Re: [syzbot] [jfs?] KMSAN: uninit-value in txLock

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	 tristmd@gmail.com
Subject: Re: [syzbot] [jfs?] KMSAN: uninit-value in txLock
Date: Fri, 17 Apr 2026 04:16:01 -0700	[thread overview]
Message-ID: <69e21671.050a0220.1de265.001b.GAE@google.com> (raw)
In-Reply-To: <20260417101149.2488963-1-tristmd@gmail.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in txLock

BUG at fs/jfs/jfs_txnmgr.c:663 assert(last)
------------[ cut here ]------------
kernel BUG at fs/jfs/jfs_txnmgr.c:663!
Oops: invalid opcode: 0000 [#1] SMP PTI
CPU: 1 UID: 0 PID: 6659 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:txLock+0x144c/0x2900 fs/jfs/jfs_txnmgr.c:663
Code: c7 80 20 03 00 00 00 00 00 00 48 c7 c7 1b 47 1e 92 48 c7 c6 f0 5c f6 91 ba 97 02 00 00 48 c7 c1 a7 04 0b 92 e8 b5 34 b7 fc 90 <0f> 0b 48 83 7d b8 00 0f 85 df 0f 00 00 4c 8b 6d 90 41 0f b7 5d 00
RSP: 0018:ffff888049143458 EFLAGS: 00010286
RAX: 000000000000002b RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffff888049143548 R08: ffffea000000000f R09: 0000000000000000
R10: ffff888237c8d028 R11: ffff88823f257df0 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fa63e6d76c0(0000) GS:ffff8881aa95c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000022000 CR3: 0000000013ce2000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 xtTruncate+0xffd/0x5210 fs/jfs/jfs_xtree.c:2337
 jfs_truncate_nolock+0x223/0x670 fs/jfs/inode.c:396
 jfs_truncate fs/jfs/inode.c:420 [inline]
 jfs_write_failed+0x207/0x3c0 fs/jfs/inode.c:295
 jfs_write_end+0xcc/0x110 fs/jfs/inode.c:322
 generic_perform_write+0x99f/0x1050 mm/filemap.c:4345
 __generic_file_write_iter+0x213/0x460 mm/filemap.c:4441
 generic_file_write_iter+0x131/0x980 mm/filemap.c:4467
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0xbe1/0x15c0 fs/read_write.c:688
 ksys_pwrite64 fs/read_write.c:795 [inline]
 __do_sys_pwrite64 fs/read_write.c:803 [inline]
 __se_sys_pwrite64 fs/read_write.c:800 [inline]
 __x64_sys_pwrite64+0x2ab/0x3b0 fs/read_write.c:800
 x64_sys_call+0xbef/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:19
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa63d79aef9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa63e6d7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007fa63da05fa0 RCX: 00007fa63d79aef9
RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000004
RBP: 00007fa63d82fee0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000009000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa63da06038 R14: 00007fa63da05fa0 R15: 00007ffeee193088
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:txLock+0x144c/0x2900 fs/jfs/jfs_txnmgr.c:663
Code: c7 80 20 03 00 00 00 00 00 00 48 c7 c7 1b 47 1e 92 48 c7 c6 f0 5c f6 91 ba 97 02 00 00 48 c7 c1 a7 04 0b 92 e8 b5 34 b7 fc 90 <0f> 0b 48 83 7d b8 00 0f 85 df 0f 00 00 4c 8b 6d 90 41 0f b7 5d 00
RSP: 0018:ffff888049143458 EFLAGS: 00010286
RAX: 000000000000002b RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
RBP: ffff888049143548 R08: ffffea000000000f R09: 0000000000000000
R10: ffff888237c8d028 R11: ffff88823f257df0 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fa63e6d76c0(0000) GS:ffff8881aa95c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000022000 CR3: 0000000013ce2000 CR4: 00000000003526f0


Tested on:

commit:         43cfbdda Merge tag 'for-linus-iommufd' of git://git.ke..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=11e641ba580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=572950cdd18a910f
dashboard link: https://syzkaller.appspot.com/bug?extid=d3a57c32b9112d7b01ec
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17da41ba580000

next      parent reply	other threads:[~2026-04-17 11:16 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20260417101149.2488963-1-tristmd@gmail.com>
2026-04-17 11:16 ` syzbot [this message]
     [not found] <177645307166.231234.16799988278505488734@gmail.com>
2026-04-17 20:02 ` [syzbot] [jfs?] KMSAN: uninit-value in txLock syzbot
     [not found] <177644276543.3783661.2549646862156202244@talencesecurity.com>
2026-04-17 18:49 ` syzbot
     [not found] <20260417133011.3194994-1-tristmd@gmail.com>
2026-04-17 14:12 ` syzbot
     [not found] <20260123053348.1844888-1-kartikey406@gmail.com>
2026-01-23  8:34 ` syzbot
     [not found] <20260123051225.1843851-1-kartikey406@gmail.com>
2026-01-23  8:01 ` syzbot
     [not found] <20260123053111.1844791-1-kartikey406@gmail.com>
2026-01-23  6:21 ` syzbot
2026-01-22 18:49 syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69e21671.050a0220.1de265.001b.GAE@google.com \
    --to=syzbot+d3a57c32b9112d7b01ec@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tristmd@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox