         Starting OpenBSD Secure Shell server...
[[0;32m  OK  [0m] Started Regular background program processing daemon.
         Starting getty on tty2-tty6 if dbus and logind are not available...
         Starting Permit User Sessions...
         Starting System Logging Service...
[[0;32m  OK  [0m] Started Permit User Sessions.
[[0;32m  OK  [0m] Found device /dev/ttyS0.
[[0;32m  OK  [0m] Started System Logging Service.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Started getty on tty2-tty6 if dbus and logind are not available.
[[0;32m  OK  [0m] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.167' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   70.853783][   T28] audit: type=1400 audit(1597666503.501:8): avc:  denied  { execmem } for  pid=6849 comm="syz-executor735" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   70.862631][ T6849] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   70.924480][ T6849] ==================================================================
[   70.932725][ T6849] BUG: KASAN: use-after-free in paging32_walk_addr_generic+0x155d/0x1980
[   70.941122][ T6849] Write of size 4 at addr ffff888000105000 by task syz-executor735/6849
[   70.949527][ T6849] 
[   70.951857][ T6849] CPU: 1 PID: 6849 Comm: syz-executor735 Not tainted 5.9.0-rc1-syzkaller #0
[   70.960559][ T6849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.970600][ T6849] Call Trace:
[   70.973882][ T6849]  dump_stack+0x18f/0x20d
[   70.978201][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   70.984260][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   70.990326][ T6849]  print_address_description.constprop.0.cold+0xae/0x497
[   70.997359][ T6849]  ? region_intersects+0x257/0x2e0
[   71.002452][ T6849]  ? vprintk_func+0x97/0x1a6
[   71.007021][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   71.013072][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   71.019216][ T6849]  kasan_report.cold+0x1f/0x37
[   71.023971][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   71.030019][ T6849]  check_memory_region+0x13d/0x180
[   71.035121][ T6849]  paging32_walk_addr_generic+0x155d/0x1980
[   71.041002][ T6849]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   71.045935][ T6849]  ? lock_acquire+0x1f1/0xad0
[   71.051052][ T6849]  ? __might_fault+0xef/0x1d0
[   71.055720][ T6849]  ? find_held_lock+0x2d/0x110
[   71.060471][ T6849]  paging32_gva_to_gpa+0xb2/0x1d0
[   71.065511][ T6849]  ? paging32_walk_addr_generic+0x1980/0x1980
[   71.071560][ T6849]  ? vmx_read_guest_seg_ar+0x7a/0x160
[   71.076926][ T6849]  ? __virt_addr_valid+0x1fe/0x2b0
[   71.082041][ T6849]  ? __phys_addr+0x9a/0x110
[   71.086727][ T6849]  ? __phys_addr_symbol+0x2c/0x70
[   71.091757][ T6849]  ? __check_object_size+0x171/0x3e4
[   71.097034][ T6849]  ? __kvm_read_guest_page+0x138/0x170
[   71.102482][ T6849]  ? vmx_segment_cache_test_set+0xc3/0x170
[   71.108369][ T6849]  ? lock_is_held_type+0xbb/0xf0
[   71.113389][ T6849]  emulator_read_write_onepage+0x2f3/0xa70
[   71.119183][ T6849]  ? em_ltr+0xf0/0xf0
[   71.123149][ T6849]  emulator_read_write+0x1c4/0x5a0
[   71.128239][ T6849]  ? decode_operand+0xb7/0x30a0
[   71.133070][ T6849]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   71.138946][ T6849]  emulator_fix_hypercall+0x132/0x190
[   71.144304][ T6849]  ? trace_event_raw_event_kvm_pio+0x490/0x490
[   71.150459][ T6849]  ? em_clts+0x100/0x100
[   71.154680][ T6849]  em_hypercall+0x5d/0x130
[   71.159081][ T6849]  x86_emulate_insn+0x5e8/0x3d20
[   71.164010][ T6849]  ? kvm_put_guest_fpu+0x4c0/0x4c0
[   71.169127][ T6849]  ? init_decode_cache+0xb0/0xb0
[   71.174052][ T6849]  ? lock_is_held_type+0xbb/0xf0
[   71.178973][ T6849]  x86_emulate_instruction+0x752/0x1e00
[   71.184520][ T6849]  handle_ud+0xa8/0x240
[   71.188677][ T6849]  ? kvm_emulate_instruction+0x30/0x30
[   71.194121][ T6849]  ? lock_acquire+0x1f1/0xad0
[   71.198795][ T6849]  ? vcpu_enter_guest+0x1371/0x3b60
[   71.203998][ T6849]  ? vmx_skip_emulated_instruction+0x250/0x250
[   71.210236][ T6849]  handle_exception_nmi+0xaf7/0x1270
