syzbot


possible deadlock in hfsplus_block_free

Status: upstream: reported on 2022/11/29 08:32
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+8fae81a1f77bf28ef3b5@syzkaller.appspotmail.com
First crash: 375d, last: 13d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] possible deadlock in hfsplus_block_free 0 (1) 2022/11/29 08:32
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 possible deadlock in hfsplus_block_free hfsplus 10 287d 373d 0/1 upstream: reported on 2022/12/01 19:36
linux-4.19 possible deadlock in hfsplus_block_free hfsplus 20 278d 370d 0/1 upstream: reported on 2022/12/04 19:32
linux-5.15 possible deadlock in hfsplus_block_free 20 47d 250d 0/3 upstream: reported on 2023/04/03 09:27
linux-6.1 possible deadlock in hfsplus_block_free 26 11d 236d 0/3 upstream: reported on 2023/04/16 21:54

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.7.0-rc2-syzkaller-00206-gb46ae77f6787 #0 Not tainted
------------------------------------------------------
syz-executor.5/6189 is trying to acquire lock:
ffff8880201548f8 (&sbi->alloc_mutex){+.+.}-{3:3}, at: hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182

but task is already holding lock:
ffff88807adb22c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 fs/hfsplus/extents.c:576

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}:
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5753
       __mutex_lock_common kernel/locking/mutex.c:603 [inline]
       __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:747
       hfsplus_get_block+0x383/0x14e0 fs/hfsplus/extents.c:260
       block_read_full_folio+0x474/0xea0 fs/buffer.c:2399
       filemap_read_folio+0x19c/0x780 mm/filemap.c:2323
       do_read_cache_folio+0x134/0x810 mm/filemap.c:3691
       do_read_cache_page+0x30/0x200 mm/filemap.c:3757
       read_mapping_page include/linux/pagemap.h:871 [inline]
       hfsplus_block_allocate+0xee/0x8b0 fs/hfsplus/bitmap.c:37
       hfsplus_file_extend+0xade/0x1b70 fs/hfsplus/extents.c:468
       hfsplus_get_block+0x406/0x14e0 fs/hfsplus/extents.c:245
       __block_write_begin_int+0x54d/0x1ad0 fs/buffer.c:2119
       __block_write_begin fs/buffer.c:2168 [inline]
       block_write_begin+0x9b/0x1e0 fs/buffer.c:2227
       cont_write_begin+0x643/0x880 fs/buffer.c:2582
       hfsplus_write_begin+0x8a/0xd0 fs/hfsplus/inode.c:52
       generic_perform_write+0x31b/0x630 mm/filemap.c:3918
       generic_file_write_iter+0xaf/0x310 mm/filemap.c:4039
       call_write_iter include/linux/fs.h:2020 [inline]
       new_sync_write fs/read_write.c:491 [inline]
       vfs_write+0x792/0xb20 fs/read_write.c:584
       ksys_write+0x1a0/0x2c0 fs/read_write.c:637
       do_syscall_x64 arch/x86/entry/common.c:51 [inline]
       do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

-> #0 (&sbi->alloc_mutex){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x18e4/0x59f0 kernel/locking/lockdep.c:3868
       __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5136
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5753
       __mutex_lock_common kernel/locking/mutex.c:603 [inline]
       __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:747
       hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182
       hfsplus_free_extents+0x17a/0xae0 fs/hfsplus/extents.c:363
       hfsplus_file_truncate+0x7d0/0xb40 fs/hfsplus/extents.c:591
       hfsplus_delete_inode+0x174/0x220
       hfsplus_unlink+0x512/0x790 fs/hfsplus/dir.c:405
       vfs_unlink+0x35d/0x5f0 fs/namei.c:4318
       do_unlinkat+0x4ae/0x830 fs/namei.c:4382
       __do_sys_unlink fs/namei.c:4430 [inline]
       __se_sys_unlink fs/namei.c:4428 [inline]
       __x64_sys_unlink+0x49/0x50 fs/namei.c:4428
       do_syscall_x64 arch/x86/entry/common.c:51 [inline]
       do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&HFSPLUS_I(inode)->extents_lock);
                               lock(&sbi->alloc_mutex);
                               lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&sbi->alloc_mutex);

 *** DEADLOCK ***

5 locks held by syz-executor.5/6189:
 #0: ffff88803a090418 (sb_writers#27){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:404
 #1: ffff88807adb1e00 (&type->i_mutex_dir_key#22/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:837 [inline]
 #1: ffff88807adb1e00 (&type->i_mutex_dir_key#22/1){+.+.}-{3:3}, at: do_unlinkat+0x26a/0x830 fs/namei.c:4369
 #2: ffff88807adb24c0 (&sb->s_type->i_mutex_key#34){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
 #2: ffff88807adb24c0 (&sb->s_type->i_mutex_key#34){+.+.}-{3:3}, at: vfs_unlink+0xe4/0x5f0 fs/namei.c:4307
 #3: ffff888020154998 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_unlink+0x161/0x790 fs/hfsplus/dir.c:370
 #4: ffff88807adb22c8 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 fs/hfsplus/extents.c:576

