====================================================== WARNING: possible circular locking dependency detected 4.19.211-syzkaller #0 Not tainted ------------------------------------------------------ syz-executor.5/19840 is trying to acquire lock: 000000009d5fb10f (&tree->tree_lock){+.+.}, at: hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 but task is already holding lock: 000000007319a59f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}: hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457 hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357 hfsplus_create_cat+0x1e3/0x1210 fs/hfsplus/catalog.c:272 hfsplus_fill_super+0x14a8/0x19e0 fs/hfsplus/super.c:560 mount_bdev+0x2fc/0x3b0 fs/super.c:1158 mount_fs+0xa3/0x310 fs/super.c:1261 vfs_kern_mount.part.0+0x68/0x470 fs/namespace.c:961 vfs_kern_mount fs/namespace.c:951 [inline] do_new_mount fs/namespace.c:2492 [inline] do_mount+0x115c/0x2f50 fs/namespace.c:2822 ksys_mount+0xcf/0x130 fs/namespace.c:3038 __do_sys_mount fs/namespace.c:3052 [inline] __se_sys_mount fs/namespace.c:3049 [inline] __x64_sys_mount+0xba/0x150 fs/namespace.c:3049 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #0 (&tree->tree_lock){+.+.}: __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock); lock(&HFSPLUS_I(inode)->extents_lock); lock(&tree->tree_lock); *** DEADLOCK *** 3 locks held by syz-executor.5/19840: #0: 000000007e52d17f (sb_writers#28){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline] #0: 000000007e52d17f (sb_writers#28){.+.+}, at: mnt_want_write+0x3a/0xb0 fs/namespace.c:360 #1: 00000000d6337c2d (&sb->s_type->i_mutex_key#31){+.+.}, at: inode_lock include/linux/fs.h:748 [inline] #1: 00000000d6337c2d (&sb->s_type->i_mutex_key#31){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61 #2: 000000007319a59f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576 stack backtrace: CPU: 1 PID: 19840 Comm: syz-executor.5 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222 check_prev_add kernel/locking/lockdep.c:1866 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 __mutex_lock_common kernel/locking/mutex.c:937 [inline] __mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078 hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595 hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263 notify_change+0x70b/0xfc0 fs/attr.c:334 do_truncate+0x134/0x1f0 fs/open.c:63 handle_truncate fs/namei.c:3009 [inline] do_last fs/namei.c:3427 [inline] path_openat+0x2308/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f38880810f9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f38865f3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f38881a0f80 RCX: 00007f38880810f9 RDX: 0000000000000000 RSI: 0000000000143242 RDI: 0000000020000000 RBP: 00007f38880dcae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffeca9229ff R14: 00007f38865f3300 R15: 0000000000022000 Bluetooth: hci1: command 0x0419 tx timeout kauditd_printk_skb: 46 callbacks suppressed audit: type=1804 audit(1677458852.761:268): pid=19844 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3958334372/syzkaller.ijzLdx/201/bus" dev="sda1" ino=14389 res=1 f2fs_msg: 8 callbacks suppressed F2FS-fs (loop4): invalid crc value F2FS-fs (loop4): Found nat_bits in checkpoint F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. audit: type=1804 audit(1677458854.531:269): pid=19963 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3958334372/syzkaller.ijzLdx/202/bus" dev="sda1" ino=14773 res=1 F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 audit: type=1804 audit(1677458854.621:270): pid=19972 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2491978707/syzkaller.hJPIW5/198/file0/bus" dev="loop4" ino=4 res=1 audit: type=1804 audit(1677458854.761:271): pid=20035 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3958334372/syzkaller.ijzLdx/203/bus" dev="sda1" ino=14785 res=1 dccp_close: ABORT with 64 bytes unread device lo entered promiscuous mode netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. Y4`Ҙ: renamed from lo netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. device lo entered promiscuous mode Y4`Ҙ: renamed from lo netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. device lo entered promiscuous mode Y4`Ҙ: renamed from lo