092]  ? kmsan_set_origin_inline+0x6b/0x120
[  235.759974]  ? __msan_poison_alloca+0x17a/0x210
[  235.764731]  ? vmx_vm_init+0x340/0x340
[  235.768658]  kvm_arch_vcpu_create+0x25d/0x2f0
[  235.773198]  kvm_vm_ioctl+0x13fd/0x33d0
[  235.777221]  ? __msan_poison_alloca+0x17a/0x210
[  235.781956]  ? do_vfs_ioctl+0x18a/0x2810
[  235.786070]  ? __se_sys_ioctl+0x1da/0x270
[  235.790246]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  235.795121]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  235.800034]  do_vfs_ioctl+0xcf3/0x2810
[  235.804006]  ? security_file_ioctl+0x92/0x200
[  235.808549]  __se_sys_ioctl+0x1da/0x270
[  235.812574]  __x64_sys_ioctl+0x4a/0x70
[  235.816491]  do_syscall_64+0xbe/0x100
[  235.820327]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  235.825541] RIP: 0033:0x457579
[  235.828770] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  235.847704] RSP: 002b:00007f6544cf5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  235.855451] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  235.862767] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  235.870071] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  235.877364] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6544cf66d4
[  235.884681] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  235.891990] 
[  235.893645] Local variable description: ----dt@vmx_set_constant_host_state
[  235.900667] Variable was created at:
[  235.904415]  vmx_set_constant_host_state+0x2b0/0x1830
[  235.909628]  vmx_create_vcpu+0x3e6f/0x7870
[  235.913871] ==================================================================
[  235.921238] Disabling lock debugging due to kernel taint
[  235.926709] Kernel panic - not syncing: panic_on_warn set ...
[  235.926709] 
[  235.934126] CPU: 1 PID: 6950 Comm: syz-executor0 Tainted: G    B             4.19.0-rc4+ #65
[  235.942736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  235.952114] Call Trace:
[  235.954735]  dump_stack+0x306/0x460
[  235.958427]  panic+0x54c/0xafa
[  235.961704]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  235.967191]  kmsan_report+0x2d3/0x2e0
[  235.971043]  __msan_warning+0x7c/0xe0
[  235.974888]  vmx_set_constant_host_state+0x1778/0x1830
[  235.980206]  vmx_create_vcpu+0x3e6f/0x7870
[  235.984490]  ? kmsan_set_origin_inline+0x6b/0x120
[  235.989385]  ? __msan_poison_alloca+0x17a/0x210
[  235.994108]  ? vmx_vm_init+0x340/0x340
[  235.998035]  kvm_arch_vcpu_create+0x25d/0x2f0
[  236.002602]  kvm_vm_ioctl+0x13fd/0x33d0
[  236.006624]  ? __msan_poison_alloca+0x17a/0x210
[  236.011338]  ? do_vfs_ioctl+0x18a/0x2810
[  236.015432]  ? __se_sys_ioctl+0x1da/0x270
[  236.019616]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  236.024496]  ? vcpu_stat_clear_per_vm+0x420/0x420
[  236.029372]  do_vfs_ioctl+0xcf3/0x2810
[  236.033312]  ? security_file_ioctl+0x92/0x200
[  236.037861]  __se_sys_ioctl+0x1da/0x270
[  236.041918]  __x64_sys_ioctl+0x4a/0x70
[  236.045834]  do_syscall_64+0xbe/0x100
[  236.049677]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  236.054901] RIP: 0033:0x457579
[  236.058120] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  236.077060] RSP: 002b:00007f6544cf5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  236.084807] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579
[  236.092113] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004
[  236.099411] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  236.106705] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6544cf66d4
[  236.114006] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff
[  236.122410] Kernel Offset: disabled
[  236.126054] Rebooting in 86400 seconds..