Process accounting resumed ====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.4/16306 is trying to acquire lock: 0000000027eccf54 (&HFS_I(tree->inode)->extents_lock){+.+.}, at: hfs_extend_file+0x93/0xac0 fs/hfs/extent.c:397 but task is already holding lock: 000000003d560833 (&tree->tree_lock#2/1){+.+.}, at: hfs_find_init+0x17e/0x230 fs/hfs/bfind.c:33 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&tree->tree_lock#2/1){+.+.}: hfs_find_init+0x17e/0x230 fs/hfs/bfind.c:33 hfs_ext_read_extent+0x191/0xa20 fs/hfs/extent.c:200 hfs_get_block+0x53d/0x7e0 fs/hfs/extent.c:366 block_read_full_page+0x288/0xd10 fs/buffer.c:2259 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] hfs_btree_open+0x6ae/0x1430 fs/hfs/btree.c:78 hfs_mdb_get+0x148c/0x1cf0 fs/hfs/mdb.c:198 hfs_fill_super+0xd6a/0x1310 fs/hfs/super.c:413 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfs_extend_file+0x93/0xac0 fs/hfs/extent.c:397 hfs_bmap_reserve+0x241/0x390 fs/hfs/btree.c:231 __hfs_ext_write_extent+0x3c1/0x510 fs/hfs/extent.c:121 __hfs_ext_cache_extent fs/hfs/extent.c:174 [inline] hfs_ext_read_extent+0x810/0xa20 fs/hfs/extent.c:202 hfs_extend_file+0x4a0/0xac0 fs/hfs/extent.c:401 hfs_get_block+0x17b/0x7e0 fs/hfs/extent.c:353 __block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978 __block_write_begin fs/buffer.c:2028 [inline] block_write_begin+0x58/0x2e0 fs/buffer.c:2087 cont_write_begin+0x55a/0x820 fs/buffer.c:2440 hfs_write_begin+0x87/0x150 fs/hfs/inode.c:58 cont_expand_zero fs/buffer.c:2367 [inline] cont_write_begin+0x2ee/0x820 fs/buffer.c:2430 hfs_write_begin+0x87/0x150 fs/hfs/inode.c:58 hfs_file_truncate+0xb46/0xee0 fs/hfs/extent.c:494 hfs_inode_setattr+0x4c5/0x6e0 fs/hfs/inode.c:644 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 do_sys_ftruncate+0x492/0x560 fs/open.c:194 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&tree->tree_lock#2/1); lock(&HFS_I(tree->inode)->extents_lock); lock(&tree->tree_lock#2/1); lock(&HFS_I(tree->inode)->extents_lock); *** DEADLOCK *** 4 locks held by syz-executor.4/16306: #0: 000000000826dd93 (sb_writers#18){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 000000000826dd93 (sb_writers#18){.+.+}, at: do_sys_ftruncate+0x297/0x560 fs/open.c:189 #1: 000000005665f4cc (&sb->s_type->i_mutex_key#25){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 000000005665f4cc (&sb->s_type->i_mutex_key#25){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 00000000252ed3e7 (&HFS_I(inode)->extents_lock#2){+.+.}, at: hfs_extend_file+0x93/0xac0 fs/hfs/extent.c:397 #3: 000000003d560833 (&tree->tree_lock#2/1){+.+.}, at: hfs_find_init+0x17e/0x230 fs/hfs/bfind.c:33 stack backtrace: CPU: 1 PID: 16306 Comm: syz-executor.4 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfs_extend_file+0x93/0xac0 fs/hfs/extent.c:397 hfs_bmap_reserve+0x241/0x390 fs/hfs/btree.c:231 __hfs_ext_write_extent+0x3c1/0x510 fs/hfs/extent.c:121 __hfs_ext_cache_extent fs/hfs/extent.c:174 [inline] hfs_ext_read_extent+0x810/0xa20 fs/hfs/extent.c:202 hfs_extend_file+0x4a0/0xac0 fs/hfs/extent.c:401 hfs_get_block+0x17b/0x7e0 fs/hfs/extent.c:353 __block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978 __block_write_begin fs/buffer.c:2028 [inline] block_write_begin+0x58/0x2e0 fs/buffer.c:2087 cont_write_begin+0x55a/0x820 fs/buffer.c:2440 hfs_write_begin+0x87/0x150 fs/hfs/inode.c:58 cont_expand_zero fs/buffer.c:2367 [inline] cont_write_begin+0x2ee/0x820 fs/buffer.c:2430 hfs_write_begin+0x87/0x150 fs/hfs/inode.c:58 hfs_file_truncate+0xb46/0xee0 fs/hfs/extent.c:494 hfs_inode_setattr+0x4c5/0x6e0 fs/hfs/inode.c:644 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 do_sys_ftruncate+0x492/0x560 fs/open.c:194 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f925cb540a9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f925b0c6168 EFLAGS: 00000246 ORIG_RAX: 000000000000004d RAX: ffffffffffffffda RBX: 00007f925cc73f80 RCX: 00007f925cb540a9 RDX: 0000000000000000 RSI: 00000000000045ec RDI: 0000000000000004 RBP: 00007f925cbafae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff5ebbad7f R14: 00007f925b0c6300 R15: 0000000000022000 netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. Process accounting resumed netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue misc userio: Invalid payload size EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue misc userio: Invalid payload size EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue misc userio: Invalid payload size BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): use zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents misc userio: Invalid payload size EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): using ordered data mode reiserfs: using flush barriers REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): checking transaction log (loop2) 8021q: adding VLAN 0 to HW filter on device batadv0 REISERFS (device loop2): Using r5 hash to sort names REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. overlayfs: upper fs needs to support d_type. overlayfs: upper fs does not support tmpfile. overlayfs: upper fs does not support file handles, falling back to index=off. overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value BTRFS info (device loop5): force zlib compression, level 3 BTRFS info (device loop5): use zlib compression, level 3 BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): using ordered data mode reiserfs: using flush barriers REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode REISERFS (device loop2): checking transaction log (loop2) reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): Using r5 hash to sort names REISERFS (device loop4): checking transaction log (loop4) 8021q: adding VLAN 0 to HW filter on device batadv0 REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. overlayfs: upper fs needs to support d_type. BTRFS info (device loop5): force zlib compression, level 3 overlayfs: upper fs does not support tmpfile. REISERFS (device loop4): Using r5 hash to sort names BTRFS info (device loop5): use zlib compression, level 3 overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. overlayfs: upper fs does not support file handles, falling back to index=off. BTRFS info (device loop5): using free space tree BTRFS info (device loop5): has skinny extents BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor.1 (16647) BTRFS warning (device ): duplicate device /dev/loop1 devid 1 generation 8 scanned by systemd-udevd (16683) overlayfs: upper fs needs to support d_type. overlayfs: upper fs does not support tmpfile. REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal overlayfs: upper fs does not support file handles, falling back to index=off. REISERFS (device loop3): using ordered data mode overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value reiserfs: using flush barriers 8021q: adding VLAN 0 to HW filter on device batadv0 ieee802154 phy0 wpan0: encryption failed: -22 ieee802154 phy1 wpan1: encryption failed: -22 REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): using ordered data mode REISERFS (device loop3): Using r5 hash to sort names reiserfs: using flush barriers REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 overlayfs: upper fs needs to support d_type. 8021q: adding VLAN 0 to HW filter on device batadv0 overlayfs: upper fs does not support tmpfile. REISERFS (device loop2): checking transaction log (loop2) overlayfs: upper fs does not support file handles, falling back to index=off. REISERFS (device loop4): checking transaction log (loop4) overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value BTRFS info (device loop1): enabling inode map caching REISERFS (device loop4): Using r5 hash to sort names BTRFS warning (device loop1): excessive commit interval 622039222 REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. BTRFS info (device loop1): force zlib compression, level 3 BTRFS info (device loop1): using free space tree REISERFS (device loop2): Using r5 hash to sort names BTRFS info (device loop1): has skinny extents REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. overlayfs: upper fs needs to support d_type. overlayfs: upper fs does not support tmpfile. BTRFS warning (device ): duplicate device /dev/loop5 devid 1 generation 8 scanned by syz-executor.5 (16758) overlayfs: upper fs needs to support d_type. overlayfs: upper fs does not support file handles, falling back to index=off. overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value overlayfs: upper fs does not support tmpfile. overlayfs: upper fs does not support file handles, falling back to index=off. overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers audit: type=1800 audit(1672154537.853:108): pid=16746 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal REISERFS (device loop2): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): using ordered data mode overlayfs: upper fs needs to support d_type. overlayfs: upper fs does not support tmpfile. reiserfs: using