[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.999922] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.999356] random: sshd: uninitialized urandom read (32 bytes read)
[   23.303164] random: sshd: uninitialized urandom read (32 bytes read)
[   24.134486] random: sshd: uninitialized urandom read (32 bytes read)
[   24.285343] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts.
[   29.732206] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/10 01:24:26 parsed 1 programs
[   30.885428] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/10 01:24:28 executed programs: 0
[   31.874108] IPVS: ftp: loaded support on port[0] = 21
[   31.990157] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.996594] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.004356] device bridge_slave_0 entered promiscuous mode
[   32.020436] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.026790] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.033800] device bridge_slave_1 entered promiscuous mode
[   32.048981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   32.063906] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   32.101134] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   32.118516] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   32.175995] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   32.183397] team0: Port device team_slave_0 added
[   32.196753] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   32.203797] team0: Port device team_slave_1 added
[   32.217600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   32.233684] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   32.250542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   32.267515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   32.374849] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.381284] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.388187] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.394547] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.772720] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.778830] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.817791] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   32.857412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   32.864993] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   32.900893] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   32.906981] 8021q: adding VLAN 0 to HW filter on device team0
[   32.943331] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   33.143255] FAULT_INJECTION: forcing a failure.
[   33.143255] name failslab, interval 1, probability 0, space 0, times 1
[   33.154595] CPU: 1 PID: 4787 Comm: syz-executor0 Not tainted 4.17.0+ #118
[   33.161506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.170844] Call Trace:
[   33.173420]  dump_stack+0x1b9/0x294
[   33.177040]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.182222]  ? lock_acquire+0x257/0x520
[   33.186189]  should_fail.cold.4+0xa/0x1a
[   33.190236]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   33.195318]  ? rcu_note_context_switch+0x710/0x710
[   33.200229]  ? graph_lock+0x170/0x170
[   33.204007]  ? __might_sleep+0x95/0x190
[   33.207971]  ? find_held_lock+0x36/0x1c0
[   33.212020]  ? __lock_is_held+0xb5/0x140
[   33.216073]  ? check_same_owner+0x320/0x320
[   33.220375]  ? lock_downgrade+0x8e0/0x8e0
[   33.224515]  ? rcu_note_context_switch+0x710/0x710
[   33.229428]  __should_failslab+0x124/0x180
[   33.233643]  should_failslab+0x9/0x14
[   33.237432]  kmem_cache_alloc_node_trace+0x26f/0x770
[   33.242519]  ? __handle_mm_fault+0x93a/0x4390
[   33.246998]  ? graph_lock+0x170/0x170
[   33.250787]  ? graph_lock+0x170/0x170
[   33.254570]  __get_vm_area_node+0x12d/0x390
[   33.258881]  __vmalloc_node_range+0xc4/0x760
[   33.263268]  ? ion_heap_map_kernel+0x86/0x490
[   33.267745]  ? ion_heap_map_kernel+0x86/0x490
[   33.272217]  vmalloc+0x6f/0x80
[   33.275391]  ? ion_heap_map_kernel+0x86/0x490
[   33.279863]  ion_heap_map_kernel+0x86/0x490
[   33.284170]  ion_dma_buf_begin_cpu_access+0x188/0x5a0
[   33.289340]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   33.294511]  dma_buf_begin_cpu_access+0x7f/0x160
[   33.299258]  dma_buf_ioctl+0x1aa/0x240
[   33.303132]  ? dma_buf_begin_cpu_access+0x160/0x160
[   33.308136]  ? __do_page_fault+0x441/0xe40
[   33.312351]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.317524]  ? dma_buf_begin_cpu_access+0x160/0x160
[   33.322519]  __ia32_compat_sys_ioctl+0x221/0x640
[   33.327254]  do_fast_syscall_32+0x345/0xf9b
[   33.331557]  ? do_int80_syscall_32+0x880/0x880
[   33.336119]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.340854]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.346368]  ? syscall_return_slowpath+0x30f/0x5c0
[   33.351293]  ? sysret32_from_system_call+0x5/0x46
[   33.356125]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.360948]  entry_SYSENTER_compat+0x70/0x7f
[   33.365341] RIP: 0023:0xf7efdcb9
[   33.368680] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   33.387875] RSP: 002b:00000000ffd1251c EFLAGS: 00000282 ORIG_RAX: 0000000000000036
[   33.395560] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040086200
[   33.402806] RDX: 0000000020fd3ff8 RSI: 0000000000000000 RDI: 0000000000000000
