syzbot


possible deadlock in hfsplus_block_free

Status: upstream: reported C repro on 2022/11/29 08:32
Subsystems: hfs
[Documentation on labels]
Reported-by: syzbot+8fae81a1f77bf28ef3b5@syzkaller.appspotmail.com
First crash: 513d, last: 2d06h
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: possible deadlock in hfsplus_block_free (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] possible deadlock in hfsplus_block_free 0 (2) 2024/01/20 04:24
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 possible deadlock in hfsplus_block_free hfsplus 10 425d 510d 0/1 upstream: reported on 2022/12/01 19:36
linux-4.19 possible deadlock in hfsplus_block_free hfsplus 20 416d 507d 0/1 upstream: reported on 2022/12/04 19:32
linux-5.15 possible deadlock in hfsplus_block_free 20 184d 388d 0/3 auto-obsoleted due to no activity on 2024/01/31 18:41
linux-6.1 possible deadlock in hfsplus_block_free 27 110d 374d 0/3 auto-obsoleted due to no activity on 2024/04/14 19:02
Last patch testing requests (1)
Created Duration User Patch Repo Result
2024/02/05 20:16 11m retest repro upstream report log
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2024/04/21 10:54 1h24m bisect fix upstream job log (0) log
2024/03/10 19:19 1h23m bisect fix upstream job log (0) log

Sample crash report:
======================================================
WARNING: possible circular locking dependency detected
6.7.0-syzkaller-12377-g9d1694dc91ce #0 Not tainted
------------------------------------------------------
syz-executor275/5161 is trying to acquire lock:
ffff888029d7a8f8 (&sbi->alloc_mutex){+.+.}-{3:3}, at: hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182

but task is already holding lock:
ffff888079ada988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 fs/hfsplus/extents.c:576

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}:
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:752
       hfsplus_get_block+0x383/0x14e0 fs/hfsplus/extents.c:260
       block_read_full_folio+0x422/0xe10 fs/buffer.c:2382
       filemap_read_folio+0x19c/0x780 mm/filemap.c:2324
       do_read_cache_folio+0x134/0x810 mm/filemap.c:3701
       do_read_cache_page+0x30/0x200 mm/filemap.c:3767
       read_mapping_page include/linux/pagemap.h:888 [inline]
       hfsplus_block_allocate+0xee/0x8b0 fs/hfsplus/bitmap.c:37
       hfsplus_file_extend+0xade/0x1b70 fs/hfsplus/extents.c:468
       hfsplus_get_block+0x406/0x14e0 fs/hfsplus/extents.c:245
       __block_write_begin_int+0x50b/0x1a70 fs/buffer.c:2103
       __block_write_begin fs/buffer.c:2152 [inline]
       block_write_begin+0x9b/0x1e0 fs/buffer.c:2211
       cont_write_begin+0x643/0x880 fs/buffer.c:2565
       hfsplus_write_begin+0x8a/0xd0 fs/hfsplus/inode.c:47
       page_symlink+0x2c5/0x4e0 fs/namei.c:5228
       hfsplus_symlink+0xca/0x260 fs/hfsplus/dir.c:449
       vfs_symlink+0x12f/0x2a0 fs/namei.c:4480
       do_symlinkat+0x222/0x3a0 fs/namei.c:4506
       __do_sys_symlink fs/namei.c:4527 [inline]
       __se_sys_symlink fs/namei.c:4525 [inline]
       __x64_sys_symlink+0x7e/0x90 fs/namei.c:4525
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

