For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.

***

Subject: Re: [syzbot] [jfs?] KMSAN: uninit-value in txLock
Author: tristmd@gmail.com

#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

diff --git a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c
index XXXXXXX..XXXXXXX 100644
--- a/fs/jfs/jfs_metapage.c
+++ b/fs/jfs/jfs_metapage.c
@@ -174,14 +174,10 @@ static inline struct metapage *alloc_metapage(gfp_t gfp_mask)
 {
 	struct metapage *mp = mempool_alloc(metapage_mempool, gfp_mask);

-	if (mp) {
-		mp->lid = 0;
-		mp->lsn = 0;
-		mp->data = NULL;
-		mp->clsn = 0;
-		mp->log = NULL;
+	if (mp) {
+		memset(mp, 0, sizeof(*mp));
 		init_waitqueue_head(&mp->wait);
-	}
+	}
 	return mp;
 }

diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c
index XXXXXXX..XXXXXXX 100644
--- a/fs/jfs/jfs_txnmgr.c
+++ b/fs/jfs/jfs_txnmgr.c
@@ -295,7 +295,7 @@ int txInit(void)
 	 * tlock id = 0 is reserved.
 	 */
 	size = sizeof(struct tlock) * nTxLock;
-	TxLock = vmalloc(size);
+	TxLock = vzalloc(size);
 	if (TxLock == NULL) {
 		vfree(TxBlock);
 		return -ENOMEM;
@@ -660,7 +660,10 @@ struct tlock *txLock(tid_t tid, struct inode *ip, struct metapage * mp,
 			for (last = jfs_ip->atlhead;
 			     lid_to_tlock(last)->next != lid;
 			     last = lid_to_tlock(last)->next) {
-				assert(last);
+				if (!last) {
+					jfs_err("txLock: lid %d not found in atl list", lid);
+					goto grantLock;
+				}
 			}
 			lid_to_tlock(last)->next = tlck->next;
 			if (jfs_ip->atltail == lid)