[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   64.982356][ T7088] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   65.014048][ T7088] ==================================================================
[   65.022251][ T7088] BUG: KASAN: slab-out-of-bounds in kvm_read_guest_page+0x4b5/0x4d0
[   65.030233][ T7088] Read of size 8 at addr ffff8880a687e468 by task syz-executor240/7088
[   65.038455][ T7088] 
[   65.040768][ T7088] CPU: 1 PID: 7088 Comm: syz-executor240 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0
[   65.050629][ T7088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.060665][ T7088] Call Trace:
[   65.063935][ T7088]  dump_stack+0x188/0x20d
[   65.068270][ T7088]  print_address_description.constprop.0.cold+0xd3/0x315
[   65.075281][ T7088]  ? kvm_read_guest_page+0x4b5/0x4d0
[   65.080547][ T7088]  __kasan_report.cold+0x35/0x4d
[   65.085471][ T7088]  ? kvm_read_guest_page+0x4b5/0x4d0
[   65.090737][ T7088]  ? kvm_read_guest_page+0x4b5/0x4d0
[   65.096003][ T7088]  kasan_report+0x33/0x50
[   65.100338][ T7088]  kvm_read_guest_page+0x4b5/0x4d0
[   65.105468][ T7088]  kvm_read_guest+0x51/0xd0
[   65.109981][ T7088]  kvm_set_msr_common+0xdf3/0x27c0
[   65.115151][ T7088]  ? get_kvmclock_ns+0x370/0x370
[   65.120076][ T7088]  vmx_set_msr+0xa83/0x26a0
[   65.124585][ T7088]  ? pt_update_intercept_for_msr+0x960/0x960
[   65.130574][ T7088]  ? lock_downgrade+0x840/0x840
[   65.135414][ T7088]  __kvm_set_msr+0x15f/0x2d0
[   65.139985][ T7088]  ? kvm_enable_efer_bits+0x20/0x20
[   65.145172][ T7088]  ? __might_fault+0x190/0x1d0
[   65.149918][ T7088]  ? _copy_from_user+0x13c/0x1a0
[   65.154834][ T7088]  ? do_get_msr+0x100/0x100
[   65.159316][ T7088]  msr_io+0x173/0x290
[   65.163299][ T7088]  ? emulator_write_std+0xb0/0xb0
[   65.168303][ T7088]  ? save_stack+0x32/0x40
[   65.172610][ T7088]  ? __kasan_slab_free+0xf7/0x140
[   65.177617][ T7088]  kvm_arch_vcpu_ioctl+0x1004/0x2c00
[   65.182915][ T7088]  ? kvm_arch_vcpu_ioctl+0xfb5/0x2c00
[   65.188269][ T7088]  ? kvm_arch_vcpu_put+0x530/0x530
[   65.193373][ T7088]  ? lock_acquire+0x1f2/0x8f0
[   65.198030][ T7088]  ? kvm_vcpu_ioctl+0x175/0xe60
[   65.202865][ T7088]  ? lock_release+0x800/0x800
[   65.207527][ T7088]  ? find_held_lock+0x2d/0x110
[   65.212295][ T7088]  ? __mutex_lock+0x458/0x13c0
[   65.217036][ T7088]  ? kfree+0x1eb/0x2b0
[   65.221084][ T7088]  ? kvm_vcpu_ioctl+0x175/0xe60
[   65.225932][ T7088]  ? mutex_trylock+0x2c0/0x2c0
[   65.230681][ T7088]  ? tomoyo_execute_permission+0x470/0x470
[   65.236477][ T7088]  kvm_vcpu_ioctl+0x866/0xe60
[   65.241180][ T7088]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.247591][ T7088]  ? ioctl_file_clone+0x180/0x180
[   65.252619][ T7088]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.258157][ T7088]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.264123][ T7088]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.270523][ T7088]  ksys_ioctl+0x11a/0x180
[   65.274836][ T7088]  __x64_sys_ioctl+0x6f/0xb0
[   65.279431][ T7088]  ? lockdep_hardirqs_on+0x463/0x620
[   65.284707][ T7088]  do_syscall_64+0xf6/0x7d0
[   65.289194][ T7088]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.295076][ T7088] RIP: 0033:0x440499
