L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
attempt to access beyond end of device
loop1: rw=2049, want=129, limit=128
Buffer I/O error on dev loop1, logical block 128, lost async page write
============================================
WARNING: possible recursive locking detected
4.14.304-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.5/9506 is trying to acquire lock:
 (&port_lock_key){-.-.}, at: [<ffffffff835af489>] uart_write+0x109/0x560 drivers/tty/serial/serial_core.c:611

but task is already holding lock:
 (&port_lock_key){-.-.}, at: [<ffffffff835ca920>] serial8250_handle_irq.part.0+0x20/0x390 drivers/tty/serial/8250/8250_port.c:1894

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&port_lock_key);
  lock(&port_lock_key);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor.5/9506:
 #0:  (&(&i->lock)->rlock){-.-.}, at: [<ffffffff835b7caa>] spin_lock include/linux/spinlock.h:317 [inline]
 #0:  (&(&i->lock)->rlock){-.-.}, at: [<ffffffff835b7caa>] serial8250_interrupt+0x3a/0x210 drivers/tty/serial/8250/8250_core.c:119
 #1:  (&port_lock_key){-.-.}, at: [<ffffffff835ca920>] serial8250_handle_irq.part.0+0x20/0x390 drivers/tty/serial/8250/8250_port.c:1894
 #2:  (&tty->ldisc_sem){++++}, at: [<ffffffff8355ceab>] tty_ldisc_ref+0x1b/0x80 drivers/tty/tty_ldisc.c:305

