Re: [syzbot] [jfs?] KMSAN: uninit-value in txLock

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	 tristmd@gmail.com
Subject: Re: [syzbot] [jfs?] KMSAN: uninit-value in txLock
Date: Fri, 17 Apr 2026 04:16:01 -0700	[thread overview]
Message-ID: <69e21671.050a0220.1de265.001b.GAE@google.com> (raw)
In-Reply-To: <20260417101149.2488963-1-tristmd@gmail.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in txLock

BUG at fs/jfs/jfs_txnmgr.c:663 assert(last)
------------[ cut here ]------------
kernel BUG at fs/jfs/jfs_txnmgr.c:663!
Oops: invalid opcode: 0000 [#1] SMP PTI
CPU: 1 UID: 0 PID: 6659 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:txLock+0x144c/0x2900 fs/jfs/jfs_txnmgr.c:663
Code: c7 80 20 03 00 00 00 00 00 00 48 c7 c7 1b 47 1e 92 48 c7 c6 f0 5c f6 91 ba 97 02 00 00 48 c7 c1 a7 04 0b 92 e8 b5 34 b7 fc 90 <0f> 0b 48 83 7d b8 00 0f 85 df 0f 00 00 4c 8b 6d 90 41 0f b7 5d 00
RSP: 0018:ffff888049143458 EFLAGS: 00010286
RAX: 000000000000002b RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffff888049143548 R08: ffffea000000000f R09: 0000000000000000
R10: ffff888237c8d028 R11: ffff88823f257df0 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fa63e6d76c0(0000) GS:ffff8881aa95c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000022000 CR3: 0000000013ce2000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 xtTruncate+0xffd/0x5210 fs/jfs/jfs_xtree.c:2337
 jfs_truncate_nolock+0x223/0x670 fs/jfs/inode.c:396
 jfs_truncate fs/jfs/inode.c:420 [inline]
 jfs_write_failed+0x207/0x3c0 fs/jfs/inode.c:295
 jfs_write_end+0xcc/0x110 fs/jfs/inode.c:322
 generic_perform_write+0x99f/0x1050 mm/filemap.c:4345
 __generic_file_write_iter+0x213/0x460 mm/filemap.c:4441
 generic_file_write_iter+0x131/0x980 mm/filemap.c:4467
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0xbe1/0x15c0 fs/read_write.c:688
 ksys_pwrite64 fs/read_write.c:795 [inline]
 __do_sys_pwrite64 fs/read_write.c:803 [inline]
 __se_sys_pwrite64 fs/read_write.c:800 [inline]
 __x64_sys_pwrite64+0x2ab/0x3b0 fs/read_write.c:800
 x64_sys_call+0xbef/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:19
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa63d79aef9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa63e6d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007fa63da05fa0 RCX: 00007fa63d79aef9
RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000004
RBP: 00007fa63d82fee0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa63da06038 R14: 00007fa63da05fa0 R15: 00007ffeee193088
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:txLock+0x144c/0x2900 fs/jfs/jfs_txnmgr.c:663
Code: c7 80 20 03 00 00 00 00 00 00 48 c7 c7 1b 47 1e 92 48 c7 c6 f0 5c f6 91 ba 97 02 00 00 48 c7 c1 a7 04 0b 92 e8 b5 34 b7 fc 90 <0f> 0b 48 83 7d b8 00 0f 85 df 0f 00 00 4c 8b 6d 90 41 0f b7 5d 00
RSP: 0018:ffff888049143458 EFLAGS: 00010286
RAX: 000000000000002b RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffff888049143548 R08: ffffea000000000f R09: 0000000000000000
R10: ffff888237c8d028 R11: ffff88823f257df0 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fa63e6d76c0(0000) GS:ffff8881aa95c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000022000 CR3: 0000000013ce2000 CR4: 00000000003526f0


Tested on:

commit:         43cfbdda Merge tag 'for-linus-iommufd' of git://git.ke..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=11e641ba580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=572950cdd18a910f
dashboard link: https://syzkaller.appspot.com/bug?extid=d3a57c32b9112d7b01ec
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17da41ba580000

next      parent reply	other threads:[~2026-04-17 11:16 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20260417101149.2488963-1-tristmd@gmail.com>
2026-04-17 11:16 ` syzbot [this message]
     [not found] <177645307166.231234.16799988278505488734@gmail.com>
2026-04-17 20:02 ` [syzbot] [jfs?] KMSAN: uninit-value in txLock syzbot
     [not found] <177644276543.3783661.2549646862156202244@talencesecurity.com>
2026-04-17 18:49 ` syzbot
     [not found] <20260417133011.3194994-1-tristmd@gmail.com>
2026-04-17 14:12 ` syzbot
     [not found] <20260123053348.1844888-1-kartikey406@gmail.com>
2026-01-23  8:34 ` syzbot
     [not found] <20260123051225.1843851-1-kartikey406@gmail.com>
2026-01-23  8:01 ` syzbot
     [not found] <20260123053111.1844791-1-kartikey406@gmail.com>
2026-01-23  6:21 ` syzbot
2026-01-22 18:49 syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69e21671.050a0220.1de265.001b.GAE@google.com \
    --to=syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tristmd@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.