[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[ 19.568857] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 24.481605] random: sshd: uninitialized urandom read (32 bytes read)
[ 24.883598] random: sshd: uninitialized urandom read (32 bytes read)
[ 25.714434] random: sshd: uninitialized urandom read (32 bytes read)
[ 89.531187] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.34' (ECDSA) to the list of known hosts.
[ 95.142556] random: sshd: uninitialized urandom read (32 bytes read)
[ 97.042558] ==================================================================
[ 97.045307] ------------[ cut here ]------------
[ 97.050087] BUG: KASAN: slab-out-of-bounds in vmac_final+0x161/0x26a0
[ 97.056171] ODEBUG: deactivate not available (active state 0) object type: timer_list hint: process_timeout+0x0/0x40
[ 97.062805] Write of size 18446744073709551516 at addr ffff8801cef677cc by task syz-executor217/6484
[ 97.073597] WARNING: CPU: 0 PID: 6468 at lib/debugobjects.c:329 debug_print_object+0x16a/0x210
[ 97.082709]
[ 97.091440] Kernel panic - not syncing: panic_on_warn set ...
[ 97.091440]
[ 97.093057] CPU: 1 PID: 6484 Comm: syz-executor217 Not tainted 4.17.0+ #98
[ 97.107382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 97.116818] Call Trace:
[ 97.119399] dump_stack+0x1b9/0x294
[ 97.123025] ? dump_stack_print_info.cold.2+0x52/0x52
[ 97.128203] ? printk+0x9e/0xba
[ 97.131469] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 97.136220] ? kasan_check_write+0x14/0x20
[ 97.140447] print_address_description+0x6c/0x20b
[ 97.145289] ? vmac_final+0x161/0x26a0
[ 97.149170] kasan_report.cold.7+0x242/0x2fe
[ 97.153581] check_memory_region+0x13e/0x1b0
[ 97.158066] memset+0x23/0x40
[ 97.161173] vmac_final+0x161/0x26a0
[ 97.164895] ? __lock_is_held+0xb5/0x140
[ 97.168967] ? vmac_init_tfm+0xc0/0xc0
[ 97.172842] ? __kmalloc+0x5f9/0x760
[ 97.176544] ? __asan_allocas_unpoison+0x16/0x20
[ 97.181289] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 97.186391] ? sock_kmalloc+0x14e/0x1d0
[ 97.190365] crypto_shash_final+0x104/0x260
[ 97.194678] ? vmac_init_tfm+0xc0/0xc0
[ 97.198576] ? crypto_shash_digest+0x1c0/0x1c0
[ 97.203149] shash_async_final+0x35/0x40
[ 97.207201] crypto_ahash_op+0xcf/0x180
[ 97.211165] crypto_ahash_final+0x57/0x70
[ 97.215306] hash_sendmsg+0x750/0xac0
[ 97.219095] ? hash_recvmsg+0xa60/0xa60
[ 97.223075] sock_sendmsg+0xd5/0x120
[ 97.226866] ___sys_sendmsg+0x805/0x940
[ 97.230841] ? copy_msghdr_from_user+0x560/0x560
[ 97.235595] ? expand_files.part.8+0x9a0/0x9a0
[ 97.240172] ? __sched_text_start+0x8/0x8
[ 97.244401] ? __fget_light+0x2ef/0x430
[ 97.248387] ? fget_raw+0x20/0x20
[ 97.251831] ? __fget_light+0x2ef/0x430
[ 97.255802] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 97.261335] ? sockfd_lookup_light+0xc5/0x160
[ 97.265824] __sys_sendmsg+0x115/0x270
[ 97.269702] ? __ia32_sys_shutdown+0x80/0x80
[ 97.274106] ? __x64_sys_futex+0x477/0x680
[ 97.278343] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 97.283185] __x64_sys_sendmsg+0x78/0xb0
[ 97.287243] do_syscall_64+0x1b1/0x800
[ 97.291119] ? finish_task_switch+0x1ca/0x840
[ 97.295603] ? syscall_return_slowpath+0x5c0/0x5c0
[ 97.300524] ? syscall_return_slowpath+0x30f/0x5c0
[ 97.305442] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[ 97.310797] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 97.315628] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 97.320811] RIP: 0033:0x446af9
[ 97.323983] Code: e8 4c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 56 00 00 c3 66 2e 0f 1f 84 00 00 00 00
[ 97.343206] RSP: 002b:00007f4c7cca3ce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 97.350911] RAX: ffffffffffffffda RBX: 00000000006dcc5c RCX: 0000000000446af9
[ 97.358256] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000008
[ 97.365512] RBP: 00000000006dcc58 R08: 0000000000000000 R09: 0000000000000000
[ 97.372776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 97.380040] R13: 00007fff3230487f R14: 00007f4c7cca49c0 R15: 000000000000000b
[ 97.387384]
