[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   57.853323] sshd (6136) used greatest stack depth: 53184 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[   58.080999] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   58.564716] random: sshd: uninitialized urandom read (32 bytes read)
[   59.189783] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   61.641122] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts.
[   67.392763] random: sshd: uninitialized urandom read (32 bytes read)
2018/10/03 20:21:38 fuzzer started
[   71.987735] random: cc1: uninitialized urandom read (8 bytes read)
2018/10/03 20:21:43 dialing manager at 10.128.0.26:36867
2018/10/03 20:21:43 syscalls: 1
2018/10/03 20:21:43 code coverage: enabled
2018/10/03 20:21:43 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/10/03 20:21:43 setuid sandbox: enabled
2018/10/03 20:21:43 namespace sandbox: enabled
2018/10/03 20:21:43 Android sandbox: /sys/fs/selinux/policy does not exist
2018/10/03 20:21:43 fault injection: enabled
2018/10/03 20:21:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/10/03 20:21:43 net packed injection: enabled
2018/10/03 20:21:43 net device setup: enabled
[   76.929713] random: crng init done
20:23:46 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x80003, 0x2c)
quotactl(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000400)="2110652b06278abab184fa73e387f41719b5f2b642e56479b5c4b9b63ea4133d901369553e0f432c172b")
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c)
sendmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f00000009c0), 0x3e8, &(0x7f00000000c0)}}], 0x40000000000026a, 0x0)
getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14)

[  197.927751] IPVS: ftp: loaded support on port[0] = 21
[  200.298822] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.305441] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.314152] device bridge_slave_0 entered promiscuous mode
[  200.455820] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.462301] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.470830] device bridge_slave_1 entered promiscuous mode
[  200.609936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  200.750170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  201.178568] bond0: Enslaving bond_slave_0 as an active interface with an up link
20:23:50 executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x71}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffd7, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000600)={0x1, {0x2, 0x0, @rand_addr}, {}, {0x2, 0x0, @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)='bridge_slave_1\x00'})

[  201.336825] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  201.787973] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  201.795498] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  202.114878] IPVS: ftp: loaded support on port[0] = 21
[  202.507347] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  202.515706] team0: Port device team_slave_0 added
[  202.710904] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  202.719179] team0: Port device team_slave_1 added
[  202.926561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  202.933766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  202.942766] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  203.128057] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  203.135205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  203.144229] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  203.284784] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  203.292362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  203.301501] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  203.537054] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  203.545120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  203.554773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  205.798854] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.805500] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.814014] device bridge_slave_0 entered promiscuous mode
[  206.074802] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.081282] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.089786] device bridge_slave_1 entered promiscuous mode
[  206.150296] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.156891] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.163948] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.170411] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.179352] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  206.345097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  206.572832] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  206.813328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
20:23:56 executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)="baa55c06c29525a421be4d7fc8bde465a03ed65ecaad187265976faeedff5a0d", 0x20}], 0x1, &(0x7f0000001340)}, 0x0)
recvmmsg(r1, &(0x7f0000008e80)=[{{&(0x7f0000000140)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000001600)=[{&(0x7f0000001540)=""/165, 0x536}], 0x1, &(0x7f0000001680)=""/72, 0x48}}], 0x1, 0x0, &(0x7f0000002240))

[  207.365560] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  207.577314] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  207.871221] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  207.878471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  208.019502] IPVS: ftp: loaded support on port[0] = 21
[  208.167914] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  208.175178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  209.003150] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  209.011121] team0: Port device team_slave_0 added
[  209.282708] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  209.290716] team0: Port device team_slave_1 added
[  209.619541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  209.626844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  209.635748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  209.984915] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  209.992092] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  210.001166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  210.237863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  210.245543] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  210.254802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  210.564325] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  210.571888] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  210.581055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  213.072288] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.079075] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.087654] device bridge_slave_0 entered promiscuous mode
[  213.407335] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.413929] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.422372] device bridge_slave_1 entered promiscuous mode
[  213.747391] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.753973] bridge0: port 2(bridge_slave_1) entered forwarding state
[  213.760898] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.767487] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.776420] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  213.784871] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  214.061035] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  214.653178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  214.972713] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  215.272150] bond0: Enslaving bond_slave_1 as an active interface with an up link
20:24:04 executing program 3:
readv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000540)=""/122, 0x7a}], 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp\x00')
preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0)

