====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/12211 is trying to acquire lock: 0000000036e1a238 (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 but task is already holding lock: 00000000549314ed (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&tree->tree_lock){+.+.}: hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357 hfsplus_create_cat+0x1e3/0x1210 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x14a8/0x19e0 fs/hfsplus/super.c:560 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&tree->tree_lock); lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock); lock(&HFSPLUS_I(inode)->extents_lock); *** DEADLOCK *** 3 locks held by syz-executor.5/12211: #0: 00000000afc3ba58 (&type->s_umount_key#53/1){+.+.}, at: alloc_super fs/super.c:226 [inline] #0: 00000000afc3ba58 (&type->s_umount_key#53/1){+.+.}, at: sget_userns+0x20b/0xcd0 fs/super.c:519 #1: 0000000000933adc (&sbi->vh_mutex){+.+.}, at: hfsplus_fill_super+0x1421/0x19e0 fs/hfsplus/super.c:553 #2: 00000000549314ed (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30 stack backtrace: CPU: 1 PID: 12211 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357 hfsplus_create_cat+0x1e3/0x1210 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x14a8/0x19e0 fs/hfsplus/super.c:560 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f90b7fa462a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f90b6514f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000671 RCX: 00007f90b7fa462a RDX: 00000000200000c0 RSI: 00000000200008c0 RDI: 00007f90b6514fe0 RBP: 00007f90b6515020 R08: 00007f90b6515020 R09: 0000000000800000 R10: 0000000000800000 R11: 0000000000000202 R12: 00000000200000c0 R13: 00000000200008c0 R14: 00007f90b6514fe0 R15: 0000000020000100 Process accounting resumed hfsplus: unable to parse mount options EXT4-fs mount: 8 callbacks suppressed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue hfsplus: unable to parse mount options Process accounting resumed hfsplus: unable to parse mount options EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed hfsplus: unable to parse mount options EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue hfsplus: unable to parse mount options Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue base_sock_release(00000000bd849f13) sk=000000008615e3b4 Process accounting resumed new mount options do not match the existing superblock, will be ignored kauditd_printk_skb: 5 callbacks suppressed audit: type=1804 audit(1676810673.848:73): pid=12961 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1571276016/syzkaller.9mDPow/952/bus/cgroup.controllers" dev="loop5" ino=25 res=1 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue new mount options do not match the existing superblock, will be ignored base_sock_release(00000000fa924781) sk=00000000d6070dc5 Process accounting resumed new mount options do not match the existing superblock, will be ignored EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue audit: type=1804 audit(1676810674.098:74): pid=12993 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir1571276016/syzkaller.9mDPow/953/bus/cgroup.controllers" dev="loop5" ino=25 res=1 base_sock_release(00000000b3feb461) sk=0000000087b33985 Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs warning (device loop2): ext4_multi_mount_protect:386: Unable to create kmmpd thread for loop2. EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue hfsplus: unable to parse mount options Process accounting resumed hfsplus: unable to parse mount options EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue hfsplus: unable to parse mount options EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed 9pnet: Insufficient options for proto=fd EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue hfsplus: unable to parse mount options Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue Process accounting resumed Process accounting resumed