From nobody Sat Feb 7 22:34:26 2026 Received: from mail-oo1-f70.google.com (mail-oo1-f70.google.com [209.85.161.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A01F322A24 for ; Fri, 23 Jan 2026 05:33:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.70 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769146443; cv=none; b=ol6KqwyfARIZDNUJqzrZE/oLvKdwntfSb1p6pdK3IlRtXbqY6wTu4IZH+pCkNkbJVIwVdhX8Ev+QAGA4bGTnkl4Toj666tXtEBsJ4PLO6ybARI29tt47qRaF8n3uHXtRGQ06c/qN9IUOfgDOK6qtEt6v+34zzA6aBwI0t1i61qE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769146443; c=relaxed/simple; bh=fX8h76591J59dmWVtcFlGBCZGHPj/J74b5nnp1Dmn24=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=mx3LcR00iUkb+B2Z2Wn/IfLKjo2RGmf8WwZ9ty63y+/X4oZlEO0Wpr/3l6G/2gS/YlwsVGJ6DsB3W6qDBKDJPTq+ABOw09/bT8Rb2/254o6kTTP4Su4yv8UinkesCMk6gtXodLubbmCiTXVCitv+79L78+5GoSs1rkW2HiXhBpE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.161.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oo1-f70.google.com with SMTP id 006d021491bc7-662b9af3988so3852230eaf.1 for ; Thu, 22 Jan 2026 21:33:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769146435; x=1769751235; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lN4BQaIINGLsVPAoE0J4qDuCRVazwveslH/zfnyrfqk=; b=p6gTmcQ5YKfe9Rq7nWTYACf56jqraoI/3cEuWfvKjyTn1IUJPMfBhAGZ9nMpfc6kug ieE1H9EnPw5HB5VnZSIXIOZcXEf9VtWoOOLz8lViBKp98OdcKRWkHVd2xfu6r0SasdYc YUSbjwxJOQNilRijyc9G2ySvHV5DbPpagh9ZH+/3/Elk+sGzpfbBu+gUue77bJk6Fhsp XEQyymRlI9wfEZd/Q6L6MpMxzFFKLffglCrkA3HoehU3m2xxmRmw5RbnqBTVOkZWLN5L 9x5Ez9j4ZEUHmgM0Fu4i0EFYjaDYF1ubAWErILQ5Uq96U+CxWbBbAF5XEh/pPU1yHwXW nPng== X-Gm-Message-State: AOJu0YytJsDEnxsNWyGH2g1uBCVNfUCkTtQw0Upfqw+tMsUBxHb0Oaa+ 24TWMxebpsE2QlXsuW3IW0tZaPhyeoUtS0yxlXX07bpBO7MMitVFiUQrYZ4mZk6Jn9Ooeg1Upx6 zXs3GXL0cprkwcoiVtyLW0HxGSc5/QTKl6gY4JaD6lDA/u9BD6rkyamukH/o= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:450e:b0:65f:5b1d:30dd with SMTP id 006d021491bc7-662d062e089mr8747eaf.33.1769146435070; Thu, 22 Jan 2026 21:33:55 -0800 (PST) Date: Thu, 22 Jan 2026 21:33:55 -0800 In-Reply-To: <69727142.050a0220.706b.0027.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69730843.050a0220.1ad174.0331.GAE@google.com> Subject: Forwarded: [PATCH] jfs: fix KMSAN warning in txLock From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: [PATCH] jfs: fix KMSAN warning in txLock Author: kartikey406@gmail.com #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git= master Syzbot reported a KMSAN uninit-value warning in txLock when accessing the global TxLock array: BUG: KMSAN: uninit-value in txLock+0x13a2/0x2900 fs/jfs/jfs_txnmgr.c:659 The issue occurs because txInit() allocates the TxLock array using vmalloc(), which does not zero the allocated memory. When txLock() traverses the transaction lock list by accessing elements in this array (via lid_to_tlock()), it reads uninitialized 'next' pointers, triggering the KMSAN warning. The uninitialized memory originates from: vmalloc_noprof+0xce/0x140 mm/vmalloc.c:4146 txInit+0xb5c/0xfa0 fs/jfs/jfs_txnmgr.c:297 Fix this by using vzalloc() instead of vmalloc() to ensure the TxLock array is zero-initialized. This guarantees that all tlock structures start with valid initial values, particularly the 'next' field which is used for list traversal. Reported-by: syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=3Dd3a57c32b9112d7b01ec Signed-off-by: Deepanshu Kartikey --- fs/jfs/jfs_txnmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index c16578af3a77..4c72103a0b46 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -294,7 +294,7 @@ int txInit(void) * tlock id =3D 0 is reserved. */ size =3D sizeof(struct tlock) * nTxLock; - TxLock =3D vmalloc(size); + TxLock =3D vzalloc(size); if (TxLock =3D=3D NULL) { vfree(TxBlock); return -ENOMEM; --=20 2.43.0