[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.239352] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.094424] random: sshd: uninitialized urandom read (32 bytes read)
[   23.420828] random: sshd: uninitialized urandom read (32 bytes read)
[   24.239355] random: sshd: uninitialized urandom read (32 bytes read)
[   24.391505] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts.
[   29.817844] random: sshd: uninitialized urandom read (32 bytes read)
2018/06/10 02:47:10 parsed 1 programs
[   30.968566] random: cc1: uninitialized urandom read (8 bytes read)
2018/06/10 02:47:12 executed programs: 0
[   31.985392] IPVS: ftp: loaded support on port[0] = 21
[   32.111340] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.117784] bridge0: port 1(bridge_slave_0) entered disabled state
[   32.125314] device bridge_slave_0 entered promiscuous mode
[   32.141171] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.147532] bridge0: port 2(bridge_slave_1) entered disabled state
[   32.154676] device bridge_slave_1 entered promiscuous mode
[   32.169715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   32.186411] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   32.224440] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   32.242115] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   32.299320] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   32.306548] team0: Port device team_slave_0 added
[   32.320396] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   32.327524] team0: Port device team_slave_1 added
[   32.342575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   32.358723] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   32.375303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   32.391341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   32.500074] bridge0: port 2(bridge_slave_1) entered blocking state
[   32.506503] bridge0: port 2(bridge_slave_1) entered forwarding state
[   32.513420] bridge0: port 1(bridge_slave_0) entered blocking state
[   32.519774] bridge0: port 1(bridge_slave_0) entered forwarding state
[   32.900594] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   32.906690] 8021q: adding VLAN 0 to HW filter on device bond0
[   32.947816] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   32.987404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   32.995932] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   33.031629] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   33.037739] 8021q: adding VLAN 0 to HW filter on device team0
[   33.056289] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   33.288376] FAULT_INJECTION: forcing a failure.
[   33.288376] name failslab, interval 1, probability 0, space 0, times 1
[   33.299722] CPU: 0 PID: 4793 Comm: syz-executor0 Not tainted 4.17.0+ #118
[   33.307421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.316756] Call Trace:
[   33.319333]  dump_stack+0x1b9/0x294
[   33.322942]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.328119]  should_fail.cold.4+0xa/0x1a
[   33.332162]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   33.337243]  ? rcu_note_context_switch+0x710/0x710
[   33.342156]  ? graph_lock+0x170/0x170
[   33.345934]  ? __might_sleep+0x95/0x190
[   33.349890]  ? find_held_lock+0x36/0x1c0
[   33.353933]  ? __lock_is_held+0xb5/0x140
[   33.357979]  ? check_same_owner+0x320/0x320
[   33.362281]  ? lock_downgrade+0x8e0/0x8e0
[   33.366410]  ? rcu_note_context_switch+0x710/0x710
[   33.371326]  __should_failslab+0x124/0x180
[   33.375544]  should_failslab+0x9/0x14
[   33.379353]  kmem_cache_alloc_node_trace+0x26f/0x770
[   33.384441]  ? __handle_mm_fault+0x93a/0x4390
[   33.388921]  ? graph_lock+0x170/0x170
[   33.392700]  ? graph_lock+0x170/0x170
[   33.396485]  __get_vm_area_node+0x12d/0x390
[   33.400788]  __vmalloc_node_range+0xc4/0x760
[   33.405177]  ? ion_heap_map_kernel+0x86/0x490
[   33.409655]  ? ion_heap_map_kernel+0x86/0x490
[   33.414132]  vmalloc+0x6f/0x80
[   33.417306]  ? ion_heap_map_kernel+0x86/0x490
[   33.421779]  ion_heap_map_kernel+0x86/0x490
[   33.426084]  ion_dma_buf_begin_cpu_access+0x188/0x5a0
[   33.431256]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   33.436430]  dma_buf_begin_cpu_access+0x7f/0x160
[   33.441189]  dma_buf_ioctl+0x1aa/0x240
[   33.445067]  ? dma_buf_begin_cpu_access+0x160/0x160
[   33.450063]  ? __do_page_fault+0x441/0xe40
[   33.454280]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.459449]  ? dma_buf_begin_cpu_access+0x160/0x160
[   33.464449]  __ia32_compat_sys_ioctl+0x221/0x640
[   33.469193]  do_fast_syscall_32+0x345/0xf9b
[   33.473504]  ? do_int80_syscall_32+0x880/0x880
[   33.478065]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.482811]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.488338]  ? syscall_return_slowpath+0x30f/0x5c0
[   33.493259]  ? sysret32_from_system_call+0x5/0x46
[   33.498083]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.502907]  entry_SYSENTER_compat+0x70/0x7f
[   33.507293] RIP: 0023:0xf7f9ecb9
[   33.510638] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   33.529807] RSP: 002b:00000000ff8d36ac EFLAGS: 00000282 ORIG_RAX: 0000000000000036
[   33.537498] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040086200
[   33.544748] RDX: 0000000020fd3ff8 RSI: 0000000000000000 RDI: 0000000000000000
