[v6.1] kernel BUG in jffs2_del_ino_cache
0 views
Skip to first unread message
syzbot
Apr 3, 2024, 4:31:30 AMApr 3
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e5cd595e23c1 Linux 6.1.83
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=147e2655180000
kernel config: https://syzkaller.appspot.com/x/.config?x=638c7154137d2582
dashboard link: https://syzkaller.appspot.com/bug?extid=6fbe81d2121c919ab302
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a9b3de36bd43/disk-e5cd595e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2af9bc6e6ea4/vmlinux-e5cd595e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7f58381bafc0/Image-e5cd595e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6fbe81...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jffs2/nodelist.c:462!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4241 Comm: syz-executor.1 Not tainted 6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
sp : ffff80001e017640
x29: ffff80001e017640 x28: 1fffe00020185052 x27: 1fffe00020185014
x26: 1fffe00020185017 x25: dfff800000000000 x24: dfff800000000000
x23: 0000000000000006 x22: ffff0000cded9000 x21: ffff0000f5132000
x20: ffff0000cded9020 x19: ffff0000cded9000 x18: ffff80001e017220
x17: ffff8000188cc000 x16: ffff80000825f5e8 x15: ffff8000183b1f80
x14: 1ffff00002b080b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800009723280
x8 : ffff0000d60bb780 x7 : ffff8000082dbe4c x6 : 0000000000000000
x5 : ffff80001e017560 x4 : 0000000000000000 x3 : ffff80000831d994
x2 : 0000000000000001 x1 : ffff0000cded9000 x0 : ffff0000f5132000
Call trace:
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
evict+0x260/0x68c fs/inode.c:666
dispose_list fs/inode.c:699 [inline]
evict_inodes+0x6b4/0x74c fs/inode.c:749
generic_shutdown_super+0x9c/0x328 fs/super.c:480
kill_mtd_super+0x2c/0x74 drivers/mtd/mtdsuper.c:197
jffs2_kill_sb+0x94/0xb0 fs/jffs2/super.c:348
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2148/0x3474 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: aa1703e0 97c9448b 17ffff91 97b757f7 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: e5cd595e23c1 Linux 6.1.83
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=147e2655180000
kernel config: https://syzkaller.appspot.com/x/.config?x=638c7154137d2582
dashboard link: https://syzkaller.appspot.com/bug?extid=6fbe81d2121c919ab302
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a9b3de36bd43/disk-e5cd595e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2af9bc6e6ea4/vmlinux-e5cd595e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7f58381bafc0/Image-e5cd595e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6fbe81...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jffs2/nodelist.c:462!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4241 Comm: syz-executor.1 Not tainted 6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
sp : ffff80001e017640
x29: ffff80001e017640 x28: 1fffe00020185052 x27: 1fffe00020185014
x26: 1fffe00020185017 x25: dfff800000000000 x24: dfff800000000000
x23: 0000000000000006 x22: ffff0000cded9000 x21: ffff0000f5132000
x20: ffff0000cded9020 x19: ffff0000cded9000 x18: ffff80001e017220
x17: ffff8000188cc000 x16: ffff80000825f5e8 x15: ffff8000183b1f80
x14: 1ffff00002b080b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800009723280
x8 : ffff0000d60bb780 x7 : ffff8000082dbe4c x6 : 0000000000000000
x5 : ffff80001e017560 x4 : 0000000000000000 x3 : ffff80000831d994
x2 : 0000000000000001 x1 : ffff0000cded9000 x0 : ffff0000f5132000
Call trace:
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
evict+0x260/0x68c fs/inode.c:666
dispose_list fs/inode.c:699 [inline]
evict_inodes+0x6b4/0x74c fs/inode.c:749
generic_shutdown_super+0x9c/0x328 fs/super.c:480
kill_mtd_super+0x2c/0x74 drivers/mtd/mtdsuper.c:197
jffs2_kill_sb+0x94/0xb0 fs/jffs2/super.c:348
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2148/0x3474 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: aa1703e0 97c9448b 17ffff91 97b757f7 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Apr 3, 2024, 4:31:31 AMApr 3
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 9465fef4ae35 Linux 5.15.153
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1342289d180000
kernel config: https://syzkaller.appspot.com/x/.config?x=74ff83133fa97f6c
dashboard link: https://syzkaller.appspot.com/bug?extid=93f6bfed6a4a702b48cc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3c82fda40b43/disk-9465fef4.raw.xz
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/ec13893dc103/vmlinux-9465fef4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7b44910e5283/Image-9465fef4.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
------------[ cut here ]------------
kernel BUG at fs/jffs2/nodelist.c:462!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
sp : ffff80001cc876c0
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
