syzbot


possible deadlock in hfsplus_block_free

Status: upstream: reported C repro on 2022/11/29 08:32
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+8fae81a1f77bf28ef3b5@syzkaller.appspotmail.com
First crash: 736d, last: 4d14h
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: possible deadlock in hfsplus_block_free (log)
Repro: C syz .config
  
Fix bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] possible deadlock in hfsplus_block_free 0 (2) 2024/01/20 04:24
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in hfsplus_block_free (2) 4 180d 180d 0/3 auto-obsoleted due to no activity on 2024/09/15 13:42
linux-4.14 possible deadlock in hfsplus_block_free hfsplus 10 649d 734d 0/1 upstream: reported on 2022/12/01 19:36
linux-4.19 possible deadlock in hfsplus_block_free hfsplus 20 639d 731d 0/1 upstream: reported on 2022/12/04 19:32
linux-5.15 possible deadlock in hfsplus_block_free 20 408d 611d 0/3 auto-obsoleted due to no activity on 2024/01/31 18:41
linux-5.15 possible deadlock in hfsplus_block_free (2) 1 180d 180d 0/3 auto-obsoleted due to no activity on 2024/09/15 11:28
linux-6.1 possible deadlock in hfsplus_block_free 27 334d 598d 0/3 auto-obsoleted due to no activity on 2024/04/14 19:02
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/06/30 12:41 11m retest repro upstream report log
2024/02/05 20:16 11m retest repro upstream report log
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2024/10/26 09:32 25m bisect fix upstream error job log
2024/08/26 14:11 2h25m bisect fix upstream OK (0) job log log
2024/04/21 10:54 1h24m bisect fix upstream OK (0) job log log
2024/03/10 19:19 1h23m bisect fix upstream OK (0) job log log

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.7.0-syzkaller-12377-g9d1694dc91ce #0 Not tainted
------------------------------------------------------
syz-executor275/5161 is trying to acquire lock:
ffff888029d7a8f8 (&sbi->alloc_mutex){+.+.}-{3:3}, at: hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182

but task is already holding lock:
ffff888079ada988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 fs/hfsplus/extents.c:576

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}:
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:752
       hfsplus_get_block+0x383/0x14e0 fs/hfsplus/extents.c:260
       block_read_full_folio+0x422/0xe10 fs/buffer.c:2382
       filemap_read_folio+0x19c/0x780 mm/filemap.c:2324
       do_read_cache_folio+0x134/0x810 mm/filemap.c:3701
       do_read_cache_page+0x30/0x200 mm/filemap.c:3767
       read_mapping_page include/linux/pagemap.h:888 [inline]
       hfsplus_block_allocate+0xee/0x8b0 fs/hfsplus/bitmap.c:37
       hfsplus_file_extend+0xade/0x1b70 fs/hfsplus/extents.c:468
       hfsplus_get_block+0x406/0x14e0 fs/hfsplus/extents.c:245
       __block_write_begin_int+0x50b/0x1a70 fs/buffer.c:2103
       __block_write_begin fs/buffer.c:2152 [inline]
       block_write_begin+0x9b/0x1e0 fs/buffer.c:2211
       cont_write_begin+0x643/0x880 fs/buffer.c:2565
       hfsplus_write_begin+0x8a/0xd0 fs/hfsplus/inode.c:47
       page_symlink+0x2c5/0x4e0 fs/namei.c:5228
       hfsplus_symlink+0xca/0x260 fs/hfsplus/dir.c:449
       vfs_symlink+0x12f/0x2a0 fs/namei.c:4480
       do_symlinkat+0x222/0x3a0 fs/namei.c:4506
       __do_sys_symlink fs/namei.c:4527 [inline]
       __se_sys_symlink fs/namei.c:4525 [inline]
       __x64_sys_symlink+0x7e/0x90 fs/namei.c:4525
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

-> #0 (&sbi->alloc_mutex){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:752
       hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182
       hfsplus_free_extents+0x17a/0xae0 fs/hfsplus/extents.c:363
       hfsplus_file_truncate+0x7d0/0xb40 fs/hfsplus/extents.c:591
       hfsplus_delete_inode+0x174/0x220
       hfsplus_unlink+0x512/0x790 fs/hfsplus/dir.c:405
       hfsplus_rename+0xc8/0x1c0 fs/hfsplus/dir.c:547
       vfs_rename+0xbd3/0xef0 fs/namei.c:4879
       do_renameat2+0xd94/0x13f0 fs/namei.c:5036
       __do_sys_renameat2 fs/namei.c:5070 [inline]
       __se_sys_renameat2 fs/namei.c:5067 [inline]
       __x64_sys_renameat2+0xd2/0xe0 fs/namei.c:5067
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&HFSPLUS_I(inode)->extents_lock);
                               lock(&sbi->alloc_mutex);
                               lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&sbi->alloc_mutex);