[  215.583179] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  215.593955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  215.904159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  215.911261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  216.869329] IPVS: ftp: loaded support on port[0] = 21
[  216.978459] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  216.986532] team0: Port device team_slave_0 added
[  217.320692] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  217.328778] team0: Port device team_slave_1 added
[  217.594591] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.674637] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  217.681675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  217.690682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  218.038294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  218.045578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  218.054557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  218.381573] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  218.389337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  218.398478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  218.693072] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  218.700707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  218.709903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  219.068153] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  220.508295] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  220.514811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  220.522834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  221.872691] 8021q: adding VLAN 0 to HW filter on device team0
[  222.748106] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.754672] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.761584] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.768166] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.777101] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  222.900301] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.907026] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.915476] device bridge_slave_0 entered promiscuous mode
[  223.279447] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.286039] bridge0: port 2(bridge_slave_1) entered disabled state
[  223.294551] device bridge_slave_1 entered promiscuous mode
[  223.613326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  223.662081] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  224.008445] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  225.135652] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  225.607850] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  225.988084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  225.995343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
20:24:15 executing program 4:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
pwritev(r0, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x2, 0x0)
sendfile(r1, r0, &(0x7f0000000480), 0x2000005)

[  226.380762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  226.387928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  227.614720] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  227.622968] team0: Port device team_slave_0 added
[  227.697921] IPVS: ftp: loaded support on port[0] = 21
[  228.086337] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  228.094500] team0: Port device team_slave_1 added
[  228.393951] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.484690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  228.491767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  228.500946] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  228.944321] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  228.951388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  228.960918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  229.349453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  229.357346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  229.366605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  229.820840] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  229.828613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  229.837794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  229.974794] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  231.636445] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  231.642874] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  231.650574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  233.248613] 8021q: adding VLAN 0 to HW filter on device team0
20:24:23 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000380)={0x2, 0x0, [0x48, 0xfff]})

