From nobody Sat Feb 7 15:10:12 2026 Received: from mail-ot1-f70.google.com (mail-ot1-f70.google.com [209.85.210.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4AAC366DDF for ; Fri, 23 Jan 2026 05:31:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.70 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769146285; cv=none; b=Zp+si5yywGrFdrEJZReruzvv3xVSZxhjORUFS3ntU8n3UPq5Cm3buVFFzhRlY8t4FJgK0YhGcQU41uQlZpzvlPRzrZgRH7uDHLTNB+cqHTFp5pM4Hl0XLvLLBRJAhLm51/kZRzeQz4k+ZOZ7Eg/WYYqRg2a+P11g+qxK4VNNnKI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769146285; c=relaxed/simple; bh=9ahiRfrPkJqkHOFR2Na5bZBCHfG0Rtb4wOWW7PV7epA=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=S5jPnzj16bIotNI5QFt8MqRBpoTvEhRbl4pZ1SHoLV+B/33ncRK6zqKEZfFDOrxg+B9FEvuhMVpUlwiySrGmHnN+zvNOAYEdSXiCctirG28Y3WjT3DS+CC6ioALkpj46FTC5DEZ0ie54ouQBErnrNKJKmz7hF65toX41aMQXG8I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.210.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-ot1-f70.google.com with SMTP id 46e09a7af769-7cfcf550e23so2112789a34.2 for ; Thu, 22 Jan 2026 21:31:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769146279; x=1769751079; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0a7lluTgdDp2vDKNzV1DMMCNLc9b5HS5JgWbo7Lsm5w=; b=CLT192ZmgcbyCketPcCsdP3i1vraTtQB7O7Lj4q0kdHRHTlXVZ4MutIscjPG5iaLts Yvazzh1kSXKQUpQNOJ5IQeHRFAK+iwqgcRmtFtmCb0wlzaVBh0AEruTI1PhDHUpFXwRS J8q6sse61D4z8LdnYOstKNCGA81VMiOCVfdLANSXwMTWXl/6rd8VBRf5AwhKCDckzA1+ IYynhi0Urqgm2pm7B/auoPj5Wrzp+VKcqBFXfExRz6ZLqfq7mwR3QFHz9cSs63Xer1+C c5rBxNzr1mCl9U+Gd1AV/th4y7PHpDfi2hmFt3pd4B1wbkT1p1aY9geYO0u641Nk4aCa X92A== X-Gm-Message-State: AOJu0YyTCsFGIubyCYVJKREdbL9NXE337+R5rnJCeDgWQejA00eYBV68 tVy5d3+Szp/nT3bVlJcS6TZpgc4vgA/EVaZzweJ51ZdDuZRv8WdRGXCu3PGAoAkITSpVxrqkZ/A 9Dz1iWrCw2SaxnOCm0nLRTmCfOBK3gm41So2uRL/fw6magQrXx9z+de2UOwA= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:1caa:b0:65f:7279:a5bf with SMTP id 006d021491bc7-662caad7498mr947931eaf.8.1769146279494; Thu, 22 Jan 2026 21:31:19 -0800 (PST) Date: Thu, 22 Jan 2026 21:31:19 -0800 In-Reply-To: <69727142.050a0220.706b.0027.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <697307a7.050a0220.1ad174.0330.GAE@google.com> Subject: Forwarded: [PATCH] jfs: fix KMSAN warning in txLock From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: [PATCH] jfs: fix KMSAN warning in txLock Author: kartikey406@gmail.com #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git= maste Syzbot reported a KMSAN uninit-value warning in txLock when accessing the global TxLock array: BUG: KMSAN: uninit-value in txLock+0x13a2/0x2900 fs/jfs/jfs_txnmgr.c:659 The issue occurs because txInit() allocates the TxLock array using vmalloc(), which does not zero the allocated memory. When txLock() traverses the transaction lock list by accessing elements in this array (via lid_to_tlock()), it reads uninitialized 'next' pointers, triggering the KMSAN warning. The uninitialized memory originates from: vmalloc_noprof+0xce/0x140 mm/vmalloc.c:4146 txInit+0xb5c/0xfa0 fs/jfs/jfs_txnmgr.c:297 Fix this by using vzalloc() instead of vmalloc() to ensure the TxLock array is zero-initialized. This guarantees that all tlock structures start with valid initial values, particularly the 'next' field which is used for list traversal. Reported-by: syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3Dd3a57c32b9112d7b01ec Signed-off-by: Deepanshu Kartikey --- fs/jfs/jfs_txnmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index c16578af3a77..4c72103a0b46 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -294,7 +294,7 @@ int txInit(void) * tlock id =3D 0 is reserved. */ size =3D sizeof(struct tlock) * nTxLock; - TxLock =3D vmalloc(size); + TxLock =3D vzalloc(size); if (TxLock =3D=3D NULL) { vfree(TxBlock); return -ENOMEM; --=20 2.43.0