{"id":2225025,"url":"http://patchwork.ozlabs.org/api/patches/2225025/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-mtd/patch/20260420095220.18769-1-Dmitry.Chumachenko@cyberprotect.ru/","project":{"id":3,"url":"http://patchwork.ozlabs.org/api/projects/3/?format=json","name":"Linux MTD development","link_name":"linux-mtd","list_id":"linux-mtd.lists.infradead.org","list_email":"linux-mtd@lists.infradead.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260420095220.18769-1-Dmitry.Chumachenko@cyberprotect.ru>","list_archive_url":null,"date":"2026-04-20T09:52:20","name":"jffs2: fix BUG_ON in jffs2_start_garbage_collect_thread on reconfigure","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"bcef03475d90321443c312218c704aec29fcc489","submitter":{"id":92943,"url":"http://patchwork.ozlabs.org/api/people/92943/?format=json","name":"Dmitriy Chumachenko","email":"Dmitry.Chumachenko@cyberprotect.ru"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-mtd/patch/20260420095220.18769-1-Dmitry.Chumachenko@cyberprotect.ru/mbox/","series":[{"id":500579,"url":"http://patchwork.ozlabs.org/api/series/500579/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-mtd/list/?series=500579","date":"2026-04-20T09:52:20","name":"jffs2: fix BUG_ON in jffs2_start_garbage_collect_thread on reconfigure","version":1,"mbox":"http://patchwork.ozlabs.org/series/500579/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2225025/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2225025/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=TZn/DDas;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=cyberprotect.ru header.i=@cyberprotect.ru\n header.a=rsa-sha256 header.s=dkim-r header.b=fDLa19TR;\n\tdkim=fail reason=\"signature verification failed\" header.d=cyberprotect.ru\n header.i=@cyberprotect.ru header.a=ed25519-sha256 header.s=dkim\n header.b=cv3z6pPH;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzgn72gh4z1yD4\n\tfor ; Mon, 20 Apr 2026 19:54:19 +1000 (AEST)","from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wElKX-00000006he5-18dp;\n\tMon, 20 Apr 2026 09:54:13 +0000","from mx2.cyberprotect.ru ([176.10.93.31])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wElKT-00000006hdF-2W2Z\n\tfor linux-mtd@lists.infradead.org;\n\tMon, 20 Apr 2026 09:54:11 +0000"],"DKIM-Signature":["v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC\n\t:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:\n\tResent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:\n\tList-Owner; bh=BEVF+DVOkmfb1yMK7ttkIyk5FMwYZxh7iujdwrRvDFE=; b=TZn/DDasoZpa+g\n\t7n9L+SHc4F94BwgFtQrOkRdMfbFcnAuE0LeAeHW7b/L9uoYMhYamoFeD6ZbBztjjyzxvRnow4Y0ov\n\t0R1FO2YcqgG3KTe+Y4oiJZfY/j7cLEy7Zmu1gNlRldfmZSeXnCUjbneQ5dQjlz68SwKlWH2mZOIj5\n\tVJ0SUlOLTt0djpbJcnuXfBRJryy30xChMOpPXpCr2EGeXaqaQONFfE3xyPOWAdSxON0dZjz6v7idA\n\tMewzjPo+DetT+x9iZ/yqZqflIEuPQp6bwWEtZnfXgrFhJJ/IKcD5UwZMOA3lqmL4cxwwP2YptzlsQ\n\t7MvmwwUdN6g7N6U2piuA==;","v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=cyberprotect.ru; s=dkim-r; h=MIME-Version:Date:From:Sender:Reply-To;\n\tbh=mz9CQHA7o3rjpRsMyGHAcvLiblzyf8jQKOq+34jl4L4=; b=fDLa19TRysc+mC0JjaI3mtxzP/\n\tiZ41PqyJrcDwkvV0BeY1xC75rcoi4YS54WL8/l+ODGYrKquMZ/H8Y7LqF7OZ5OUHgfx5y4MZC68X0\n\tXSrYOMHEW3dL7F2vo5Dd8Bt6L9TUL1vWPCBwz6M6NhBN5eqR3DLdTU9CgCHl7p0fe+IELgmpCNeUw\n\tvtM7xD2JXXjpbc8lRdcivrAiSJeRacEFn2q97zjmbatvcXsyQyDI2YXkrVtnoMycq/TNgsLkUyynZ\n\tmAJcDVioViyuF5fya/b5i0KtT4srlyZ3utAck3KWxUl2gjnxwtr0Tgx+UtgnqeV17+z5BB6A0KVye\n\tUT+YxVSg==;","v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=cyberprotect.ru; s=dkim; h=MIME-Version:Date:From:Sender:Reply-To;\n\tbh=mz9CQHA7o3rjpRsMyGHAcvLiblzyf8jQKOq+34jl4L4=; b=cv3z6pPHaqKRLxByNnZndFu0E4\n\troSPNk5UTBAkwLvmp4HDHUoEofcKvcS7sXlea+JfYKxC5gR2o26UeWhmgpAQ==;"],"From":"Dmitriy Chumachenko ","To":"David