[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   18.112261] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.104786] random: sshd: uninitialized urandom read (32 bytes read)
[   22.448150] random: sshd: uninitialized urandom read (32 bytes read)
[   23.238277] random: sshd: uninitialized urandom read (32 bytes read)
[   23.399265] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
[   28.965269] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   29.057636] FAULT_INJECTION: forcing a failure.
[   29.057636] name failslab, interval 1, probability 0, space 0, times 1
[   29.068946] CPU: 0 PID: 4477 Comm: syz-executor485 Not tainted 4.17.0+ #93
[   29.075941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.085300] Call Trace:
[   29.087926]  dump_stack+0x1b9/0x294
[   29.091537]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.096720]  should_fail.cold.4+0xa/0x1a
[   29.100776]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   29.105874]  ? rcu_note_context_switch+0x710/0x710
[   29.110787]  ? graph_lock+0x170/0x170
[   29.114577]  ? __might_sleep+0x95/0x190
[   29.118538]  ? find_held_lock+0x36/0x1c0
[   29.122581]  ? __lock_is_held+0xb5/0x140
[   29.126630]  ? check_same_owner+0x320/0x320
[   29.130935]  ? rcu_note_context_switch+0x710/0x710
[   29.136377]  ? _parse_integer+0x13b/0x190
[   29.140510]  __should_failslab+0x124/0x180
[   29.144736]  should_failslab+0x9/0x14
[   29.148518]  kmem_cache_alloc_node_trace+0x26f/0x770
[   29.153614]  ? graph_lock+0x170/0x170
[   29.157395]  ? graph_lock+0x170/0x170
[   29.161184]  ? check_same_owner+0x320/0x320
[   29.165488]  __get_vm_area_node+0x12d/0x390
[   29.169789]  __vmalloc_node_range+0xc4/0x760
[   29.174186]  ? ion_heap_map_kernel+0x86/0x490
[   29.178664]  ? ion_heap_map_kernel+0x86/0x490
[   29.183137]  vmalloc+0x6f/0x80
[   29.186309]  ? ion_heap_map_kernel+0x86/0x490
[   29.190782]  ion_heap_map_kernel+0x86/0x490
[   29.195100]  ion_dma_buf_begin_cpu_access+0x188/0x5a0
[   29.200277]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   29.205458]  dma_buf_begin_cpu_access+0x7f/0x160
[   29.210193]  dma_buf_ioctl+0x1aa/0x240
[   29.214061]  ? dma_buf_begin_cpu_access+0x160/0x160
[   29.219081]  ? lock_downgrade+0x8e0/0x8e0
[   29.223223]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   29.228396]  ? dma_buf_begin_cpu_access+0x160/0x160
[   29.233396]  do_vfs_ioctl+0x1cf/0x16f0
[   29.237273]  ? ioctl_preallocate+0x2e0/0x2e0
[   29.241665]  ? fget_raw+0x20/0x20
[   29.245099]  ? __sb_end_write+0xac/0xe0
[   29.249065]  ? ksys_write+0x1a6/0x250
[   29.252859]  ? security_file_ioctl+0x94/0xc0
[   29.257261]  ksys_ioctl+0xa9/0xd0
[   29.260704]  __x64_sys_ioctl+0x73/0xb0
[   29.264594]  do_syscall_64+0x1b1/0x800
[   29.268464]  ? syscall_return_slowpath+0x5c0/0x5c0
[   29.273375]  ? syscall_return_slowpath+0x30f/0x5c0
[   29.278290]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   29.283635]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.288458]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   29.293632] RIP: 0033:0x4404b9
[   29.296805] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   29.315992] RSP: 002b:00007ffff8ba30e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   29.323693] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004404b9
[   29.330957] RDX: 0000000020fd3ff8 RSI: 0000000040086200 RDI: 0000000000000004
[   29.338207] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007ffff8ba0031
[   29.345456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   29.352704] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   29.360220] syz-executor485: vmalloc: allocation failure: 72 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null)
[   29.370388] syz-executor485 cpuset=/ mems_allowed=0
[   29.375639] CPU: 0 PID: 4477 Comm: syz-executor485 Not tainted 4.17.0+ #93
[   29.382652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.391985] Call Trace:
[   29.394566]  dump_stack+0x1b9/0x294
[   29.398175]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.403351]  warn_alloc.cold.117+0xb2/0x1b8
[   29.407650]  ? zone_watermark_ok_safe+0x3b0/0x3b0
[   29.412473]  ? __get_vm_area_node+0x12d/0x390
[   29.416948]  ? __get_vm_area_node+0x12d/0x390
[   29.421423]  ? rcu_read_lock_sched_held+0x108/0x120
[   29.426426]  ? kmem_cache_alloc_node_trace+0x34e/0x770
[   29.431691]  ? graph_lock+0x170/0x170
[   29.435470]  ? check_same_owner+0x320/0x320
[   29.439771]  ? __get_vm_area_node+0x2da/0x390
