hfsplus: xattr searching failed hfsplus: request for non-existent node 2048 in B*Tree hfsplus: request for non-existent node 2048 in B*Tree hfsplus: xattr searching failed ====================================================== WARNING: possible circular locking dependency detected 4.14.302-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.0/11176 is trying to acquire lock: (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452 but task is already holding lock: (&tree->tree_lock/1){+.+.}, at: [] hfsplus_find_init+0x161/0x220 fs/hfsplus/bfind.c:33 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&tree->tree_lock/1){+.+.}: __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 hfsplus_find_init+0x161/0x220 fs/hfsplus/bfind.c:33 hfsplus_file_truncate+0x25b/0xe80 fs/hfsplus/extents.c:577 hfsplus_setattr+0x182/0x310 fs/hfsplus/inode.c:264 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 vfs_truncate+0x456/0x680 fs/open.c:120 do_sys_truncate.part.0+0xdc/0xf0 fs/open.c:143 do_sys_truncate fs/open.c:137 [inline] SYSC_truncate fs/open.c:155 [inline] SyS_truncate+0x23/0x40 fs/open.c:153 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 -> #0 (&HFSPLUS_I(inode)->extents_lock){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452 hfsplus_bmap_reserve+0x26e/0x410 fs/hfsplus/btree.c:357 __hfsplus_ext_write_extent+0x415/0x560 fs/hfsplus/extents.c:104 __hfsplus_ext_cache_extent fs/hfsplus/extents.c:186 [inline] hfsplus_file_truncate+0xb37/0xe80 fs/hfsplus/extents.c:591 hfsplus_setattr+0x182/0x310 fs/hfsplus/inode.c:264 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 do_sys_ftruncate.constprop.0+0x3a3/0x480 fs/open.c:205 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&tree->tree_lock/1); lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock/1); lock(&HFSPLUS_I(inode)->extents_lock); *** DEADLOCK *** 4 locks held by syz-executor.0/11176: #0: (sb_writers#13){.+.+}, at: [] sb_start_write include/linux/fs.h:1551 [inline] #0: (sb_writers#13){.+.+}, at: [] do_sys_ftruncate.constprop.0+0x1fb/0x480 fs/open.c:200 #1: (&sb->s_type->i_mutex_key#21){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] #1: (&sb->s_type->i_mutex_key#21){+.+.}, at: [] do_truncate+0xf0/0x1a0 fs/open.c:61 #2: (&hip->extents_lock){+.+.}, at: [] hfsplus_file_truncate+0x1ba/0xe80 fs/hfsplus/extents.c:571 #3: (&tree->tree_lock/1){+.+.}, at: [] hfsplus_find_init+0x161/0x220 fs/hfsplus/bfind.c:33 stack backtrace: CPU: 1 PID: 11176 Comm: syz-executor.0 Not tainted 4.14.302-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 __mutex_lock_common kernel/locking/mutex.c:756 [inline] __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893 hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452 hfsplus_bmap_reserve+0x26e/0x410 fs/hfsplus/btree.c:357 __hfsplus_ext_write_extent+0x415/0x560 fs/hfsplus/extents.c:104 __hfsplus_ext_cache_extent fs/hfsplus/extents.c:186 [inline] hfsplus_file_truncate+0xb37/0xe80 fs/hfsplus/extents.c:591 hfsplus_setattr+0x182/0x310 fs/hfsplus/inode.c:264 notify_change+0x56b/0xd10 fs/attr.c:315 do_truncate+0xff/0x1a0 fs/open.c:63 do_sys_ftruncate.constprop.0+0x3a3/0x480 fs/open.c:205 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x5e/0xd3 RIP: 0033:0x7f003a08d0a9 RSP: 002b:00007f00385ff168 EFLAGS: 00000246 ORIG_RAX: 000000000000004d RAX: ffffffffffffffda RBX: 00007f003a1acf80 RCX: 00007f003a08d0a9 RDX: 0000000000000000 RSI: 000000000000ff00 RDI: 0000000000000004 RBP: 00007f003a0e8ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdba0d92ef R14: 00007f00385ff300 R15: 0000000000022000 syz-executor.3 calls setitimer() with new_value NULL pointer. Misfeature support will be removed sock: process `syz-executor.3' is using obsolete getsockopt SO_BSDCOMPAT audit: type=1804 audit(1672662629.081:3): pid=11256 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir379681693/syzkaller.MIPOWc/111/bus" dev="sda1" ino=14047 res=1 audit: type=1804 audit(1672662629.171:4): pid=11290 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir2910126868/syzkaller.yRUQQg/108/bus" dev="sda1" ino=14035 res=1 audit: type=1800 audit(1672662629.421:5): pid=11331 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file1" dev="sda1" ino=14110 res=0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 BTRFS info (device loop3): using free space tree BTRFS info (device loop3): has skinny extents XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount BTRFS error (device loop3): fail to start transaction for status update: -28 syz-executor.5 (11312) used greatest stack depth: 24880 bytes left XFS (loop5): Unmounting Filesystem audit: type=1800 audit(1672662630.131:6): pid=11416 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file1" dev="sda1" ino=14111 res=0 netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop5): Unmounting Filesystem XFS (loop2): Mounting V4 Filesystem XFS (loop2): Ending clean mount XFS (loop2): Unmounting Filesystem netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. hfsplus: can't free extent bridge0: port 2(bridge_slave_1) entered disabled state bridge0: port 1(bridge_slave_0) entered disabled state batman_adv: batadv0: Interface deactivated: batadv_slave_0 batman_adv: batadv0: Interface deactivated: batadv_slave_1 XFS (loop2): Mounting V4 Filesystem XFS (loop2): Ending clean mount XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop2): Unmounting Filesystem XFS (loop5): Unmounting Filesystem input: syz1 as /devices/virtual/input/input5 input: syz1 as /devices/virtual/input/input6 netlink: 84 bytes leftover after parsing attributes in process `syz-executor.0'. XFS (loop2): Mounting V4 Filesystem XFS (loop2): Ending clean mount XFS (loop2): Unmounting Filesystem XFS (loop5): Mounting V4 Filesystem XFS (loop5): Ending clean mount XFS (loop5): Unmounting Filesystem input: syz1 as /devices/virtual/input/input7 input: syz1 as /devices/virtual/input/input8 unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 encrypted_key: insufficient parameters specified Bluetooth: Wrong link type (-71) IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1 bond1 (unregistering): Released all slaves ntfs: volume version 3.1. IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1 bond1 (unregistering): Released all slaves IPv6: ADDRCONF(NETDEV_UP): bond1: link is not ready 8021q: adding VLAN 0 to HW filter on device bond1 bond1 (unregistering): Released all slaves