From nobody Tue Jun 16 10:10:31 2026 Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8927735B136 for ; Sat, 18 Apr 2026 13:10:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776517818; cv=none; b=cCRzq0C8NK+w+48s+c4oEWzKn4BmW5fYcLpGAv53rBNnsJFJSH9V3ngLpGb4SQqdOJ49WSONQFDhsbB3JuvOTCc1XAbWGbVm72rHfQtWms5FlWCIhRQn0UGeZS3S7RKLSdGEjAwfQXssQEWbdWPECG1OzipYnn3Q1AgwA5rGi0w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776517818; c=relaxed/simple; bh=7SYDLXjmLjypS/L2xlUxAQkJQoMU/j5ocYgg43jKcb8=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=tdylahQ6c+5eiPV9RkWDuOi+rzgd/46pi75H3bgrKEJ6Efgs51qhwmVfb4zkaLLwjogUO/aipd6iNqVGfxBt6aus3PKkPZKYeziLz+9s3uIOdlrNWZlwa9DAcIfdrh2KL9jmrF+RKnpQfjLKCYz5ETnStGxa3VWxfl53euvmEP4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=e1usutLk; arc=none smtp.client-ip=209.85.128.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="e1usutLk" Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-48909558b3aso1699465e9.0 for ; Sat, 18 Apr 2026 06:10:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776517816; x=1777122616; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Mk680EP8Q1gLE67I5yKH+8+vfQBu5aMMEUEdJQpQZUk=; b=e1usutLksJN4Raj6z3Yl8QCY7z+BwJ+URZpR7aj4Jvwsw5Y2KM9lcPJ6plwNf0hlu9 qZtmwfm5puc3gfPXkZshcpBedymQaRE+J95k1UzADeZU1qPuTDqc0OtvWZs8fjcdPjXs Ie6QB5Mztj++V2KcVIL9OQaGWeSjrxqBCcV3W21EtCAguO5M1WMbxXp1jLz4bl8TNkpa nqUWw1hBsHDjj5VIeul6gVa4l5lBdnXFZcozE88O3ArZcpyG1p8Q0+OYJaMVOfLbO1mf tTya58MqzKdF9QjQRgMOvjxEZiBtc8KkPpfjv71GtKagjnyit4EHr7N+uCDmBlS1FYoU lpOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776517816; x=1777122616; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Mk680EP8Q1gLE67I5yKH+8+vfQBu5aMMEUEdJQpQZUk=; b=VsHamBhTYDtLpHYfLbPDkuIs+uBvX7w0JCtRacxLTyRZenTkXPMlU3RZ9vmmG5OWwy ueTGsdmsLK5OHLYr0NjUmm8hGA+KHVd3XeGEPSF1SOYp+g71gE/r+COCSrnnTzUgFOTQ zPMKJeNUnKWZYiO3Y6zrc8LIMY6NkYXh2MJlaygYL5IkcblIrQLjsfV4+xHC6qj77nQP DZf8kb7vXBkPFUxB5OSgKE64+rrb+wHk82qE9wu8i7ZlfUKPbHpsum7Uv0fJrxIPBYbt rNND2aZjNjgoNzQMx9cHnpI1YGyO+AQ5XyX+K9axUazEkpkfRPs9pCbwoXyB62o9gwbS LZfQ== X-Forwarded-Encrypted: i=1; AFNElJ+tdvAANK4UG8HHmNf1X2mAZ1ayGgUwOVrIDYTwP6S8g9mSsFgRBJBLTp+AnvyE37iPJc9qYTh1WGcivkg=@vger.kernel.org X-Gm-Message-State: AOJu0Yx3yRdBSnOIiN1FcxiK3SLtHLoM8yoqsgKJ67fJbjfCXikGs0IH rqSRCbmZqN1S6P7FOLnFCLgIeqFEvw9mPXayyhkqao0zgiHor77CXKs= X-Gm-Gg: AeBDievNBD2si0YEG7XewvZ5tofwnxCaMai76YtNKroiI7Je1Iu9fVHLGmLFDVzBw3L xFLkJpKSJJyAhPcPIZQZgpLVhzdRuRrau4cEwG+/8u7YgLbws+QC0f+V1HTJGP9sUMwuHNZ067i t34hbpQYXhmSuPgkReIhuHErb66P5TcGWfvpmzFyWDwP521MyRoLIiDXvKomIpeE3FwtNQDvsIA XdPgMKzSRwWpFBLYazvaOkEiVMPPMQq5dZQTgrSJAwPtF0x466gOIYtXcu3u6b3bzYgG0e7hviv C+oRdwpKe4/t4JTq1LGc42vc/o6AK+zHXBxT75yy/AFnZvQOfzxT22fr9UjdXiG/BmyUzzWcoPU M0emITolfA10JWey4+nOuuW/MjcnYX89X8QGBgORu8Hcc5d2KhPSNs8XktBuLL08x/9yhwK32ox ITPRfRnOITs+nrJQ== X-Received: by 2002:a05:600c:621b:b0:487:5c0:671f with SMTP id 5b1f17b1804b1-488fb742e74mr113803125e9.9.1776517815796; Sat, 18 Apr 2026 06:10:15 -0700 (PDT) Received: from debian.. ([2001:41d0:303:db6b::]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488fc100162sm137366295e9.5.2026.04.18.06.10.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Apr 2026 06:10:15 -0700 (PDT) From: Tristan Madani To: shaggy@kernel.org Cc: jfs-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org, syzbot+ba5f49027aace342d24d@syzkaller.appspotmail.com Subject: [PATCH] jfs: fix uninit-value read in BT_STACK_DUMP Date: Sat, 18 Apr 2026 13:10:14 +0000 Message-ID: <20260418131014.1039814-1-tristmd@gmail.com> X-Mailer: git-send-email 2.47.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Tristan Madani BT_STACK_DUMP() iterates over MAXTREEHEIGHT entries in the btstack regardless of how many entries were actually pushed. This reads uninitialized stack entries beyond the current depth. Fix by computing the actual depth from btstack->top and limiting the loop to only initialized entries. Reported-by: syzbot+ba5f49027aace342d24d@syzkaller.appspotmail.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Tristan Madani --- fs/jfs/jfs_btree.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/jfs/jfs_btree.h b/fs/jfs/jfs_btree.h index ce055ef50cd35..26dd5acddcfeb 100644 --- a/fs/jfs/jfs_btree.h +++ b/fs/jfs/jfs_btree.h @@ -131,8 +131,10 @@ struct btstack { static inline void BT_STACK_DUMP(struct btstack *btstack) { int i; + int depth =3D btstack->top - btstack->stack; + printk("btstack dump:\n"); - for (i =3D 0; i < MAXTREEHEIGHT; i++) + for (i =3D 0; i < depth; i++) printk(KERN_ERR "bn =3D %Lx, index =3D %d\n", (long long)btstack->stack[i].bn, btstack->stack[i].index); --=20 2.47.3