[   33.410059] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   33.417318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   33.424565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   33.432406] syz-executor0: vmalloc: allocation failure: 72 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null)
[   33.442389] syz-executor0 cpuset=syz0 mems_allowed=0
[   33.447661] CPU: 1 PID: 4787 Comm: syz-executor0 Not tainted 4.17.0+ #118
[   33.454576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.463907] Call Trace:
[   33.466474]  dump_stack+0x1b9/0x294
[   33.470081]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.475252]  warn_alloc.cold.117+0xb2/0x1b8
[   33.479552]  ? zone_watermark_ok_safe+0x3b0/0x3b0
[   33.484374]  ? __get_vm_area_node+0x12d/0x390
[   33.488845]  ? __get_vm_area_node+0x12d/0x390
[   33.493318]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.498312]  ? kmem_cache_alloc_node_trace+0x34e/0x770
[   33.503569]  ? graph_lock+0x170/0x170
[   33.507350]  ? graph_lock+0x170/0x170
[   33.511135]  ? __get_vm_area_node+0x2da/0x390
[   33.515612]  __vmalloc_node_range+0x472/0x760
[   33.520090]  ? ion_heap_map_kernel+0x86/0x490
[   33.524562]  vmalloc+0x6f/0x80
[   33.527745]  ? ion_heap_map_kernel+0x86/0x490
[   33.532217]  ion_heap_map_kernel+0x86/0x490
[   33.536523]  ion_dma_buf_begin_cpu_access+0x188/0x5a0
[   33.541693]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   33.546862]  dma_buf_begin_cpu_access+0x7f/0x160
[   33.551609]  dma_buf_ioctl+0x1aa/0x240
[   33.555487]  ? dma_buf_begin_cpu_access+0x160/0x160
[   33.560480]  ? __do_page_fault+0x441/0xe40
[   33.564697]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.569871]  ? dma_buf_begin_cpu_access+0x160/0x160
[   33.574868]  __ia32_compat_sys_ioctl+0x221/0x640
[   33.579608]  do_fast_syscall_32+0x345/0xf9b
[   33.583918]  ? do_int80_syscall_32+0x880/0x880
[   33.588481]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.593218]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.598733]  ? syscall_return_slowpath+0x30f/0x5c0
[   33.603642]  ? sysret32_from_system_call+0x5/0x46
[   33.608465]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.613301]  entry_SYSENTER_compat+0x70/0x7f
[   33.617686] RIP: 0023:0xf7efdcb9
[   33.621026] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   33.640218] RSP: 002b:00000000ffd1251c EFLAGS: 00000282 ORIG_RAX: 0000000000000036
[   33.647906] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040086200
[   33.655165] RDX: 0000000020fd3ff8 RSI: 0000000000000000 RDI: 0000000000000000
[   33.662429] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   33.669676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   33.676923] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   33.684374] Mem-Info:
[   33.686825] active_anon:5619 inactive_anon:337 isolated_anon:0
[   33.686825]  active_file:3370 inactive_file:11344 isolated_file:0
[   33.686825]  unevictable:0 dirty:6702 writeback:0 unstable:0
[   33.686825]  slab_reclaimable:10045 slab_unreclaimable:86252
[   33.686825]  mapped:7074 shmem:345 pagetables:288 bounce:0
[   33.686825]  free:1485770 free_pcp:388 free_cma:0
[   33.720374] Node 0 active_anon:22476kB inactive_anon:1348kB active_file:13480kB inactive_file:45376kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:28296kB dirty:26808kB writeback:0kB shmem:1380kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[   33.748254] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   33.774400] lowmem_reserve[]: 0 2827 6332 6332
[   33.779038] Node 0 DMA32 free:2898156kB min:30100kB low:37624kB high:45148kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2898948kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:792kB local_pcp:728kB free_cma:0kB
[   33.806740] lowmem_reserve[]: 0 0 3504 3504
[   33.811093] Node 0 Normal free:3028960kB min:37316kB low:46644kB high:55972kB active_anon:22460kB inactive_anon:1352kB active_file:13484kB inactive_file:45376kB unevictable:0kB writepending:26844kB present:4718592kB managed:3589016kB mlocked:0kB kernel_stack:4160kB pagetables:1200kB bounce:0kB free_pcp:792kB local_pcp:272kB free_cma:0kB
[   33.841059] lowmem_reserve[]: 0 0 0 0
[   33.844896] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[   33.858515] Node 0 DMA32: 1*4kB (M) 3*8kB (M) 1*16kB (M) 4*32kB (M) 1*64kB (M) 4*128kB (M) 2*256kB (M) 2*512kB (M) 4*1024kB (M) 2*2048kB (M) 705*4096kB (M) = 2898156kB
[   33.873756] Node 0 Normal: 160*4kB (UME) 832*8kB (UME) 2811*16kB (UM) 1161*32kB (UM) 16*64kB (UME) 39*128kB (UM) 93*256kB (UM) 105*512kB (UME) 59*1024kB (UM) 15*2048kB (M) 675*4096kB (M) = 3028944kB
[   33.891718] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[   33.900297] 15068 total pagecache pages
[   33.904286] 0 pages in swap cache
[   33.907744] Swap cache stats: add 0, delete 0, find 0/0
[   33.913112] Free swap  = 0kB
[   33.916142] Total swap = 0kB
[   33.919171] 1965969 pages RAM
[   33.922278] 0 pages HighMem/MovableOnly
[   33.926252] 340001 pages reserved
[   33.929702] ------------[ cut here ]------------
[   33.934457] heap->ops->map_kernel should return ERR_PTR on error
[   33.934737] WARNING: CPU: 1 PID: 4787 at drivers/staging/android/ion/ion.c:148 ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   33.951758] Kernel panic - not syncing: panic_on_warn set ...
