[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   19.720795] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.769369] random: sshd: uninitialized urandom read (32 bytes read)
[   24.137139] random: sshd: uninitialized urandom read (32 bytes read)
[   24.939063] random: sshd: uninitialized urandom read (32 bytes read)
[   25.099942] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
[   30.711158] random: sshd: uninitialized urandom read (32 bytes read)
executing program
[   30.805766] FAULT_INJECTION: forcing a failure.
[   30.805766] name failslab, interval 1, probability 0, space 0, times 1
[   30.817131] CPU: 1 PID: 4564 Comm: syz-executor145 Not tainted 4.17.0+ #93
[   30.824141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.833491] Call Trace:
[   30.836076]  dump_stack+0x1b9/0x294
[   30.839691]  ? dump_stack_print_info.cold.2+0x52/0x52
[   30.844873]  should_fail.cold.4+0xa/0x1a
[   30.848925]  ? fault_create_debugfs_attr+0x1f0/0x1f0
[   30.854032]  ? rcu_note_context_switch+0x710/0x710
[   30.858969]  ? graph_lock+0x170/0x170
[   30.862758]  ? __might_sleep+0x95/0x190
[   30.866719]  ? find_held_lock+0x36/0x1c0
[   30.870773]  ? __lock_is_held+0xb5/0x140
[   30.874828]  ? check_same_owner+0x320/0x320
[   30.879139]  ? rcu_note_context_switch+0x710/0x710
[   30.884078]  ? _parse_integer+0x13b/0x190
[   30.888233]  __should_failslab+0x124/0x180
[   30.892465]  should_failslab+0x9/0x14
[   30.896264]  kmem_cache_alloc_node_trace+0x26f/0x770
[   30.901349]  ? graph_lock+0x170/0x170
[   30.905154]  ? graph_lock+0x170/0x170
[   30.908940]  ? check_same_owner+0x320/0x320
[   30.913290]  __get_vm_area_node+0x12d/0x390
[   30.917611]  __vmalloc_node_range+0xc4/0x760
[   30.922034]  ? ion_heap_map_kernel+0x86/0x490
[   30.926537]  ? ion_heap_map_kernel+0x86/0x490
[   30.931023]  vmalloc+0x6f/0x80
[   30.934208]  ? ion_heap_map_kernel+0x86/0x490
[   30.938685]  ion_heap_map_kernel+0x86/0x490
[   30.942995]  ion_dma_buf_begin_cpu_access+0x188/0x5a0
[   30.948176]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   30.953371]  dma_buf_begin_cpu_access+0x7f/0x160
[   30.958118]  dma_buf_ioctl+0x1aa/0x240
[   30.961990]  ? dma_buf_begin_cpu_access+0x160/0x160
[   30.966993]  ? lock_downgrade+0x8e0/0x8e0
[   30.971130]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   30.976317]  ? dma_buf_begin_cpu_access+0x160/0x160
[   30.981320]  do_vfs_ioctl+0x1cf/0x16f0
[   30.985217]  ? ioctl_preallocate+0x2e0/0x2e0
[   30.989659]  ? fget_raw+0x20/0x20
[   30.993204]  ? __sb_end_write+0xac/0xe0
[   30.997177]  ? ksys_write+0x1a6/0x250
[   31.000966]  ? security_file_ioctl+0x94/0xc0
[   31.005371]  ksys_ioctl+0xa9/0xd0
[   31.008820]  __x64_sys_ioctl+0x73/0xb0
[   31.012695]  do_syscall_64+0x1b1/0x800
[   31.016595]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.021513]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.026436]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.031805]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.036927]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.042097] RIP: 0033:0x440479
[   31.045267] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   31.064538] RSP: 002b:00007fff6df8d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   31.072259] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440479
[   31.079529] RDX: 0000000020fd3ff8 RSI: 0000000040086200 RDI: 0000000000000004
[   31.086799] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007fff6df80031
[   31.094063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   31.101514] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   31.109271] syz-executor145: vmalloc: allocation failure: 72 bytes, mode:0x6000c0(GFP_KERNEL), nodemask=(null)
[   31.119472] syz-executor145 cpuset=/ mems_allowed=0
[   31.125964] CPU: 1 PID: 4564 Comm: syz-executor145 Not tainted 4.17.0+ #93
[   31.133077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.142601] Call Trace:
[   31.145192]  dump_stack+0x1b9/0x294
[   31.148819]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.154016]  warn_alloc.cold.117+0xb2/0x1b8
[   31.158350]  ? zone_watermark_ok_safe+0x3b0/0x3b0
[   31.163185]  ? __get_vm_area_node+0x12d/0x390
[   31.167682]  ? __get_vm_area_node+0x12d/0x390
[   31.172346]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.177367]  ? kmem_cache_alloc_node_trace+0x34e/0x770
[   31.182646]  ? graph_lock+0x170/0x170
[   31.186447]  ? check_same_owner+0x320/0x320
[   31.190780]  ? __get_vm_area_node+0x2da/0x390
[   31.195274]  __vmalloc_node_range+0x472/0x760