[   71.215518][ T6849]  ? vmx_skip_emulated_instruction+0x250/0x250
[   71.221742][ T6849]  vmx_handle_exit+0x293/0x14c0
[   71.226587][ T6849]  vcpu_enter_guest+0x14d6/0x3b60
[   71.231652][ T6849]  ? kvm_vcpu_reload_apic_access_page+0x80/0x80
[   71.237886][ T6849]  ? lock_release+0x8e0/0x8e0
[   71.242547][ T6849]  ? mark_held_locks+0x9f/0xe0
[   71.247307][ T6849]  ? __local_bh_enable_ip+0xd1/0x190
[   71.252809][ T6849]  ? lock_is_held_type+0xbb/0xf0
[   71.257826][ T6849]  ? kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   71.263747][ T6849]  kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   71.269302][ T6849]  kvm_vcpu_ioctl+0x467/0xdf0
[   71.274849][ T6849]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   71.280646][ T6849]  ? generic_block_fiemap+0x60/0x60
[   71.285851][ T6849]  ? selinux_inode_getsecctx+0x90/0x90
[   71.291318][ T6849]  ? _down_write_nest_lock+0x150/0x150
[   71.296795][ T6849]  ? bpf_lsm_file_ioctl+0x5/0x10
[   71.301923][ T6849]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   71.307721][ T6849]  __x64_sys_ioctl+0x193/0x200
[   71.312480][ T6849]  do_syscall_64+0x2d/0x70
[   71.316908][ T6849]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   71.322817][ T6849] RIP: 0033:0x443639
[   71.326692][ T6849] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0b fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   71.346557][ T6849] RSP: 002b:00007ffcf07dea38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   71.356148][ T6849] RAX: ffffffffffffffda RBX: 00007ffcf07dea40 RCX: 0000000000443639
[   71.364802][ T6849] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   71.372950][ T6849] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000004011b0
[   71.380918][ T6849] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000404660
[   71.388966][ T6849] R13: 00000000004046f0 R14: 0000000000000000 R15: 0000000000000000
[   71.396955][ T6849] 
[   71.399275][ T6849] The buggy address belongs to the page:
[   71.404895][ T6849] page:000000000c451483 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105
[   71.414856][ T6849] flags: 0x7ffe0000000000()
[   71.419347][ T6849] raw: 007ffe0000000000 ffffea0000004148 ffffea0000004148 0000000000000000
[   71.427920][ T6849] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   71.436601][ T6849] page dumped because: kasan: bad access detected
[   71.443007][ T6849] 
[   71.445314][ T6849] Memory state around the buggy address:
[   71.450925][ T6849]  ffff888000104f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.458983][ T6849]  ffff888000104f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.467024][ T6849] >ffff888000105000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.475158][ T6849]                    ^
[   71.479236][ T6849]  ffff888000105080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.487279][ T6849]  ffff888000105100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.495320][ T6849] ==================================================================
[   71.504137][ T6849] Disabling lock debugging due to kernel taint
[   71.513925][ T6849] Kernel panic - not syncing: panic_on_warn set ...
[   71.520521][ T6849] CPU: 1 PID: 6849 Comm: syz-executor735 Tainted: G    B             5.9.0-rc1-syzkaller #0
[   71.530573][ T6849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.540634][ T6849] Call Trace:
[   71.543930][ T6849]  dump_stack+0x18f/0x20d
[   71.548261][ T6849]  ? paging32_walk_addr_generic+0x14b0/0x1980
[   71.554325][ T6849]  panic+0x2e3/0x75c
[   71.558224][ T6849]  ? __warn_printk+0xf3/0xf3
[   71.562808][ T6849]  ? preempt_schedule_common+0x59/0xc0
[   71.568257][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   71.574306][ T6849]  ? preempt_schedule_thunk+0x16/0x18
[   71.579676][ T6849]  ? trace_hardirqs_on+0x55/0x220
[   71.584678][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   71.590741][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   71.596802][ T6849]  end_report+0x4d/0x53
[   71.600956][ T6849]  kasan_report.cold+0xd/0x37
