usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 ============================================ WARNING: possible recursive locking detected 4.14.305-syzkaller #0 Not tainted -------------------------------------------- syz-executor.2/9406 is trying to acquire lock: (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [] hfsplus_get_block+0x1f9/0x820 fs/hfsplus/extents.c:260 but task is already holding lock: (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&HFSPLUS_I(inode)->extents_lock); lock(&HFSPLUS_I(inode)->extents_lock); *** DEADLOCK *** May be due to missing lock nesting notation 5 locks held by syz-executor.2/9406: #0: (&type->s_umount_key#47/1){+.+.}, at: [] alloc_super fs/super.c:251 [inline] #0: (&type->s_umount_key#47/1){+.+.}, at: [] sget_userns+0x556/0xc10 fs/super.c:516 #1: (&sbi->vh_mutex){+.+.}, at: [] hfsplus_fill_super+0x1314/0x1850 fs/hfsplus/super.c:553 #2: (&tree->tree_lock){+.+.}, at: [] hfsplus_find_init+0x1a8/0x220 fs/hfsplus/bfind.c:30 #3: (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452 #4: (&sbi->alloc_mutex){+.+.}, at: [] hfsplus_block_allocate+0xd2/0x910 fs/hfsplus/bitmap.c:35 stack backtrace: CPU: 0 PID: 9406 Comm: syz-executor.2 Not tainted 4.14.305-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_deadlock_bug kernel/locking/lockdep.c:1800 [inline] check_deadlock kernel/locking/lockdep.c:1847 [inline] validate_chain kernel/locking/lockdep.c:2448 [inline] __lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 hfsplus_get_block+0x1f9/0x820 fs/hfsplus/extents.c:260 block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316 do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713 read_mapping_page include/linux/pagemap.h:398 [inline] hfsplus_block_allocate+0x189/0x910 fs/hfsplus/bitmap.c:37 hfsplus_file_extend+0x421/0xef0 fs/hfsplus/extents.c:463 hfsplus_bmap_reserve+0x26e/0x410 fs/hfsplus/btree.c:357 hfsplus_create_cat+0x1af/0x10d0 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x1386/0x1850 fs/hfsplus/super.c:560 mount_bdev+0x2b3/0x360 fs/super.c:1134 mount_fs+0x92/0x2a0 fs/super.c:1237 vfs_kern_mount.part.0+0x5b/0x470 fs/namespace.c:1046 vfs_kern_mount fs/namespace.c:1036 [inline] do_new_mount fs/namespace.c:2572 [inline] do_mount+0xe65/0x2a30 fs/namespace.c:2905 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7fb47245262a RSP: 002b:00007fb4709c2f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 000000000000061b RCX: 00007fb47245262a RDX: 0000000020000600 RSI: 00000000200001c0 RDI: 00007fb4709c2fe0 RBP: 00007fb4709c3020 R08: 00007fb4709c3020 R09: 0000000001a00010 R10: 0000000001a00010 R11: 0000000000000202 R12: 0000000020000600 R13: 00000000200001c0 R14: 00007fb4709c2fe0 R15: 0000000020000140 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #1 print_req_error: I/O error, dev loop2, sector 0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 hrtimer: interrupt took 26519 ns usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.5' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #1 hfs: session requires an argument hfs: unable to parse mount options NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #1 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 hfs: session requires an argument hfs: unable to parse mount options usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #0 usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor.0' sets config #1 NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds hfs: session requires an argument hfs: unable to parse mount options BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds print_req_error: I/O error, dev loop4, sector 0 BTRFS info (device loop0): using free space tree BTRFS info (device loop0): has skinny extents hfs: session requires an argument hfs: unable to parse mount options NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents ISO 9660 Extensions: Microsoft Joliet Level 0 rock: corrupted directory entry. extent=32, offset=2044, size=237 overlayfs: fs on './file0' does not support file handles, falling back to index=off. ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). ISO 9660 Extensions: Microsoft Joliet Level 0 rock: corrupted directory entry. extent=32, offset=2044, size=237 overlayfs: fs on './file0' does not support file handles, falling back to index=off. ISOFS: Interleaved files not (yet) supported. ISO 9660 Extensions: Microsoft Joliet Level 0 ISOFS: File unit size != 0 for ISO file (1856). rock: corrupted directory entry. extent=32, offset=2044, size=237 ISO 9660 Extensions: Microsoft Joliet Level 0 overlayfs: fs on './file0' does not support file handles, falling back to index=off. rock: corrupted directory entry. extent=32, offset=2044, size=237 ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). overlayfs: fs on './file0' does not support file handles, falling back to index=off. ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. ISO 9660 Extensions: Microsoft Joliet Level 0 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. rock: corrupted directory entry. extent=32, offset=2044, size=237 netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. overlayfs: fs on './file0' does not support file handles, falling back to index=off. ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. ISO 9660 Extensions: Microsoft Joliet Level 0 rock: corrupted directory entry. extent=32, offset=2044, size=237 ISO 9660 Extensions: Microsoft Joliet Level 0 overlayfs: fs on './file0' does not support file handles, falling back to index=off. rock: corrupted directory entry. extent=32, offset=2044, size=237 ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). overlayfs: fs on './file0' does not support file handles, falling back to index=off. syz-executor.0 (10087) used greatest stack depth: 24680 bytes left ISO 9660 Extensions: Microsoft Joliet Level 0 rock: corrupted directory entry. extent=32, offset=2044, size=237 rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future overlayfs: fs on './file0' does not support file handles, falling back to index=off. bridge0: port 3(ipvlan2) entered blocking state rtc rtc0: __rtc_set_alarm: err=-22 rtc_cmos 00:00: Alarms can be up to one day in the future bridge0: port 3(ipvlan2) entered disabled state ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). ISO 9660 Extensions: Microsoft Joliet Level 0 rock: corrupted directory entry. extent=32, offset=2044, size=237 rtc_cmos 00:00: Alarms can be up to one day in the future overlayfs: fs on './file0' does not support file handles, falling back to index=off. ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). rtc_cmos 00:00: Alarms can be up to one day in the future bridge0: port 3(ipvlan2) entered blocking state bridge0: port 3(ipvlan2) entered disabled state ISO 9660 Extensions: Microsoft Joliet Level 0 rtc_cmos 00:00: Alarms can be up to one day in the future rock: corrupted directory entry. extent=32, offset=2044, size=237 rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future bridge0: port 3(ipvlan2) entered blocking state bridge0: port 3(ipvlan2) entered disabled state rtc_cmos 00:00: Alarms can be up to one day in the future rtc rtc0: __rtc_set_alarm: err=-22 rtc_cmos 00:00: Alarms can be up to one day in the future overlayfs: fs on './file0' does not support file handles, falling back to index=off. rtc_cmos 00:00: Alarms can be up to one day in the future ISOFS: Interleaved files not (yet) supported. ISOFS: File unit size != 0 for ISO file (1856). rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc_cmos 00:00: Alarms can be up to one day in the future rtc rtc0: __rtc_set_alarm: err=-22