flush barriers overlayfs: upper fs does not support file handles, falling back to index=off. REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop2): checking transaction log (loop2) REISERFS (device loop4): checking transaction log (loop4) overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value REISERFS (device loop2): Using r5 hash to sort names REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. REISERFS (device loop4): Using r5 hash to sort names overlayfs: upper fs needs to support d_type. REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. overlayfs: upper fs does not support tmpfile. overlayfs: upper fs does not support file handles, falling back to index=off. overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal REISERFS (device loop3): using ordered data mode reiserfs: using flush barriers overlayfs: upper fs needs to support d_type. overlayfs: upper fs does not support tmpfile. overlayfs: upper fs does not support file handles, falling back to index=off. overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop3): checking transaction log (loop3) REISERFS (device loop3): Using r5 hash to sort names REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. overlayfs: upper fs needs to support d_type. overlayfs: upper fs does not support tmpfile. overlayfs: upper fs does not support file handles, falling back to index=off. netlink: 'syz-executor.2': attribute type 1 has an invalid length. netlink: 236 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. overlayfs: unrecognized mount option "metacŒ“õg{:‘ ¥ÏRopy=on" or missing value BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 BTRFS info (device loop1): force zlib compression, level 3 REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal BTRFS info (device loop1): using free space tree BTRFS info (device loop1): has skinny extents REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers syz-executor.2 (16894): drop_caches: 2 syz-executor.2 (16894): drop_caches: 2 REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop4): Using tea hash to sort names REISERFS warning (device loop4): super-2030 reiserfs_fill_super: This file system claims to use 1 bitmap blocks in its super block, but requires 65536. Clearing to zero. REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. audit: type=1800 audit(1672154540.563:109): pid=16906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 syz-executor.2 (16976): drop_caches: 2 syz-executor.2 (16976): drop_caches: 2 REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode syz-executor.2 (16995): drop_caches: 2 reiserfs: using flush barriers syz-executor.3 (17000): drop_caches: 2 REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 syz-executor.2 (16995): drop_caches: 2 syz-executor.3 (17000): drop_caches: 2 REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop4): Using tea hash to sort names REISERFS warning (device loop4): super-2030 reiserfs_fill_super: This file system claims to use 1 bitmap blocks in its super block, but requires 65536. Clearing to zero. syz-executor.3 (17014): drop_caches: 2 syz-executor.0 (17013): drop_caches: 2 REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. syz-executor.3 (17014): drop_caches: 2 syz-executor.0 (17013): drop_caches: 2 syz-executor.2 (17020): drop_caches: 2 syz-executor.2 (17020): drop_caches: 2 BTRFS info (device loop1): enabling inode map caching BTRFS warning (device loop1): excessive commit interval 622039222 syz-executor.3 (17030): drop_caches: 2 BTRFS info (device loop1): force zlib compression, level 3 BTRFS info (device loop1): using free space tree syz-executor.3 (17030): drop_caches: 2 BTRFS info (device loop1): has skinny extents audit: type=1800 audit(1672154541.513:110): pid=17004 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 syz-executor.0 (17074): drop_caches: 2 REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal REISERFS (device loop4): using ordered data mode reiserfs: using flush barriers REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 syz-executor.0 (17074): drop_caches: 2 REISERFS (device loop4): checking transaction log (loop4) REISERFS (device loop4): Using tea hash to sort names REISERFS warning (device loop4): super-2030 reiserfs_fill_super: This file system claims to use 1 bitmap blocks in its super block, but requires 65536. Clearing to zero. REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. syz-executor.0 (17124): drop_caches: 2 syz-executor.0 (17124): drop_caches: 2