From: syzbot <syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Forwarded: [PATCH] jfs: fix KMSAN warning in txLock
Date: Thu, 22 Jan 2026 21:12:32 -0800 [thread overview]
Message-ID: <69730340.a70a0220.35de72.0004.GAE@google.com> (raw)
In-Reply-To: <69727142.050a0220.706b.0027.GAE@google.com>
For archival purposes, forwarding an incoming command email to
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com.
***
Subject: [PATCH] jfs: fix KMSAN warning in txLock
Author: kartikey406@gmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Syzbot reported a KMSAN uninit-value warning in txLock when accessing
jfs_ip->atlhead:
BUG: KMSAN: uninit-value in txLock+0x13a2/0x2900 fs/jfs/jfs_txnmgr.c:659
This occurs because the jfs_inode_info structure is allocated from a
slab cache but not fully initialized, leaving fields like atlhead,
atltail, and anon_inode_list with garbage values from previously freed
inodes.
When txLock() attempts to traverse the anonymous transaction lock list
by reading jfs_ip->atlhead, it accesses uninitialized memory, triggering
the KMSAN warning.
Fix this by zeroing the entire jfs_inode_info structure in
jfs_alloc_inode(). This is consistent with how other filesystems handle
inode allocation and ensures all fields start with known values,
preventing this and potential similar bugs.
Reported-by: syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d3a57c32b9112d7b01ec
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
---
fs/jfs/super.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/fs/jfs/super.c b/fs/jfs/super.c
index 3cfb86c5a36e..236fe8d42542 100644
--- a/fs/jfs/super.c
+++ b/fs/jfs/super.c
@@ -105,9 +105,7 @@ static struct inode *jfs_alloc_inode(struct super_block *sb)
jfs_inode = alloc_inode_sb(sb, jfs_inode_cachep, GFP_NOFS);
if (!jfs_inode)
return NULL;
-#ifdef CONFIG_QUOTA
- memset(&jfs_inode->i_dquot, 0, sizeof(jfs_inode->i_dquot));
-#endif
+ memset(jfs_inode, 0, sizeof(struct jfs_inode_info));
return &jfs_inode->vfs_inode;
}
--
2.43.0
next prev parent reply other threads:[~2026-01-23 5:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-22 18:49 [syzbot] [jfs?] KMSAN: uninit-value in txLock syzbot
2026-01-23 5:12 ` syzbot [this message]
2026-01-23 5:31 ` Forwarded: [PATCH] jfs: fix KMSAN warning " syzbot
2026-01-23 5:33 ` syzbot
2026-04-17 10:11 ` Forwarded: [PATCH] jfs: fix uninit-value " syzbot
2026-04-17 13:30 ` Forwarded: [PATCH v2] jfs: fix uninit-value and assert crash " syzbot
2026-04-17 16:19 ` Forwarded: Re: [syzbot] KMSAN: uninit-value " syzbot
2026-04-17 19:11 ` Forwarded: Re: [syzbot] [jfs?] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69730340.a70a0220.35de72.0004.GAE@google.com \
--to=syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.