===================================================== BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253 CPU: 0 PID: 23137 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 kmsan_internal_check_memory+0x238/0x3d0 mm/kmsan/kmsan.c:423 kmsan_copy_to_user+0x81/0x90 mm/kmsan/kmsan_hooks.c:253 instrument_copy_to_user include/linux/instrumented.h:91 [inline] _copy_to_user+0x18e/0x260 lib/usercopy.c:33 copy_to_user include/linux/uaccess.h:170 [inline] video_put_user drivers/media/v4l2-core/v4l2-ioctl.c:3226 [inline] video_usercopy+0x24a9/0x3140 drivers/media/v4l2-core/v4l2-ioctl.c:3325 video_ioctl2+0x9f/0xb0 drivers/media/v4l2-core/v4l2-ioctl.c:3335 v4l2_ioctl+0x255/0x290 drivers/media/v4l2-core/v4l2-dev.c:360 vfs_ioctl fs/ioctl.c:48 [inline] ksys_ioctl fs/ioctl.c:753 [inline] __do_sys_ioctl fs/ioctl.c:762 [inline] __se_sys_ioctl+0x319/0x4d0 fs/ioctl.c:760 __x64_sys_ioctl+0x4a/0x70 fs/ioctl.c:760 do_syscall_64+0xad/0x160 arch/x86/entry/common.c:386 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45d5b9 Code: Bad RIP value. RSP: 002b:00007f75338a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000001f500 RCX: 000000000045d5b9 RDX: 0000000020000080 RSI: 00000000c050560f RDI: 0000000000000003 RBP: 000000000118cf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 000000000169fb6f R14: 00007f75338a49c0 R15: 000000000118cf4c Local variable ----vb32.i@video_usercopy created at: video_put_user drivers/media/v4l2-core/v4l2-ioctl.c:3210 [inline] video_usercopy+0x20d7/0x3140 drivers/media/v4l2-core/v4l2-ioctl.c:3325 video_put_user drivers/media/v4l2-core/v4l2-ioctl.c:3210 [inline] video_usercopy+0x20d7/0x3140 drivers/media/v4l2-core/v4l2-ioctl.c:3325 Bytes 52-55 of 80 are uninitialized Memory access of size 80 starts at ffff8880421cbce0 Data copied to user address 0000000020000080 =====================================================