[ 97.387405] CPU: 0 PID: 6468 Comm: syz-executor217 Not tainted 4.17.0+ #98
[ 97.389005] Allocated by task 6468:
[ 97.396001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 97.399628] save_stack+0x43/0xd0
[ 97.408945] Call Trace:
[ 97.412384] kasan_kmalloc+0xc4/0xe0
[ 97.414963]
[ 97.418658] __kmalloc+0x14e/0x760
[ 97.420791] dump_stack+0x1b9/0x294
[ 97.424311] crypto_create_tfm+0x87/0x310
[ 97.427927] ? dump_stack_print_info.cold.2+0x52/0x52
[ 97.432049] crypto_init_shash_ops_async+0x5d/0x3e4
[ 97.437223] ? debug_print_object+0x140/0x210
[ 97.442210] crypto_ahash_init_tfm+0x357/0x430
[ 97.446682] panic+0x22f/0x4de
[ 97.451242] crypto_create_tfm+0xe9/0x310
[ 97.451263] crypto_alloc_tfm+0x1b5/0x2d0
[ 97.454433] ? add_taint.cold.5+0x16/0x16
[ 97.458557] crypto_alloc_ahash+0x2c/0x40
[ 97.462703] ? __warn.cold.8+0x148/0x1b3
[ 97.466824] hash_bind+0x25/0x30
[ 97.471905] ? __warn.cold.8+0x117/0x1b3
[ 97.475960] alg_bind+0x2be/0x560
[ 97.479310] ? debug_print_object+0x16a/0x210
[ 97.483342] __sys_bind+0x331/0x440
[ 97.486771] __warn.cold.8+0x163/0x1b3
[ 97.491239] __x64_sys_bind+0x73/0xb0
[ 97.494842] ? debug_print_object+0x16a/0x210
[ 97.498714] do_syscall_64+0x1b1/0x800
[ 97.502496] report_bug+0x252/0x2d0
[ 97.507307] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 97.507313]
[ 97.511200] do_error_trap+0x1fc/0x4d0
[ 97.514796] Freed by task 3238:
[ 97.519974] ? ___ratelimit.cold.2+0x6a/0x6a
[ 97.521570] (stack is not available)
[ 97.525613] ? math_error+0x3f0/0x3f0
[ 97.528859]
[ 97.528873] The buggy address belongs to the object at ffff8801cef675c0
[ 97.528873] which belongs to the cache kmalloc-512 of size 512
[ 97.533261] ? vprintk_default+0x28/0x30
[ 97.538208] The buggy address is located 12 bytes to the right of
[ 97.538208] 512-byte region [ffff8801cef675c0, ffff8801cef677c0)
[ 97.542002] ? printk+0x9e/0xba
[ 97.543611] The buggy address belongs to the page:
[ 97.556251] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 97.560295] page:ffffea00073bd9c0 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0
[ 97.572587] do_invalid_op+0x1b/0x20
[ 97.580747] invalid_op+0x14/0x20
[ 97.585561] flags: 0x2fffc0000000100(slab)
[ 97.593698] RIP: 0010:debug_print_object+0x16a/0x210
[ 97.597395] raw: 02fffc0000000100 ffffea00073bd848 ffffea00073a4748 ffff8801da800940
[ 97.600815] Code:
[ 97.605135] raw: 0000000000000000 ffff8801cef670c0 0000000100000006 0000000000000000
[ 97.610213] 1a
[ 97.618243] page dumped because: kasan: bad access detected
[ 97.620368] 88
[ 97.628307]
[ 97.630176] 48
[ 97.635864] Memory state around the buggy address:
[ 97.637739] 89
[ 97.639358] ffff8801cef67680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 97.641220] fa
[ 97.646169] ffff8801cef67700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 97.648031] 48
[ 97.655369] >ffff8801cef67780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 97.657236] c1
[ 97.664574] ^
[ 97.666442] ea 03
[ 97.673800] ffff8801cef67800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 97.675661] 80
[ 97.681347] ffff8801cef67880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 97.683471] 3c
[ 97.690803] ==================================================================
[ 97.692677] 02 00 0f 85 92 00 00 00 48 8b 14 dd 20 7a 1a 88 4c 89 f6 48 c7 c7 a0 6f 1a 88 e8 a6 4d ec fd <0f> 0b 83 05 19 4c 44 06 01 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f
[ 97.719020] kasan: CONFIG_KASAN_INLINE enabled
[ 97.726445] RSP: 0018:ffff8801dae07850 EFLAGS: 00010086
[ 97.731005] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 97.736354] general protection fault: 0000 [#1] SMP KASAN
[ 97.743683] RAX: 0000000000000068 RBX: 0000000000000005 RCX: ffffffff81854ed8
[ 97.749284] CPU: 1 PID: 0 Comm: Tainted: G B 4.17.0+ #98
[ 97.756528] RDX: 0000000000000100 RSI: ffffffff8161f371 RDI: 0000000000000001
[ 97.763350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 97.770591] RBP: ffff8801dae07890 R08: ffff8801d2e38280 R09: ffffed003b5c3ec2
[ 97.770601] R10: ffffed003b5c3ec2 R11: ffff8801dae1f617 R12: 0000000000000001