[   31.199764]  ? ion_heap_map_kernel+0x86/0x490
[   31.204254]  vmalloc+0x6f/0x80
[   31.207443]  ? ion_heap_map_kernel+0x86/0x490
[   31.211959]  ion_heap_map_kernel+0x86/0x490
[   31.216462]  ion_dma_buf_begin_cpu_access+0x188/0x5a0
[   31.221922]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   31.227122]  dma_buf_begin_cpu_access+0x7f/0x160
[   31.231888]  dma_buf_ioctl+0x1aa/0x240
[   31.235781]  ? dma_buf_begin_cpu_access+0x160/0x160
[   31.240800]  ? lock_downgrade+0x8e0/0x8e0
[   31.244946]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   31.250141]  ? dma_buf_begin_cpu_access+0x160/0x160
[   31.255154]  do_vfs_ioctl+0x1cf/0x16f0
[   31.259052]  ? ioctl_preallocate+0x2e0/0x2e0
[   31.263459]  ? fget_raw+0x20/0x20
[   31.266911]  ? __sb_end_write+0xac/0xe0
[   31.270900]  ? ksys_write+0x1a6/0x250
[   31.274704]  ? security_file_ioctl+0x94/0xc0
[   31.279113]  ksys_ioctl+0xa9/0xd0
[   31.282558]  __x64_sys_ioctl+0x73/0xb0
[   31.286435]  do_syscall_64+0x1b1/0x800
[   31.290312]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.295244]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.300351]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.305719]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.310565]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.315743] RIP: 0033:0x440479
[   31.318916] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   31.338717] RSP: 002b:00007fff6df8d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   31.346421] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440479
[   31.353682] RDX: 0000000020fd3ff8 RSI: 0000000040086200 RDI: 0000000000000004
[   31.360950] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007fff6df80031
[   31.368211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   31.375469] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   31.382986] Mem-Info:
[   31.385487] active_anon:3198 inactive_anon:337 isolated_anon:0
[   31.385487]  active_file:3045 inactive_file:8253 isolated_file:0
[   31.385487]  unevictable:0 dirty:6953 writeback:0 unstable:0
[   31.385487]  slab_reclaimable:9897 slab_unreclaimable:83453
[   31.385487]  mapped:1941 shmem:345 pagetables:253 bounce:0
[   31.385487]  free:1495224 free_pcp:358 free_cma:0
[   31.419163] Node 0 active_anon:12892kB inactive_anon:1348kB active_file:12180kB inactive_file:33012kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:7764kB dirty:27812kB writeback:0kB shmem:1380kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[   31.447038] Node 0 DMA free:15908kB min:164kB low:204kB high:244kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   31.473245] lowmem_reserve[]: 0 2827 6332 6332
[   31.477907] Node 0 DMA32 free:2898280kB min:30100kB low:37624kB high:45148kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129292kB managed:2898948kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:668kB local_pcp:0kB free_cma:0kB
[   31.505497] lowmem_reserve[]: 0 0 3504 3504
[   31.510413] Node 0 Normal free:3066708kB min:37316kB low:46644kB high:55972kB active_anon:12892kB inactive_anon:1348kB active_file:12180kB inactive_file:33012kB unevictable:0kB writepending:27812kB present:4718592kB managed:3589016kB mlocked:0kB kernel_stack:3808kB pagetables:1012kB bounce:0kB free_pcp:756kB local_pcp:600kB free_cma:0kB
[   31.540411] lowmem_reserve[]: 0 0 0 0
[   31.544290] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[   31.558235] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 3*16kB (M) 5*32kB (M) 2*64kB (M) 4*128kB (M) 2*256kB (M) 2*512kB (M) 4*1024kB (M) 2*2048kB (M) 705*4096kB (M) = 2898280kB
[   31.573529] Node 0 Normal: 11*4kB (UME) 61*8kB (UME) 2904*16kB (UME) 1149*32kB (UM) 274*64kB (UM) 127*128kB (UME) 152*256kB (UM) 120*512kB (UM) 52*1024kB (UME) 15*2048kB (UM) 675*4096kB (M) = 3066676kB
[   31.591776] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[   31.600420] 11642 total pagecache pages
[   31.604524] 0 pages in swap cache
[   31.608048] Swap cache stats: add 0, delete 0, find 0/0
[   31.614066] Free swap  = 0kB
[   31.617096] Total swap = 0kB
[   31.620246] 1965969 pages RAM
[   31.623378] 0 pages HighMem/MovableOnly
[   31.627375] 340001 pages reserved
[   31.630861] ------------[ cut here ]------------
[   31.635642] heap->ops->map_kernel should return ERR_PTR on error
[   31.635950] WARNING: CPU: 1 PID: 4564 at drivers/staging/android/ion/ion.c:148 ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   31.653099] Kernel panic - not syncing: panic_on_warn set ...
