Re: [syzbot] [jffs2] kernel BUG in jffs2_del_ino_cache

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+44664704c1494ad5f7a0@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	 tristmd@gmail.com
Subject: Re: [syzbot] [jffs2] kernel BUG in jffs2_del_ino_cache
Date: Fri, 17 Apr 2026 13:05:02 -0700	[thread overview]
Message-ID: <69e2926e.a00a0220.1bd0ca.0028.GAE@google.com> (raw)
In-Reply-To: <177644291920.3792332.17582976522190204583@talencesecurity.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in jffs2_del_ino_cache

------------[ cut here ]------------
WARNING: fs/jffs2/nodelist.c:462 at jffs2_del_ino_cache+0x247/0x2d0 fs/jffs2/nodelist.c:462, CPU#1: syz-executor.0/5273
Modules linked in:
CPU: 1 UID: 0 PID: 5273 Comm: syz-executor.0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:jffs2_del_ino_cache+0x247/0x2d0 fs/jffs2/nodelist.c:462
Code: 3c 24 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 de 15 2d 08 e8 09 b6 a5 fe 49 39 df 75 92 e9 42 ff ff ff e8 fa b5 a5 fe 90 <0f> 0b 90 e9 fe fd ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 36
RSP: 0018:ffffc900038ffa30 EFLAGS: 00010293
RAX: ffffffff831c1a46 RBX: ffff88802d2b5ec0 RCX: ffff888022e33d80
RDX: 0000000000000000 RSI: ffff88802d2b5ec0 RDI: ffff88802962a000
RBP: 0000000000000006 R08: ffff88802962a363 R09: 1ffff110052c546c
R10: dffffc0000000000 R11: ffffed10052c546d R12: ffff88802d2b5ec0
R13: dffffc0000000000 R14: ffff88802d2b5ee0 R15: ffff88802962a000
FS:  00005555917774c0(0000) GS:ffff888126c4a000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000112bbcae0000 CR3: 00000000254bd000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 jffs2_do_clear_inode+0x31e/0x390 fs/jffs2/readinode.c:1443
 evict+0x61e/0xb10 fs/inode.c:841
 dispose_list fs/inode.c:883 [inline]
 evict_inodes+0x75a/0x7f0 fs/inode.c:937
 generic_shutdown_super+0xaa/0x2d0 fs/super.c:632
 kill_mtd_super+0x23/0x70 drivers/mtd/mtdsuper.c:174
 jffs2_kill_sb+0x96/0xb0 fs/jffs2/super.c:350
 deactivate_locked_super+0xbc/0x130 fs/super.c:476
 cleanup_mnt+0x437/0x4d0 fs/namespace.c:1312
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:328 [inline]
 do_syscall_64+0x33e/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f51a706ea17
Code: a2 c7 05 e8 94 11 00 00 00 00 00 eb 96 e8 f1 09 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffc326aece8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f51a70ce3ef RCX: 00007f51a706ea17
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffc326aeda0
RBP: 00007ffc326aeda0 R08: 00007ffc326afda0 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc326afe60
R13: 00007f51a70ce3ef R14: 0000000000016f32 R15: 0000000000000003
 </TASK>


Tested on:

commit:         59bd5ae0 Merge tag 'for-v7.1' of git://git.kernel.org/..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=15f48fca580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=a8d8f65df2b30ee8
dashboard link: https://syzkaller.appspot.com/bug?extid=44664704c1494ad5f7a0
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=119624ce580000

next      parent reply	other threads:[~2026-04-17 20:05 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <177644291920.3792332.17582976522190204583@talencesecurity.com>
2026-04-17 20:05 ` syzbot [this message]
     [not found] <177651701031.737093.12574765940269571633@gmail.com>
2026-04-18 13:57 ` [syzbot] [jffs2] kernel BUG in jffs2_del_ino_cache syzbot
     [not found] <20260417101247.2492008-1-tristmd@gmail.com>
2026-04-17 12:47 ` syzbot
2024-04-03 14:13 [syzbot] [jffs2?] " syzbot
2024-04-03 14:13 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69e2926e.a00a0220.1bd0ca.0028.GAE@google.com \
    --to=syzbot+44664704c1494ad5f7a0@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tristmd@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.