lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <69351d47.a70a0220.38f243.0048.GAE@google.com>
Date: Sat, 06 Dec 2025 22:23:03 -0800
From: syzbot <syzbot+a099d674daa27a9272db@...kaller.appspotmail.com>
To: kartikey406@...il.com, linux-kernel@...r.kernel.org, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [jfs?] kernel BUG in dtSplitRoot

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in lock_metapage

INFO: task syz.0.24:6012 blocked for more than 143 seconds.
      Not tainted syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz.0.24        state:D stack:26952 pid:6012  tgid:5990  ppid:5740   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x14bc/0x5000 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6960
 io_schedule+0x80/0xd0 kernel/sched/core.c:7789
 __lock_metapage fs/jfs/jfs_metapage.c:52 [inline]
 lock_metapage+0x1f3/0x400 fs/jfs/jfs_metapage.c:66
 __get_metapage+0x49a/0xde0 fs/jfs/jfs_metapage.c:748
 dtSplitPage+0x1fe/0x3b20 fs/jfs/jfs_dtree.c:1363
 dtSplitUp fs/jfs/jfs_dtree.c:1092 [inline]
 dtInsert+0x109b/0x5f40 fs/jfs/jfs_dtree.c:871
 jfs_create+0x6c8/0xa80 fs/jfs/namei.c:137
 lookup_open fs/namei.c:4440 [inline]
 open_last_lookups fs/namei.c:4540 [inline]
 path_openat+0x18bb/0x3dd0 fs/namei.c:4784
 do_filp_open+0x1fa/0x410 fs/namei.c:4814
 do_sys_openat2+0x121/0x200 fs/open.c:1430
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_creat fs/open.c:1514 [inline]
 __se_sys_creat fs/open.c:1508 [inline]
 __x64_sys_creat+0x8f/0xc0 fs/open.c:1508
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f90d2b8f7c9
RSP: 002b:00007f90d3a54038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f90d2de6090 RCX: 00007f90d2b8f7c9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000580
RBP: 00007f90d2c13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f90d2de6128 R14: 00007f90d2de6090 R15: 00007fffb4518cc8
 </TASK>

Showing all locks held in the system:
1 lock held by khungtaskd/26:
 #0: ffffffff8e1419e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e1419e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #0: ffffffff8e1419e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 kernel/locking/lockdep.c:6775
2 locks held by getty/5126:
 #0: ffff88801f6cc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 drivers/tty/tty_ldisc.c:243
 #1: ffffc900019962f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 drivers/tty/n_tty.c:2211
4 locks held by syz.0.24/6012:
 #0: ffff888037908420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 fs/namespace.c:499
 #1: ffff888046188578 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #1: ffff888046188578 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: open_last_lookups fs/namei.c:4537 [inline]
 #1: ffff888046188578 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: path_openat+0xb47/0x3dd0 fs/namei.c:4784
 #2: ffff8880461881c8 (&jfs_ip->commit_mutex){+.+.}-{4:4}, at: jfs_create+0x1f5/0xa80 fs/jfs/namei.c:100
 #3: ffff888046186fa8 (&jfs_ip->commit_mutex/1){+.+.}-{4:4}, at: jfs_create+0x210/0xa80 fs/jfs/namei.c:101
2 locks held by dhcpcd/7028:
 #0: ffff88801a3ca488 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1027 [inline]
 #0: ffff88801a3ca488 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release net/socket.c:661 [inline]
 #0: ffff88801a3ca488 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240 net/socket.c:1455
 #1: ffffffff8e147538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #1: ffffffff8e147538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
1 lock held by syz.4.463/7030:
2 locks held by dhcpcd/7031:
 #0: ffff888052496260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1700 [inline]
 #0: ffff888052496260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3197
 #1: ffffffff8e147538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock kernel/rcu/tree_exp.h:343 [inline]
 #1: ffffffff8e147538 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 kernel/rcu/tree_exp.h:956
2 locks held by syz.6.464/7034:
3 locks held by syz.3.465/7035:
1 lock held by dhcpcd/7036:
 #0: ffff8880114e0260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1700 [inline]
 #0: ffff8880114e0260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3197
1 lock held by dhcpcd/7037:
 #0: ffff8880433ec260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1700 [inline]
 #0: ffff8880433ec260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 net/packet/af_packet.c:3197
2 locks held by syz.1.466/7039:
2 locks held by syz.2.467/7041:

=============================================

NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 26 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 nmi_cpu_backtrace+0x39e/0x3d0 lib/nmi_backtrace.c:113
 nmi_trigger_cpumask_backtrace+0x17a/0x300 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:160 [inline]
 __sys_info lib/sys_info.c:157 [inline]
 sys_info+0x135/0x170 lib/sys_info.c:165
 check_hung_uninterruptible_tasks kernel/hung_task.c:346 [inline]
 watchdog+0xf95/0xfe0 kernel/hung_task.c:515
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>


Tested on:

commit:         37bb2e72 Merge tag 'staging-6.19-rc1' of git://git.ker..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10d2a6c2580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=1889d7812b50029c
dashboard link: https://syzkaller.appspot.com/bug?extid=a099d674daa27a9272db
compiler:       Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=14ee221a580000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