[   31.653099] 
[   31.660458] CPU: 1 PID: 4564 Comm: syz-executor145 Not tainted 4.17.0+ #93
[   31.667474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.676820] Call Trace:
[   31.679410]  dump_stack+0x1b9/0x294
[   31.683046]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.688244]  ? ion_dma_buf_begin_cpu_access+0x3d0/0x5a0
[   31.693615]  panic+0x22f/0x4de
[   31.696801]  ? add_taint.cold.5+0x16/0x16
[   31.700940]  ? __warn.cold.8+0x148/0x1b3
[   31.705009]  ? __warn.cold.8+0x117/0x1b3
[   31.709089]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   31.714467]  __warn.cold.8+0x163/0x1b3
[   31.718360]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   31.723729]  report_bug+0x252/0x2d0
[   31.727477]  do_error_trap+0x1fc/0x4d0
[   31.731617]  ? math_error+0x3f0/0x3f0
[   31.735425]  ? vprintk_default+0x28/0x30
[   31.739489]  ? vprintk_func+0x81/0xe7
[   31.743282]  ? printk+0x9e/0xba
[   31.746561]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.751484]  do_invalid_op+0x1b/0x20
[   31.755212]  invalid_op+0x14/0x20
[   31.758675] RIP: 0010:ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   31.764739] Code: ff 41 bc ea ff ff ff 89 de e8 8e b0 ba fb 84 db 75 a8 e8 b5 af ba fb 48 c7 c7 00 05 68 88 c6 05 39 8d d9 03 01 e8 02 c7 86 fb <0f> 0b eb 8c 48 c7 c7 40 09 ef 88 e8 12 a3 f7 fb e9 15 ff ff ff e8 
[   31.784052] RSP: 0018:ffff8801ac87fb08 EFLAGS: 00010286
[   31.789428] RAX: 0000000000000034 RBX: 0000000000000000 RCX: ffffffff816191ea
[   31.796702] RDX: 0000000000000000 RSI: ffffffff8161f4e1 RDI: ffff8801ac87f7e0
[   31.803967] RBP: ffff8801ac87fb60 R08: ffff8801d8856480 R09: 0000000000000006
[   31.811245] R10: ffff8801d8856480 R11: 0000000000000000 R12: 00000000ffffffea
[   31.819348] R13: ffff8801d977d148 R14: 0000000000000001 R15: ffffffff89724b80
[   31.826640]  ? console_unlock+0x83a/0x10a0
[   31.830863]  ? vprintk_func+0x81/0xe7
[   31.834659]  ? ion_dma_buf_begin_cpu_access+0x48e/0x5a0
[   31.840056]  ? ion_dma_buf_end_cpu_access+0x4a0/0x4a0
[   31.845249]  dma_buf_begin_cpu_access+0x7f/0x160
[   31.850021]  dma_buf_ioctl+0x1aa/0x240
[   31.853911]  ? dma_buf_begin_cpu_access+0x160/0x160
[   31.858930]  ? lock_downgrade+0x8e0/0x8e0
[   31.863092]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   31.868282]  ? dma_buf_begin_cpu_access+0x160/0x160
[   31.873296]  do_vfs_ioctl+0x1cf/0x16f0
[   31.877191]  ? ioctl_preallocate+0x2e0/0x2e0
[   31.881593]  ? fget_raw+0x20/0x20
[   31.885130]  ? __sb_end_write+0xac/0xe0
[   31.889115]  ? ksys_write+0x1a6/0x250
[   31.892924]  ? security_file_ioctl+0x94/0xc0
[   31.897335]  ksys_ioctl+0xa9/0xd0
[   31.900782]  __x64_sys_ioctl+0x73/0xb0
[   31.904700]  do_syscall_64+0x1b1/0x800
[   31.908585]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.913530]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.918467]  ? entry_SYSCALL_64_after_hwframe+0x59/0xbe
[   31.923860]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.928760]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   31.933941] RIP: 0033:0x440479
[   31.937128] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
[   31.956341] RSP: 002b:00007fff6df8d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   31.964048] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440479
[   31.971323] RDX: 0000000020fd3ff8 RSI: 0000000040086200 RDI: 0000000000000004
[   31.978610] RBP: 00000000006cb018 R08: 0000000000000001 R09: 00007fff6df80031
[   31.986008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   31.993292] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[   32.001260] Dumping ftrace buffer:
[   32.004857]    (ftrace buffer empty)
[   32.008550] Kernel Offset: disabled
[   32.012179] Rebooting in 86400 seconds..