x29: ffff80001cc876c0 x28: 1fffe0001b835052 x27: 1fffe0001b835014
x26: 1fffe0001b835017 x25: dfff800000000000 x24: dfff800000000000
x23: 0000000000000006 x22: ffff0000d08c9000 x21: ffff0000e59ce000
x20: ffff0000d08c9020 x19: ffff0000d08c9000 x18: ffff80001cc872a0
x17: 0000000000000000 x16: ffff80000824dad4 x15: 0000000000019bc1
x14: 1ffff0000292206a x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000ca563680
x8 : ffff80000963d92c x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff80001cc875e0 x4 : 0000000000000000 x3 : ffff8000083041cc
x2 : 0000000000000001 x1 : ffff0000d08c9000 x0 : ffff0000e59ce000
Call trace:
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
evict+0x260/0x68c fs/inode.c:587
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
dispose_list fs/inode.c:620 [inline]
evict_inodes+0x6b4/0x74c fs/inode.c:670
generic_shutdown_super+0x9c/0x29c fs/super.c:454
kill_mtd_super+0x2c/0x74 drivers/mtd/mtdsuper.c:196
jffs2_kill_sb+0x94/0xb0 fs/jffs2/super.c:348
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:609
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: aa1703e0 97ca38a8 17ffff91 97ba13fc (d4210000)
---[ end trace d917b38ad92b8b12 ]---
syzbot
Apr 3, 2024, 5:21:39 AMApr 3
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 9465fef4ae35 Linux 5.15.153
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10df2889180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12a2289d180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3c82fda40b43/disk-9465fef4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ec13893dc103/vmlinux-9465fef4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7b44910e5283/Image-9465fef4.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+93f6bf...@syzkaller.appspotmail.com
jffs2: notice: (3960) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
x29: ffff80001adb7760 x28: 1fffe0001bf02052 x27: 1fffe0001bf02014
x26: 1fffe0001bf02017 x25: dfff800000000000 x24: dfff800000000000
x23: 0000000000000006 x22: ffff0000c8f63000 x21: ffff0000c7de4000
x20: ffff0000c8f63020 x19: ffff0000c8f63000 x18: ffff80001adb7340
x17: 0000000000000000 x16: ffff80000824dad4 x15: 000000000000ba75
x2 : 0000000000000001 x1 : ffff0000c8f63000 x0 : ffff0000c7de4000
do_exit+0x670/0x20bc kernel/exit.c:872
do_group_exit+0x110/0x268 kernel/exit.c:994
__do_sys_exit_group kernel/exit.c:1005 [inline]
__se_sys_exit_group kernel/exit.c:1003 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1003
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 9465fef4ae35 Linux 5.15.153
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=74ff83133fa97f6c
dashboard link: https://syzkaller.appspot.com/bug?extid=93f6bfed6a4a702b48cc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16dc0cf6180000
dashboard link: https://syzkaller.appspot.com/bug?extid=93f6bfed6a4a702b48cc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12a2289d180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3c82fda40b43/disk-9465fef4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ec13893dc103/vmlinux-9465fef4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7b44910e5283/Image-9465fef4.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+93f6bf...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jffs2/nodelist.c:462!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 3960 Comm: syz-executor193 Not tainted 5.15.153-syzkaller #0
kernel BUG at fs/jffs2/nodelist.c:462!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
sp : ffff80001adb7760
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
x29: ffff80001adb7760 x28: 1fffe0001bf02052 x27: 1fffe0001bf02014
x26: 1fffe0001bf02017 x25: dfff800000000000 x24: dfff800000000000
x23: 0000000000000006 x22: ffff0000c8f63000 x21: ffff0000c7de4000
x20: ffff0000c8f63020 x19: ffff0000c8f63000 x18: ffff80001adb7340
x17: 0000000000000000 x16: ffff80000824dad4 x15: 000000000000ba75
x14: 1ffff0000292206a x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000c9388000
x8 : ffff80000963d92c x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff80001adb7680 x4 : 0000000000000000 x3 : ffff8000083041cc
x2 : 0000000000000001 x1 : ffff0000c8f63000 x0 : ffff0000c7de4000
Call trace:
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
evict+0x260/0x68c fs/inode.c:587
dispose_list fs/inode.c:620 [inline]
evict_inodes+0x6b4/0x74c fs/inode.c:670
generic_shutdown_super+0x9c/0x29c fs/super.c:454
kill_mtd_super+0x2c/0x74 drivers/mtd/mtdsuper.c:196
jffs2_kill_sb+0x94/0xb0 fs/jffs2/super.c:348
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
evict+0x260/0x68c fs/inode.c:587
dispose_list fs/inode.c:620 [inline]
evict_inodes+0x6b4/0x74c fs/inode.c:670
generic_shutdown_super+0x9c/0x29c fs/super.c:454
kill_mtd_super+0x2c/0x74 drivers/mtd/mtdsuper.c:196
jffs2_kill_sb+0x94/0xb0 fs/jffs2/super.c:348
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
do_exit+0x670/0x20bc kernel/exit.c:872
