EXT4-fs (loop2): orphan cleanup on readonly fs
======================================================
EXT4-fs warning (device loop2): ext4_enable_quotas:5883: Failed to enable quota tracking (type=1, err=-13). Please run e2fsck to fix.
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
EXT4-fs (loop2): Cannot turn on quotas: error -13
syz-executor.0/30676 is trying to acquire lock:
00000000e55ad128 (&tree->tree_lock){+.+.}, at: hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595
EXT4-fs error (device loop2): ext4_orphan_get:1256: comm syz-executor.2: bad orphan inode 16

but task is already holding lock:
000000004d41cf00 (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}:
       hfsplus_get_block+0x292/0x960 fs/hfsplus/extents.c:260
       block_read_full_page+0x288/0xd10 fs/buffer.c:2259
EXT4-fs (loop2): Remounting filesystem read-only
       do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
       read_mapping_page include/linux/pagemap.h:402 [inline]
       __hfs_bnode_create+0x5b7/0xb60 fs/hfsplus/bnode.c:447
ext4_test_bit(bit=15, block=18) = 0
       hfsplus_bnode_find+0x2aa/0xb80 fs/hfsplus/bnode.c:497
       hfsplus_brec_find+0x2af/0x500 fs/hfsplus/bfind.c:183
       hfsplus_brec_read+0x28/0x120 fs/hfsplus/bfind.c:222
       hfsplus_find_cat+0x1d0/0x480 fs/hfsplus/catalog.c:202
       hfsplus_iget+0x400/0x790 fs/hfsplus/super.c:81
EXT4-fs (loop2): mounted filesystem without journal. Opts: usrjquota=,errors=remount-ro,data_err=abort,min_batch_time=0x00000000000000b
       hfsplus_fill_super+0xc5f/0x19e0 fs/hfsplus/super.c:503
       mount_bdev+0x2fc/0x3b0 fs/super.c:1158
       mount_fs+0xa3/0x310 fs/super.c:1261
       vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961
EXT4-fs error (device loop4): ext4_orphan_get:1256: comm syz-executor.4: bad orphan inode 16
       vfs_kern_mount fs/namespace.c:951 [inline]
       do_new_mount fs/namespace.c:2492 [inline]
       do_mount+0x115c/0x2f50 fs/namespace.c:2822
       ksys_mount+0xcf/0x130 fs/namespace.c:3038
       __do_sys_mount fs/namespace.c:3052 [inline]
       __se_sys_mount fs/namespace.c:3049 [inline]
       __x64_sys_mount+0xba/0x150 fs/namespace.c:3049
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

-> #0 (&tree->tree_lock){+.+.}:
       __mutex_lock_common kernel/locking/mutex.c:937 [inline]
       __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
       hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595
       hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263
       notify_change+0x70b/0xfc0 fs/attr.c:334
       do_truncate+0x134/0x1f0 fs/open.c:63
       handle_truncate fs/namei.c:3009 [inline]
       do_last fs/namei.c:3427 [inline]
       path_openat+0x2308/0x2df0 fs/namei.c:3537
       do_filp_open+0x18c/0x3f0 fs/namei.c:3567
       do_sys_open+0x3b3/0x520 fs/open.c:1085
       do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
       entry_SYSCALL_64_after_hwframe+0x49/0xbe

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&HFSPLUS_I(inode)->extents_lock);
                               lock(&tree->tree_lock);
                               lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&tree->tree_lock);

 *** DEADLOCK ***

3 locks held by syz-executor.0/30676:
 #0: 000000000f9afd30 (sb_writers#33){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
 #0: 000000000f9afd30 (sb_writers#33){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360
 #1: 000000004dfff421 (&sb->s_type->i_mutex_key#38){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
 #1: 000000004dfff421 (&sb->s_type->i_mutex_key#38){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61
audit: type=1804 audit(1677539253.853:16037): pid=30689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2030791045/syzkaller.vpnYsy/598/bus" dev="sda1" ino=14772 res=1
 #2: 000000004d41cf00 (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576

