Process accounting resumed
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/16306 is trying to acquire lock:
0000000027eccf54 (&HFS_I(tree->inode)->extents_lock){+.+.}, at: hfs_extend_file+0x93/0xac0 fs/hfs/extent.c:397
but task is already holding lock:
000000003d560833 (&tree->tree_lock#2/1){+.+.}, at: hfs_find_init+0x17e/0x230 fs/hfs/bfind.c:33
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&tree->tree_lock#2/1){+.+.}:
hfs_find_init+0x17e/0x230 fs/hfs/bfind.c:33
hfs_ext_read_extent+0x191/0xa20 fs/hfs/extent.c:200
hfs_get_block+0x53d/0x7e0 fs/hfs/extent.c:366
block_read_full_page+0x288/0xd10 fs/buffer.c:2259
do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
read_mapping_page include/linux/pagemap.h:402 [inline]
hfs_btree_open+0x6ae/0x1430 fs/hfs/btree.c:78
hfs_mdb_get+0x148c/0x1cf0 fs/hfs/mdb.c:198
hfs_fill_super+0xd6a/0x1310 fs/hfs/super.c:413
mount_bdev+0x2fc/0x3b0 fs/super.c:1158
mount_fs+0xa3/0x310 fs/super.c:1261
vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
vfs_kern_mount fs/namespace.c:951 [inline]
do_new_mount fs/namespace.c:2492 [inline]
do_mount+0x115c/0x2f50 fs/namespace.c:2822
ksys_mount+0xcf/0x130 fs/namespace.c:3038
__do_sys_mount fs/namespace.c:3052 [inline]
__se_sys_mount fs/namespace.c:3049 [inline]
__x64_sys_mount+0xba/0x150 fs/namespace.c:3049
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:937 [inline]
__mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
hfs_extend_file+0x93/0xac0 fs/hfs/extent.c:397
hfs_bmap_reserve+0x241/0x390 fs/hfs/btree.c:231
__hfs_ext_write_extent+0x3c1/0x510 fs/hfs/extent.c:121
__hfs_ext_cache_extent fs/hfs/extent.c:174 [inline]
hfs_ext_read_extent+0x810/0xa20 fs/hfs/extent.c:202
hfs_extend_file+0x4a0/0xac0 fs/hfs/extent.c:401
hfs_get_block+0x17b/0x7e0 fs/hfs/extent.c:353
__block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978
__block_write_begin fs/buffer.c:2028 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2087
cont_write_begin+0x55a/0x820 fs/buffer.c:2440
hfs_write_begin+0x87/0x150 fs/hfs/inode.c:58
cont_expand_zero fs/buffer.c:2367 [inline]
cont_write_begin+0x2ee/0x820 fs/buffer.c:2430
hfs_write_begin+0x87/0x150 fs/hfs/inode.c:58
hfs_file_truncate+0xb46/0xee0 fs/hfs/extent.c:494
hfs_inode_setattr+0x4c5/0x6e0 fs/hfs/inode.c:644
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&tree->tree_lock#2/1);
lock(&HFS_I(tree->inode)->extents_lock);
lock(&tree->tree_lock#2/1);
lock(&HFS_I(tree->inode)->extents_lock);
*** DEADLOCK ***
4 locks held by syz-executor.4/16306:
#0: 000000000826dd93 (sb_writers#18){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000000826dd93 (sb_writers#18){.+.+}, at: do_sys_ftruncate+0x297/0x560 fs/open.c:189
#1: 000000005665f4cc (&sb->s_type->i_mutex_key#25){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
#1: 000000005665f4cc (&sb->s_type->i_mutex_key#25){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61
#2: 00000000252ed3e7 (&HFS_I(inode)->extents_lock#2){+.+.}, at: hfs_extend_file+0x93/0xac0 fs/hfs/extent.c:397
#3: 000000003d560833 (&tree->tree_lock#2/1){+.+.}, at: hfs_find_init+0x17e/0x230 fs/hfs/bfind.c:33
stack backtrace:
CPU: 1 PID: 16306 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
check_prev_add kernel/locking/lockdep.c:1866 [inline]
check_prevs_add kernel/locking/lockdep.c:1979 [inline]
validate_chain kernel/locking/lockdep.c:2420 [inline]
__lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
__mutex_lock_common kernel/locking/mutex.c:937 [inline]
__mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
hfs_extend_file+0x93/0xac0 fs/hfs/extent.c:397
hfs_bmap_reserve+0x241/0x390 fs/hfs/btree.c:231
__hfs_ext_write_extent+0x3c1/0x510 fs/hfs/extent.c:121
__hfs_ext_cache_extent fs/hfs/extent.c:174 [inline]
hfs_ext_read_extent+0x810/0xa20 fs/hfs/extent.c:202
hfs_extend_file+0x4a0/0xac0 fs/hfs/extent.c:401
hfs_get_block+0x17b/0x7e0 fs/hfs/extent.c:353
__block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978
__block_write_begin fs/buffer.c:2028 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2087
cont_write_begin+0x55a/0x820 fs/buffer.c:2440
hfs_write_begin+0x87/0x150 fs/hfs/inode.c:58
cont_expand_zero fs/buffer.c:2367 [inline]
cont_write_begin+0x2ee/0x820 fs/buffer.c:2430
hfs_write_begin+0x87/0x150 fs/hfs/inode.c:58
hfs_file_truncate+0xb46/0xee0 fs/hfs/extent.c:494
hfs_inode_setattr+0x4c5/0x6e0 fs/hfs/inode.c:644