Woodhouse ","CC":"Richard Weinberger , Al Viro ,\n\tDavid Howells , ,\n\t, ","Subject":"[PATCH] jffs2: fix BUG_ON in jffs2_start_garbage_collect_thread on\n reconfigure","Date":"Mon, 20 Apr 2026 12:52:20 +0300","Message-ID":"<20260420095220.18769-1-Dmitry.Chumachenko@cyberprotect.ru>","X-Mailer":"git-send-email 2.49.0","MIME-Version":"1.0","X-Originating-IP":"[10.80.0.30]","X-ClientProxiedBy":"AIP-EXCH-1.aip.ooo (10.77.28.101) To AIP-EXCH-2.aip.ooo\n (10.77.28.102)","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20260420_025410_224195_67DA9EFE ","X-CRM114-Status":"GOOD ( 14.56 )","X-Spam-Score":"-2.1 (--)","X-Spam-Report":"Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: During fuzz testing,\n the following issue was discovered. kernel\n BUG at fs/jffs2/background.c:40! invalid opcode: 0000 [#1] PREEMPT SMP\n KASAN\n PTI CPU: 0 PID: 5060 Comm: syz-executor108 Not tainted\n 6.8.0-syzkaller-08951-gfe46a7dd189e\n #0 Hardware name: Google [...]\n Content analysis details: (-2.1 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.0 SPF_HELO_PASS SPF: HELO matches SPF record\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]","X-BeenThere":"linux-mtd@lists.infradead.org","X-Mailman-Version":"2.1.34","Precedence":"list","List-Id":"Linux MTD discussion mailing list ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"linux-mtd\" ","Errors-To":"linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"During fuzz testing, the following issue was discovered.\n\nkernel BUG at fs/jffs2/background.c:40!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 PID: 5060 Comm: syz-executor108 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:jffs2_start_garbage_collect_thread+0x1f5/0x200 fs/jffs2/background.c:40\n\nCall Trace:\n \n jffs2_do_remount_fs+0x15b/0x1d0 fs/jffs2/fs.c:415\n reconfigure_super+0x445/0x880 fs/super.c:1071\n vfs_cmd_reconfigure fs/fsopen.c:267 [inline]\n vfs_fsconfig_locked fs/fsopen.c:296 [inline]\n __do_sys_fsconfig fs/fsopen.c:476 [inline]\n __se_sys_fsconfig+0xab5/0xec0 fs/fsopen.c:349\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nWhen reconfiguring a mount without explicitly setting mount flags,\nfc->sb_flags and fc->sb_flags_mask are both zero. jffs2_do_remount_fs()\nskips stopping the GC thread because the superblock is read-only, but\nstarts a new one because fc->sb_flags lacks SB_RDONLY. The superblock\nremains read-only, so on the next reconfigure the same path triggers\nBUG_ON(c->gc_task) since the previous thread is still running.\n\nFix this by computing the effective new superblock flags using the same\nformula as reconfigure_super() so the start decision reflects the\nactual future state of the superblock.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n\nFixes: ec10a24f10c8 (\"vfs: Convert jffs2 to use the new mount API\")\nSigned-off-by: Dmitriy Chumachenko \n---\n fs/jffs2/fs.c | 4 +++-\n 1 file changed, 3 insertions(+), 1 deletion(-)","diff":"diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c\nindex d175cccb7c55..abfe6eead880 100644\n--- a/fs/jffs2/fs.c\n+++ b/fs/jffs2/fs.c\n@@ -396,6 +396,8 @@ void jffs2_dirty_inode(struct inode *inode, int flags)\n int jffs2_do_remount_fs(struct super_block *sb, struct fs_context *fc)\n {\n \tstruct jffs2_sb_info *c = JFFS2_SB_INFO(sb);\n+\tunsigned long s_flags_new = (sb->s_flags & ~fc->sb_flags_mask) |\n+\t\t\t\t (fc->sb_flags & fc->sb_flags_mask);\n \n \tif (c->flags & JFFS2_SB_FLAG_RO && !sb_rdonly(sb))\n \t\treturn -EROFS;\n@@ -411,7 +413,7 @@ int jffs2_do_remount_fs(struct super_block *sb, struct fs_context *fc)\n \t\tmutex_unlock(&c->alloc_sem);\n \t}\n \n-\tif (!(fc->sb_flags & SB_RDONLY))\n+\tif (!(s_flags_new & SB_RDONLY))\n \t\tjffs2_start_garbage_collect_thread(c);\n \n \tfc->sb_flags |= SB_NOATIME;\n","prefixes":[]}