-> #0 (&sbi->alloc_mutex){+.+.}-{3:3}:
       check_prev_add kernel/locking/lockdep.c:3134 [inline]
       check_prevs_add kernel/locking/lockdep.c:3253 [inline]
       validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869
       __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
       lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
       __mutex_lock_common kernel/locking/mutex.c:608 [inline]
       __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:752
       hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182
       hfsplus_free_extents+0x17a/0xae0 fs/hfsplus/extents.c:363
       hfsplus_file_truncate+0x7d0/0xb40 fs/hfsplus/extents.c:591
       hfsplus_delete_inode+0x174/0x220
       hfsplus_unlink+0x512/0x790 fs/hfsplus/dir.c:405
       hfsplus_rename+0xc8/0x1c0 fs/hfsplus/dir.c:547
       vfs_rename+0xbd3/0xef0 fs/namei.c:4879
       do_renameat2+0xd94/0x13f0 fs/namei.c:5036
       __do_sys_renameat2 fs/namei.c:5070 [inline]
       __se_sys_renameat2 fs/namei.c:5067 [inline]
       __x64_sys_renameat2+0xd2/0xe0 fs/namei.c:5067
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x63/0x6b

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&HFSPLUS_I(inode)->extents_lock);
                               lock(&sbi->alloc_mutex);
                               lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&sbi->alloc_mutex);

 *** DEADLOCK ***

6 locks held by syz-executor275/5161:
 #0: ffff888029204420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:409
 #1: ffff888079ad9740 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:837 [inline]
 #1: ffff888079ad9740 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: lock_rename fs/namei.c:3065 [inline]
 #1: ffff888079ad9740 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: do_renameat2+0x62c/0x13f0 fs/namei.c:4971
 #2: ffff888079ada4c0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:802 [inline]
 #2: ffff888079ada4c0 (&sb->s_type->i_mutex_key#14){+.+.}-{3:3}, at: lock_two_nondirectories+0xe1/0x170 fs/inode.c:1109
 #3: ffff888079adab80 (&sb->s_type->i_mutex_key#14/4){+.+.}-{3:3}, at: vfs_rename+0x69e/0xef0 fs/namei.c:4850
 #4: ffff888029d7a998 (&sbi->vh_mutex){+.+.}-{3:3}, at: hfsplus_unlink+0x161/0x790 fs/hfsplus/dir.c:370
 #5: ffff888079ada988 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfsplus_file_truncate+0x2da/0xb40 fs/hfsplus/extents.c:576

stack backtrace:
CPU: 1 PID: 5161 Comm: syz-executor275 Not tainted 6.7.0-syzkaller-12377-g9d1694dc91ce #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 check_noncircular+0x366/0x490 kernel/locking/lockdep.c:2187
 check_prev_add kernel/locking/lockdep.c:3134 [inline]
 check_prevs_add kernel/locking/lockdep.c:3253 [inline]
 validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869
 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754
 __mutex_lock_common kernel/locking/mutex.c:608 [inline]
 __mutex_lock+0x136/0xd60 kernel/locking/mutex.c:752
 hfsplus_block_free+0xbb/0x4d0 fs/hfsplus/bitmap.c:182
 hfsplus_free_extents+0x17a/0xae0 fs/hfsplus/extents.c:363
 hfsplus_file_truncate+0x7d0/0xb40 fs/hfsplus/extents.c:591
 hfsplus_delete_inode+0x174/0x220
 hfsplus_unlink+0x512/0x790 fs/hfsplus/dir.c:405
 hfsplus_rename+0xc8/0x1c0 fs/hfsplus/dir.c:547
 vfs_rename+0xbd3/0xef0 fs/namei.c:4879
 do_renameat2+0xd94/0x13f0 fs/namei.c:5036
 __do_sys_renameat2 fs/namei.c:5070 [inline]
 __se_sys_renameat2 fs/namei.c:5067 [inline]
 __x64_sys_renameat2+0xd2/0xe0 fs/namei.c:5067
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f6db63c6e89
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6db6383218 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
RAX: ffffffffffffffda RBX: 00007f6db644f6c8 RCX: 00007f6db63c6e89
RDX: 0000000000000004 RSI: 00000000200000c0 RDI: 0000000000000005
RBP: 00007f6db644f6c0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000180 R11: 0000000000000246 R12: 00007f6db641c168
R13: 0032656c69662f2e R14: 0073756c70736668 R15: 0031656c69662f2e
 </TASK>