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f925cb540a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f925b0c6168 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 00007f925cc73f80 RCX: 00007f925cb540a9
RDX: 0000000000000000 RSI: 00000000000045ec RDI: 0000000000000004
RBP: 00007f925cbafae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff5ebbad7f R14: 00007f925b0c6300 R15: 0000000000022000
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
Process accounting resumed
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
misc userio: Invalid payload size
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
misc userio: Invalid payload size
EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
misc userio: Invalid payload size
BTRFS info (device loop5): force zlib compression, level 3
BTRFS info (device loop5): use zlib compression, level 3
BTRFS info (device loop5): using free space tree
BTRFS info (device loop5): has skinny extents
misc userio: Invalid payload size
EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
8021q: adding VLAN 0 to HW filter on device batadv0
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
overlayfs: upper fs needs to support d_type.
overlayfs: upper fs does not support tmpfile.
overlayfs: upper fs does not support file handles, falling back to index=off.
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
BTRFS info (device loop5): force zlib compression, level 3
BTRFS info (device loop5): use zlib compression, level 3
BTRFS info (device loop5): using free space tree
BTRFS info (device loop5): has skinny extents
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop4): using ordered data mode
REISERFS (device loop2): checking transaction log (loop2)
reiserfs: using flush barriers
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop4): checking transaction log (loop4)
8021q: adding VLAN 0 to HW filter on device batadv0
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
overlayfs: upper fs needs to support d_type.
BTRFS info (device loop5): force zlib compression, level 3
overlayfs: upper fs does not support tmpfile.
REISERFS (device loop4): Using r5 hash to sort names
BTRFS info (device loop5): use zlib compression, level 3
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
overlayfs: upper fs does not support file handles, falling back to index=off.
BTRFS info (device loop5): using free space tree
BTRFS info (device loop5): has skinny extents
BTRFS warning (device <unknown>): duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor.1 (16647)
BTRFS warning (device <unknown>): duplicate device /dev/loop1 devid 1 generation 8 scanned by systemd-udevd (16683)
overlayfs: upper fs needs to support d_type.
overlayfs: upper fs does not support tmpfile.
REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
overlayfs: upper fs does not support file handles, falling back to index=off.
REISERFS (device loop3): using ordered data mode
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
reiserfs: using flush barriers
8021q: adding VLAN 0 to HW filter on device batadv0
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop3): checking transaction log (loop3)
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop2): using ordered data mode
REISERFS (device loop3): Using r5 hash to sort names
reiserfs: using flush barriers
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop4): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
overlayfs: upper fs needs to support d_type.
8021q: adding VLAN 0 to HW filter on device batadv0
overlayfs: upper fs does not support tmpfile.
REISERFS (device loop2): checking transaction log (loop2)
overlayfs: upper fs does not support file handles, falling back to index=off.
REISERFS (device loop4): checking transaction log (loop4)
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
BTRFS info (device loop1): enabling inode map caching
REISERFS (device loop4): Using r5 hash to sort names
BTRFS warning (device loop1): excessive commit interval 622039222
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
BTRFS info (device loop1): force zlib compression, level 3
BTRFS info (device loop1): using free space tree
REISERFS (device loop2): Using r5 hash to sort names
BTRFS info (device loop1): has skinny extents
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
overlayfs: upper fs needs to support d_type.
overlayfs: upper fs does not support tmpfile.
