From: syzbot <syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
tristmd@gmail.com
Subject: Re: [syzbot] [jfs?] KMSAN: uninit-value in txLock
Date: Fri, 17 Apr 2026 11:49:01 -0700 [thread overview]
Message-ID: <69e2809d.050a0220.1de265.0031.GAE@google.com> (raw)
In-Reply-To: <177644276543.3783661.2549646862156202244@talencesecurity.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in txLock
ip: ffff8880139c57b8: 139c57b0 ffff8880 00000000 00000000
ip: ffff8880139c57c8: 00000000 00000000 00000000 00000000
ip: ffff8880139c57d8: 00000000 00000000
=====================================================
BUG: KMSAN: uninit-value in hex_dump_to_buffer+0xe86/0xeb0 lib/hexdump.c:172
hex_dump_to_buffer+0xe86/0xeb0 lib/hexdump.c:172
print_hex_dump+0x10d/0x330 lib/hexdump.c:277
txLock+0xe8f/0x29d0 fs/jfs/jfs_txnmgr.c:832
xtInsert+0xd25/0x1530 fs/jfs/jfs_xtree.c:645
extAlloc+0x12ec/0x17e0 fs/jfs/jfs_extent.c:150
jfs_get_block+0x610/0xe30 fs/jfs/inode.c:254
get_more_blocks fs/direct-io.c:648 [inline]
do_direct_IO fs/direct-io.c:936 [inline]
__blockdev_direct_IO+0x281f/0x6100 fs/direct-io.c:1243
blockdev_direct_IO include/linux/fs.h:3133 [inline]
jfs_direct_IO+0x12b/0x3f0 fs/jfs/inode.c:339
generic_file_direct_write+0x2bc/0x730 mm/filemap.c:4258
__generic_file_write_iter+0x25b/0x460 mm/filemap.c:4427
generic_file_write_iter+0x131/0x980 mm/filemap.c:4467
iter_file_splice_write+0x12d8/0x20c0 fs/splice.c:736
do_splice_from fs/splice.c:936 [inline]
direct_splice_actor+0x31a/0x7d0 fs/splice.c:1159
splice_direct_to_actor+0x9a3/0x1560 fs/splice.c:1103
do_splice_direct_actor fs/splice.c:1202 [inline]
do_splice_direct+0x1e0/0x350 fs/splice.c:1228
do_sendfile+0x9fc/0x1130 fs/read_write.c:1372
__do_sys_sendfile64 fs/read_write.c:1433 [inline]
__se_sys_sendfile64+0x1e3/0x280 fs/read_write.c:1419
__x64_sys_sendfile64+0xbd/0x120 fs/read_write.c:1419
x64_sys_call+0x3aa4/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:41
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at:
hex_dump_to_buffer+0xe7f/0xeb0 lib/hexdump.c:174
print_hex_dump+0x10d/0x330 lib/hexdump.c:277
txLock+0xe8f/0x29d0 fs/jfs/jfs_txnmgr.c:832
xtInsert+0xd25/0x1530 fs/jfs/jfs_xtree.c:645
extAlloc+0x12ec/0x17e0 fs/jfs/jfs_extent.c:150
jfs_get_block+0x610/0xe30 fs/jfs/inode.c:254
get_more_blocks fs/direct-io.c:648 [inline]
do_direct_IO fs/direct-io.c:936 [inline]
__blockdev_direct_IO+0x281f/0x6100 fs/direct-io.c:1243
blockdev_direct_IO include/linux/fs.h:3133 [inline]
jfs_direct_IO+0x12b/0x3f0 fs/jfs/inode.c:339
generic_file_direct_write+0x2bc/0x730 mm/filemap.c:4258
__generic_file_write_iter+0x25b/0x460 mm/filemap.c:4427
generic_file_write_iter+0x131/0x980 mm/filemap.c:4467
iter_file_splice_write+0x12d8/0x20c0 fs/splice.c:736
do_splice_from fs/splice.c:936 [inline]
direct_splice_actor+0x31a/0x7d0 fs/splice.c:1159
splice_direct_to_actor+0x9a3/0x1560 fs/splice.c:1103
do_splice_direct_actor fs/splice.c:1202 [inline]
do_splice_direct+0x1e0/0x350 fs/splice.c:1228
do_sendfile+0x9fc/0x1130 fs/read_write.c:1372
__do_sys_sendfile64 fs/read_write.c:1433 [inline]
__se_sys_sendfile64+0x1e3/0x280 fs/read_write.c:1419
__x64_sys_sendfile64+0xbd/0x120 fs/read_write.c:1419
x64_sys_call+0x3aa4/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:41