[   29.444253]  __vmalloc_node_range+0x472/0x760
[   29.448747]  ? ion_heap_map_kernel+0x86/0x490
[   29.453218]  vmalloc+0x6f/0x80
[   29.456390]  ? ion_heap_map_kernel+0x86/0x490
[   29.460862]  ion_heap_map_kernel+0x86/0x490
[   29.465177]  ion_dma_buf_begin_cpu_access+0x188/0x5a0
[   29.470346]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   29.475517]  dma_buf_begin_cpu_access+0x7f/0x160
[   29.480267]  dma_buf_ioctl+0x1aa/0x240
[   29.484137]  ? dma_buf_begin_cpu_access+0x160/0x160
[   29.489133]  ? lock_downgrade+0x8e0/0x8e0
[   29.493263]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   29.498432]  ? dma_buf_begin_cpu_access+0x160/0x160
[   29.503433]  do_vfs_ioctl+0x1cf/0x16f0
[   29.507302]  ? ioctl_preallocate+0x2e0/0x2e0
[   29.511692]  ? fget_raw+0x20/0x20
[   29.515123]  ? __sb_end_write+0xac/0xe0
[   29.519083]  ? ksys_write+0x1a6/0x250
[   29.522874]  ? security_file_ioctl+0x94/0xc0
[   29.527276]  ksys_ioctl+0xa9/0xd0
[   29.530711]  __x64_sys_ioctl+0x73/0xb0
[   29.534589]  do_syscall_64+0x1b1/0x800
[   29.538457]  ? syscall_return_slowpath+0x5c0/0x5c0
[   29.543364]  ? syscall_return_slowpath+0x30f/0x5c0
[   29.548277]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   29.553619]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.558443]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   29.563609] RIP: 0033:0x4404b9
[   29.566784] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   29.585959] RSP: 002b:00007ffff8ba30e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   29.593647] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004404b9
[   29.600894] RDX: 0000000020fd3ff8 RSI: 0000000040086200 RDI: 0000000000000004
[   29.608230] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007ffff8ba0031
[   29.615481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   29.622732] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   29.630257] Mem-Info:
[   29.632738] active_anon:3059 inactive_anon:338 isolated_anon:0
[   29.632738]  active_file:3033 inactive_file:8272 isolated_file:0
[   29.632738]  unevictable:0 dirty:604 writeback:0 unstable:0
[   29.632738]  slab_reclaimable:9813 slab_unreclaimable:83568
[   29.632738]  mapped:1990 shmem:345 pagetables:271 bounce:0
[   29.632738]  free:1495313 free_pcp:402 free_cma:0
[   29.666113] Node 0 active_anon:12236kB inactive_anon:1352kB active_file:12132kB inactive_file:33088kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:7960kB dirty:2428kB writeback:0kB shmem:1380kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[   29.693815] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   29.719974] lowmem_reserve[]: 0 2827 6332 6332
[   29.724631] Node 0 DMA32 free:2898156kB min:30100kB low:37624kB high:45148kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2898948kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:792kB local_pcp:64kB free_cma:0kB
[   29.752304] lowmem_reserve[]: 0 0 3504 3504
[   29.756662] Node 0 Normal free:3067188kB min:37316kB low:46644kB high:55972kB active_anon:12236kB inactive_anon:1352kB active_file:12132kB inactive_file:33088kB unevictable:0kB writepending:2428kB present:4718592kB managed:3589016kB mlocked:0kB kernel_stack:3808kB pagetables:1084kB bounce:0kB free_pcp:824kB local_pcp:624kB free_cma:0kB
[   29.786558] lowmem_reserve[]: 0 0 0 0
[   29.790413] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[   29.804070] Node 0 DMA32: 1*4kB (M) 3*8kB (M) 1*16kB (M) 4*32kB (M) 1*64kB (M) 4*128kB (M) 2*256kB (M) 2*512kB (M) 4*1024kB (M) 2*2048kB (M) 705*4096kB (M) = 2898156kB
[   29.819337] Node 0 Normal: 37*4kB (UME) 148*8kB (UME) 2674*16kB (UM) 950*32kB (UME) 288*64kB (UM) 84*128kB (UME) 126*256kB (UME) 87*512kB (UM) 27*1024kB (ME) 4*2048kB (M) 696*4096kB (M) = 3067156kB
[   29.837228] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[   29.845832] 11657 total pagecache pages
[   29.849828] 0 pages in swap cache
[   29.853297] Swap cache stats: add 0, delete 0, find 0/0
[   29.858675] Free swap  = 0kB
[   29.861701] Total swap = 0kB
[   29.864734] 1965969 pages RAM
[   29.867859] 0 pages HighMem/MovableOnly
[   29.871846] 340001 pages reserved
[   29.875313] ------------[ cut here ]------------
[   29.880092] heap->ops->map_kernel should return ERR_PTR on error
[   29.880385] WARNING: CPU: 0 PID: 4477 at drivers/staging/android/ion/ion.c:148 ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   29.897407] Kernel panic - not syncing: panic_on_warn set ...