[ 97.779943] RIP: 0010:account_system_index_time+0xea/0x5b0
[ 97.787180] R13: ffffffff88f9a940 R14: ffffffff881a7380 R15: ffffffff81677180
[ 97.794443] Code:
[ 97.800076] ? __internal_add_timer+0x2d0/0x2d0
[ 97.807319] 63
[ 97.809463] ? irq_work_queue+0x28/0x130
[ 97.814364] 04
[ 97.816254] ? vprintk_func+0x81/0xe7
[ 97.820282] 00
[ 97.822157] debug_object_deactivate+0x2a7/0x400
[ 97.825917] 00
[ 97.827794] ? debug_stats_show+0x100/0x100
[ 97.832516] 48 8b
[ 97.834406] ? kasan_check_write+0x14/0x20
[ 97.838698] 83
[ 97.840831] ? do_raw_spin_lock+0xc1/0x200
[ 97.845032] b8
[ 97.846906] __run_timers+0x569/0xc50
[ 97.851102] 06
[ 97.852976] ? __bpf_trace_timer_expire_entry+0x30/0x30
[ 97.856741] 00
[ 97.858611] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 97.863940] 00
[ 97.865814] ? graph_lock+0x170/0x170
[ 97.870798] 48
[ 97.872669] ? enqueue_hrtimer+0x18b/0x520
[ 97.876443] ba
[ 97.878317] ? hrtimer_update_softirq_timer+0xa0/0xa0
[ 97.882522] 00
[ 97.884395] ? find_held_lock+0x36/0x1c0
[ 97.889547] 00
[ 97.891422] ? print_usage_bug+0xc0/0xc0
[ 97.895443] 00 00
[ 97.897320] ? graph_lock+0x170/0x170
[ 97.901353] 00
[ 97.903707] ? lock_downgrade+0x8e0/0x8e0
[ 97.907475] fc
[ 97.909364] ? __lock_is_held+0xb5/0x140
[ 97.913491] ff
[ 97.915368] run_timer_softirq+0x4c/0x70
[ 97.919396] df
[ 97.921269] __do_softirq+0x2e0/0xaf5
[ 97.925299] 48
[ 97.927181] ? __irqentry_text_end+0x1f98a8/0x1f98a8
[ 97.930938] 8d b8
[ 97.932819] ? kasan_check_read+0x11/0x20
[ 97.937905] 38
[ 97.940056] ? graph_lock+0x170/0x170
[ 97.944170] 01
[ 97.946044] ? native_apic_msr_write+0x5b/0x80
[ 97.949805] 00 00
[ 97.951684] ? do_raw_spin_trylock+0x1b0/0x1b0
[ 97.956231] 48
[ 97.958366] ? lapic_next_event+0x5a/0x90
[ 97.962912] 8d
[ 97.964789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 97.968895] 88 20
[ 97.970775] ? clockevents_program_event+0x140/0x370
[ 97.976278] 01 00
[ 97.978421] ? __lock_is_held+0xb5/0x140
[ 97.983486] 00
[ 97.985631] irq_exit+0x1d1/0x200
[ 97.989642] 48 89
[ 97.991524] smp_apic_timer_interrupt+0x17e/0x710
[ 97.994949] fe
[ 97.997086] ? smp_call_function_single_interrupt+0x650/0x650
[ 98.001892] 48
[ 98.003777] ? _raw_spin_lock+0x32/0x40
[ 98.009628] c1
[ 98.011500] ? _raw_spin_unlock+0x22/0x30
[ 98.015441] ee
[ 98.017319] ? handle_edge_irq+0x330/0x870
[ 98.021519] 03 <0f>
[ 98.023416] ? task_prio+0x50/0x50
[ 98.027613] b6 14
[ 98.029938] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 98.033527] 16
[ 98.036356] apic_timer_interrupt+0xf/0x20
[ 98.041174] 48
[ 98.043054]
[ 98.047271] 89
[ 98.049148] RIP: 0010:memset_erms+0x9/0x10
[ 98.051356] fe
[ 98.053229] Code:
[ 98.057438] 83
[ 98.059303] c1
[ 98.061448] e6
[ 98.063315] e9
[ 98.065173] 07 40
[ 98.067039] 03 40
[ 98.068924] 38
[ 98.071066] 0f
[ 98.073204] f2
[ 98.075065] b6
[ 98.076930] 7f 08
[ 98.078814] f6
[ 98.080672] 84 d2
[ 98.082803] 48
[ 98.084676] 0f
[ 98.086806] b8
[ 98.088668] 85
[ 98.090530] 01
[ 98.092393] f6
[ 98.094255] 01
[ 98.096133] 03
[ 98.097994] 01 01
[ 98.100141] 00
[ 98.102017] 01
[ 98.104146] RSP: 0018:ffff8801daf07980 EFLAGS: 00010006
[ 98.106011] 01 01
[ 98.113236] 01
[ 98.115367] RAX: 0000000000000000 RBX: ffff8801d0bce680 RCX: 0000000000000120
[ 98.115374] 48
[ 98.117242] RDX: dffffc0000000000 RSI: 0000000000000027 RDI: 0000000000000138
[ 98.124484] 0f
[ 98.126352] RBP: ffff8801daf07a68 R08: ffff8801d0bce680 R09: 0000000000000000
[ 98.133606] af c6
[ 98.135484] R10: ffffed0043fff009 R11: ffff88021fff8057 R12: ffff8801daf07a40
[ 98.142735] f3 48
[ 98.144880] R13: ffff8801d0bce680 R14: 00000000000f4240 R15: 0000000000000002
[ 98.152124] ab
[ 98.154257] FS: 00007f4c7cca4700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[ 98.161496] 89
[ 98.163367] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 98.171560] d1 f3
[ 98.173437] CR2: 0000000020000080 CR3: 00000001adf27000 CR4: 00000000001406e0
[ 98.179291] aa
[ 98.181420] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 98.188658] 4c 89 c8
[ 98.190529] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 98.190535] Call Trace:
