Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.412635] ================================================================== [ 52.420045] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1a4/0x250 [ 52.426538] CPU: 0 PID: 6254 Comm: syz-executor456 Not tainted 4.20.0-rc5+ #2 [ 52.433804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.443144] Call Trace: [ 52.445721] dump_stack+0x1c9/0x220 [ 52.449341] kmsan_report+0x12d/0x290 [ 52.453137] kmsan_internal_check_memory+0x334/0xa60 [ 52.458238] kmsan_copy_to_user+0x8d/0xa0 [ 52.462460] _copy_to_user+0x1a4/0x250 [ 52.466341] video_usercopy+0x16c9/0x17d0 [ 52.470490] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 52.475841] ? putname+0x21f/0x240 [ 52.479372] video_ioctl2+0x9f/0xb0 [ 52.482998] ? video_usercopy+0x17d0/0x17d0 [ 52.487315] v4l2_ioctl+0x23f/0x270 [ 52.490933] do_vfs_ioctl+0xf36/0x2d30 [ 52.494813] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 52.500172] ? security_file_ioctl+0x92/0x200 [ 52.504669] __se_sys_ioctl+0x1da/0x270 [ 52.508650] __x64_sys_ioctl+0x4a/0x70 [ 52.512538] do_syscall_64+0xcd/0x110 [ 52.516328] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 52.521506] RIP: 0033:0x445659 [ 52.524699] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.543601] RSP: 002b:00007ff7a472ada8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 52.551289] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445659 [ 52.558547] RDX: 0000000020000000 RSI: 0000000080885659 RDI: 0000000000000003 [ 52.565844] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 52.573130] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 52.580387] R13: 6469762f7665642f R14: 00007ff7a472b9c0 R15: 00000000006dad2c [ 52.587648] [ 52.589262] Uninit was stored to memory at: [ 52.593572] kmsan_internal_chain_origin+0x162/0x260 [ 52.598702] kmsan_memcpy_memmove_metadata+0x1a9/0xf30 [ 52.603965] kmsan_memcpy_metadata+0xb/0x10 [ 52.608300] __msan_memcpy+0x61/0x70 [ 52.612001] __v4l2_event_dequeue+0x2f8/0x730 [ 52.616605] v4l2_event_dequeue+0x41c/0x560 [ 52.620917] v4l_dqevent+0xba/0xe0 [ 52.624442] __video_do_ioctl+0x1975/0x1fc0 [ 52.628747] video_usercopy+0x8ae/0x17d0 [ 52.632789] video_ioctl2+0x9f/0xb0 [ 52.636396] v4l2_ioctl+0x23f/0x270 [ 52.640001] do_vfs_ioctl+0xf36/0x2d30 [ 52.643872] __se_sys_ioctl+0x1da/0x270 [ 52.647826] __x64_sys_ioctl+0x4a/0x70 [ 52.651697] do_syscall_64+0xcd/0x110 [ 52.655486] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 52.660654] [ 52.662271] Uninit was stored to memory at: [ 52.666576] kmsan_internal_chain_origin+0x162/0x260 [ 52.671694] kmsan_memcpy_memmove_metadata+0x1a9/0xf30 [ 52.676956] kmsan_memcpy_metadata+0xb/0x10 [ 52.681257] __msan_memcpy+0x61/0x70 [ 52.684965] __v4l2_event_queue_fh+0xd2d/0x1260 [ 52.689627] v4l2_event_queue_fh+0x1a1/0x270 [ 52.694022] v4l2_ctrl_add_event+0x952/0xc20 [ 52.698410] v4l2_event_subscribe+0xf75/0x1240 [ 52.702971] v4l2_ctrl_subscribe_event+0xb6/0x110 [ 52.707806] v4l_subscribe_event+0x9e/0xc0 [ 52.712035] __video_do_ioctl+0x1975/0x1fc0 [ 52.716340] video_usercopy+0x8ae/0x17d0 [ 52.720383] video_ioctl2+0x9f/0xb0 [ 52.723993] v4l2_ioctl+0x23f/0x270 [ 52.727603] do_vfs_ioctl+0xf36/0x2d30 [ 52.731492] __se_sys_ioctl+0x1da/0x270 [ 52.735454] __x64_sys_ioctl+0x4a/0x70 [ 52.739331] do_syscall_64+0xcd/0x110 [ 52.743115] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 52.748369] [ 52.749978] Local variable description: ----ev@v4l2_ctrl_add_event [ 52.756273] Variable was created at: [ 52.759967] v4l2_ctrl_add_event+0x6e/0xc20 [ 52.764270] v4l2_event_subscribe+0xf75/0x1240 [ 52.768827] [ 52.770433] Bytes 44-71 of 136 are uninitialized [ 52.775167] Memory access of size 136 starts at ffff8881bcc903c0 [ 52.781291] Data copied to user address 0000000020000000 [ 52.786734] ================================================================== [ 52.794073] Disabling lock debugging due to kernel taint [ 52.799504] Kernel panic - not syncing: panic_on_warn set ... [ 52.805373] CPU: 0 PID: 6254 Comm: syz-executor456 Tainted: G B 4.20.0-rc5+ #2 [ 52.814021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.823365] Call Trace: [ 52.825958] dump_stack+0x1c9/0x220 [ 52.829571] panic+0x3f0/0x98f [ 52.832762] kmsan_report+0x290/0x290 [ 52.836556] kmsan_internal_check_memory+0x334/0xa60 [ 52.841654] kmsan_copy_to_user+0x8d/0xa0 [ 52.845980] _copy_to_user+0x1a4/0x250 [ 52.849876] video_usercopy+0x16c9/0x17d0 [ 52.854023] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 52.859372] ? putname+0x21f/0x240 [ 52.862901] video_ioctl2+0x9f/0xb0 [ 52.866523] ? video_usercopy+0x17d0/0x17d0 [ 52.870825] v4l2_ioctl+0x23f/0x270 [ 52.874441] do_vfs_ioctl+0xf36/0x2d30 [ 52.878314] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 52.883684] ? security_file_ioctl+0x92/0x200 [ 52.888182] __se_sys_ioctl+0x1da/0x270 [ 52.892145] __x64_sys_ioctl+0x4a/0x70 [ 52.896019] do_syscall_64+0xcd/0x110 [ 52.899805] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 52.904976] RIP: 0033:0x445659 [ 52.908159] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.927052] RSP: 002b:00007ff7a472ada8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 52.934744] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445659 [ 52.941997] RDX: 0000000020000000 RSI: 0000000080885659 RDI: 0000000000000003 [ 52.949248] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 52.956502] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 52.963769] R13: 6469762f7665642f R14: 00007ff7a472b9c0 R15: 00000000006dad2c [ 52.972110] Kernel Offset: disabled [ 52.975733] Rebooting in 86400 seconds..