====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/29113 is trying to acquire lock: 000000007c166288 (&tree->tree_lock#2){+.+.}, at: hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 but task is already holding lock: 00000000a94f5b8f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}: hfsplus_get_block+0x292/0x960 fs/hfsplus/extents.c:260 block_read_full_page+0x288/0xd10 fs/buffer.c:2259 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] __hfs_bnode_create+0x5b7/0xb60 fs/hfsplus/bnode.c:447 hfsplus_bnode_find+0x2aa/0xb80 fs/hfsplus/bnode.c:497 hfsplus_brec_find+0x2af/0x500 fs/hfsplus/bfind.c:183 hfsplus_brec_read+0x28/0x120 fs/hfsplus/bfind.c:222 hfsplus_find_cat+0x1d0/0x480 fs/hfsplus/catalog.c:202 hfsplus_iget+0x400/0x790 fs/hfsplus/super.c:81 hfsplus_fill_super+0xc5f/0x19e0 fs/hfsplus/super.c:503 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&tree->tree_lock#2){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock#2); lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock#2); *** DEADLOCK *** 3 locks held by syz-executor.5/29113: #0: 00000000e6e08f5c (sb_writers#32){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 00000000e6e08f5c (sb_writers#32){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 00000000f9b14bda (&sb->s_type->i_mutex_key#38){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000f9b14bda (&sb->s_type->i_mutex_key#38){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 00000000a94f5b8f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576 stack backtrace: CPU: 0 PID: 29113 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f0a8a8320c9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f0a88da4168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f0a8a951f80 RCX: 00007f0a8a8320c9 RDX: 0000000000000000 RSI: 0000000000143242 RDI: 0000000020000000 RBP: 00007f0a8a88dae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdb3da91ef R14: 00007f0a88da4300 R15: 0000000000022000 audit: type=1804 audit(1674841644.408:219): pid=29155 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3489665683/syzkaller.UmLESy/672/file0" dev="sda1" ino=14309 res=1 base_sock_release(00000000d55130a9) sk=000000003964c847 overlayfs: unrecognized mount option "index=ogf" or missing value base_sock_release(00000000e0b171ac) sk=000000004f2ac583 base_sock_release(00000000be6c1a44) sk=0000000099c4a6f4 overlayfs: unrecognized mount option "index=ogf" or missing value bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state device bridge0 entered promiscuous mode IPVS: ftp: loaded support on port[0] = 21 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. device bridge_slave_1 left promiscuous mode bridge0: port 2(bridge_slave_1) entered disabled state device bridge_slave_0 left promiscuous mode bridge0: port 1(bridge_slave_0) entered disabled state netlink: 124 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. IPVS: ftp: loaded support on port[0] = 21 caif:caif_disconnect_client(): nothing to disconnect netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 124 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. caif:caif_disconnect_client(): nothing to disconnect ntfs: volume version 3.1. wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 device geneve2 entered promiscuous mode caif:caif_disconnect_client(): nothing to disconnect hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected nla_parse: 30 callbacks suppressed netlink: 124 bytes leftover after parsing attributes in process `syz-executor.1'. usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.1' sets config #0 device geneve2 entered promiscuous mode hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.1' sets config #0 9pnet: Insufficient options for proto=fd device geneve2 entered promiscuous mode hub 9-0:1.0: USB hub found hub 9-0:1.0: 8 ports detected usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.1' sets config #0 xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT x_tables: ip_tables: dccp match: only valid for protocol 33 Started in network mode Own node identity aaaaaaaaaa34, cluster identity 4711 Enabled bearer , priority 10 IPVS: ftp: loaded support on port[0] = 21 x_tables: ip_tables: dccp match: only valid for protocol 33 Enabling of bearer rejected, already enabled IPVS: ftp: loaded support on port[0] = 21 x_tables: ip_tables: dccp match: only valid for protocol 33 x_tables: ip_tables: dccp match: only valid for protocol 33 audit: type=1804 audit(1674841650.949:220): pid=30080 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3489665683/syzkaller.UmLESy/689/bus" dev="sda1" ino=14996 res=1 IPVS: ftp: loaded support on port[0] = 21 32-bit node address hash set to aaaa9e00 audit: type=1804 audit(1674841651.219:221): pid=30104 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3489665683/syzkaller.UmLESy/689/bus" dev="sda1" ino=14996 res=1 audit: type=1804 audit(1674841651.939:222): pid=30157 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3489665683/syzkaller.UmLESy/690/bus" dev="sda1" ino=13895 res=1 overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. audit: type=1804 audit(1674841652.039:223): pid=30159 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3489665683/syzkaller.UmLESy/690/bus" dev="sda1" ino=13895 res=1 BTRFS info (device loop5): enabling inode map caching BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents audit: type=1800 audit(1674841652.779:224): pid=30260 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=13929 res=0 overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. audit: type=1804 audit(1674841652.879:225): pid=30280 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3489665683/syzkaller.UmLESy/691/bus" dev="sda1" ino=13930 res=1 audit: type=1804 audit(1674841653.029:226): pid=30283 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir3489665683/syzkaller.UmLESy/691/bus" dev="sda1" ino=13930 res=1 BTRFS info (device loop5): enabling inode map caching BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by syz-executor.0 (30290) BTRFS warning (device loop5): excessive commit interval 622039222 BTRFS warning (device ): duplicate device /dev/loop0 devid 1 generation 8 scanned by systemd-udevd (30325) BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor.4 (30310) BTRFS warning (device ): duplicate device /dev/loop4 devid 1 generation 8 scanned by systemd-udevd (30321)