[ 98.197776] c3 90
[ 98.200189]
[ 98.207435] 49
[ 98.210007] ? pvclock_read_flags+0x160/0x160
[ 98.212121] 89
[ 98.214262] ? account_guest_time+0x3d0/0x3d0
[ 98.216118] f9
[ 98.220594] ? do_raw_spin_unlock+0x9e/0x2e0
[ 98.222455] 40
[ 98.226932] ? kvm_clock_read+0x25/0x30
[ 98.228789] 88 f0
[ 98.233203] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 98.235064] 48
[ 98.239024] ? ktime_get+0x2d9/0x430
[ 98.241139] 89 d1
[ 98.246143] account_system_time+0x7f/0xb0
[ 98.248013]
[ 98.251710] account_process_tick+0x76/0x240
[ 98.253827] aa
[ 98.258044] ? do_raw_spin_unlock+0x9e/0x2e0
[ 98.260072] 4c 89
[ 98.264476] update_process_times+0x21/0x70
[ 98.266339] c8
[ 98.270733] tick_sched_handle+0x9f/0x180
[ 98.272843] c3 90
[ 98.277152] tick_sched_timer+0x45/0x130
[ 98.279008] 49
[ 98.283138] __hrtimer_run_queues+0x3e3/0x10a0
[ 98.285260] 89
[ 98.289306] ? tick_sched_do_timer+0x1a0/0x1a0
[ 98.291158] fa 40
[ 98.295726] ? hrtimer_start_range_ns+0xd10/0xd10
[ 98.297586] 0f
[ 98.302150] ? pvclock_read_flags+0x160/0x160
[ 98.304267] b6
[ 98.309096] ? kvm_clock_read+0x25/0x30
[ 98.310966] ce
[ 98.315439] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 98.315452] ? kvm_clock_read+0x25/0x30
[ 98.317305] 48 b8
[ 98.321268] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 98.323125] 01
[ 98.328134] ? ktime_get_update_offsets_now+0x3d3/0x5c0
[ 98.332067] 01 01
[ 98.334208] ? do_timer+0x50/0x50
[ 98.339189] 01 01
[ 98.341089] ? kasan_check_read+0x11/0x20
[ 98.346422] 01
[ 98.348555] ? rcu_nmi_exit+0xd7/0x2b0
[ 98.351977] RSP: 0018:ffff8801d24d77f0 EFLAGS: 00010282
[ 98.354106] ? do_raw_spin_lock+0xc1/0x200
[ 98.358219] ORIG_RAX: ffffffffffffff13
[ 98.360093] hrtimer_interrupt+0x2f3/0x750
[ 98.363953] RAX: 0000000000000000 RBX: ffff8801cef677cc RCX: ffffffffffc16593
[ 98.369481] smp_apic_timer_interrupt+0x15d/0x710
[ 98.373683] RDX: ffffffffffffff9c RSI: 0000000000000000 RDI: ffff8801cf3511d5
[ 98.377649] ? smp_call_function_single_interrupt+0x650/0x650
[ 98.381855] RBP: ffff8801d24d7810 R08: ffffed0039deceed R09: ffff8801cef677cc
[ 98.389105] ? _raw_spin_lock+0x32/0x40
[ 98.393919] R10: ffffed0039deceec R11: ffff8801cef67767 R12: ffffffffffffff9c
[ 98.401172] ? _raw_spin_unlock+0x22/0x30
[ 98.407036] R13: 0000000000000000 R14: ffff8801cef675c0 R15: ffff8801cef676e8
[ 98.407054] ? memset+0x31/0x40
[ 98.414305] ? handle_edge_irq+0x330/0x870
[ 98.418270] vmac_final+0x161/0x26a0
[ 98.425525] ? task_prio+0x50/0x50
[ 98.429648] ? __lock_is_held+0xb5/0x140
[ 98.436915] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 98.440169] ? vmac_init_tfm+0xc0/0xc0
[ 98.444385] apic_timer_interrupt+0xf/0x20
[ 98.448072] ? __kmalloc+0x5f9/0x760
[ 98.451589]
[ 98.455628] ? __asan_allocas_unpoison+0x16/0x20
[ 98.455644] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 98.460452] Modules linked in:
[ 98.464331] ? sock_kmalloc+0x14e/0x1d0
[ 98.472225] crypto_shash_final+0x104/0x260
[ 98.474449] Dumping ftrace buffer:
[ 98.479192] ? vmac_init_tfm+0xc0/0xc0
[ 98.484171] (ftrace buffer empty)
[ 98.487343] ? crypto_shash_digest+0x1c0/0x1c0
[ 98.491285] ---[ end trace 6543079521a07167 ]---
[ 98.495589] shash_async_final+0x35/0x40
[ 98.499106] RIP: 0010:account_system_index_time+0xea/0x5b0
[ 98.502965] crypto_ahash_op+0xcf/0x180
[ 98.506660] Code:
[ 98.511224] crypto_ahash_final+0x57/0x70
[ 98.515952] 63
[ 98.519997] hash_sendmsg+0x750/0xac0
[ 98.525588] 04
[ 98.529554] hash_sendmsg_nokey+0x61/0x80
[ 98.531683] 00
[ 98.535810] ? hash_recvmsg_nokey+0x90/0x90
[ 98.537665] 00
[ 98.541446] sock_sendmsg+0xd5/0x120
[ 98.543299] 48
[ 98.547429] __sys_sendto+0x3d7/0x670
[ 98.549292] 8b
[ 98.553614] ? __ia32_sys_getpeername+0xb0/0xb0
[ 98.555466] 83 b8
[ 98.559170] ? fget_raw+0x20/0x20
[ 98.561021] 06
[ 98.564803] ? __local_bh_enable_ip+0x161/0x230
[ 98.566662] 00 00
[ 98.571322] ? release_sock+0x1e2/0x2b0
[ 98.573443] 48
[ 98.576886] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 98.578739] ba
[ 98.583395] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 98.585509] 00