stack backtrace:
CPU: 1 PID: 9506 Comm: syz-executor.5 Not tainted 4.14.304-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 print_deadlock_bug kernel/locking/lockdep.c:1800 [inline]
 check_deadlock kernel/locking/lockdep.c:1847 [inline]
 validate_chain kernel/locking/lockdep.c:2448 [inline]
 __lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x8c/0xc0 kernel/locking/spinlock.c:160
 uart_write+0x109/0x560 drivers/tty/serial/serial_core.c:611
 n_hdlc_send_frames+0x241/0x410 drivers/tty/n_hdlc.c:404
 n_hdlc_tty_wakeup+0x95/0xb0 drivers/tty/n_hdlc.c:480
 tty_wakeup+0xc3/0xf0 drivers/tty/tty_io.c:533
 tty_port_default_wakeup+0x26/0x40 drivers/tty/tty_port.c:49
 serial8250_tx_chars+0x3fe/0xc70 drivers/tty/serial/8250/8250_port.c:1828
 serial8250_handle_irq.part.0+0x2c7/0x390 drivers/tty/serial/8250/8250_port.c:1918
 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1891 [inline]
 serial8250_default_handle_irq+0x8a/0x1f0 drivers/tty/serial/8250/8250_port.c:1934
 serial8250_interrupt+0xf3/0x210 drivers/tty/serial/8250/8250_core.c:129
 __handle_irq_event_percpu+0xee/0x7f0 kernel/irq/handle.c:147
 handle_irq_event_percpu kernel/irq/handle.c:187 [inline]
 handle_irq_event+0xed/0x240 kernel/irq/handle.c:204
 handle_edge_irq+0x224/0xc40 kernel/irq/chip.c:770
 generic_handle_irq_desc include/linux/irqdesc.h:159 [inline]
 handle_irq+0x35/0x50 arch/x86/kernel/irq_64.c:87
 do_IRQ+0x93/0x1d0 arch/x86/kernel/irq.c:230
 common_interrupt+0x93/0x93 arch/x86/entry/entry_64.S:578
 </IRQ>
RIP: 0010:mutex_lock_nested+0x4/0x20 kernel/locking/mutex.c:907
RSP: 0018:ffff88804efd7930 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffc8
RAX: 0000000000040000 RBX: ffff88804efd79a0 RCX: ffffc90006c90000
RDX: 0000000000040000 RSI: 0000000000000000 RDI: ffff888093ba6520
RBP: 0000000000000000 R08: ffffffff8632d834 R09: ffff88804efd79c0
R10: ffff88804efd7a77 R11: ffff88804efca340 R12: ffff888093ba6080
R13: ffff888093ba6520 R14: 0000000000000002 R15: ffff88804efd79c0
 unix_dgram_recvmsg+0x1e4/0xc60 net/unix/af_unix.c:2146
 ___sys_recvmsg+0x20b/0x4d0 net/socket.c:2221
 __sys_recvmmsg+0x1f3/0x5d0 net/socket.c:2329
 SYSC_recvmmsg net/socket.c:2405 [inline]
 SyS_recvmmsg+0x125/0x140 net/socket.c:2394
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f7d681fc0c9
RSP: 002b:00007f7d6674d168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 00007f7d6831c050 RCX: 00007f7d681fc0c9
RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00007f7d68257ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffca38b289f R14: 00007f7d6674d300 R15: 0000000000022000
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.4:9458]
Modules linked in:
irq event stamp: 1516
hardirqs last  enabled at (1515): [<ffffffff872410e8>] preempt_schedule_irq+0x88/0x140 kernel/sched/core.c:3613
hardirqs last disabled at (1516): [<ffffffff8723e6f7>] __schedule+0x1c7/0x1de0 kernel/sched/core.c:3316
softirqs last  enabled at (0): [<ffffffff81305bb0>] copy_process.part.0+0x12d0/0x71c0 kernel/fork.c:1734
softirqs last disabled at (0): [<          (null)>]           (null)
CPU: 0 PID: 9458 Comm: syz-executor.4 Not tainted 4.14.304-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
task: ffff88804fab2580 task.stack: ffff88804fab8000
RIP: 0010:__read_once_size include/linux/compiler.h:185 [inline]
RIP: 0010:csd_lock_wait kernel/smp.c:108 [inline]
RIP: 0010:smp_call_function_single+0x181/0x370 kernel/smp.c:302
RSP: 0018:ffff88804fabfa40 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff10
RAX: ffff88804fab2580 RBX: 1ffff11009f57f4c RCX: 1ffffffff11997ad
RDX: 0000000000000000 RSI: ffff88804fabfa80 RDI: ffff88804fabfa80
RBP: ffff88804fabfaf0 R08: 0000000000000001 R09: fffffbffffeaf23d
R10: ffffffffff5791e9 R11: ffff88804fab2580 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00005555574b3400(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f029000 CR3: 00000000a8885000 CR4: 00000000003426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 smp_call_function_many+0x60f/0x7a0 kernel/smp.c:434
 smp_call_function kernel/smp.c:492 [inline]
 on_each_cpu+0x40/0x210 kernel/smp.c:602
 text_poke_bp+0x90/0x110 arch/x86/kernel/alternative.c:796
 __jump_label_transform+0x269/0x300 arch/x86/kernel/jump_label.c:102
 arch_jump_label_transform+0x26/0x40 arch/x86/kernel/jump_label.c:110
 __jump_label_update+0x113/0x170 kernel/jump_label.c:374
 jump_label_update kernel/jump_label.c:741 [inline]
 jump_label_update+0x140/0x2d0 kernel/jump_label.c:720
 __static_key_slow_dec_cpuslocked+0x3d/0xf0 kernel/jump_label.c:204
 __static_key_slow_dec kernel/jump_label.c:214 [inline]
 static_key_slow_dec+0x53/0x70 kernel/jump_label.c:228
 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:804 [inline]
 kvm_put_kvm+0x630/0xab0 arch/x86/kvm/../../../virt/kvm/kvm_main.c:819
 kvm_vm_release+0x3f/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:830
 __fput+0x25f/0x7a0 fs/file_table.c:210
 task_work_run+0x11f/0x190 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f6394142f7b
RSP: 002b:00007fff76d90930 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000009 RCX: 00007f6394142f7b
RDX: 00007f6393d063d8 RSI: ffffffffffffffff RDI: 0000000000000008
RBP: 00007f63942b2980 R08: 0000000000000000 R09: 00007f6393d05000
R10: 00007f6393d063e0 R11: 0000000000000293 R12: 000000000002db16
R13: 00007fff76d90a30 R14: 00007f63942b0f80 R15: 0000000000000032
Code: ce 08 00 48 8b 54 24 10 4c 89 e9 8b 7c 24 1c 48 8d 74 24 40 e8 71 fa ff ff 41 89 c4 8b 44 24 58 a8 01 74 0f e8 e1 cd 08 00 f3 90 <8b> 44 24 58 a8 01 75 f1 e8 d2 cd 08 00 e8 cd cd 08 00 bf 01 00 
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at pc 0xffffffff8724e32d
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	08 00                	or     %al,(%rax)
   2:	48 8b 54 24 10       	mov    0x10(%rsp),%rdx
   7:	4c 89 e9             	mov    %r13,%rcx
   a:	8b 7c 24 1c          	mov    0x1c(%rsp),%edi
   e:	48 8d 74 24 40       	lea    0x40(%rsp),%rsi
  13:	e8 71 fa ff ff       	callq  0xfffffa89
  18:	41 89 c4             	mov    %eax,%r12d
  1b:	8b 44 24 58          	mov    0x58(%rsp),%eax
  1f:	a8 01                	test   $0x1,%al
  21:	74 0f                	je     0x32
  23:	e8 e1 cd 08 00       	callq  0x8ce09
  28:	f3 90                	pause
* 2a:	8b 44 24 58          	mov    0x58(%rsp),%eax <-- trapping instruction
  2e:	a8 01                	test   $0x1,%al
  30:	75 f1                	jne    0x23
  32:	e8 d2 cd 08 00       	callq  0x8ce09
  37:	e8 cd cd 08 00       	callq  0x8ce09
  3c:	bf                   	.byte 0xbf
  3d:	01 00                	add    %eax,(%rax)