[  234.540533] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  234.591597] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.598132] bridge0: port 2(bridge_slave_1) entered forwarding state
[  234.605148] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.611647] bridge0: port 1(bridge_slave_0) entered forwarding state
[  234.620246] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  234.672835] ==================================================================
[  234.680296] BUG: KMSAN: uninit-value in loaded_vmcs_init+0x343/0x590
[  234.686819] CPU: 0 PID: 6993 Comm: syz-executor0 Not tainted 4.19.0-rc4+ #63
[  234.694030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  234.703400] Call Trace:
[  234.706023]  dump_stack+0x306/0x460
[  234.709675]  ? loaded_vmcs_init+0x343/0x590
[  234.714041]  kmsan_report+0x1a3/0x2d0
[  234.717879]  __msan_warning+0x7c/0xe0
[  234.721717]  loaded_vmcs_init+0x343/0x590
[  234.725906]  __loaded_vmcs_clear+0x2fb/0x3c0
[  234.730354]  generic_exec_single+0x17b/0x500
[  234.734808]  ? vmx_get_msr_feature+0x180/0x180
[  234.739435]  smp_call_function_single+0x290/0x500
[  234.744322]  ? vmx_get_msr_feature+0x180/0x180
[  234.748953]  vmx_free_vcpu+0x582/0x8a0
[  234.752889]  ? vmx_create_vcpu+0x7920/0x7920
[  234.757330]  kvm_arch_destroy_vm+0x727/0xcd0
[  234.761770]  kvm_put_kvm+0x100b/0x1cf0
[  234.765727]  kvm_vcpu_release+0xad/0x100
[  234.769813]  ? kvm_vcpu_mmap+0x80/0x80
[  234.773729]  __fput+0x4e8/0xda0
[  234.777049]  ____fput+0x37/0x40
[  234.780357]  ? fput+0x3e0/0x3e0
[  234.783685]  task_work_run+0x467/0x500
[  234.787620]  prepare_exit_to_usermode+0x364/0x470
[  234.792511]  syscall_return_slowpath+0x112/0x880
[  234.797304]  ? __close_fd+0x465/0x4c0
[  234.801158]  ? __se_sys_close+0x72/0x140
[  234.805252]  do_syscall_64+0xe4/0x100
[  234.809083]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  234.814352] RIP: 0033:0x411051
[  234.817581] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  234.836505] RSP: 002b:0000000000a3fd90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  234.844244] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000411051
[  234.851529] RDX: 0000000000000000 RSI: 0000000000730d08 RDI: 0000000000000007
[  234.858823] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  234.866111] R10: 0000000000a3fcb0 R11: 0000000000000293 R12: 0000000000000000
[  234.873401] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[  234.880719] 
[  234.882364] Local variable description: ----error.i@loaded_vmcs_init
[  234.888885] Variable was created at:
[  234.892625]  loaded_vmcs_init+0x8a/0x590
[  234.896723]  __loaded_vmcs_clear+0x2fb/0x3c0
[  234.901166] ==================================================================
[  234.908537] Disabling lock debugging due to kernel taint
[  234.913996] Kernel panic - not syncing: panic_on_warn set ...
[  234.913996] 
[  234.921456] CPU: 0 PID: 6993 Comm: syz-executor0 Tainted: G    B             4.19.0-rc4+ #63
[  234.930043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  234.939422] Call Trace:
[  234.942048]  dump_stack+0x306/0x460
[  234.945721]  panic+0x54c/0xafa
[  234.948997]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  234.954487]  kmsan_report+0x2cd/0x2d0
[  234.958835]  __msan_warning+0x7c/0xe0
[  234.962674]  loaded_vmcs_init+0x343/0x590
[  234.966867]  __loaded_vmcs_clear+0x2fb/0x3c0
[  234.971313]  generic_exec_single+0x17b/0x500
[  234.975756]  ? vmx_get_msr_feature+0x180/0x180
[  234.980386]  smp_call_function_single+0x290/0x500
[  234.985268]  ? vmx_get_msr_feature+0x180/0x180
[  234.989933]  vmx_free_vcpu+0x582/0x8a0
[  234.993883]  ? vmx_create_vcpu+0x7920/0x7920
[  234.998325]  kvm_arch_destroy_vm+0x727/0xcd0
[  235.002785]  kvm_put_kvm+0x100b/0x1cf0
[  235.006733]  kvm_vcpu_release+0xad/0x100
[  235.010830]  ? kvm_vcpu_mmap+0x80/0x80
[  235.014756]  __fput+0x4e8/0xda0
[  235.018111]  ____fput+0x37/0x40
[  235.021419]  ? fput+0x3e0/0x3e0
[  235.024736]  task_work_run+0x467/0x500
[  235.028675]  prepare_exit_to_usermode+0x364/0x470
[  235.033567]  syscall_return_slowpath+0x112/0x880
[  235.038389]  ? __close_fd+0x465/0x4c0
[  235.042243]  ? __se_sys_close+0x72/0x140
[  235.046340]  do_syscall_64+0xe4/0x100
[  235.050182]  entry_SYSCALL_64_after_hwframe+0x63/0xe7
[  235.055402] RIP: 0033:0x411051
[  235.058627] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 34 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  235.077929] RSP: 002b:0000000000a3fd90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  235.085670] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000411051
[  235.092958] RDX: 0000000000000000 RSI: 0000000000730d08 RDI: 0000000000000007
[  235.100246] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  235.107539] R10: 0000000000a3fcb0 R11: 0000000000000293 R12: 0000000000000000
[  235.114828] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000
[  235.123158] Kernel Offset: disabled
[  235.126799] Rebooting in 86400 seconds..