 *** DEADLOCK ***

6 locks held by syz-executor275/5161:
 #0: ffff888029204420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:409
 #1: ffff888079ad9740 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:837 [inline]
 #1: ffff888079ad9740 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: lock_rename fs/namei.c:3065 [inline]
 #1: ffff888079ad9740 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x62c/0x13f0 fs/namei.c:4971
 #2: ffff888079ada4c0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
 #2: ffff888079ada4c0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: lock_two_nondirectories+0xe1/0x170 fs/inode.c:1109
 #3: ffff888079adab80 (&sb->s_type->i_mutex_key#14/4){+.+.}-{3:3}, at: vfs_rename+0x69e/0xef0 fs/namei.c:4850
 #4: ffff888029d7a998 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_unlink+0x161/0x790 fs/hfsplus/dir.c:370
 #5: ffff888079ada988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 fs/hfsplus/extents.c:576

stack backtrace:
CPU: 1 PID: 5161 Comm: syz-executor275 Not tainted 6.7.0-syzkaller-12377-g9d1694dc91ce #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 check_noncircular+0x366/0x490 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869
 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:752
 hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182
 hfsplus_free_extents+0x17a/0xae0 fs/hfsplus/extents.c:363
 hfsplus_file_truncate+0x7d0/0xb40 fs/hfsplus/extents.c:591
 hfsplus_delete_inode+0x174/0x220
 hfsplus_unlink+0x512/0x790 fs/hfsplus/dir.c:405
 hfsplus_rename+0xc8/0x1c0 fs/hfsplus/dir.c:547
 vfs_rename+0xbd3/0xef0 fs/namei.c:4879
 do_renameat2+0xd94/0x13f0 fs/namei.c:5036
 __do_sys_renameat2 fs/namei.c:5070 [inline]
 __se_sys_renameat2 fs/namei.c:5067 [inline]
 __x64_sys_renameat2+0xd2/0xe0 fs/namei.c:5067
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f6db63c6e89
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6db6383218 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
RAX: ffffffffffffffda RBX: 00007f6db644f6c8 RCX: 00007f6db63c6e89
RDX: 0000000000000004 RSI: 00000000200000c0 RDI: 0000000000000005
RBP: 00007f6db644f6c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000180 R11: 0000000000000246 R12: 00007f6db641c168
R13: 0032656c69662f2e R14: 0073756c70736668 R15: 0031656c69662f2e
 </TASK>

Crashes (257):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/20 04:23 upstream 9d1694dc91ce 9bd8dcda .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/11/25 15:42 upstream 9f16d5e6f220 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/09/19 02:33 upstream 4a39ac5b7d62 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/07/10 21:56 upstream a19ea421490d 6f7fa383 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/06/03 18:41 upstream c3f38fa61af7 0aba2352 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/05/11 22:20 upstream cf87f46fd34d 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/05/08 12:06 upstream dccb07f2914c 4cf3f9b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/05/02 03:56 upstream 0106679839f7 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/05/01 02:03 upstream 50dffbf77180 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hfsplus_block_free
2024/04/29 22:29 upstream b947cc5bf6d7 f10afd69 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/04/29 19:37 upstream b947cc5bf6d7 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hfsplus_block_free
2024/04/29 18:27 upstream e67572cd2204 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2024/04/27 09:12 upstream 5eb4573ea63d 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/04/23 06:13 upstream a2c63a3f3d68 36c961ad .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/04/23 03:27 upstream 4d2008430ce8 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2024/03/19 07:27 upstream fe46a7dd189e baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2024/01/22 05:49 upstream 4fbbed787267 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/20 06:06 upstream 9d64bf433c53 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/20 01:22 upstream 9d1694dc91ce 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/20 00:18 upstream 9d1694dc91ce 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/19 14:33 upstream 9d1694dc91ce 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/18 12:45 upstream 296455ade1fd 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/05 10:15 upstream 1f874787ed9a 28c42cff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/03 20:26 upstream 610a9b8f49fb 28c42cff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/02 03:58 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/26 05:36 upstream b46ae77f6787 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/25 00:15 upstream 0f5cc96c367f 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/23 11:21 upstream 9b6de136b5f0 fc59b78e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/22 22:38 upstream 9b6de136b5f0 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/22 21:15 upstream 9b6de136b5f0 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/21 21:45 upstream c2d5304e6c64 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/20 18:19 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/16 03:34 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/15 23:58 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hfsplus_block_free
2023/11/15 05:51 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/14 22:27 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/11/14 21:18 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/13 09:00 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hfsplus_block_free
2023/11/12 07:28 upstream 1b907d050735 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hfsplus_block_free
2023/11/06 02:21 upstream 1c41041124bd 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2024/11/30 08:04 upstream 2ba9f676d0a2 68914665 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in hfsplus_block_free
2024/11/17 15:31 upstream 4a5df3796467 cfe3a04a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in hfsplus_block_free
2024/11/12 07:10 upstream 2d5404caa8c7 75bb1b32 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in hfsplus_block_free
2024/11/06 07:31 upstream 2e1b3cc9d7f7 3a465482 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in hfsplus_block_free
2024/09/25 17:43 upstream 684a64bf32b6 0b45cac3 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in hfsplus_block_free
2024/09/12 10:04 upstream 7c6a3a65ace7 d94c83d8 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in hfsplus_block_free
2024/09/11 15:27 upstream 8d8d276ba2fb ede7a22c .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root possible deadlock in hfsplus_block_free
2024/04/30 21:52 upstream 98369dccd2f8 3cb29304 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in hfsplus_block_free
2024/01/02 11:07 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in hfsplus_block_free
2024/06/07 14:54 upstream 8a92980606e3 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in hfsplus_block_free
2022/11/29 07:02 upstream ca57f02295f1 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/07/17 10:38 linux-next 797012914d2d 215bec2d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2024/04/22 01:27 linux-next 7b4f2bc91c15 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2024/11/06 18:16 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8936d33c1f69 3a465482 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2024/06/15 04:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ac2193b4b460 8d849073 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2024/06/07 10:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8867bbd4a056 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/12/31 19:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci aafe7ad77b91 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2022/11/29 02:24 linux-next 9e46a7996732 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
* Struck through repros no longer work on HEAD.