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4576 [inline]
slab_alloc_node mm/slub.c:4898 [inline]
kmem_cache_alloc_noprof+0x373/0x1250 mm/slub.c:4905
mempool_alloc_slab+0x36/0x50 mm/mempool.c:722
mempool_alloc_noprof+0x19d/0x3c0 mm/mempool.c:566
alloc_metapage fs/jfs/jfs_metapage.c:264 [inline]
__get_metapage+0xa20/0x1840 fs/jfs/jfs_metapage.c:761
xtSplitRoot+0x164/0x1560 fs/jfs/jfs_xtree.c:1242
xtSplitUp+0x8c2/0x2ea0 fs/jfs/jfs_xtree.c:785
xtInsert+0x77a/0x1530 fs/jfs/jfs_xtree.c:608
extAlloc+0x12ec/0x17e0 fs/jfs/jfs_extent.c:150
jfs_get_block+0x610/0xe30 fs/jfs/inode.c:254
get_more_blocks fs/direct-io.c:648 [inline]
do_direct_IO fs/direct-io.c:936 [inline]
__blockdev_direct_IO+0x281f/0x6100 fs/direct-io.c:1243
blockdev_direct_IO include/linux/fs.h:3133 [inline]
jfs_direct_IO+0x12b/0x3f0 fs/jfs/inode.c:339
generic_file_direct_write+0x2bc/0x730 mm/filemap.c:4258
__generic_file_write_iter+0x25b/0x460 mm/filemap.c:4427
generic_file_write_iter+0x131/0x980 mm/filemap.c:4467
iter_file_splice_write+0x12d8/0x20c0 fs/splice.c:736
do_splice_from fs/splice.c:936 [inline]
direct_splice_actor+0x31a/0x7d0 fs/splice.c:1159
splice_direct_to_actor+0x9a3/0x1560 fs/splice.c:1103
do_splice_direct_actor fs/splice.c:1202 [inline]
do_splice_direct+0x1e0/0x350 fs/splice.c:1228
do_sendfile+0x9fc/0x1130 fs/read_write.c:1372
__do_sys_sendfile64 fs/read_write.c:1433 [inline]
__se_sys_sendfile64+0x1e3/0x280 fs/read_write.c:1419
__x64_sys_sendfile64+0xbd/0x120 fs/read_write.c:1419
x64_sys_call+0x3aa4/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:41
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 6587 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
=====================================================
Tested on:
commit: d662a710 Merge tag 'dmaengine-7.1-rc1' of git://git.ke..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=14daa4ce580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5aa0042346eface8
dashboard link: https://syzkaller.appspot.com/bug?extid=d3a57c32b9112d7b01ec
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch: https://syzkaller.appspot.com/x/patch.diff?x=171624ce580000
next parent reply other threads:[~2026-04-17 18:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <177644276543.3783661.2549646862156202244@talencesecurity.com>
2026-04-17 18:49 ` syzbot [this message]
[not found] <177645307166.231234.16799988278505488734@gmail.com>
2026-04-17 20:02 ` [syzbot] [jfs?] KMSAN: uninit-value in txLock syzbot
[not found] <20260417133011.3194994-1-tristmd@gmail.com>
2026-04-17 14:12 ` syzbot
[not found] <20260417101149.2488963-1-tristmd@gmail.com>
2026-04-17 11:16 ` syzbot
[not found] <20260123053348.1844888-1-kartikey406@gmail.com>
2026-01-23 8:34 ` syzbot
[not found] <20260123051225.1843851-1-kartikey406@gmail.com>
2026-01-23 8:01 ` syzbot
[not found] <20260123053111.1844791-1-kartikey406@gmail.com>
2026-01-23 6:21 ` syzbot
2026-01-22 18:49 syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69e2809d.050a0220.1de265.0031.GAE@google.com \
--to=syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tristmd@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.