stack backtrace:
CPU: 1 PID: 30676 Comm: syz-executor.0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
 check_prev_add kernel/locking/lockdep.c:1866 [inline]
 check_prevs_add kernel/locking/lockdep.c:1979 [inline]
 validate_chain kernel/locking/lockdep.c:2420 [inline]
 __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
audit: type=1800 audit(1677539253.853:16038): pid=30689 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=14772 res=0
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 __mutex_lock_common kernel/locking/mutex.c:937 [inline]
 __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
 hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595
 hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263
 notify_change+0x70b/0xfc0 fs/attr.c:334
 do_truncate+0x134/0x1f0 fs/open.c:63
 handle_truncate fs/namei.c:3009 [inline]
 do_last fs/namei.c:3427 [inline]
 path_openat+0x2308/0x2df0 fs/namei.c:3537
 do_filp_open+0x18c/0x3f0 fs/namei.c:3567
 do_sys_open+0x3b3/0x520 fs/open.c:1085
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb3950090f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb39357b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fb395128f80 RCX: 00007fb3950090f9
RDX: 0000000000000000 RSI: 0000000000080b00 RDI: 0000000020000180
RBP: 00007fb395064ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffee43f1bcf R14: 00007fb39357b300 R15: 0000000000022000
EXT4-fs (loop4): Remounting filesystem read-only
ext4_test_bit(bit=15, block=18) = 0
EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=,errors=remount-ro,data_err=abort,min_batch_time=0x00000000000000b
[EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=b002c028, mo2=0002]
System zones: 0-1, 15-15, 18-18, 34-34
EXT4-fs (loop2): orphan cleanup on readonly fs
EXT4-fs warning (device loop2): ext4_enable_quotas:5883: Failed to enable quota tracking (type=1, err=-13). Please run e2fsck to fix.
EXT4-fs (loop2): Cannot turn on quotas: error -13
EXT4-fs error (device loop2): ext4_orphan_get:1256: comm syz-executor.2: bad orphan inode 16
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
audit: type=1804 audit(1677539254.993:16039): pid=30713 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2030791045/syzkaller.vpnYsy/599/bus" dev="sda1" ino=14161 res=1
EXT4-fs (loop2): Remounting filesystem read-only
sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
audit: type=1800 audit(1677539254.993:16040): pid=30713 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=14161 res=0
[EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=b002c028, mo2=0002]
System zones: 0-1, 15-15, 18-18, 34-34
ext4_test_bit(bit=15, block=18) = 0
EXT4-fs (loop4): orphan cleanup on readonly fs
audit: type=1804 audit(1677539255.233:16041): pid=30722 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir153707200/syzkaller.pqFWpO/44/bus" dev="sda1" ino=14274 res=1
EXT4-fs (loop2): mounted filesystem without journal. Opts: usrjquota=,errors=remount-ro,data_err=abort,min_batch_time=0x00000000000000b
EXT4-fs warning (device loop4): ext4_enable_quotas:5883: Failed to enable quota tracking (type=1, err=-13). Please run e2fsck to fix.
audit: type=1800 audit(1677539255.233:16042): pid=30722 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14274 res=0
EXT4-fs (loop4): Cannot turn on quotas: error -13
EXT4-fs error (device loop4): ext4_orphan_get:1256: comm syz-executor.4: bad orphan inode 16
EXT4-fs (loop4): Remounting filesystem read-only
ext4_test_bit(bit=15, block=18) = 0
EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=,errors=remount-ro,data_err=abort,min_batch_time=0x00000000000000b
audit: type=1804 audit(1677539255.923:16043): pid=30766 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2030791045/syzkaller.vpnYsy/600/bus" dev="sda1" ino=14003 res=1
audit: type=1800 audit(1677539255.923:16044): pid=30766 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=14003 res=0
audit: type=1804 audit(1677539256.343:16045): pid=30776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir153707200/syzkaller.pqFWpO/45/bus" dev="sda1" ino=14177 res=1
audit: type=1800 audit(1677539256.343:16046): pid=30776 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14177 res=0
audit: type=1800 audit(1677539256.653:16047): pid=30783 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14610 res=0
audit: type=1800 audit(1677539256.673:16048): pid=30783 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14610 res=0
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
REISERFS (device loop2): Using r5 hash to sort names
x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING
x_tables: ip6_tables: realm match: used from hooks PREROUTING, but only valid from INPUT/FORWARD/OUTPUT/POSTROUTING
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop4): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop2): checking transaction log (loop2)
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop4): checking transaction log (loop4)
REISERFS (device loop4): Using r5 hash to sort names
REISERFS (device loop4): using 3.5.x disk format
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop4): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop4): checking transaction log (loop4)
REISERFS (device loop2): using ordered data mode
REISERFS (device loop4): Using r5 hash to sort names
reiserfs: using flush barriers
REISERFS (device loop4): using 3.5.x disk format
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
REISERFS (device loop2): checking transaction log (loop2)
REISERFS (device loop2): Using r5 hash to sort names
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
kauditd_printk_skb: 32 callbacks suppressed
audit: type=1804 audit(1677539260.124:16081): pid=30920 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir923076590/syzkaller.gLRF78/642/bus" dev="sda1" ino=14804 res=1
audit: type=1804 audit(1677539260.174:16082): pid=30921 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2030791045/syzkaller.vpnYsy/603/bus" dev="sda1" ino=14529 res=1
audit: type=1804 audit(1677539260.234:16083): pid=30923 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir923076590/syzkaller.gLRF78/642/bus" dev="sda1" ino=14804 res=1
audit: type=1804 audit(1677539260.294:16084): pid=30925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir2030791045/syzkaller.vpnYsy/603/bus" dev="sda1" ino=14529 res=1
audit: type=1800 audit(1677539260.764:16085): pid=30938 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14796 res=0
REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
audit: type=1800 audit(1677539260.804:16086): pid=30938 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=14796 res=0
REISERFS (device loop4): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
audit: type=1804 audit(1677539260.814:16087): pid=30901 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1139060923/syzkaller.mouE43/614/file0" dev="sda1" ino=14797 res=1
REISERFS (device loop4): checking transaction log (loop4)
REISERFS (device loop4): Using r5 hash to sort names
REISERFS (device loop4): using 3.5.x disk format
audit: type=1800 audit(1677539260.904:16088): pid=30945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14780 res=0
REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
audit: type=1800 audit(1677539260.904:16089): pid=30945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=14780 res=0
REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop2): using ordered data mode
audit: type=1804 audit(1677539261.234:16090): pid=30932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1461011369/syzkaller.Db0VAS/60/bus/bus" dev="loop4" ino=2 res=1
reiserfs: using flush barriers
REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop2): checking transaction log (loop2)
REISERFS (device loop2): Using r5 hash to sort names
new mount options do not match the existing superblock, will be ignored
REISERFS (device loop2): using 3.5.x disk format
REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'.
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'.
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'.
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored
new mount options do not match the existing superblock, will be ignored