====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/15778 is trying to acquire lock: 0000000036c86249 (&tree->tree_lock){+.+.}, at: hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 but task is already holding lock: 00000000c337a86b (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}: hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357 hfsplus_create_cat+0x1e3/0x1210 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x14a8/0x19e0 fs/hfsplus/super.c:560 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&tree->tree_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 hfsplus_delete_inode+0x18d/0x220 fs/hfsplus/inode.c:419 hfsplus_unlink+0x595/0x820 fs/hfsplus/dir.c:405 hfsplus_rename+0xbe/0x200 fs/hfsplus/dir.c:545 vfs_rename+0x67e/0x1bc0 fs/namei.c:4479 do_renameat2+0xb59/0xc70 fs/namei.c:4629 __do_sys_renameat2 fs/namei.c:4664 [inline] __se_sys_renameat2 fs/namei.c:4661 [inline] __x64_sys_renameat2+0xba/0x150 fs/namei.c:4661 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock); lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock); *** DEADLOCK *** 6 locks held by syz-executor.5/15778: #0: 00000000a47575f5 (sb_writers#19){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000a47575f5 (sb_writers#19){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 00000000a5f9406c (&type->i_mutex_dir_key#9/1){+.+.}, at: inode_lock_nested include/linux/fs.h:783 [inline] #1: 00000000a5f9406c (&type->i_mutex_dir_key#9/1){+.+.}, at: lock_rename+0x225/0x280 fs/namei.c:2863 #2: 00000000266ad0c6 (&sb->s_type->i_mutex_key#23){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #2: 00000000266ad0c6 (&sb->s_type->i_mutex_key#23){+.+.}, at: lock_two_nondirectories+0xec/0x110 fs/inode.c:1015 #3: 0000000047fb9b9c (&sb->s_type->i_mutex_key#23/4){+.+.}, at: inode_lock_nested include/linux/fs.h:783 [inline] #3: 0000000047fb9b9c (&sb->s_type->i_mutex_key#23/4){+.+.}, at: lock_two_nondirectories+0xd1/0x110 fs/inode.c:1017 #4: 00000000f7ea18a3 (&sbi->vh_mutex){+.+.}, at: hfsplus_unlink+0x140/0x820 fs/hfsplus/dir.c:370 #5: 00000000c337a86b (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576 stack backtrace: CPU: 0 PID: 15778 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 gfs2: fsid=syz:syz: Now mounting FS... gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents hfsplus_delete_inode+0x18d/0x220 fs/hfsplus/inode.c:419 hfsplus_unlink+0x595/0x820 fs/hfsplus/dir.c:405 gfs2: fsid=syz:syz.0: jid=0, already locked for use hfsplus_rename+0xbe/0x200 fs/hfsplus/dir.c:545 vfs_rename+0x67e/0x1bc0 fs/namei.c:4479 gfs2: fsid=syz:syz.0: jid=0: Looking at journal... do_renameat2+0xb59/0xc70 fs/namei.c:4629 gfs2: fsid=syz:syz.0: jid=0: Done gfs2: fsid=syz:syz.0: first mount done, others may mount __do_sys_renameat2 fs/namei.c:4664 [inline] __se_sys_renameat2 fs/namei.c:4661 [inline] __x64_sys_renameat2+0xba/0x150 fs/namei.c:4661 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7fb586b360c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb5850a8168 EFLAGS: 00000246 ORIG_RAX: 000000000000013c RAX: ffffffffffffffda RBX: 00007fb586c55f80 RCX: 00007fb586b360c9 RDX: 0000000000000004 RSI: 0000000020000340 RDI: 0000000000000004 RBP: 00007fb586b91ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd75d49e4f R14: 00007fb5850a8300 R15: 0000000000022000 tmpfs: Bad mount option fsmagic gfs2: invalid mount option: /dev/audio# gfs2: can't parse mount arguments IPVS: ftp: loaded support on port[0] = 21 tmpfs: Bad mount option fsmagic tmpfs: Bad mount option fsmagic EXT4-fs error (device sda1): mb_free_blocks:1452: group 5, inode 14384: block 184352:freeing already freed block (bit 20512); block bitmap corrupt. EXT4-fs error (device sda1): ext4_mb_generate_buddy:744: group 5, block bitmap and bg descriptor inconsistent: 13251 vs 13260 free clusters EXT4-fs (sda1): pa 00000000690c1aaa: logic 32768, phys. 184320, len 2048 EXT4-fs error (device sda1): ext4_mb_release_inode_pa:3864: group 5, free 2016, pa_free 2007 tmpfs: Bad mount option fsmagic IPVS: ftp: loaded support on port[0] = 21 f2fs_msg: 4 callbacks suppressed F2FS-fs (loop4): Found nat_bits in checkpoint IPVS: ftp: loaded support on port[0] = 21 EXT4-fs error (device sda1): mb_free_blocks:1452: group 7, inode 14429: block 260128:freeing already freed block (bit 30752); block bitmap corrupt. EXT4-fs error (device sda1): ext4_mb_generate_buddy:744: group 7, block bitmap and bg descriptor inconsistent: 28638 vs 28647 free clusters EXT4-fs (sda1): pa 0000000097aad843: logic 32768, phys. 260096, len 2048 EXT4-fs error (device sda1): ext4_mb_release_inode_pa:3864: group 7, free 2016, pa_free 2007 F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 F2FS-fs (loop4): Cannot turn on quotas: -2 on 2 F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 IPVS: ftp: loaded support on port[0] = 21 IPVS: ftp: loaded support on port[0] = 21 ubi: mtd0 is already attached to ubi0 ubi: mtd0 is already attached to ubi0 UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 XFS (loop3): Mounting V4 Filesystem XFS (loop3): Ending clean mount XFS (loop3): Quotacheck needed: Please wait. XFS (loop3): Quotacheck: Done. ptrace attach of "/root/syz-executor.3 exec"[8279] was attempted by "/root/syz-executor.3 exec"[16166] XFS (loop3): Unmounting Filesystem overlayfs: unrecognized mount option "=./bus" or missing value F2FS-fs (loop5): invalid crc value F2FS-fs (loop5): Found nat_bits in checkpoint F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 audit: type=1804 audit(1674892517.620:328): pid=16110 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir169475757/syzkaller.RdYk5g/80/file0/bus" dev="loop5" ino=10 res=1 audit: type=1804 audit(1674892517.650:329): pid=16110 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir169475757/syzkaller.RdYk5g/80/file0/bus" dev="loop5" ino=10 res=1 audit: type=1804 audit(1674892517.790:330): pid=16110 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir169475757/syzkaller.RdYk5g/80/file0/bus" dev="loop5" ino=10 res=1 UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 overlayfs: unrecognized mount option "=./bus" or missing value overlayfs: unrecognized mount option "=./bus" or missing value overlayfs: unrecognized mount option "=./bus" or missing value overlayfs: unrecognized mount option "=./bus" or missing value overlayfs: unrecognized mount option "=./bus" or missing value overlayfs: unrecognized mount option "=./bus" or missing value overlayfs: unrecognized mount option "=./bus" or missing value overlayfs: unrecognized mount option "=./bus" or missing value audit: type=1804 audit(1674892518.890:331): pid=16305 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir169475757/syzkaller.RdYk5g/81/bus" dev="sda1" ino=14443 res=1 overlayfs: unrecognized mount option "=./bus" or missing value XFS (loop3): Mounting V4 Filesystem XFS (loop3): Ending clean mount audit: type=1804 audit(1674892518.890:332): pid=16306 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir169475757/syzkaller.RdYk5g/81/bus" dev="sda1" ino=14443 res=1 XFS (loop3): Quotacheck needed: Please wait. audit: type=1804 audit(1674892518.960:333): pid=16308 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir169475757/syzkaller.RdYk5g/81/bus" dev="sda1" ino=14443 res=1 XFS (loop3): Quotacheck: Done. ptrace attach of "/root/syz-executor.3 exec"[8279] was attempted by "/root/syz-executor.3 exec"[16248] audit: type=1800 audit(1674892518.970:334): pid=16247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=14445 res=0 XFS (loop3): Unmounting Filesystem audit: type=1804 audit(1674892518.980:335): pid=16247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir2523723118/syzkaller.TIIXiM/112/bus" dev="sda1" ino=14445 res=1 audit: type=1804 audit(1674892519.000:336): pid=16247 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir2523723118/syzkaller.TIIXiM/112/bus" dev="sda1" ino=14445 res=1 F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Found nat_bits in checkpoint audit: type=1804 audit(1674892519.760:337): pid=16266 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3355335319/syzkaller.fkGOnz/66/file0/bus" dev="loop0" ino=10 res=1 ptrace attach of "/root/syz-executor.3 exec"[8279] was attempted by "/root/syz-executor.3 exec"[16371] overlayfs: unrecognized mount option "=./bus" or missing value XFS (loop3): unknown mount option []. FAT-fs (loop3): Unrecognized mount option "Rutf8=1" or missing value netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop5): Quotacheck needed: Please wait. XFS (loop5): Quotacheck: Done. [U] [UO) ֕APO;UW)JHȏ|OJ{&D XFS (loop5): Unmounting Filesystem f2fs_msg: 2 callbacks suppressed F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): Found nat_bits in checkpoint F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Removing interface: batadv_slave_0 FAT-fs (loop3): Unrecognized mount option "Rutf8=1" or missing value netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [U] [UO) ֕APO;UW)JHȏ|OJ{&D FAT-fs (loop3): Unrecognized mount option "Rutf8=1" or missing value netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [U] [UO) ֕APO;UW)JHȏ|OJ{&D batman_adv: batadv0: Interface deactivated: batadv_slave_1 batman_adv: batadv0: Removing interface: batadv_slave_1 device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state device veth1_macvtap left promiscuous mode device veth0_macvtap left promiscuous mode device veth1_vlan left promiscuous mode device veth0_vlan left promiscuous mode XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop5): Quotacheck needed: Please wait. XFS (loop5): Quotacheck: Done. kauditd_printk_skb: 22 callbacks suppressed audit: type=1804 audit(1674892522.631:360): pid=16503 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir169475757/syzkaller.RdYk5g/85/file0/bus" dev="loop5" ino=42 res=1 XFS (loop5): Unmounting Filesystem device hsr_slave_1 left promiscuous mode device hsr_slave_0 left promiscuous mode team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed bond0 (unregistering): Releasing backup interface bond_slave_1 bond0 (unregistering): Releasing backup interface bond_slave_0 bond0 (unregistering): Released all slaves