[   33.951758] 
[   33.959102] CPU: 1 PID: 4787 Comm: syz-executor0 Not tainted 4.17.0+ #118
[   33.966002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.975337] Call Trace:
[   33.977910]  dump_stack+0x1b9/0x294
[   33.981518]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.986690]  ? ion_dma_buf_begin_cpu_access+0x3d0/0x5a0
[   33.992044]  panic+0x22f/0x4de
[   33.995228]  ? add_taint.cold.5+0x16/0x16
[   33.999364]  ? __warn.cold.8+0x148/0x1b3
[   34.003413]  ? __warn.cold.8+0x117/0x1b3
[   34.007455]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   34.012886]  __warn.cold.8+0x163/0x1b3
[   34.016757]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   34.022102]  report_bug+0x252/0x2d0
[   34.025710]  do_error_trap+0x1fc/0x4d0
[   34.029581]  ? math_error+0x3f0/0x3f0
[   34.033363]  ? vprintk_default+0x28/0x30
[   34.037402]  ? vprintk_func+0x81/0xe7
[   34.041181]  ? printk+0x9e/0xba
[   34.044443]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.049263]  do_invalid_op+0x1b/0x20
[   34.052954]  invalid_op+0x14/0x20
[   34.056388] RIP: 0010:ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   34.062331] Code: ff 41 bc ea ff ff ff 89 de e8 8e b0 ba fb 84 db 75 a8 e8 b5 af ba fb 48 c7 c7 00 05 68 88 c6 05 39 8d d9 03 01 e8 02 c7 86 fb <0f> 0b eb 8c 48 c7 c7 40 09 ef 88 e8 12 a3 f7 fb e9 15 ff ff ff e8 
[   34.081500] RSP: 0018:ffff8801d728fc50 EFLAGS: 00010286
[   34.086851] RAX: 0000000000000034 RBX: 0000000000000000 RCX: ffffffff816191ea
[   34.094097] RDX: 0000000000000000 RSI: ffffffff8161f4e1 RDI: ffff8801d728f928
[   34.101346] RBP: ffff8801d728fca8 R08: ffff8801ab0d6080 R09: 0000000000000006
[   34.108596] R10: ffff8801ab0d6080 R11: 0000000000000000 R12: 00000000ffffffea
[   34.115845] R13: ffff8801d96908c8 R14: 0000000000000001 R15: ffffffff89724b80
[   34.123105]  ? console_unlock+0x83a/0x10a0
[   34.127319]  ? vprintk_func+0x81/0xe7
[   34.131103]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   34.136273]  dma_buf_begin_cpu_access+0x7f/0x160
[   34.141018]  dma_buf_ioctl+0x1aa/0x240
[   34.144895]  ? dma_buf_begin_cpu_access+0x160/0x160
[   34.149890]  ? __do_page_fault+0x441/0xe40
[   34.154104]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.159275]  ? dma_buf_begin_cpu_access+0x160/0x160
[   34.164269]  __ia32_compat_sys_ioctl+0x221/0x640
[   34.169013]  do_fast_syscall_32+0x345/0xf9b
[   34.173328]  ? do_int80_syscall_32+0x880/0x880
[   34.177887]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.182621]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.188136]  ? syscall_return_slowpath+0x30f/0x5c0
[   34.193058]  ? sysret32_from_system_call+0x5/0x46
[   34.197886]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.202708]  entry_SYSENTER_compat+0x70/0x7f
[   34.207097] RIP: 0023:0xf7efdcb9
[   34.210441] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   34.229602] RSP: 002b:00000000ffd1251c EFLAGS: 00000282 ORIG_RAX: 0000000000000036
[   34.237287] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040086200
[   34.244546] RDX: 0000000020fd3ff8 RSI: 0000000000000000 RDI: 0000000000000000
[   34.251794] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   34.259041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   34.266628] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.274410] Dumping ftrace buffer:
[   34.277976]    (ftrace buffer empty)
[   34.281663] Kernel Offset: disabled
[   34.285270] Rebooting in 86400 seconds..