BTRFS warning (device <unknown>): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor.5 (16758)
overlayfs: upper fs needs to support d_type.
overlayfs: upper fs does not support file handles, falling back to index=off.
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
overlayfs: upper fs does not support tmpfile.
overlayfs: upper fs does not support file handles, falling back to index=off.
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop3): using ordered data mode
reiserfs: using flush barriers
audit: type=1800 audit(1672154537.853:108): pid=16746 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0
REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop3): checking transaction log (loop3)
REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop3): Using r5 hash to sort names
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop4): using ordered data mode
overlayfs: upper fs needs to support d_type.
overlayfs: upper fs does not support tmpfile.
reiserfs: using flush barriers
overlayfs: upper fs does not support file handles, falling back to index=off.
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
REISERFS (device loop4): checking transaction log (loop4)
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop4): Using r5 hash to sort names
overlayfs: upper fs needs to support d_type.
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
overlayfs: upper fs does not support tmpfile.
overlayfs: upper fs does not support file handles, falling back to index=off.
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop3): using ordered data mode
reiserfs: using flush barriers
overlayfs: upper fs needs to support d_type.
overlayfs: upper fs does not support tmpfile.
overlayfs: upper fs does not support file handles, falling back to index=off.
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop3): checking transaction log (loop3)
REISERFS (device loop3): Using r5 hash to sort names
REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
overlayfs: upper fs needs to support d_type.
overlayfs: upper fs does not support tmpfile.
overlayfs: upper fs does not support file handles, falling back to index=off.
netlink: 'syz-executor.2': attribute type 1 has an invalid length.
netlink: 236 bytes leftover after parsing attributes in process `syz-executor.2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value
BTRFS info (device loop1): enabling inode map caching
BTRFS warning (device loop1): excessive commit interval 622039222
BTRFS info (device loop1): force zlib compression, level 3
REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
BTRFS info (device loop1): using free space tree
BTRFS info (device loop1): has skinny extents
REISERFS (device loop4): using ordered data mode
reiserfs: using flush barriers
syz-executor.2 (16894): drop_caches: 2
syz-executor.2 (16894): drop_caches: 2
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop4): checking transaction log (loop4)
REISERFS (device loop4): Using tea hash to sort names
REISERFS warning (device loop4): super-2030 reiserfs_fill_super: This file system claims to use 1 bitmap blocks in its super block, but requires 65536. Clearing to zero.
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
audit: type=1800 audit(1672154540.563:109): pid=16906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0
syz-executor.2 (16976): drop_caches: 2
syz-executor.2 (16976): drop_caches: 2
REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop4): using ordered data mode
syz-executor.2 (16995): drop_caches: 2
reiserfs: using flush barriers
syz-executor.3 (17000): drop_caches: 2
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
syz-executor.2 (16995): drop_caches: 2
syz-executor.3 (17000): drop_caches: 2
REISERFS (device loop4): checking transaction log (loop4)
REISERFS (device loop4): Using tea hash to sort names
REISERFS warning (device loop4): super-2030 reiserfs_fill_super: This file system claims to use 1 bitmap blocks in its super block, but requires 65536. Clearing to zero.
syz-executor.3 (17014): drop_caches: 2
syz-executor.0 (17013): drop_caches: 2
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
syz-executor.3 (17014): drop_caches: 2
syz-executor.0 (17013): drop_caches: 2
syz-executor.2 (17020): drop_caches: 2
syz-executor.2 (17020): drop_caches: 2
BTRFS info (device loop1): enabling inode map caching
BTRFS warning (device loop1): excessive commit interval 622039222
syz-executor.3 (17030): drop_caches: 2
BTRFS info (device loop1): force zlib compression, level 3
BTRFS info (device loop1): using free space tree
syz-executor.3 (17030): drop_caches: 2
BTRFS info (device loop1): has skinny extents
audit: type=1800 audit(1672154541.513:110): pid=17004 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0
syz-executor.0 (17074): drop_caches: 2
REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
REISERFS (device loop4): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
syz-executor.0 (17074): drop_caches: 2
REISERFS (device loop4): checking transaction log (loop4)
REISERFS (device loop4): Using tea hash to sort names
REISERFS warning (device loop4): super-2030 reiserfs_fill_super: This file system claims to use 1 bitmap blocks in its super block, but requires 65536. Clearing to zero.
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
syz-executor.0 (17124): drop_caches: 2
syz-executor.0 (17124): drop_caches: 2