[   65.298969][ T7088] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.318562][ T7088] RSP: 002b:00007ffd9008f7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.326951][ T7088] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440499
[   65.334903][ T7088] RDX: 0000000020000100 RSI: 000000004008ae89 RDI: 0000000000000005
[   65.342852][ T7088] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   65.350800][ T7088] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d20
[   65.358750][ T7088] R13: 0000000000401db0 R14: 0000000000000000 R15: 0000000000000000
[   65.366708][ T7088] 
[   65.369028][ T7088] Allocated by task 7088:
[   65.373336][ T7088]  save_stack+0x1b/0x40
[   65.377469][ T7088]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.383095][ T7088]  kvmalloc_node+0x61/0xf0
[   65.387490][ T7088]  kvm_set_memslot+0x115/0x1530
[   65.392322][ T7088]  __kvm_set_memory_region+0xcf7/0x1320
[   65.397841][ T7088]  kvm_set_memory_region+0x29/0x50
[   65.402931][ T7088]  kvm_vm_ioctl+0x678/0x2400
[   65.407498][ T7088]  ksys_ioctl+0x11a/0x180
[   65.411811][ T7088]  __x64_sys_ioctl+0x6f/0xb0
[   65.416409][ T7088]  do_syscall_64+0xf6/0x7d0
[   65.420903][ T7088]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.426766][ T7088] 
[   65.429084][ T7088] Freed by task 3655:
[   65.433046][ T7088]  save_stack+0x1b/0x40
[   65.437178][ T7088]  __kasan_slab_free+0xf7/0x140
[   65.442004][ T7088]  kfree+0x109/0x2b0
[   65.445878][ T7088]  process_one_work+0x965/0x16a0
[   65.450789][ T7088]  worker_thread+0x96/0xe20
[   65.455280][ T7088]  kthread+0x388/0x470
[   65.459358][ T7088]  ret_from_fork+0x24/0x30
[   65.463805][ T7088] 
[   65.466117][ T7088] The buggy address belongs to the object at ffff8880a687e000
[   65.466117][ T7088]  which belongs to the cache kmalloc-2k of size 2048
[   65.480147][ T7088] The buggy address is located 1128 bytes inside of
[   65.480147][ T7088]  2048-byte region [ffff8880a687e000, ffff8880a687e800)
[   65.494171][ T7088] The buggy address belongs to the page:
[   65.499786][ T7088] page:ffffea00029a1f80 refcount:1 mapcount:0 mapping:00000000a951bcc2 index:0x0
[   65.508905][ T7088] flags: 0xfffe0000000200(slab)
[   65.513744][ T7088] raw: 00fffe0000000200 ffffea00029ada08 ffffea00029996c8 ffff8880aa000e00
[   65.522316][ T7088] raw: 0000000000000000 ffff8880a687e000 0000000100000001 0000000000000000
[   65.530890][ T7088] page dumped because: kasan: bad access detected
[   65.537278][ T7088] 
[   65.539585][ T7088] Memory state around the buggy address:
[   65.545194][ T7088]  ffff8880a687e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.553235][ T7088]  ffff8880a687e380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   65.561283][ T7088] >ffff8880a687e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   65.569327][ T7088]                                                           ^
[   65.576766][ T7088]  ffff8880a687e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.584814][ T7088]  ffff8880a687e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   65.592897][ T7088] ==================================================================
[   65.600929][ T7088] Disabling lock debugging due to kernel taint
[   65.608390][ T7088] Kernel panic - not syncing: panic_on_warn set ...
