Hello,
syzbot found the following issue on:
HEAD commit: e5cd595e23c1 Linux 6.1.83
git tree: linux-6.1.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=147e2655180000
kernel config:
https://syzkaller.appspot.com/x/.config?x=638c7154137d2582
dashboard link:
https://syzkaller.appspot.com/bug?extid=6fbe81d2121c919ab302
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/a9b3de36bd43/disk-e5cd595e.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/2af9bc6e6ea4/vmlinux-e5cd595e.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/7f58381bafc0/Image-e5cd595e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+6fbe81...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jffs2/nodelist.c:462!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4241 Comm: syz-executor.1 Not tainted 6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
sp : ffff80001e017640
x29: ffff80001e017640 x28: 1fffe00020185052 x27: 1fffe00020185014
x26: 1fffe00020185017 x25: dfff800000000000 x24: dfff800000000000
x23: 0000000000000006 x22: ffff0000cded9000 x21: ffff0000f5132000
x20: ffff0000cded9020 x19: ffff0000cded9000 x18: ffff80001e017220
x17: ffff8000188cc000 x16: ffff80000825f5e8 x15: ffff8000183b1f80
x14: 1ffff00002b080b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800009723280
x8 : ffff0000d60bb780 x7 : ffff8000082dbe4c x6 : 0000000000000000
x5 : ffff80001e017560 x4 : 0000000000000000 x3 : ffff80000831d994
x2 : 0000000000000001 x1 : ffff0000cded9000 x0 : ffff0000f5132000
Call trace:
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
evict+0x260/0x68c fs/inode.c:666
dispose_list fs/inode.c:699 [inline]
evict_inodes+0x6b4/0x74c fs/inode.c:749
generic_shutdown_super+0x9c/0x328 fs/super.c:480
kill_mtd_super+0x2c/0x74 drivers/mtd/mtdsuper.c:197
jffs2_kill_sb+0x94/0xb0 fs/jffs2/super.c:348
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2148/0x3474 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: aa1703e0 97c9448b 17ffff91 97b757f7 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup