From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9700E189F30 for ; Fri, 20 Feb 2026 22:10:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771625448; cv=none; b=mXxbfwkCPZYk+sJNk/YMurPGeb65npw1/6l7C+lh0PVmVlaVMPB8Gd9sepuw9RhWlds98/o/LIjM4hiBSpT/eKfFml826O+vuzhitAXkrg6QYml17OxHy8uf6Nv9fYbdNDOu8w1mEHk3xCXmOvCIdHab5W3w7ZIu5e5HO39SaxY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771625448; c=relaxed/simple; bh=N91G+VIqG8EZCiu/wGHOYgX02JABq1bsLR47a1bvgQs=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=ZkbfOHAFhOObaxlh43zgPX81s5LAdEVpijWt1lg9nOvvmQOV7RmHqjfcE4JbMcaeDmG4LkUdjnNIWofb2IIHdgIerPrinZPqBMgbThr15dJtAq/cDhA9ZtHRfs4bcUOBd7urCSvYsEigzG/bHP5UMeztoBWe1KMTSL0zL6epliw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BWWMvUDn; arc=none smtp.client-ip=209.85.128.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BWWMvUDn" Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4834826e5a0so29530955e9.2 for ; Fri, 20 Feb 2026 14:10:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771625445; x=1772230245; darn=vger.kernel.org; h=mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=b6YHeMi0iJDGLx+qsHvKGwlPOBga0P4QE2jKR9MgPQ0=; b=BWWMvUDnTxHYr/r3km0Hi6/hsuURabex48RtVoLLUlnWm4LPY2QRizqk3MqrPeCefz z4Sdcwcitslcrh17ZnIkV3Rov0qSo7hTDMLZXZNY2AgxyehgbEgkLvRX+alhw9LFhQ17 FItGVNEIGzsDNfUV7PpLn19eFYUr0lLiFZJCoTh3OPiVv/d16NlAyOJua3/F8wfbtuRw 3PDS55tD83FQi+5CnXjy2rFGJQ3tp3v4aEmiE6wwXLdDNhfcXWu2SRjHiI5YmZlQX5vH kKANZ6//cDmmSIYyj2YI2lN5WdB0C/HZRE30F/gpv+fH+v03DpM/XVdbX+TjRgsJJryv /Bng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771625445; x=1772230245; h=mime-version:message-id:date:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=b6YHeMi0iJDGLx+qsHvKGwlPOBga0P4QE2jKR9MgPQ0=; b=SXi8F4wSjUaj8/PZ3f9WeLPG/1IaoY63/B8WS6sECvclBb29bpqFLiZ0GDFZ4IfI40 lydsJ3NivdCzsaOwpLl5dFDxfgGDvunwnbdw6yH6yxe50h21kVXoQDGEZ1smoO2R3yeq BOJ7D7BN6+yJTGkSjPuTigxDwejMNiK9lOhKE9BLWjCfezcavPEb1Dma9OdBEerxMaOI b9rYCMBylis7BFG91RjZpE9PuS/GoClD9LUkB3wxx20LmpkfDejqYWJJepbVH1CHBEyr 1sdztn8m3tSM7JjMe4UyNV7CgVhW8LCte4xcarTeoY3ZgvOqTvaLymsce+mNI/68GtxH P9sw== X-Gm-Message-State: AOJu0YyUvJ8ejKVFmP8levoV1i6q+K/MN4RtNxaLfXbeBXoJEkvtkkAJ /dgU7J/bF+qqhaTN3Eqp/SjmvBhvig7LKj5Mz3dv0yREVWE7uZvfK7kbJ/Xp4w== X-Gm-Gg: AZuq6aJGI5Yhqaxdr2G85mnCTXh5sS6J7WyiP5aHrKQvu0rn09sOP/8quuMNhoY3w4x wjapQgwq6mR2TV/k4h4g4xttfHPLIt7D2mtlprapJvkZajpMoJOSgzTR2nvAqLenO1HXCmbclAU lxteD9WRDArhxwQHJpRYZa6roGE8xo7deSqxZDdtkqCfYW+dW8vcFDwS507hZEzu8EQv3crjLwu QW/AZYEK3+wUwTqGBkw0O9/SlYSUnoFVB0ffXB9n+MOIve1iD0TOuVjo0tVNBLXNpWTAPpPm2xj wk2oBlRce7f+2iQXCLgQbu/Zl/rnJZnC1z/sXMA4zG2bQifgFAmv+uFNVzKByfzlL35dC7wBoth 9a8DHHeEVmYVG3AwuIP1eXW7lfnjoIokF/NVrGdcQnqVMh4T4rXFCR5vmtat3ZSURPzgHyC8bUe 4/jwHWV5mutay2O516GpItKDc0kH+6nYuGenHN8dYeFpAYEMVfLgQdvWKxIZqQAIz5qw== X-Received: by 2002:a05:600c:6291:b0:477:9814:6882 with SMTP id 5b1f17b1804b1-483a95b5975mr17777685e9.5.1771625444452; Fri, 20 Feb 2026 14:10:44 -0800 (PST) Received: from Abds-MacBook-Air.local ([2a02:3037:218:21ee:14fd:c6e2:e277:add6]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43970b703f4sm1151538f8f.0.2026.02.20.14.10.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Feb 2026 14:10:43 -0800 (PST) From: Abd-Alrhman Masalkhi To: syzbot+96f901260a0b2d29cd1a@syzkaller.appspotmail.com Cc: linux-kernel@vger.kernel.org Subject: Re: [syzbot] [media?] KMSAN: uninit-value in vidtv_ts_null_write_into Date: Fri, 20 Feb 2026 23:10:42 +0100 Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain On Sun, 15 Feb 2026 02:49:27 -0800, Syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: cd7a5651db26 alpha: add missing address argument in call t.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=125b62aa580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=50148b563a4d5941 > dashboard link: https://syzkaller.appspot.com/bug?extid=96f901260a0b2d29cd1a > compiler: Debian clang version 21.1.8 > (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD > > 21.1.8 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e5a6e6580000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=172c7e5a580000 > #syz test Signed-off-by: Abd-Alrhman Masalkhi --- drivers/media/test-drivers/vidtv/vidtv_mux.c | 4 +- drivers/media/test-drivers/vidtv/vidtv_ts.c | 48 ++++++++++---------- drivers/media/test-drivers/vidtv/vidtv_ts.h | 4 +- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/drivers/media/test-drivers/vidtv/vidtv_mux.c b/drivers/media/test-drivers/vidtv/vidtv_mux.c index f99878eff7ac..7dad97881fdb 100644 --- a/drivers/media/test-drivers/vidtv/vidtv_mux.c +++ b/drivers/media/test-drivers/vidtv/vidtv_mux.c @@ -233,7 +233,7 @@ static u32 vidtv_mux_push_pcr(struct vidtv_mux *m) /* the 27Mhz clock will feed both parts of the PCR bitfield */ args.pcr = m->timing.clk; - nbytes += vidtv_ts_pcr_write_into(args); + nbytes += vidtv_ts_pcr_write_into(&args); m->mux_buf_offset += nbytes; m->num_streamed_pcr++; @@ -363,7 +363,7 @@ static u32 vidtv_mux_pad_with_nulls(struct vidtv_mux *m, u32 npkts) args.continuity_counter = &ctx->cc; for (i = 0; i < npkts; ++i) { - m->mux_buf_offset += vidtv_ts_null_write_into(args); + m->mux_buf_offset += vidtv_ts_null_write_into(&args); args.dest_offset = m->mux_buf_offset; } diff --git a/drivers/media/test-drivers/vidtv/vidtv_ts.c b/drivers/media/test-drivers/vidtv/vidtv_ts.c index ca4bb9c40b78..cbe9aff9ffb5 100644 --- a/drivers/media/test-drivers/vidtv/vidtv_ts.c +++ b/drivers/media/test-drivers/vidtv/vidtv_ts.c @@ -48,7 +48,7 @@ void vidtv_ts_inc_cc(u8 *continuity_counter) *continuity_counter = 0; } -u32 vidtv_ts_null_write_into(struct null_packet_write_args args) +u32 vidtv_ts_null_write_into(const struct null_packet_write_args *args) { u32 nbytes = 0; struct vidtv_mpeg_ts ts_header = {}; @@ -56,21 +56,21 @@ u32 vidtv_ts_null_write_into(struct null_packet_write_args args) ts_header.sync_byte = TS_SYNC_BYTE; ts_header.bitfield = cpu_to_be16(TS_NULL_PACKET_PID); ts_header.payload = 1; - ts_header.continuity_counter = *args.continuity_counter; + ts_header.continuity_counter = *args->continuity_counter; /* copy TS header */ - nbytes += vidtv_memcpy(args.dest_buf, - args.dest_offset + nbytes, - args.buf_sz, + nbytes += vidtv_memcpy(args->dest_buf, + args->dest_offset + nbytes, + args->buf_sz, &ts_header, sizeof(ts_header)); - vidtv_ts_inc_cc(args.continuity_counter); + vidtv_ts_inc_cc(args->continuity_counter); /* fill the rest with empty data */ - nbytes += vidtv_memset(args.dest_buf, - args.dest_offset + nbytes, - args.buf_sz, + nbytes += vidtv_memset(args->dest_buf, + args->dest_offset + nbytes, + args->buf_sz, TS_FILL_BYTE, TS_PACKET_LEN - nbytes); @@ -83,17 +83,17 @@ u32 vidtv_ts_null_write_into(struct null_packet_write_args args) return nbytes; } -u32 vidtv_ts_pcr_write_into(struct pcr_write_args args) +u32 vidtv_ts_pcr_write_into(const struct pcr_write_args *args) { u32 nbytes = 0; struct vidtv_mpeg_ts ts_header = {}; struct vidtv_mpeg_ts_adaption ts_adap = {}; ts_header.sync_byte = TS_SYNC_BYTE; - ts_header.bitfield = cpu_to_be16(args.pid); + ts_header.bitfield = cpu_to_be16(args->pid); ts_header.scrambling = 0; /* cc is not incremented, but it is needed. see 13818-1 clause 2.4.3.3 */ - ts_header.continuity_counter = *args.continuity_counter; + ts_header.continuity_counter = *args->continuity_counter; ts_header.payload = 0; ts_header.adaptation_field = 1; @@ -102,27 +102,27 @@ u32 vidtv_ts_pcr_write_into(struct pcr_write_args args) ts_adap.PCR = 1; /* copy TS header */ - nbytes += vidtv_memcpy(args.dest_buf, - args.dest_offset + nbytes, - args.buf_sz, + nbytes += vidtv_memcpy(args->dest_buf, + args->dest_offset + nbytes, + args->buf_sz, &ts_header, sizeof(ts_header)); /* write the adap after the TS header */ - nbytes += vidtv_memcpy(args.dest_buf, - args.dest_offset + nbytes, - args.buf_sz, + nbytes += vidtv_memcpy(args->dest_buf, + args->dest_offset + nbytes, + args->buf_sz, &ts_adap, sizeof(ts_adap)); /* write the PCR optional */ - nbytes += vidtv_ts_write_pcr_bits(args.dest_buf, - args.dest_offset + nbytes, - args.pcr); + nbytes += vidtv_ts_write_pcr_bits(args->dest_buf, + args->dest_offset + nbytes, + args->pcr); - nbytes += vidtv_memset(args.dest_buf, - args.dest_offset + nbytes, - args.buf_sz, + nbytes += vidtv_memset(args->dest_buf, + args->dest_offset + nbytes, + args->buf_sz, TS_FILL_BYTE, TS_PACKET_LEN - nbytes); diff --git a/drivers/media/test-drivers/vidtv/vidtv_ts.h b/drivers/media/test-drivers/vidtv/vidtv_ts.h index 09b4ffd02829..3606398e160d 100644 --- a/drivers/media/test-drivers/vidtv/vidtv_ts.h +++ b/drivers/media/test-drivers/vidtv/vidtv_ts.h @@ -90,7 +90,7 @@ void vidtv_ts_inc_cc(u8 *continuity_counter); * * Return: The number of bytes written into the buffer. */ -u32 vidtv_ts_null_write_into(struct null_packet_write_args args); +u32 vidtv_ts_null_write_into(const struct null_packet_write_args *args); /** * vidtv_ts_pcr_write_into - Write a PCR packet into a buffer. @@ -101,6 +101,6 @@ u32 vidtv_ts_null_write_into(struct null_packet_write_args args); * * Return: The number of bytes written into the buffer. */ -u32 vidtv_ts_pcr_write_into(struct pcr_write_args args); +u32 vidtv_ts_pcr_write_into(const struct pcr_write_args *args); #endif //VIDTV_TS_H -- -- Best Regards, Abd-Alrhman