[   29.897407] 
[   29.904756] CPU: 0 PID: 4477 Comm: syz-executor485 Not tainted 4.17.0+ #93
[   29.911756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.921085] Call Trace:
[   29.923666]  dump_stack+0x1b9/0x294
[   29.927284]  ? dump_stack_print_info.cold.2+0x52/0x52
[   29.932718]  ? ion_dma_buf_begin_cpu_access+0x3d0/0x5a0
[   29.938063]  panic+0x22f/0x4de
[   29.941237]  ? add_taint.cold.5+0x16/0x16
[   29.945365]  ? __warn.cold.8+0x148/0x1b3
[   29.949415]  ? __warn.cold.8+0x117/0x1b3
[   29.953469]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   29.958817]  __warn.cold.8+0x163/0x1b3
[   29.962689]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   29.968041]  report_bug+0x252/0x2d0
[   29.971654]  do_error_trap+0x1fc/0x4d0
[   29.975526]  ? math_error+0x3f0/0x3f0
[   29.979314]  ? vprintk_default+0x28/0x30
[   29.983355]  ? vprintk_func+0x81/0xe7
[   29.987134]  ? printk+0x9e/0xba
[   29.990396]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.995231]  do_invalid_op+0x1b/0x20
[   29.998931]  invalid_op+0x14/0x20
[   30.002366] RIP: 0010:ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   30.008311] Code: ff 41 bc ea ff ff ff 89 de e8 8e b0 ba fb 84 db 75 a8 e8 b5 af ba fb 48 c7 c7 00 05 68 88 c6 05 39 8d d9 03 01 e8 02 c7 86 fb <0f> 0b eb 8c 48 c7 c7 40 09 ef 88 e8 12 a3 f7 fb e9 15 ff ff ff e8 
[   30.027475] RSP: 0018:ffff8801b483fb08 EFLAGS: 00010286
[   30.032818] RAX: 0000000000000034 RBX: 0000000000000000 RCX: ffffffff816191ea
[   30.040078] RDX: 0000000000000000 RSI: ffffffff8161f4e1 RDI: ffff8801b483f7e0
[   30.047326] RBP: ffff8801b483fb60 R08: ffff8801b4ac6400 R09: 0000000000000006
[   30.054592] R10: ffff8801b4ac6400 R11: 0000000000000000 R12: 00000000ffffffea
[   30.061867] R13: ffff8801ae8ed348 R14: 0000000000000001 R15: ffffffff89724b80
[   30.069137]  ? console_unlock+0x83a/0x10a0
[   30.073354]  ? vprintk_func+0x81/0xe7
[   30.077141]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   30.082488]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   30.087659]  dma_buf_begin_cpu_access+0x7f/0x160
[   30.092395]  dma_buf_ioctl+0x1aa/0x240
[   30.096264]  ? dma_buf_begin_cpu_access+0x160/0x160
[   30.101272]  ? lock_downgrade+0x8e0/0x8e0
[   30.105409]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   30.110585]  ? dma_buf_begin_cpu_access+0x160/0x160
[   30.115584]  do_vfs_ioctl+0x1cf/0x16f0
[   30.119456]  ? ioctl_preallocate+0x2e0/0x2e0
[   30.123871]  ? fget_raw+0x20/0x20
[   30.127304]  ? __sb_end_write+0xac/0xe0
[   30.131261]  ? ksys_write+0x1a6/0x250
[   30.135047]  ? security_file_ioctl+0x94/0xc0
[   30.139438]  ksys_ioctl+0xa9/0xd0
[   30.142880]  __x64_sys_ioctl+0x73/0xb0
[   30.146746]  do_syscall_64+0x1b1/0x800
[   30.150623]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.155533]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.160443]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   30.165791]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.170616]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   30.175786] RIP: 0033:0x4404b9
[   30.178952] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   30.198137] RSP: 002b:00007ffff8ba30e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   30.205842] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004404b9
[   30.213089] RDX: 0000000020fd3ff8 RSI: 0000000040086200 RDI: 0000000000000004
[   30.220343] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007ffff8ba0031
[   30.227591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   30.234848] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   30.242829] Dumping ftrace buffer:
[   30.246429]    (ftrace buffer empty)
[   30.250121] Kernel Offset: disabled
[   30.253737] Rebooting in 86400 seconds..