[   65.614991][ T7088] CPU: 1 PID: 7088 Comm: syz-executor240 Tainted: G    B             5.7.0-rc1-next-20200415-syzkaller #0
[   65.626267][ T7088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.636319][ T7088] Call Trace:
[   65.639615][ T7088]  dump_stack+0x188/0x20d
[   65.643957][ T7088]  panic+0x2e3/0x75c
[   65.647852][ T7088]  ? add_taint.cold+0x16/0x16
[   65.652518][ T7088]  ? preempt_schedule_common+0x5e/0xc0
[   65.658034][ T7088]  ? kvm_read_guest_page+0x4b5/0x4d0
[   65.663298][ T7088]  ? preempt_schedule_thunk+0x16/0x18
[   65.668646][ T7088]  ? trace_hardirqs_on+0x55/0x220
[   65.673646][ T7088]  ? kvm_read_guest_page+0x4b5/0x4d0
[   65.678906][ T7088]  end_report+0x4d/0x53
[   65.683115][ T7088]  __kasan_report.cold+0xd/0x4d
[   65.687953][ T7088]  ? kvm_read_guest_page+0x4b5/0x4d0
[   65.693220][ T7088]  ? kvm_read_guest_page+0x4b5/0x4d0
[   65.698488][ T7088]  kasan_report+0x33/0x50
[   65.702832][ T7088]  kvm_read_guest_page+0x4b5/0x4d0
[   65.707926][ T7088]  kvm_read_guest+0x51/0xd0
[   65.712534][ T7088]  kvm_set_msr_common+0xdf3/0x27c0
[   65.717624][ T7088]  ? get_kvmclock_ns+0x370/0x370
[   65.722566][ T7088]  vmx_set_msr+0xa83/0x26a0
[   65.727049][ T7088]  ? pt_update_intercept_for_msr+0x960/0x960
[   65.733018][ T7088]  ? lock_downgrade+0x840/0x840
[   65.737850][ T7088]  __kvm_set_msr+0x15f/0x2d0
[   65.742419][ T7088]  ? kvm_enable_efer_bits+0x20/0x20
[   65.747628][ T7088]  ? __might_fault+0x190/0x1d0
[   65.752405][ T7088]  ? _copy_from_user+0x13c/0x1a0
[   65.757319][ T7088]  ? do_get_msr+0x100/0x100
[   65.761800][ T7088]  msr_io+0x173/0x290
[   65.765764][ T7088]  ? emulator_write_std+0xb0/0xb0
[   65.770764][ T7088]  ? save_stack+0x32/0x40
[   65.775078][ T7088]  ? __kasan_slab_free+0xf7/0x140
[   65.780089][ T7088]  kvm_arch_vcpu_ioctl+0x1004/0x2c00
[   65.785356][ T7088]  ? kvm_arch_vcpu_ioctl+0xfb5/0x2c00
[   65.790712][ T7088]  ? kvm_arch_vcpu_put+0x530/0x530
[   65.795818][ T7088]  ? lock_acquire+0x1f2/0x8f0
[   65.800481][ T7088]  ? kvm_vcpu_ioctl+0x175/0xe60
[   65.805322][ T7088]  ? lock_release+0x800/0x800
[   65.809978][ T7088]  ? find_held_lock+0x2d/0x110
[   65.814725][ T7088]  ? __mutex_lock+0x458/0x13c0
[   65.819462][ T7088]  ? kfree+0x1eb/0x2b0
[   65.823515][ T7088]  ? kvm_vcpu_ioctl+0x175/0xe60
[   65.828343][ T7088]  ? mutex_trylock+0x2c0/0x2c0
[   65.833090][ T7088]  ? tomoyo_execute_permission+0x470/0x470
[   65.838888][ T7088]  kvm_vcpu_ioctl+0x866/0xe60
[   65.843571][ T7088]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.849965][ T7088]  ? ioctl_file_clone+0x180/0x180
[   65.854972][ T7088]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.860511][ T7088]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.866488][ T7088]  ? kvm_get_dirty_log_protect.isra.0+0x670/0x670
[   65.872913][ T7088]  ksys_ioctl+0x11a/0x180
[   65.877229][ T7088]  __x64_sys_ioctl+0x6f/0xb0
[   65.881803][ T7088]  ? lockdep_hardirqs_on+0x463/0x620
[   65.887067][ T7088]  do_syscall_64+0xf6/0x7d0
[   65.891553][ T7088]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.897428][ T7088] RIP: 0033:0x440499
[   65.901304][ T7088] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.920916][ T7088] RSP: 002b:00007ffd9008f7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   65.929332][ T7088] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440499
[   65.937285][ T7088] RDX: 0000000020000100 RSI: 000000004008ae89 RDI: 0000000000000005
[   65.945287][ T7088] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   65.953237][ T7088] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401d20
[   65.961194][ T7088] R13: 0000000000401db0 R14: 0000000000000000 R15: 0000000000000000
[   65.970088][ T7088] Kernel Offset: disabled
[   65.974405][ T7088] Rebooting in 86400 seconds..