From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oa1-f72.google.com (mail-oa1-f72.google.com [209.85.160.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6535AEADC for ; Fri, 17 Apr 2026 16:20:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.72 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776442827; cv=none; b=iFiT/xaHi5lgOna2Ln9OFlPt7Moc8LKi9bxp7ausk/2D8Oq4VofCNbOFP48vxO9DF5POhEJMZUhZSZTg69sdH9eDkegWgZm/soudc/T7dGnR5+LE+hbLNQTm7tK2Ed/+B1B4XdssEnruBiaHfy9lgM88pPpsxO4EWcJKGKbXni0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776442827; c=relaxed/simple; bh=SMEbjaWbdKV2Y+TTnXMWr3TeBgpqnUJDTRMWdvpcsYw=; h=MIME-Version:Date:In-Reply-To:Message-ID:Subject:From:To: Content-Type; b=ABCtWnIzTE6Fc8Zkhnkh8JgY7fCc75Ljxq8DUGdGyc/FaUwRkPu7KZDCNeCjQcD722cXpNE5gbgGeiAbDUtCgINDKkgSSZyndV6BnMuVby6FOZCS2bHMQUIqsJAgqnj6vxF/7FXpN5yn7oeuoqQckqncrDqLB7Zy6Uv2d9+Syb4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; arc=none smtp.client-ip=209.85.160.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=none dis=none) header.from=syzkaller.appspotmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-oa1-f72.google.com with SMTP id 586e51a60fabf-41c07bdd2a9so1739653fac.3 for ; Fri, 17 Apr 2026 09:20:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776442825; x=1777047625; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OpRIfUl33nZlwzcxoOX2nysC4dRHg0SwGDRI0+jg60Q=; b=h9oGJiEulNm5bIK4ZBcfyEYoP/jCV9VcrSJLtFHDxzjV2h9shF+FWXs4eZLDda2U1j UzLr/m04yT5NODqGTlmEdC/j2wH1+YkACUXSVko2jpekTz6ASbN3EzhE4EtrdNA4IqY9 mOeNPYkPtUjCeis5BWIpFy8/TZ4CSrnE+rAvZrzGox++Oa44ps+cKNu32LXNNP1cX3s3 uXqLW7BkJakKcDhXvox/bqXmVsGfLcY7089Ki3G0qWSKbqjN4FyHM084bFWgUAnW3swR CYUyJefsA4d8wEMmfbQ3VAWxPFxxdfhbi1EyE3NcWWZK7X+iy95LpXwKdCtOvurvNU2M blWw== X-Gm-Message-State: AOJu0Yw/TP+QQuT6dMdM1tkMdAB40VCjwLmWcJ04B6wet6aKSgWNCgMl wDrUXwkFd2U8B6REMtrNydvJ0e4A23ebeCRHPgjeSxsP6GqYwFxa/WwXZ1f7jStvcPmMbGM3SXv kFchFBIKV9+EmBMaKOFqDb0zlkhopvXnthDJzz7FQxt/FDgr5UHd5wUfAQss= Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Received: by 2002:a05:6820:1b10:b0:67b:c7a0:e4fa with SMTP id 006d021491bc7-69462de1a1amr1638032eaf.4.1776442825400; Fri, 17 Apr 2026 09:20:25 -0700 (PDT) Date: Fri, 17 Apr 2026 09:20:25 -0700 In-Reply-To: <68197d2b.050a0220.23d401.2859.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <69e25dc9.050a0220.1de265.0028.GAE@google.com> Subject: Forwarded: Re: [syzbot] KMSAN: uninit-value in BT_STACK_DUMP From: syzbot To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" For archival purposes, forwarding an incoming command email to linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com. *** Subject: Re: [syzbot] KMSAN: uninit-value in BT_STACK_DUMP Author: tristmd@gmail.com #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master >>From 1f2ecf89a062d7428650e0529613f47930961464 Mon Sep 17 00:00:00 2001 From: Tristan Madani Date: Fri, 17 Apr 2026 16:15:15 +0000 Subject: [PATCH] jfs: fix uninit-value in BT_STACK_DUMP by limiting loop to actual depth BT_STACK_DUMP iterates over MAXTREEHEIGHT entries, but only entries between stack and top are initialized. Reading beyond top accesses uninitialized stack memory, triggering KMSAN. Fix by computing the actual depth and using it as the loop bound. Reported-by: syzbot+ba5f49027aace342d24d@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=ba5f49027aace342d24d Signed-off-by: Tristan Madani --- fs/jfs/jfs_btree.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/jfs/jfs_btree.h b/fs/jfs/jfs_btree.h index ce055ef..26dd5ac 100644 --- a/fs/jfs/jfs_btree.h +++ b/fs/jfs/jfs_btree.h @@ -131,8 +131,10 @@ struct btstack { static inline void BT_STACK_DUMP(struct btstack *btstack) { int i; + int depth = btstack->top - btstack->stack; + printk("btstack dump:\n"); - for (i = 0; i < MAXTREEHEIGHT; i++) + for (i = 0; i < depth; i++) printk(KERN_ERR "bn = %Lx, index = %d\n", (long long)btstack->stack[i].bn, btstack->stack[i].index); -- 2.47.3