stack backtrace:
CPU: 1 PID: 6189 Comm: syz-executor.5 Not tainted 6.7.0-rc2-syzkaller-00206-gb46ae77f6787 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 check_noncircular+0x366/0x490 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain+0x18e4/0x59f0 kernel/locking/lockdep.c:3868
 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5136
 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5753
 __mutex_lock_common kernel/locking/mutex.c:603 [inline]
 __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:747
 hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182
 hfsplus_free_extents+0x17a/0xae0 fs/hfsplus/extents.c:363
 hfsplus_file_truncate+0x7d0/0xb40 fs/hfsplus/extents.c:591
 hfsplus_delete_inode+0x174/0x220
 hfsplus_unlink+0x512/0x790 fs/hfsplus/dir.c:405
 vfs_unlink+0x35d/0x5f0 fs/namei.c:4318
 do_unlinkat+0x4ae/0x830 fs/namei.c:4382
 __do_sys_unlink fs/namei.c:4430 [inline]
 __se_sys_unlink fs/namei.c:4428 [inline]
 __x64_sys_unlink+0x49/0x50 fs/namei.c:4428
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fa05547cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa0561a60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 00007fa05559bf80 RCX: 00007fa05547cae9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
RBP: 00007fa0554c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fa05559bf80 R15: 00007ffd5267c748
 </TASK>
hfsplus: extend alloc file! (8192,327680,2)

Crashes (206):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/26 05:36 upstream b46ae77f6787 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/25 00:15 upstream 0f5cc96c367f 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/23 11:21 upstream 9b6de136b5f0 fc59b78e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/22 22:38 upstream 9b6de136b5f0 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/22 21:15 upstream 9b6de136b5f0 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/21 21:45 upstream c2d5304e6c64 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/20 18:19 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/16 03:34 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/15 23:58 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hfsplus_block_free
2023/11/15 05:51 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/14 22:27 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/11/14 21:18 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/13 09:00 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hfsplus_block_free
2023/11/12 07:28 upstream 1b907d050735 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hfsplus_block_free
2023/11/06 02:21 upstream 1c41041124bd 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/10/27 00:28 upstream 3a568e3a961b bf285f0c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/10/26 20:28 upstream 3a568e3a961b 23afc60f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/10/25 21:51 upstream 611da07b89fd 72e794c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/10/06 14:09 upstream b78b18fb8ee1 db17ad9f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/10/04 02:04 upstream cbf3a2cb156a 65faba36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/10/03 14:47 upstream ce36c8b14987 65faba36 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/10/03 14:23 upstream ce36c8b14987 65faba36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/09/29 21:32 upstream 71e58659bfc0 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/09/23 08:57 upstream 8018e02a8703 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/09/21 14:32 upstream 42dc814987c1 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hfsplus_block_free
2023/09/17 01:46 upstream f0b0d403eabb 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hfsplus_block_free
2023/10/10 10:29 upstream 94f6f0550c62 c9be5398 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in hfsplus_block_free
2023/09/28 03:54 upstream 633b47cb009d c2ab1e5d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in hfsplus_block_free
2023/09/22 10:35 upstream 27bbf45eae9c 0b6a67ac .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in hfsplus_block_free
2023/08/13 11:35 upstream a785fd28d31f 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hfsplus_block_free
2023/08/13 01:30 upstream ae545c3283dc 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/10 09:59 upstream 374a7f47bf40 13ca4cd6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/09 19:13 upstream cacc6e22932f 13ca4cd6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/07 13:12 upstream 52a93d39b17d dda824c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/07 07:20 upstream 52a93d39b17d 4ffcc9ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/06 03:37 upstream f6a691685962 4ffcc9ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/07/29 17:28 upstream ffabf7c73176 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/07/29 09:34 upstream ffabf7c73176 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/07/28 17:13 upstream 57012c57536f 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/07/28 09:52 upstream 57012c57536f 92476829 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in hfsplus_block_free
2023/07/22 11:48 upstream d192f5382581 27cbe77f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/07/16 02:49 upstream 831fe284d827 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/07/13 05:07 upstream eb26cbb1a754 86081196 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/07/13 00:54 upstream eb26cbb1a754 979d5fe2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hfsplus_block_free
2023/07/02 15:25 upstream 995b406c7e97 bfc47836 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hfsplus_block_free
2023/06/27 09:41 upstream 1ef6663a587b 4cd5bb25 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/06/24 23:12 upstream a92b7d26c743 79782afc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in hfsplus_block_free
2023/06/22 12:43 upstream dad9774deaf1 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2022/11/29 07:02 upstream ca57f02295f1 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/07/14 20:05 upstream 4b810bf037e5 d624500f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in hfsplus_block_free
2023/06/18 02:12 upstream 1b29d271614a f3921d4d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in hfsplus_block_free
2023/09/28 01:03 linux-next 18030226a48d 2895a507 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2023/10/24 02:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ac9e855ce293 af8d2e46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/07/13 03:21 linux-next 40b055fe7f27 86081196 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2023/07/02 03:19 linux-next 6352a698ca5b bfc47836 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2022/11/29 02:24 linux-next 9e46a7996732 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2023/06/19 09:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 177239177378 f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
* Struck through repros no longer work on HEAD.