[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 30.153693] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.967398] random: sshd: uninitialized urandom read (32 bytes read) [ 34.431566] random: sshd: uninitialized urandom read (32 bytes read) [ 35.793592] random: sshd: uninitialized urandom read (32 bytes read) [ 45.476971] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.51' (ECDSA) to the list of known hosts. [ 51.015382] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 51.650839] ================================================================== [ 51.658230] BUG: KMSAN: kernel-infoleak in snd_pcm_oss_read+0x78b/0x1b30 [ 51.665048] CPU: 1 PID: 4525 Comm: syz-executor551 Not tainted 4.17.0+ #17 [ 51.672039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.681469] Call Trace: [ 51.684038] dump_stack+0x185/0x1d0 [ 51.687641] kmsan_report+0x188/0x2a0 [ 51.691416] kmsan_internal_check_memory+0x17e/0x1f0 [ 51.696494] kmsan_copy_to_user+0x7a/0x160 [ 51.700704] snd_pcm_oss_read+0x78b/0x1b30 [ 51.704920] ? snd_pcm_oss_unregister_minor+0x4d0/0x4d0 [ 51.710258] __vfs_read+0x1b2/0x9d0 [ 51.713862] vfs_read+0x36c/0x6b0 [ 51.717290] __x64_sys_read+0x1bf/0x3e0 [ 51.721240] ? ksys_read+0x360/0x360 [ 51.724928] do_syscall_64+0x15b/0x230 [ 51.728795] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 51.734298] RIP: 0033:0x440029 [ 51.737472] RSP: 002b:00007ffc90bd34b8 EFLAGS: 00000213 ORIG_RAX: 0000000000000000 [ 51.745155] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440029 [ 51.752399] RDX: 0000000000000035 RSI: 0000000020000040 RDI: 0000000000000003 [ 51.759676] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 51.766922] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018b0 [ 51.774177] R13: 0000000000401940 R14: 0000000000000000 R15: 0000000000000000 [ 51.781433] [ 51.783038] Uninit was stored to memory at: [ 51.787343] kmsan_internal_chain_origin+0x12b/0x210 [ 51.792420] __msan_chain_origin+0x69/0xc0 [ 51.796629] mulaw_encode+0x962/0xc10 [ 51.800409] mulaw_transfer+0x1c8/0x250 [ 51.804356] snd_pcm_plug_read_transfer+0x8fe/0xae0 [ 51.809345] snd_pcm_oss_read+0xb22/0x1b30 [ 51.813555] __vfs_read+0x1b2/0x9d0 [ 51.817160] vfs_read+0x36c/0x6b0 [ 51.820586] __x64_sys_read+0x1bf/0x3e0 [ 51.824536] do_syscall_64+0x15b/0x230 [ 51.828486] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 51.833646] [ 51.835245] Uninit was stored to memory at: [ 51.839542] kmsan_internal_chain_origin+0x12b/0x210 [ 51.844619] kmsan_memcpy_origins+0x11d/0x170 [ 51.849088] __msan_memcpy+0xda/0x130 [ 51.852871] mulaw_encode+0x5cd/0xc10 [ 51.856644] mulaw_transfer+0x1c8/0x250 [ 51.860594] snd_pcm_plug_read_transfer+0x8fe/0xae0 [ 51.865586] snd_pcm_oss_read+0xb22/0x1b30 [ 51.869817] __vfs_read+0x1b2/0x9d0 [ 51.873433] vfs_read+0x36c/0x6b0 [ 51.876863] __x64_sys_read+0x1bf/0x3e0 [ 51.880809] do_syscall_64+0x15b/0x230 [ 51.884674] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 51.889833] [ 51.891430] Uninit was created at: [ 51.894947] kmsan_alloc_meta_for_pages+0x15c/0x710 [ 51.899935] kmsan_alloc_page+0x87/0xe0 [ 51.903886] __alloc_pages_nodemask+0xf7b/0x5cc0 [ 51.908615] alloc_pages_current+0x6b1/0x970 [ 51.912997] __vmalloc_node_range+0x8bf/0x1170 [ 51.917551] vmalloc+0xd8/0xf0 [ 51.920730] snd_pcm_plugin_alloc+0x29a/0xc70 [ 51.925199] snd_pcm_plug_alloc+0x281/0x5d0 [ 51.929494] snd_pcm_oss_change_params_locked+0x59ef/0x6940 [ 51.935177] snd_pcm_oss_read+0x4ad/0x1b30 [ 51.939385] __vfs_read+0x1b2/0x9d0 [ 51.942986] vfs_read+0x36c/0x6b0 [ 51.946413] __x64_sys_read+0x1bf/0x3e0 [ 51.950363] do_syscall_64+0x15b/0x230 [ 51.954227] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 51.959384] [ 51.960984] Bytes 0-52 of 53 are uninitialized [ 51.965535] Memory access starts at ffffc900018a6000 [ 51.970610] ================================================================== [ 51.977941] Disabling lock debugging due to kernel taint [ 51.983362] Kernel panic - not syncing: panic_on_warn set ... [ 51.983362] [ 51.990698] CPU: 1 PID: 4525 Comm: syz-executor551 Tainted: G B 4.17.0+ #17 [ 51.999069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.008395] Call Trace: [ 52.010962] dump_stack+0x185/0x1d0 [ 52.014913] panic+0x3d0/0x990 [ 52.018086] kmsan_report+0x29e/0x2a0 [ 52.021863] kmsan_internal_check_memory+0x17e/0x1f0 [ 52.026941] kmsan_copy_to_user+0x7a/0x160 [ 52.031149] snd_pcm_oss_read+0x78b/0x1b30 [ 52.035361] ? snd_pcm_oss_unregister_minor+0x4d0/0x4d0 [ 52.040700] __vfs_read+0x1b2/0x9d0 [ 52.044477] vfs_read+0x36c/0x6b0 [ 52.047911] __x64_sys_read+0x1bf/0x3e0 [ 52.051866] ? ksys_read+0x360/0x360 [ 52.055558] do_syscall_64+0x15b/0x230 [ 52.059425] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 52.064596] RIP: 0033:0x440029 [ 52.067764] RSP: 002b:00007ffc90bd34b8 EFLAGS: 00000213 ORIG_RAX: 0000000000000000 [ 52.075443] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440029 [ 52.082685] RDX: 0000000000000035 RSI: 0000000020000040 RDI: 0000000000000003 [ 52.089932] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 52.097176] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018b0 [ 52.104430] R13: 0000000000401940 R14: 0000000000000000 R15: 0000000000000000 [ 52.112169] Dumping ftrace buffer: [ 52.115697] (ftrace buffer empty) [ 52.119382] Kernel Offset: disabled [ 52.122991] Rebooting in 86400 seconds..