[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 33.690685] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.318296] random: sshd: uninitialized urandom read (32 bytes read) [ 36.738785] random: sshd: uninitialized urandom read (32 bytes read) [ 38.019367] random: sshd: uninitialized urandom read (32 bytes read) [ 38.253760] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts. [ 43.774435] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 44.425612] ================================================================== [ 44.433027] BUG: KMSAN: kernel-infoleak in snd_pcm_oss_read+0x78b/0x1b30 [ 44.439861] CPU: 0 PID: 4617 Comm: syz-executor088 Not tainted 4.17.0+ #20 [ 44.446852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.456184] Call Trace: [ 44.458775] dump_stack+0x185/0x1d0 [ 44.462387] kmsan_report+0x188/0x2a0 [ 44.466182] kmsan_internal_check_memory+0x17e/0x1f0 [ 44.471280] kmsan_copy_to_user+0x7a/0x160 [ 44.475499] snd_pcm_oss_read+0x78b/0x1b30 [ 44.479726] ? snd_pcm_oss_unregister_minor+0x4d0/0x4d0 [ 44.485074] __vfs_read+0x1b2/0x9d0 [ 44.488688] vfs_read+0x36c/0x6b0 [ 44.492130] __x64_sys_read+0x1bf/0x3e0 [ 44.496103] ? ksys_read+0x360/0x360 [ 44.499804] do_syscall_64+0x15b/0x230 [ 44.503678] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 44.508846] RIP: 0033:0x440029 [ 44.512020] RSP: 002b:00007ffdf0bba448 EFLAGS: 00000213 ORIG_RAX: 0000000000000000 [ 44.519729] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440029 [ 44.527016] RDX: 00000000000000b3 RSI: 00000000200000c0 RDI: 0000000000000003 [ 44.534268] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 44.541527] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018b0 [ 44.548783] R13: 0000000000401940 R14: 0000000000000000 R15: 0000000000000000 [ 44.556055] [ 44.557662] Uninit was stored to memory at: [ 44.561971] kmsan_internal_chain_origin+0x12b/0x210 [ 44.567058] __msan_chain_origin+0x69/0xc0 [ 44.571273] mulaw_encode+0x962/0xc10 [ 44.575063] mulaw_transfer+0x1c8/0x250 [ 44.579019] snd_pcm_plug_read_transfer+0x8fe/0xae0 [ 44.584018] snd_pcm_oss_read+0xb22/0x1b30 [ 44.588241] __vfs_read+0x1b2/0x9d0 [ 44.591849] vfs_read+0x36c/0x6b0 [ 44.595284] __x64_sys_read+0x1bf/0x3e0 [ 44.599256] do_syscall_64+0x15b/0x230 [ 44.603126] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 44.608300] [ 44.609924] Uninit was stored to memory at: [ 44.614229] kmsan_internal_chain_origin+0x12b/0x210 [ 44.619321] kmsan_memcpy_origins+0x11d/0x170 [ 44.623799] __msan_memcpy+0xda/0x130 [ 44.627586] mulaw_encode+0x5cd/0xc10 [ 44.631371] mulaw_transfer+0x1c8/0x250 [ 44.635330] snd_pcm_plug_read_transfer+0x8fe/0xae0 [ 44.640337] snd_pcm_oss_read+0xb22/0x1b30 [ 44.644564] __vfs_read+0x1b2/0x9d0 [ 44.648171] vfs_read+0x36c/0x6b0 [ 44.651604] __x64_sys_read+0x1bf/0x3e0 [ 44.655559] do_syscall_64+0x15b/0x230 [ 44.659427] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 44.664600] [ 44.666205] Uninit was created at: [ 44.669729] kmsan_internal_alloc_meta_for_pages+0x15c/0x710 [ 44.675513] kmsan_alloc_page+0x87/0xe0 [ 44.679468] __alloc_pages_nodemask+0xf7b/0x5cc0 [ 44.684214] alloc_pages_current+0x6b1/0x970 [ 44.688606] __vmalloc_node_range+0x8bf/0x1170 [ 44.693169] vmalloc+0xd8/0xf0 [ 44.696344] snd_pcm_plugin_alloc+0x29a/0xc70 [ 44.700829] snd_pcm_plug_alloc+0x281/0x5d0 [ 44.705130] snd_pcm_oss_change_params_locked+0x59ef/0x6940 [ 44.710821] snd_pcm_oss_read+0x4ad/0x1b30 [ 44.715035] __vfs_read+0x1b2/0x9d0 [ 44.718648] vfs_read+0x36c/0x6b0 [ 44.722082] __x64_sys_read+0x1bf/0x3e0 [ 44.726036] do_syscall_64+0x15b/0x230 [ 44.729904] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 44.735069] [ 44.736675] Bytes 0-178 of 179 are uninitialized [ 44.741422] Memory access starts at ffffc900018ae000 [ 44.746501] ================================================================== [ 44.753842] Disabling lock debugging due to kernel taint [ 44.759271] Kernel panic - not syncing: panic_on_warn set ... [ 44.759271] [ 44.766620] CPU: 0 PID: 4617 Comm: syz-executor088 Tainted: G B 4.17.0+ #20 [ 44.775016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.784370] Call Trace: [ 44.786944] dump_stack+0x185/0x1d0 [ 44.790557] panic+0x3d0/0x9b0 [ 44.793746] kmsan_report+0x29e/0x2a0 [ 44.797534] kmsan_internal_check_memory+0x17e/0x1f0 [ 44.802631] kmsan_copy_to_user+0x7a/0x160 [ 44.806854] snd_pcm_oss_read+0x78b/0x1b30 [ 44.811081] ? snd_pcm_oss_unregister_minor+0x4d0/0x4d0 [ 44.816427] __vfs_read+0x1b2/0x9d0 [ 44.820055] vfs_read+0x36c/0x6b0 [ 44.823496] __x64_sys_read+0x1bf/0x3e0 [ 44.827462] ? ksys_read+0x360/0x360 [ 44.831167] do_syscall_64+0x15b/0x230 [ 44.835126] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 44.840307] RIP: 0033:0x440029 [ 44.843477] RSP: 002b:00007ffdf0bba448 EFLAGS: 00000213 ORIG_RAX: 0000000000000000 [ 44.851178] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440029 [ 44.858432] RDX: 00000000000000b3 RSI: 00000000200000c0 RDI: 0000000000000003 [ 44.865691] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 44.872944] R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018b0 [ 44.880195] R13: 0000000000401940 R14: 0000000000000000 R15: 0000000000000000 [ 44.887997] Dumping ftrace buffer: [ 44.891533] (ftrace buffer empty) [ 44.895223] Kernel Offset: disabled [ 44.898834] Rebooting in 86400 seconds..