Crashes (223):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/20 04:23 upstream 9d1694dc91ce 9bd8dcda .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/04/23 06:13 upstream a2c63a3f3d68 36c961ad .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/04/23 03:27 upstream 4d2008430ce8 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2024/03/19 07:27 upstream fe46a7dd189e baa80228 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2024/01/22 05:49 upstream 4fbbed787267 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/20 06:06 upstream 9d64bf433c53 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/20 01:22 upstream 9d1694dc91ce 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/20 00:18 upstream 9d1694dc91ce 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/19 14:33 upstream 9d1694dc91ce 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/18 12:45 upstream 296455ade1fd 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/05 10:15 upstream 1f874787ed9a 28c42cff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/03 20:26 upstream 610a9b8f49fb 28c42cff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/01/02 03:58 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/26 05:36 upstream b46ae77f6787 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/25 00:15 upstream 0f5cc96c367f 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/23 11:21 upstream 9b6de136b5f0 fc59b78e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/22 22:38 upstream 9b6de136b5f0 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/22 21:15 upstream 9b6de136b5f0 03e12510 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/21 21:45 upstream c2d5304e6c64 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/20 18:19 upstream 98b1cc82c4af cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/16 03:34 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/15 23:58 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hfsplus_block_free
2023/11/15 05:51 upstream c42d9eeef8e5 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/14 22:27 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/11/14 21:18 upstream 9bacdd8996c7 cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/11/13 09:00 upstream b57b17e88bf5 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hfsplus_block_free
2023/11/12 07:28 upstream 1b907d050735 6d6dbf8a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hfsplus_block_free
2023/11/06 02:21 upstream 1c41041124bd 500bfdc4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/10/27 00:28 upstream 3a568e3a961b bf285f0c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/10/26 20:28 upstream 3a568e3a961b 23afc60f .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/10/25 21:51 upstream 611da07b89fd 72e794c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/10/06 14:09 upstream b78b18fb8ee1 db17ad9f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/10/04 02:04 upstream cbf3a2cb156a 65faba36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/10/03 14:47 upstream ce36c8b14987 65faba36 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/10/03 14:23 upstream ce36c8b14987 65faba36 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in hfsplus_block_free
2023/09/29 21:32 upstream 71e58659bfc0 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/09/23 08:57 upstream 8018e02a8703 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/09/21 14:32 upstream 42dc814987c1 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in hfsplus_block_free
2023/09/17 01:46 upstream f0b0d403eabb 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in hfsplus_block_free
2024/01/02 11:07 upstream 610a9b8f49fb fb427a07 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in hfsplus_block_free
2023/10/10 10:29 upstream 94f6f0550c62 c9be5398 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in hfsplus_block_free
2023/09/28 03:54 upstream 633b47cb009d c2ab1e5d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in hfsplus_block_free
2023/09/22 10:35 upstream 27bbf45eae9c 0b6a67ac .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in hfsplus_block_free
2023/08/13 11:35 upstream a785fd28d31f 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in hfsplus_block_free
2023/08/13 01:30 upstream ae545c3283dc 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/10 09:59 upstream 374a7f47bf40 13ca4cd6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/09 19:13 upstream cacc6e22932f 13ca4cd6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/07 13:12 upstream 52a93d39b17d dda824c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2023/08/07 07:20 upstream 52a93d39b17d 4ffcc9ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2022/11/29 07:02 upstream ca57f02295f1 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in hfsplus_block_free
2024/04/22 01:27 linux-next 7b4f2bc91c15 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2023/09/28 01:03 linux-next 18030226a48d 2895a507 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
2023/12/31 19:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci aafe7ad77b91 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2023/10/24 02:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ac9e855ce293 af8d2e46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 possible deadlock in hfsplus_block_free
2022/11/29 02:24 linux-next 9e46a7996732 ca9683b8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in hfsplus_block_free
* Struck through repros no longer work on HEAD.