syzbot


possible deadlock in hfsplus_block_free

Status: upstream: reported on 2022/11/29 08:32
Labels: hfs (incorrect?)
Reported-by: syzbot+8fae81a1f77bf28ef3b5@syzkaller.appspotmail.com
First crash: 182d, last: 12d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] possible deadlock in hfsplus_block_free 0 (1) 2022/11/29 08:32
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 possible deadlock in hfsplus_block_free hfsplus 10 94d 179d 0/1 upstream: reported on 2022/12/01 19:36
linux-4.19 possible deadlock in hfsplus_block_free hfsplus 20 85d 176d 0/1 upstream: reported on 2022/12/04 19:32
linux-5.15 possible deadlock in hfsplus_block_free 6 35d 56d 0/3 upstream: reported on 2023/04/03 09:27
linux-6.1 possible deadlock in hfsplus_block_free 7 35d 43d 0/3 upstream: reported on 2023/04/16 21:54

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.4.0-rc1-syzkaller-00177-gbb7c241fae62 #0 Not tainted
------------------------------------------------------
syz-executor.2/27890 is trying to acquire lock:
ffff8880333908f8 (&sbi->alloc_mutex){+.+.}-{3:3}, at: hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182

but task is already holding lock:
ffff8880350a6648 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 fs/hfsplus/extents.c:576

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}:
       lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5691
       __mutex_lock_common+0x1d8/0x2530 kernel/locking/mutex.c:603
       __mutex_lock kernel/locking/mutex.c:747 [inline]
       mutex_lock_nested+0x1b/0x20 kernel/locking/mutex.c:799
       hfsplus_get_block+0x383/0x14e0 fs/hfsplus/extents.c:260
       block_read_full_folio+0x47b/0x1000 fs/buffer.c:2349
       filemap_read_folio+0x19d/0x7a0 mm/filemap.c:2421
       do_read_cache_folio+0x134/0x820 mm/filemap.c:3680
       do_read_cache_page+0x32/0x220 mm/filemap.c:3746
       read_mapping_page include/linux/pagemap.h:772 [inline]
       hfsplus_block_allocate+0xee/0x8b0 fs/hfsplus/bitmap.c:37
       hfsplus_file_extend+0xa50/0x1b10 fs/hfsplus/extents.c:468
       hfsplus_get_block+0x406/0x14e0 fs/hfsplus/extents.c:245
       __block_write_begin_int+0x548/0x1a50 fs/buffer.c:2064
       __block_write_begin fs/buffer.c:2114 [inline]
       block_write_begin+0x9c/0x1f0 fs/buffer.c:2175
       cont_write_begin+0x643/0x880 fs/buffer.c:2534
       hfsplus_write_begin+0x8a/0xd0 fs/hfsplus/inode.c:52
       generic_perform_write+0x300/0x5e0 mm/filemap.c:3923
       __generic_file_write_iter+0x17a/0x400 mm/filemap.c:4051
       generic_file_write_iter+0xaf/0x310 mm/filemap.c:4083
       call_write_iter include/linux/fs.h:1868 [inline]
       new_sync_write fs/read_write.c:491 [inline]
       vfs_write+0x790/0xb20 fs/read_write.c:584
       ksys_write+0x1a0/0x2c0 fs/read_write.c:637
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

-> #0 (&sbi->alloc_mutex){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3108 [inline]
       check_prevs_add kernel/locking/lockdep.c:3227 [inline]
       validate_chain+0x166b/0x58e0 kernel/locking/lockdep.c:3842
       __lock_acquire+0x1295/0x2000 kernel/locking/lockdep.c:5074
       lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5691
       __mutex_lock_common+0x1d8/0x2530 kernel/locking/mutex.c:603
       __mutex_lock kernel/locking/mutex.c:747 [inline]
       mutex_lock_nested+0x1b/0x20 kernel/locking/mutex.c:799
       hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182
       hfsplus_free_extents+0x17a/0xae0 fs/hfsplus/extents.c:363
       hfsplus_file_truncate+0x7d0/0xb40 fs/hfsplus/extents.c:591
       hfsplus_setattr+0x1bd/0x280 fs/hfsplus/inode.c:269
       notify_change+0xc8b/0xf40 fs/attr.c:483
       do_truncate+0x220/0x300 fs/open.c:66
       handle_truncate fs/namei.c:3295 [inline]
       do_open fs/namei.c:3640 [inline]
       path_openat+0x294e/0x3170 fs/namei.c:3791
       do_filp_open+0x234/0x490 fs/namei.c:3818
       do_sys_openat2+0x13f/0x500 fs/open.c:1356
       do_sys_open fs/open.c:1372 [inline]
       __do_sys_creat fs/open.c:1448 [inline]
       __se_sys_creat fs/open.c:1442 [inline]
       __x64_sys_creat+0x123/0x160 fs/open.c:1442
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&HFSPLUS_I(inode)->extents_lock);
                               lock(&sbi->alloc_mutex);
                               lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&sbi->alloc_mutex);