[ 98.589464] ? fput+0x130/0x1a0
[ 98.591326] 00 00
[ 98.596334] ? __x64_sys_futex+0x477/0x680
[ 98.598196] 00
[ 98.603733] ? do_futex+0x27d0/0x27d0
[ 98.605602] 00
[ 98.610006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 98.612465] fc
[ 98.616685] __x64_sys_sendto+0xe1/0x1a0
[ 98.618551] ff
[ 98.622342] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 98.624197] df
[ 98.629726] do_syscall_64+0x1b1/0x800
[ 98.631582] 48
[ 98.635627] ? syscall_slow_exit_work+0x4f0/0x4f0
[ 98.637492] 8d
[ 98.642505] ? syscall_return_slowpath+0x5c0/0x5c0
[ 98.644360] b8
[ 98.648231] ? syscall_return_slowpath+0x30f/0x5c0
[ 98.650082] 38
[ 98.654928] ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[ 98.656791] 01
[ 98.661719] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 98.663597] 00
[ 98.668594] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 98.670455] 00
[ 98.675805] RIP: 0033:0x446af9
[ 98.677658] 48 8d
[ 98.682656] Code:
[ 98.684517] 88 20
[ 98.689686] e8
[ 98.691556] 01
[ 98.694815] 4c
[ 98.696942] 00
[ 98.699061] e7 ff
[ 98.701198] 00
[ 98.703065] ff
[ 98.704935] 48
[ 98.706805] 48
[ 98.708678] 89
[ 98.710806] 83
[ 98.712668] fe
[ 98.714527] c4 18
[ 98.716414] 48
[ 98.718281] c3 0f
[ 98.720158] c1
[ 98.722021] 1f
[ 98.723894] ee
[ 98.726033] 80
[ 98.727897] 03 <0f>
[ 98.730114] 00
[ 98.731991] b6
[ 98.733855] 00
[ 98.735716] 14
[ 98.737578] 00
[ 98.739877] 16
[ 98.741743] 00
[ 98.743608] 48
[ 98.745480] 48
[ 98.747337] 89 fe
[ 98.749203] 89 f8
[ 98.751071] 83
[ 98.752945] 48
[ 98.754820] e6
[ 98.756681] 89
[ 98.758808] 07
[ 98.760931] f7
[ 98.762795] 40
[ 98.764653] 48 89
[ 98.766523] 38
[ 98.768392] d6
[ 98.770262] f2
[ 98.772122] 48 89
[ 98.774182] 7f 08
[ 98.776320] ca
[ 98.778453] 84
[ 98.780330] 4d
[ 98.782191] d2
[ 98.784310] 89 c2
[ 98.786453] 0f 85
[ 98.788327] 4d
[ 98.790458] f6
[ 98.792320] 89
[ 98.794180] 03 00
[ 98.796313] c8
[ 98.800302] 4c 8b
[ 98.802180] RSP: 0018:ffff8801daf07980 EFLAGS: 00010006
[ 98.804036] 4c 24
[ 98.808136] 08
[ 98.810267] RAX: 0000000000000000 RBX: ffff8801d0bce680 RCX: 0000000000000120
[ 98.815594] 0f 05
[ 98.817739] RDX: dffffc0000000000 RSI: 0000000000000027 RDI: 0000000000000138
[ 98.817749] RBP: ffff8801daf07a68 R08: ffff8801d0bce680 R09: 0000000000000000
[ 98.819607] <48>
[ 98.826856] R10: ffffed0043fff009 R11: ffff88021fff8057 R12: ffff8801daf07a40
[ 98.828993] 3d
[ 98.839027] R13: ffff8801d0bce680 R14: 00000000000f4240 R15: 0000000000000002
[ 98.846278] 01 f0
[ 98.848330] FS: 00007f4c7cca4700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[ 98.855569] ff ff
[ 98.857447] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 98.864682] 0f 83
[ 98.866818] CR2: 0000000020000080 CR3: 00000001adf27000 CR4: 00000000001406e0
[ 98.875014] 4b
[ 98.877145] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 98.882999] 56
[ 98.885126] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 98.892450] 00 00 c3 66 2e 0f 1f 84 00 00 00 00
[ 98.915439] RSP: 002b:00007f4c7ccc4cd8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[ 98.923135] RAX: ffffffffffffffda RBX: 00000000006dcc44 RCX: 0000000000446af9
[ 98.930386] RDX: 00000000000000f9 RSI: 0000000020000380 RDI: 0000000000000007
[ 98.937637] RBP: 00000000006dcc40 R08: 0000000020000480 R09: 0000000000000010
[ 98.944885] R10: 0000000000000804 R11: 0000000000000216 R12: 0000000000000000
[ 98.952134] R13: 00007fff3230487f R14: 00007f4c7ccc59c0 R15: 000000000000000b
[ 98.959392]
[ 98.959396] ======================================================
[ 98.959400] WARNING: possible circular locking dependency detected
[ 98.959402] 4.17.0+ #98 Not tainted
[ 98.959406] ------------------------------------------------------
[ 98.959409] syz-executor217/6468 is trying to acquire lock:
[ 98.959411] (____ptrval____) ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
[ 98.959420]
[ 98.959422] but task is already holding lock:
[ 98.959424] (____ptrval____) (&obj_hash[i].lock){-.-.}, at: debug_object_deactivate+0xe1/0x400
[ 98.959434]
[ 98.959436] which lock already depends on the new lock.