[   33.551995] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   33.559261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   33.566510] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   33.574644] syz-executor0: vmalloc: allocation failure: 72 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null)
[   33.584631] syz-executor0 cpuset=syz0 mems_allowed=0
[   33.589932] CPU: 0 PID: 4793 Comm: syz-executor0 Not tainted 4.17.0+ #118
[   33.596849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.606180] Call Trace:
[   33.608757]  dump_stack+0x1b9/0x294
[   33.612376]  ? dump_stack_print_info.cold.2+0x52/0x52
[   33.617553]  warn_alloc.cold.117+0xb2/0x1b8
[   33.621853]  ? zone_watermark_ok_safe+0x3b0/0x3b0
[   33.626676]  ? __get_vm_area_node+0x12d/0x390
[   33.631152]  ? __get_vm_area_node+0x12d/0x390
[   33.635628]  ? rcu_read_lock_sched_held+0x108/0x120
[   33.640624]  ? kmem_cache_alloc_node_trace+0x34e/0x770
[   33.645879]  ? graph_lock+0x170/0x170
[   33.649657]  ? graph_lock+0x170/0x170
[   33.653438]  ? __get_vm_area_node+0x2da/0x390
[   33.657913]  __vmalloc_node_range+0x472/0x760
[   33.662393]  ? ion_heap_map_kernel+0x86/0x490
[   33.666867]  vmalloc+0x6f/0x80
[   33.670047]  ? ion_heap_map_kernel+0x86/0x490
[   33.674520]  ion_heap_map_kernel+0x86/0x490
[   33.678829]  ion_dma_buf_begin_cpu_access+0x188/0x5a0
[   33.684019]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   33.689202]  dma_buf_begin_cpu_access+0x7f/0x160
[   33.693944]  dma_buf_ioctl+0x1aa/0x240
[   33.697827]  ? dma_buf_begin_cpu_access+0x160/0x160
[   33.702823]  ? __do_page_fault+0x441/0xe40
[   33.707054]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.712233]  ? dma_buf_begin_cpu_access+0x160/0x160
[   33.717231]  __ia32_compat_sys_ioctl+0x221/0x640
[   33.721994]  do_fast_syscall_32+0x345/0xf9b
[   33.726306]  ? do_int80_syscall_32+0x880/0x880
[   33.730880]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   33.735624]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.741141]  ? syscall_return_slowpath+0x30f/0x5c0
[   33.746055]  ? sysret32_from_system_call+0x5/0x46
[   33.750880]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.755715]  entry_SYSENTER_compat+0x70/0x7f
[   33.760105] RIP: 0023:0xf7f9ecb9
[   33.763452] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   33.782620] RSP: 002b:00000000ff8d36ac EFLAGS: 00000282 ORIG_RAX: 0000000000000036
[   33.790314] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040086200
[   33.797574] RDX: 0000000020fd3ff8 RSI: 0000000000000000 RDI: 0000000000000000
[   33.804830] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   33.812076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   33.819324] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   33.826766] Mem-Info:
[   33.829220] active_anon:5633 inactive_anon:339 isolated_anon:0
[   33.829220]  active_file:3362 inactive_file:11353 isolated_file:0
[   33.829220]  unevictable:0 dirty:40 writeback:7 unstable:0
[   33.829220]  slab_reclaimable:10081 slab_unreclaimable:85823
[   33.829220]  mapped:7094 shmem:345 pagetables:300 bounce:0
[   33.829220]  free:1486066 free_pcp:406 free_cma:0
[   33.862602] Node 0 active_anon:22532kB inactive_anon:1356kB active_file:13448kB inactive_file:45412kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:28376kB dirty:160kB writeback:28kB shmem:1380kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[   33.890398] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   33.916553] lowmem_reserve[]: 0 2827 6332 6332
[   33.921200] Node 0 DMA32 free:2898280kB min:30100kB low:37624kB high:45148kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2898948kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:668kB local_pcp:668kB free_cma:0kB
[   33.948921] lowmem_reserve[]: 0 0 3504 3504
[   33.953276] Node 0 Normal free:3030076kB min:37316kB low:46644kB high:55972kB active_anon:22532kB inactive_anon:1356kB active_file:13448kB inactive_file:45412kB unevictable:0kB writepending:252kB present:4718592kB managed:3589016kB mlocked:0kB kernel_stack:4128kB pagetables:1200kB bounce:0kB free_pcp:952kB local_pcp:528kB free_cma:0kB
[   33.983071] lowmem_reserve[]: 0 0 0 0
[   33.986921] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[   34.000600] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 3*16kB (M) 5*32kB (M) 2*64kB (M) 4*128kB (M) 2*256kB (M) 2*512kB (M) 4*1024kB (M) 2*2048kB (M) 705*4096kB (M) = 2898280kB
[   34.015835] Node 0 Normal: 149*4kB (UME) 1036*8kB (UME) 2891*16kB (UME) 1164*32kB (UME) 15*64kB (UM) 13*128kB (UME) 113*256kB (UME) 116*512kB (UM) 64*1024kB (UM) 16*2048kB (UM) 671*4096kB (M) = 3030052kB
[   34.034224] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[   34.042814] 15065 total pagecache pages
[   34.046806] 0 pages in swap cache
[   34.050278] Swap cache stats: add 0, delete 0, find 0/0
[   34.055646] Free swap  = 0kB
[   34.058667] Total swap = 0kB
[   34.061692] 1965969 pages RAM
[   34.064821] 0 pages HighMem/MovableOnly
[   34.068803] 340001 pages reserved
[   34.072354] ------------[ cut here ]------------
[   34.077112] heap->ops->map_kernel should return ERR_PTR on error
[   34.077395] WARNING: CPU: 0 PID: 4793 at drivers/staging/android/ion/ion.c:148 ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   34.094947] Kernel panic - not syncing: panic_on_warn set ...