 *** DEADLOCK ***

3 locks held by syz-executor.2/27890:
 #0: ffff888029fda460 (sb_writers#26){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:394
 #1: ffff8880350a6840 (&sb->s_type->i_mutex_key#32){++++}-{3:3}, at: inode_lock include/linux/fs.h:775 [inline]
 #1: ffff8880350a6840 (&sb->s_type->i_mutex_key#32){++++}-{3:3}, at: do_truncate+0x20c/0x300 fs/open.c:64
 #2: ffff8880350a6648 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 fs/hfsplus/extents.c:576

stack backtrace:
CPU: 0 PID: 27890 Comm: syz-executor.2 Not tainted 6.4.0-rc1-syzkaller-00177-gbb7c241fae62 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 check_noncircular+0x2fe/0x3b0 kernel/locking/lockdep.c:2188
 check_prev_add kernel/locking/lockdep.c:3108 [inline]
 check_prevs_add kernel/locking/lockdep.c:3227 [inline]
 validate_chain+0x166b/0x58e0 kernel/locking/lockdep.c:3842
 __lock_acquire+0x1295/0x2000 kernel/locking/lockdep.c:5074
 lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5691
 __mutex_lock_common+0x1d8/0x2530 kernel/locking/mutex.c:603
 __mutex_lock kernel/locking/mutex.c:747 [inline]
 mutex_lock_nested+0x1b/0x20 kernel/locking/mutex.c:799
 hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182
 hfsplus_free_extents+0x17a/0xae0 fs/hfsplus/extents.c:363
 hfsplus_file_truncate+0x7d0/0xb40 fs/hfsplus/extents.c:591
 hfsplus_setattr+0x1bd/0x280 fs/hfsplus/inode.c:269
 notify_change+0xc8b/0xf40 fs/attr.c:483
 do_truncate+0x220/0x300 fs/open.c:66
 handle_truncate fs/namei.c:3295 [inline]
 do_open fs/namei.c:3640 [inline]
 path_openat+0x294e/0x3170 fs/namei.c:3791
 do_filp_open+0x234/0x490 fs/namei.c:3818
 do_sys_openat2+0x13f/0x500 fs/open.c:1356
 do_sys_open fs/open.c:1372 [inline]
 __do_sys_creat fs/open.c:1448 [inline]
 __se_sys_creat fs/open.c:1442 [inline]
 __x64_sys_creat+0x123/0x160 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f17fe88c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f17ff677168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
RAX: ffffffffffffffda RBX: 00007f17fe9abf80 RCX: 00007f17fe88c169
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
RBP: 00007f17fe8e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffdbf2dc2f R14: 00007f17ff677300 R15: 0000000000022000
 </TASK>

Crashes (132):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/05/14 20:02 upstream bb7c241fae62 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/05/04 01:08 upstream 89b7fd5d7f3c b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hfsplus_block_free
2023/04/27 05:09 upstream 5c7ecada25d2 19a3dabe .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/04/25 13:33 upstream 173ea743bf7a 65320f8e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/24 22:38 upstream 1a0beef98b58 fdc18293 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/24 00:09 upstream 457391b03803 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/23 17:58 upstream 622322f53c6d 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/04/23 08:16 upstream 622322f53c6d 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/04/23 02:44 upstream 2caeeb9d4a1b 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/04/22 16:43 upstream 8e41e0a57566 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/04/22 06:55 upstream 8e41e0a57566 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/22 05:37 upstream 8e41e0a57566 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/20 10:02 upstream cb0856346a60 a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/04/19 15:55 upstream 789b4a41c247 94b4184e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/04/17 21:31 upstream 6a8f57ae2eb0 436577a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/17 06:57 upstream 6a8f57ae2eb0 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/16 13:22 upstream a7a55e27ad72 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hfsplus_block_free
2023/04/15 21:35 upstream 7a934f4bd7d6 ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/14 14:56 upstream 44149752e998 3cfcaa1b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hfsplus_block_free
2023/04/14 04:50 upstream 44149752e998 3cfcaa1b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/11 20:00 upstream 0d3eb744aed4 49faf98d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/10 02:00 upstream 09a9639e56c0 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/04/07 09:58 upstream f2afccfefe7b f7ba566d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/03/31 04:19 upstream 8bb95a1662f8 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/03/31 02:04 upstream 8bb95a1662f8 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/03/19 02:56 upstream a3671bd86a97 7939252e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hfsplus_block_free
2023/03/15 16:25 upstream 6015b1aca1a2 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hfsplus_block_free
2023/01/02 11:56 upstream 88603b6dc419 ab32d508 .config console log report info ci-qemu-upstream possible deadlock in hfsplus_block_free
2022/11/29 07:02 upstream ca57f02295f1 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/01/01 20:54 upstream 150aae354b81 ab32d508 .config console log report info ci-qemu-upstream-386 possible deadlock in hfsplus_block_free
2023/03/01 16:15 linux-next 1716a175592a f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2022/11/29 02:24 linux-next 9e46a7996732 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2023/05/17 10:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 eaac4681 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/05/11 21:12 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a adb9a3cd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/05/10 13:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 0fbd49f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/05/10 00:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 1964022b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/05/04 16:21 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 3a560463 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/05/02 19:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/04/18 14:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 327bf9bb94cf 436577a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/04/17 23:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 327bf9bb94cf 436577a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/04/17 08:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef c6ec7083 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/04/17 01:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/04/15 23:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/04/15 20:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/04/15 18:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/04/12 18:13 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7920df21c1b7 1a1596b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/03/09 18:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e f08b59ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/03/08 02:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e d2b00170 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/03/07 12:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fe15c26ee26e ffaa5c55 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/03/06 05:49 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 596b6b709632 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/03/03 03:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 596b6b709632 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/02/20 01:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
* Struck through repros no longer work on HEAD.