[ 98.959438]
[ 98.959439]
[ 98.959442] the existing dependency chain (in reverse order) is:
[ 98.959444]
[ 98.959445] -> #3 (&obj_hash[i].lock){-.-.}:
[ 98.959454] _raw_spin_lock_irqsave+0x96/0xc0
[ 98.959457] __debug_object_init+0x11f/0x12c0
[ 98.959459] debug_object_init+0x16/0x20
[ 98.959461] hrtimer_init+0x8f/0x460
[ 98.959464] init_dl_task_timer+0x1b/0x50
[ 98.959466] __sched_fork+0x2a8/0x570
[ 98.959468] init_idle+0x75/0x7a0
[ 98.959471] sched_init+0xbeb/0xd10
[ 98.959473] start_kernel+0x475/0x92d
[ 98.959476] x86_64_start_reservations+0x29/0x2b
[ 98.959478] x86_64_start_kernel+0x76/0x79
[ 98.959481] secondary_startup_64+0xa5/0xb0
[ 98.959482]
[ 98.959484] -> #2 (&rq->lock){-.-.}:
[ 98.959492] _raw_spin_lock+0x2a/0x40
[ 98.959494] task_fork_fair+0x8a/0x660
[ 98.959497] sched_fork+0x43e/0xb30
[ 98.959499] copy_process.part.38+0x1bf1/0x7180
[ 98.959502] _do_fork+0x291/0x12a0
[ 98.959504] kernel_thread+0x34/0x40
[ 98.959506] rest_init+0x22/0xe4
[ 98.959508] start_kernel+0x906/0x92d
[ 98.959511] x86_64_start_reservations+0x29/0x2b
[ 98.959514] x86_64_start_kernel+0x76/0x79
[ 98.959516] secondary_startup_64+0xa5/0xb0
[ 98.959518]
[ 98.959519] -> #1 (&p->pi_lock){-.-.}:
[ 98.959531] _raw_spin_lock_irqsave+0x96/0xc0
[ 98.959534] try_to_wake_up+0xca/0x1280
[ 98.959536] wake_up_process+0x10/0x20
[ 98.959539] __up.isra.1+0x1b8/0x290
[ 98.959541] up+0x12f/0x1b0
[ 98.959543] __up_console_sem+0xbe/0x1b0
[ 98.959546] console_unlock+0x79a/0x10a0
[ 98.959548] vprintk_emit+0x6b2/0xde0
[ 98.959550] vprintk_default+0x28/0x30
[ 98.959553] vprintk_func+0x7a/0xe7
[ 98.959555] printk+0x9e/0xba
[ 98.959557] load_umh+0x51/0xbd
[ 98.959559] do_one_initcall+0x127/0x913
[ 98.959562] kernel_init_freeable+0x49b/0x58e
[ 98.959564] kernel_init+0x11/0x1b3
[ 98.959567] ret_from_fork+0x3a/0x50
[ 98.959568]
[ 98.959569] -> #0 ((console_sem).lock){-.-.}:
[ 98.959578] lock_acquire+0x1dc/0x520
[ 98.959580] _raw_spin_lock_irqsave+0x96/0xc0
[ 98.959583] down_trylock+0x13/0x70
[ 98.959586] __down_trylock_console_sem+0xae/0x200
[ 98.959588] console_trylock+0x15/0xa0
[ 98.959590] vprintk_emit+0x699/0xde0
[ 98.959593] vprintk_default+0x28/0x30
[ 98.959595] vprintk_func+0x7a/0xe7
[ 98.959597] printk+0x9e/0xba
[ 98.959599] __warn_printk+0x83/0xd0
[ 98.959602] debug_print_object+0x16a/0x210
[ 98.959605] debug_object_deactivate+0x2a7/0x400
[ 98.959607] __run_timers+0x569/0xc50
[ 98.959610] run_timer_softirq+0x4c/0x70
[ 98.959612] __do_softirq+0x2e0/0xaf5
[ 98.959614] irq_exit+0x1d1/0x200
[ 98.959617] smp_apic_timer_interrupt+0x17e/0x710
[ 98.959620] apic_timer_interrupt+0xf/0x20
[ 98.959622] memset_erms+0x9/0x10
[ 98.959625] vmac_final+0x161/0x26a0
[ 98.959627] crypto_shash_final+0x104/0x260
[ 98.959630] shash_async_final+0x35/0x40
[ 98.959632] crypto_ahash_op+0xcf/0x180
[ 98.959635] crypto_ahash_final+0x57/0x70
[ 98.959637] hash_sendmsg+0x750/0xac0
[ 98.959640] hash_sendmsg_nokey+0x61/0x80
[ 98.959642] sock_sendmsg+0xd5/0x120
[ 98.959645] __sys_sendto+0x3d7/0x670
[ 98.959647] __x64_sys_sendto+0xe1/0x1a0
[ 98.959650] do_syscall_64+0x1b1/0x800
[ 98.959653] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 98.959654]
