possible deadlock in hfsplus_block

Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
linux-6.1	possible deadlock in hfsplus_block_allocate			25	20d	390d	0/3	upstream: reported on 2023/03/30 21:16
linux-4.14	possible deadlock in hfsplus_block_allocate hfsplus			2	461d	478d	0/1	upstream: reported on 2023/01/02 02:59
upstream	possible deadlock in hfsplus_block_allocate hfs	C	done	194	2h38m	512d	0/26	upstream: reported C repro on 2022/11/29 13:38
linux-5.15	possible deadlock in hfsplus_block_allocate			18	36d	396d	0/3	upstream: reported on 2023/03/24 22:08

netlink: 'syz-executor.2': attribute type 12 has an invalid length. ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ ieee80211 phy31: Selected rate control algorithm 'minstrel_ht' syz-executor.5/26630 is trying to acquire lock: 00000000f925a5c0 (&sbi->alloc_mutex){+.+.}, at: hfsplus_block_allocate+0xe0/0xa60 fs/hfsplus/bitmap.c:35 but task is already holding lock: 00000000f1937d82 (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}: hfsplus_get_block+0x292/0x960 fs/hfsplus/extents.c:260 block_read_full_page+0x288/0xd10 fs/buffer.c:2259 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] hfsplus_block_allocate+0x197/0xa60 fs/hfsplus/bitmap.c:37 hfsplus_file_extend+0x436/0xf40 fs/hfsplus/extents.c:468 hfsplus_get_block+0x196/0x960 fs/hfsplus/extents.c:245 __block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978 __block_write_begin fs/buffer.c:2028 [inline] block_write_begin+0x58/0x2e0 fs/buffer.c:2087 cont_write_begin+0x55a/0x820 fs/buffer.c:2440 hfsplus_write_begin+0x87/0x150 fs/hfsplus/inode.c:52 generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3170 __generic_file_write_iter+0x24b/0x610 mm/filemap.c:3295 generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323 call_write_iter include/linux/fs.h:1821 [inline] aio_write+0x37f/0x5c0 fs/aio.c:1574 __io_submit_one fs/aio.c:1858 [inline] io_submit_one+0xecd/0x20c0 fs/aio.c:1909 __do_sys_io_submit fs/aio.c:1953 [inline] __se_sys_io_submit+0x11b/0x4a0 fs/aio.c:1924 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&sbi->alloc_mutex){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_block_allocate+0xe0/0xa60 fs/hfsplus/bitmap.c:35 hfsplus_file_extend+0x436/0xf40 fs/hfsplus/extents.c:468 hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357 hfsplus_create_cat+0x1e3/0x1210 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x14a8/0x19e0 fs/hfsplus/super.c:560 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&HFSPLUS_I(inode)->extents_lock); lock(&sbi->alloc_mutex); lock(&HFSPLUS_I(inode)->extents_lock); lock(&sbi->alloc_mutex); *** DEADLOCK *** 4 locks held by syz-executor.5/26630: #0: 00000000d9948c93 (&type->s_umount_key#89/1){+.+.}, at: alloc_super fs/super.c:226 [inline] #0: 00000000d9948c93 (&type->s_umount_key#89/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519 #1: 00000000ca514155 (&sbi->vh_mutex){+.+.}, at: hfsplus_fill_super+0x1421/0x19e0 fs/hfsplus/super.c:553 #2: 000000000aad654f (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30 #3: 00000000f1937d82 (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 stack backtrace: CPU: 0 PID: 26630 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_block_allocate+0xe0/0xa60 fs/hfsplus/bitmap.c:35 hfsplus_file_extend+0x436/0xf40 fs/hfsplus/extents.c:468 hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357 hfsplus_create_cat+0x1e3/0x1210 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x14a8/0x19e0 fs/hfsplus/super.c:560 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f01dd6d25da Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f01dbc42f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00000000000005fe RCX: 00007f01dd6d25da RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007f01dbc42fe0 RBP: 00007f01dbc43020 R08: 00007f01dbc43020 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000080 R13: 0000000020000040 R14: 00007f01dbc42fe0 R15: 0000000020000380 hfsplus: failed to load extents file hfsplus: b-tree write err: -5, ino 4 hfsplus: failed to load extents file hfsplus: failed to load extents file hfsplus: b-tree write err: -5, ino 4 