do_group_exit+0x110/0x268 kernel/exit.c:994
__do_sys_exit_group kernel/exit.c:1005 [inline]
__se_sys_exit_group kernel/exit.c:1003 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1003
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: aa1703e0 97ca38a8 17ffff91 97ba13fc (d4210000)
---[ end trace eaa6f6418c31f453 ]---
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: aa1703e0 97ca38a8 17ffff91 97ba13fc (d4210000)
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Apr 3, 2024, 6:44:28 AMApr 3
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: e5cd595e23c1 Linux 6.1.83
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=148fdffd180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1125e875180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a9b3de36bd43/disk-e5cd595e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2af9bc6e6ea4/vmlinux-e5cd595e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7f58381bafc0/Image-e5cd595e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6fbe81...@syzkaller.appspotmail.com
jffs2: notice: (4226) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
x29: ffff80001dd77720 x28: 1fffe0001c419052 x27: 1fffe0001c419014
x26: 1fffe0001c419017 x25: dfff800000000000 x24: dfff800000000000
x23: 0000000000000006 x22: ffff0000cdcec000 x21: ffff0000d85a2000
x20: ffff0000cdcec020 x19: ffff0000cdcec000 x18: ffff80001dd77300
x5 : ffff80001dd77640 x4 : 0000000000000000 x3 : ffff80000831d994
x2 : 0000000000000001 x1 : ffff0000cdcec000 x0 : ffff0000d85a2000
do_exit+0x554/0x1a88 kernel/exit.c:869
do_group_exit+0x194/0x22c kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1028
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
HEAD commit: e5cd595e23c1 Linux 6.1.83
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=638c7154137d2582
dashboard link: https://syzkaller.appspot.com/bug?extid=6fbe81d2121c919ab302
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11a8598d180000
dashboard link: https://syzkaller.appspot.com/bug?extid=6fbe81d2121c919ab302
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1125e875180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a9b3de36bd43/disk-e5cd595e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2af9bc6e6ea4/vmlinux-e5cd595e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7f58381bafc0/Image-e5cd595e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6fbe81...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jffs2/nodelist.c:462!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4226 Comm: syz-executor192 Not tainted 6.1.83-syzkaller #0
kernel BUG at fs/jffs2/nodelist.c:462!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
sp : ffff80001dd77720
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
lr : jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
x29: ffff80001dd77720 x28: 1fffe0001c419052 x27: 1fffe0001c419014
x26: 1fffe0001c419017 x25: dfff800000000000 x24: dfff800000000000
x23: 0000000000000006 x22: ffff0000cdcec000 x21: ffff0000d85a2000
x20: ffff0000cdcec020 x19: ffff0000cdcec000 x18: ffff80001dd77300
x17: ffff8000188cc000 x16: ffff80000825f5e8 x15: ffff8000183b1f80
x14: 1ffff00002b080b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800009723280
x8 : ffff0000d8679bc0 x7 : ffff8000082dbe4c x6 : 0000000000000000
x14: 1ffff00002b080b0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff800009723280
x5 : ffff80001dd77640 x4 : 0000000000000000 x3 : ffff80000831d994
x2 : 0000000000000001 x1 : ffff0000cdcec000 x0 : ffff0000d85a2000
Call trace:
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
evict+0x260/0x68c fs/inode.c:666
dispose_list fs/inode.c:699 [inline]
evict_inodes+0x6b4/0x74c fs/inode.c:749
generic_shutdown_super+0x9c/0x328 fs/super.c:480
kill_mtd_super+0x2c/0x74 drivers/mtd/mtdsuper.c:197
jffs2_kill_sb+0x94/0xb0 fs/jffs2/super.c:348
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
jffs2_del_ino_cache+0x2ac/0x2b0 fs/jffs2/nodelist.c:462
jffs2_do_clear_inode+0x2d8/0x350 fs/jffs2/readinode.c:1443
jffs2_evict_inode+0x7c/0x90 fs/jffs2/fs.c:250
evict+0x260/0x68c fs/inode.c:666
dispose_list fs/inode.c:699 [inline]
evict_inodes+0x6b4/0x74c fs/inode.c:749
generic_shutdown_super+0x9c/0x328 fs/super.c:480
kill_mtd_super+0x2c/0x74 drivers/mtd/mtdsuper.c:197
jffs2_kill_sb+0x94/0xb0 fs/jffs2/super.c:348
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:179
do_exit+0x554/0x1a88 kernel/exit.c:869
do_group_exit+0x194/0x22c kernel/exit.c:1019
__do_sys_exit_group kernel/exit.c:1030 [inline]
__se_sys_exit_group kernel/exit.c:1028 [inline]
__wake_up_parent+0x0/0x60 kernel/exit.c:1028
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: aa1703e0 97c9448b 17ffff91 97b757f7 (d4210000)
---[ end trace 0000000000000000 ]---
---
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: aa1703e0 97c9448b 17ffff91 97b757f7 (d4210000)
---[ end trace 0000000000000000 ]---
---
Reply all
Reply to author
Forward
0 new messages