[ 98.959657] other info that might help us debug this:
[ 98.959658]
[ 98.959660] Chain exists of:
[ 98.959663] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
[ 98.959677]
[ 98.959679] Possible unsafe locking scenario:
[ 98.959684]
[ 98.959689] CPU0 CPU1
[ 98.959691] ---- ----
[ 98.959693] lock(&obj_hash[i].lock);
[ 98.959698] lock(&rq->lock);
[ 98.959709] lock(&obj_hash[i].lock);
[ 98.959716] lock((console_sem).lock);
[ 98.959721]
[ 98.959723] *** DEADLOCK ***
[ 98.959724]
[ 98.959727] 3 locks held by syz-executor217/6468:
[ 98.959728] #0: (____ptrval____) (sk_lock-AF_ALG){+.+.}, at: hash_sendmsg+0xd9/0xac0
[ 98.959739] #1: (____ptrval____) (&base->lock){-.-.}, at: __run_timers+0x16e/0xc50
[ 98.959749] #2: (____ptrval____) (&obj_hash[i].lock){-.-.}, at: debug_object_deactivate+0xe1/0x400
[ 98.959760]
[ 98.959762] stack backtrace:
[ 98.959765] CPU: 0 PID: 6468 Comm: syz-executor217 Not tainted 4.17.0+ #98
[ 98.959770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 98.959772] Call Trace:
[ 98.959774]
[ 98.959776] dump_stack+0x1b9/0x294
[ 98.959779] ? dump_stack_print_info.cold.2+0x52/0x52
[ 98.959781] ? vprintk_func+0xd0/0xe7
[ 98.959784] print_circular_bug.isra.36.cold.56+0x1bd/0x27d
[ 98.959787] ? save_trace+0xe0/0x290
[ 98.959789] __lock_acquire+0x343e/0x5140
[ 98.959792] ? debug_check_no_locks_freed+0x310/0x310
[ 98.959795] ? debug_check_no_locks_freed+0x310/0x310
[ 98.959798] ? __lock_acquire+0x7f5/0x5140
[ 98.959800] ? graph_lock+0x170/0x170
[ 98.959803] ? rb_insert_color+0x1460/0x1460
[ 98.959806] ? print_usage_bug+0xc0/0xc0
[ 98.959808] ? print_usage_bug+0xc0/0xc0
[ 98.959811] ? find_held_lock+0x36/0x1c0
[ 98.959813] ? print_usage_bug+0xc0/0xc0
[ 98.959815] ? graph_lock+0x170/0x170
[ 98.959818] ? print_usage_bug+0xc0/0xc0
[ 98.959820] lock_acquire+0x1dc/0x520
[ 98.959823] ? down_trylock+0x13/0x70
[ 98.959825] ? lock_release+0xa10/0xa10
[ 98.959827] ? lock_downgrade+0x8e0/0x8e0
[ 98.959830] ? kvm_sched_clock_read+0x9/0x20
[ 98.959832] ? sched_clock+0x31/0x40
[ 98.959835] ? vprintk_emit+0x699/0xde0
[ 98.959837] _raw_spin_lock_irqsave+0x96/0xc0
[ 98.959840] ? down_trylock+0x13/0x70
[ 98.959842] down_trylock+0x13/0x70
[ 98.959844] __down_trylock_console_sem+0xae/0x200
[ 98.959847] console_trylock+0x15/0xa0
[ 98.959849] vprintk_emit+0x699/0xde0
[ 98.959852] ? wake_up_klogd+0x100/0x100
[ 98.959854] ? print_usage_bug+0xc0/0xc0
[ 98.959857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 98.959860] ? run_posix_cpu_timers+0x6c2/0x2550
[ 98.959862] ? ___ratelimit.cold.2+0x6a/0x6a
[ 98.959865] ? __internal_add_timer+0x2d0/0x2d0
[ 98.959867] vprintk_default+0x28/0x30
[ 98.959870] vprintk_func+0x7a/0xe7
[ 98.959872] printk+0x9e/0xba
[ 98.959874] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 98.959877] ? lock_acquire+0x1dc/0x520
[ 98.959879] ? __warn_printk+0x77/0xd0
[ 98.959882] ? __next_timer_interrupt+0x1a0/0x1a0
[ 98.959884] __warn_printk+0x83/0xd0
[ 98.959887] ? test_taint+0x20/0x20
[ 98.959889] ? __lock_acquire+0x7f5/0x5140
[ 98.959892] ? find_held_lock+0x36/0x1c0
[ 98.959895] ? __next_timer_interrupt+0x1a0/0x1a0
[ 98.959897] debug_print_object+0x16a/0x210