[   71.605708][ T6849]  ? paging32_walk_addr_generic+0x155d/0x1980
[   71.612065][ T6849]  check_memory_region+0x13d/0x180
[   71.617159][ T6849]  paging32_walk_addr_generic+0x155d/0x1980
[   71.623049][ T6849]  ? ept_gva_to_gpa+0x1e0/0x1e0
[   71.627879][ T6849]  ? lock_acquire+0x1f1/0xad0
[   71.632549][ T6849]  ? __might_fault+0xef/0x1d0
[   71.637204][ T6849]  ? find_held_lock+0x2d/0x110
[   71.641972][ T6849]  paging32_gva_to_gpa+0xb2/0x1d0
[   71.646988][ T6849]  ? paging32_walk_addr_generic+0x1980/0x1980
[   71.653438][ T6849]  ? vmx_read_guest_seg_ar+0x7a/0x160
[   71.658813][ T6849]  ? __virt_addr_valid+0x1fe/0x2b0
[   71.663911][ T6849]  ? __phys_addr+0x9a/0x110
[   71.668432][ T6849]  ? __phys_addr_symbol+0x2c/0x70
[   71.673567][ T6849]  ? __check_object_size+0x171/0x3e4
[   71.678849][ T6849]  ? __kvm_read_guest_page+0x138/0x170
[   71.684638][ T6849]  ? vmx_segment_cache_test_set+0xc3/0x170
[   71.690545][ T6849]  ? lock_is_held_type+0xbb/0xf0
[   71.695593][ T6849]  emulator_read_write_onepage+0x2f3/0xa70
[   71.701424][ T6849]  ? em_ltr+0xf0/0xf0
[   71.705393][ T6849]  emulator_read_write+0x1c4/0x5a0
[   71.710519][ T6849]  ? decode_operand+0xb7/0x30a0
[   71.715349][ T6849]  ? __sanitizer_cov_trace_switch+0x45/0x70
[   71.721250][ T6849]  emulator_fix_hypercall+0x132/0x190
[   71.726649][ T6849]  ? trace_event_raw_event_kvm_pio+0x490/0x490
[   71.732780][ T6849]  ? em_clts+0x100/0x100
[   71.737014][ T6849]  em_hypercall+0x5d/0x130
[   71.741439][ T6849]  x86_emulate_insn+0x5e8/0x3d20
[   71.746388][ T6849]  ? kvm_put_guest_fpu+0x4c0/0x4c0
[   71.751663][ T6849]  ? init_decode_cache+0xb0/0xb0
[   71.756604][ T6849]  ? lock_is_held_type+0xbb/0xf0
[   71.761633][ T6849]  x86_emulate_instruction+0x752/0x1e00
[   71.767164][ T6849]  handle_ud+0xa8/0x240
[   71.771421][ T6849]  ? kvm_emulate_instruction+0x30/0x30
[   71.776889][ T6849]  ? lock_acquire+0x1f1/0xad0
[   71.781735][ T6849]  ? vcpu_enter_guest+0x1371/0x3b60
[   71.786913][ T6849]  ? vmx_skip_emulated_instruction+0x250/0x250
[   71.793051][ T6849]  handle_exception_nmi+0xaf7/0x1270
[   71.798340][ T6849]  ? vmx_skip_emulated_instruction+0x250/0x250
[   71.804472][ T6849]  vmx_handle_exit+0x293/0x14c0
[   71.809346][ T6849]  vcpu_enter_guest+0x14d6/0x3b60
[   71.814375][ T6849]  ? kvm_vcpu_reload_apic_access_page+0x80/0x80
[   71.820729][ T6849]  ? lock_release+0x8e0/0x8e0
[   71.825401][ T6849]  ? mark_held_locks+0x9f/0xe0
[   71.830144][ T6849]  ? __local_bh_enable_ip+0xd1/0x190
[   71.835404][ T6849]  ? lock_is_held_type+0xbb/0xf0
[   71.840339][ T6849]  ? kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   71.846135][ T6849]  kvm_arch_vcpu_ioctl_run+0x440/0x1780
[   71.851763][ T6849]  kvm_vcpu_ioctl+0x467/0xdf0
[   71.856619][ T6849]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   71.862428][ T6849]  ? generic_block_fiemap+0x60/0x60
[   71.867612][ T6849]  ? selinux_inode_getsecctx+0x90/0x90
[   71.873138][ T6849]  ? _down_write_nest_lock+0x150/0x150
[   71.878688][ T6849]  ? bpf_lsm_file_ioctl+0x5/0x10
[   71.884141][ T6849]  ? kvm_gfn_to_hva_cache_init+0x1a0/0x1a0
[   71.889956][ T6849]  __x64_sys_ioctl+0x193/0x200
[   71.894708][ T6849]  do_syscall_64+0x2d/0x70
[   71.899114][ T6849]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   71.906567][ T6849] RIP: 0033:0x443639
[   71.910443][ T6849] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 0b fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   71.930148][ T6849] RSP: 002b:00007ffcf07dea38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   71.938558][ T6849] RAX: ffffffffffffffda RBX: 00007ffcf07dea40 RCX: 0000000000443639
[   71.946537][ T6849] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[   71.954587][ T6849] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000004011b0
[   71.963287][ T6849] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000404660
[   71.971258][ T6849] R13: 00000000004046f0 R14: 0000000000000000 R15: 0000000000000000
[   71.980582][ T6849] Kernel Offset: disabled
[   71.984914][ T6849] Rebooting in 86400 seconds..