[   34.094947] 
[   34.102300] CPU: 0 PID: 4793 Comm: syz-executor0 Not tainted 4.17.0+ #118
[   34.109201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.118530] Call Trace:
[   34.121103]  dump_stack+0x1b9/0x294
[   34.124714]  ? dump_stack_print_info.cold.2+0x52/0x52
[   34.129893]  ? ion_dma_buf_begin_cpu_access+0x3d0/0x5a0
[   34.135235]  panic+0x22f/0x4de
[   34.138407]  ? add_taint.cold.5+0x16/0x16
[   34.142537]  ? __warn.cold.8+0x148/0x1b3
[   34.146583]  ? __warn.cold.8+0x117/0x1b3
[   34.150629]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   34.155982]  __warn.cold.8+0x163/0x1b3
[   34.159862]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   34.165204]  report_bug+0x252/0x2d0
[   34.168824]  do_error_trap+0x1fc/0x4d0
[   34.172702]  ? math_error+0x3f0/0x3f0
[   34.176490]  ? vprintk_default+0x28/0x30
[   34.180533]  ? vprintk_func+0x81/0xe7
[   34.184313]  ? printk+0x9e/0xba
[   34.187574]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.192399]  do_invalid_op+0x1b/0x20
[   34.196107]  invalid_op+0x14/0x20
[   34.199563] RIP: 0010:ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   34.205505] Code: ff 41 bc ea ff ff ff 89 de e8 8e b0 ba fb 84 db 75 a8 e8 b5 af ba fb 48 c7 c7 00 05 68 88 c6 05 39 8d d9 03 01 e8 02 c7 86 fb <0f> 0b eb 8c 48 c7 c7 40 09 ef 88 e8 12 a3 f7 fb e9 15 ff ff ff e8 
[   34.224683] RSP: 0018:ffff8801d7cafc50 EFLAGS: 00010286
[   34.230034] RAX: 0000000000000034 RBX: 0000000000000000 RCX: ffffffff816191ea
[   34.237286] RDX: 0000000000000000 RSI: ffffffff8161f4e1 RDI: ffff8801d7caf928
[   34.244535] RBP: ffff8801d7cafca8 R08: ffff8801d3c6c380 R09: 0000000000000006
[   34.251782] R10: ffff8801d3c6c380 R11: 0000000000000000 R12: 00000000ffffffea
[   34.259036] R13: ffff8801d9642ec8 R14: 0000000000000001 R15: ffffffff89724b80
[   34.266300]  ? console_unlock+0x83a/0x10a0
[   34.270517]  ? vprintk_func+0x81/0xe7
[   34.274310]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   34.279481]  dma_buf_begin_cpu_access+0x7f/0x160
[   34.284217]  dma_buf_ioctl+0x1aa/0x240
[   34.288095]  ? dma_buf_begin_cpu_access+0x160/0x160
[   34.293101]  ? __do_page_fault+0x441/0xe40
[   34.297327]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.302499]  ? dma_buf_begin_cpu_access+0x160/0x160
[   34.307496]  __ia32_compat_sys_ioctl+0x221/0x640
[   34.312253]  do_fast_syscall_32+0x345/0xf9b
[   34.316566]  ? do_int80_syscall_32+0x880/0x880
[   34.321134]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.325873]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.331388]  ? syscall_return_slowpath+0x30f/0x5c0
[   34.336298]  ? sysret32_from_system_call+0x5/0x46
[   34.341122]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.345949]  entry_SYSENTER_compat+0x70/0x7f
[   34.350335] RIP: 0023:0xf7f9ecb9
[   34.353672] Code: 55 08 8b 88 64 cd ff ff 8b 98 68 cd ff ff 89 c8 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 1c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 
[   34.373366] RSP: 002b:00000000ff8d36ac EFLAGS: 00000282 ORIG_RAX: 0000000000000036
[   34.381065] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040086200
[   34.388317] RDX: 0000000020fd3ff8 RSI: 0000000000000000 RDI: 0000000000000000
[   34.395566] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   34.402823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   34.410073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.417921] Dumping ftrace buffer:
[   34.421513]    (ftrace buffer empty)
[   34.425204] Kernel Offset: disabled
[   34.428823] Rebooting in 86400 seconds..