[ 98.959900] debug_object_deactivate+0x2a7/0x400
[ 98.959902] ? debug_stats_show+0x100/0x100
[ 98.959905] ? kasan_check_write+0x14/0x20
[ 98.959907] ? do_raw_spin_lock+0xc1/0x200
[ 98.959910] __run_timers+0x569/0xc50
[ 98.959913] ? __bpf_trace_timer_expire_entry+0x30/0x30
[ 98.959915] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 98.959918] ? graph_lock+0x170/0x170
[ 98.959920] ? enqueue_hrtimer+0x18b/0x520
[ 98.959923] ? hrtimer_update_softirq_timer+0xa0/0xa0
[ 98.959926] ? find_held_lock+0x36/0x1c0
[ 98.959928] ? print_usage_bug+0xc0/0xc0
[ 98.959930] ? graph_lock+0x170/0x170
[ 98.959933] ? lock_downgrade+0x8e0/0x8e0
[ 98.959935] ? __lock_is_held+0xb5/0x140
[ 98.959938] run_timer_softirq+0x4c/0x70
[ 98.959940] __do_softirq+0x2e0/0xaf5
[ 98.959943] ? __irqentry_text_end+0x1f98a8/0x1f98a8
[ 98.959945] ? kasan_check_read+0x11/0x20
[ 98.959948] ? graph_lock+0x170/0x170
[ 98.959950] ? native_apic_msr_write+0x5b/0x80
[ 98.959953] ? do_raw_spin_trylock+0x1b0/0x1b0
[ 98.959955] ? lapic_next_event+0x5a/0x90
[ 98.959958] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 98.959961] ? clockevents_program_event+0x140/0x370
[ 98.959964] ? __lock_is_held+0xb5/0x140
[ 98.959966] irq_exit+0x1d1/0x200
[ 98.959969] smp_apic_timer_interrupt+0x17e/0x710
[ 98.959972] ? smp_call_function_single_interrupt+0x650/0x650
[ 98.959974] ? _raw_spin_lock+0x32/0x40
[ 98.959977] ? _raw_spin_unlock+0x22/0x30
[ 98.959979] ? handle_edge_irq+0x330/0x870
[ 98.959982] ? task_prio+0x50/0x50
[ 98.959984] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 98.959987] apic_timer_interrupt+0xf/0x20
[ 98.959989]
[ 98.959991] RIP: 0010:memset_erms+0x9/0x10
[ 98.959993] Code: c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01
[ 98.960081] RSP: 0018:ffff8801d24d77f0 EFLAGS: 00010282 ORIG_RAX: ffffffffffffff13
[ 98.960088] RAX: 0000000000000000 RBX: ffff8801cef677cc RCX: ffffffffffc16593
[ 98.960091] RDX: ffffffffffffff9c RSI: 0000000000000000 RDI: ffff8801cf3511d5
[ 98.960095] RBP: ffff8801d24d7810 R08: ffffed0039deceed R09: ffff8801cef677cc
[ 98.960099] R10: ffffed0039deceec R11: ffff8801cef67767 R12: ffffffffffffff9c
[ 98.960103] R13: 0000000000000000 R14: ffff8801cef675c0 R15: ffff8801cef676e8
[ 98.960105] ? memset+0x31/0x40
[ 98.960107] vmac_final+0x161/0x26a0
[ 98.960109] ? __lock_is_held+0xb5/0x140
[ 98.960112] ? vmac_init_tfm+0xc0/0xc0
[ 98.960114] ? __kmalloc+0x5f9/0x760
[ 98.960117] ? __asan_allocas_unpoison+0x16/0x20
[ 98.960119] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 98.960122] ? sock_kmalloc+0x14e/0x1d0
[ 98.960124] crypto_shash_final+0x104/0x260
[ 98.960127] ? vmac_init_tfm+0xc0/0xc0
[ 98.960129] ? crypto_shash_digest+0x1c0/0x1c0
[ 98.960132] shash_async_final+0x35/0x40
[ 98.960134] crypto_ahash_op+0xcf/0x180
[ 98.960137] crypto_ahash_final+0x57/0x70
[ 98.960139] hash_sendmsg+0x750/0xac0
[ 98.960141] hash_sendmsg_nokey+0x61/0x80
[ 98.960144] ? hash_recvmsg_nokey+0x90/0
[ 98.960149] Lost 95 message(s)!
[ 100.017234] Shutting down cpus with NMI
[ 101.045817] Dumping ftrace buffer:
[ 101.049348] (ftrace buffer empty)
[ 101.053039] Kernel Offset: disabled
[ 101.056649] Rebooting in 86400 seconds..