hfsplus: failed to load extents file hfsplus: failed to load extents file hfsplus: b-tree write err: -5, ino 4 hfsplus: failed to load extents file hfsplus: failed to load extents file hfsplus: b-tree write err: -5, ino 4 hfsplus: failed to load extents file hfsplus: failed to load extents file could not allocate digest TFM handle syz3 hfsplus: failed to load extents file hfsplus: failed to load extents file could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user could not allocate digest TFM handle user XFS (loop5): Mounting V4 Filesystem could not allocate digest TFM handle user XFS (loop5): Log size 1627389952 blocks too large, maximum size is 1048576 blocks XFS (loop5): Log size out of supported range. XFS (loop5): Continuing onwards, but if log hangs are experienced then please report this message in the bug report. attempt to access beyond end of device loop5: rw=4096, want=1627422736, limit=65536 XFS (loop5): metadata I/O error in "xlog_bread_noalign" at daddr 0x6100800f len 1 error 5 XFS (loop5): empty log check failed XFS (loop5): log mount/recovery failed: error -5 XFS (loop5): log mount failed hfsplus: failed to load extents file hfsplus: failed to load extents file NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� device vxlan0 entered promiscuous mode hfsplus: failed to load extents file XFS (loop5): Mounting V4 Filesystem XFS (loop5): Log size 1627389952 blocks too large, maximum size is 1048576 blocks XFS (loop5): Log size out of supported range. XFS (loop5): Continuing onwards, but if log hangs are experienced then please report this message in the bug report. attempt to access beyond end of device loop5: rw=4096, want=1627422736, limit=65536 XFS (loop5): metadata I/O error in "xlog_bread_noalign" at daddr 0x6100800f len 1 error 5 XFS (loop5): empty log check failed XFS (loop5): log mount/recovery failed: error -5 XFS (loop5): log mount failed NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� hfsplus: failed to load extents file NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file XFS (loop5): Mounting V4 Filesystem XFS (loop5): Log size 1627389952 blocks too large, maximum size is 1048576 blocks XFS (loop5): Log size out of supported range. XFS (loop5): Continuing onwards, but if log hangs are experienced then please report this message in the bug report. attempt to access beyond end of device loop5: rw=4096, want=1627422736, limit=65536 XFS (loop5): metadata I/O error in "xlog_bread_noalign" at daddr 0x6100800f len 1 error 5 XFS (loop5): empty log check failed XFS (loop5): log mount/recovery failed: error -5 XFS (loop5): log mount failed device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file bridge1: port 1(vxlan0) entered blocking state bridge1: port 1(vxlan0) entered disabled state bridge1: port 1(vxlan0) entered blocking state bridge1: port 1(vxlan0) entered forwarding state hfsplus: failed to load extents file NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� device vxlan0 entered promiscuous mode NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� hfsplus: failed to load extents file device vxlan0 entered promiscuous mode NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� hfsplus: failed to load extents file NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� hfsplus: failed to load extents file NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� hfsplus: failed to load extents file NFS: bad mount option value specified: v�=ڲ��DJ�K��Z��G��7�*�o��m� device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file device vxlan0 entered promiscuous mode hfsplus: failed to load extents file hfsplus: failed to load extents file hfsplus: failed to load extents file device vxlan0 entered promiscuous mode

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2022/12/30 01:59	linux-4.19.y	3f8a27f9e27b	44712fbc	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	possible deadlock in hfsplus_block_allocate
2022/12/22 13:14	linux-4.19.y	3f8a27f9e27b	9da18ae8	.config	console log	report			info	[disk image] [vmlinux]	ci2-linux-4-19	possible deadlock in hfsplus_block_allocate

Crashes (2):

Assets (help?)