[hfsplus?] possible deadlock in hfsplus_file_extend
4 views
Skip to first unread message
syzbot
Dec 29, 2022, 1:07:35 AM12/29/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c4215ee4771b Linux 4.14.302
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12790f08480000
kernel config: https://syzkaller.appspot.com/x/.config?x=4a9988fe055c9527
dashboard link: https://syzkaller.appspot.com/bug?extid=7a343c73c11c99d582b3
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10e30ec4480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=139638c0480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c93ba055d204/disk-c4215ee4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bfbc929a33c1/vmlinux-c4215ee4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/444658051770/bzImage-c4215ee4.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/0f2a0f2ae704/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7a343c...@syzkaller.appspotmail.com
WARNING: the mand mount option is being deprecated and
will be removed in v5.15!
======================================================
============================================
WARNING: possible recursive locking detected
4.14.302-syzkaller #0 Not tainted
--------------------------------------------
syz-executor729/7983 is trying to acquire lock:
(&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2d0a8>] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452
but task is already holding lock:
(&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2d0a8>] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&HFSPLUS_I(inode)->extents_lock);
lock(&HFSPLUS_I(inode)->extents_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
4 locks held by syz-executor729/7983:
#0: (sb_writers#10){.+.+}, at: [<ffffffff81867ecb>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff81867ecb>] do_sys_ftruncate.constprop.0+0x1fb/0x480 fs/open.c:200
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff818674b0>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff818674b0>] do_truncate+0xf0/0x1a0 fs/open.c:61
#2: (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2d0a8>] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452
#3: (&tree->tree_lock/1){+.+.}, at: [<ffffffff81d40441>] hfsplus_find_init+0x161/0x220 fs/hfsplus/bfind.c:33
stack backtrace:
CPU: 1 PID: 7983 Comm: syz-executor729 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_deadlock_bug kernel/locking/lockdep.c:1800 [inline]
check_deadlock kernel/locking/lockdep.c:1847 [inline]
validate_chain kernel/locking/lockdep.c:2448 [inline]
__lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452
hfsplus_bmap_reserve+0x26e/0x410 fs/hfsplus/btree.c:357
__hfsplus_ext_write_extent+0x415/0x560 fs/hfsplus/extents.c:104
__hfsplus_ext_cache_extent fs/hfsplus/extents.c:186 [inline]
hfsplus_ext_read_extent+0x81a/0x9e0 fs/hfsplus/extents.c:218
hfsplus_file_extend+0x616/0xef0 fs/hfsplus/extents.c:456
hfsplus_get_block+0x15b/0x820 fs/hfsplus/extents.c:245
__block_write_begin_int+0x35c/0x11d0 fs/buffer.c:2038
__block_write_begin fs/buffer.c:2088 [inline]
block_write_begin+0x58/0x270 fs/buffer.c:2147
cont_write_begin+0x4a3/0x740 fs/buffer.c:2497
hfsplus_write_begin+0x87/0x130 fs/hfsplus/inode.c:53
cont_expand_zero fs/buffer.c:2424 [inline]
cont_write_begin+0x296/0x740 fs/buffer.c:2487
hfsplus_write_begin+0x87/0x130 fs/hfsplus/inode.c:53
generic_cont_expand_simple+0xe1/0x130 fs/buffer.c:2388
hfsplus_setattr+0x139/0x310 fs/hfsplus/inode.c:258
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
do_sys_ftruncate.constprop.0+0x3a3/0x480 fs/open.c:205
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f273fdce799
RSP: 002b:00007ffd44f0db68 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f273fdce799
RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 0000000000000004
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: c4215ee4771b Linux 4.14.302
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12790f08480000
kernel config: https://syzkaller.appspot.com/x/.config?x=4a9988fe055c9527
dashboard link: https://syzkaller.appspot.com/bug?extid=7a343c73c11c99d582b3
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10e30ec4480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=139638c0480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c93ba055d204/disk-c4215ee4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bfbc929a33c1/vmlinux-c4215ee4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/444658051770/bzImage-c4215ee4.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/0f2a0f2ae704/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7a343c...@syzkaller.appspotmail.com
WARNING: the mand mount option is being deprecated and
will be removed in v5.15!
======================================================
============================================
WARNING: possible recursive locking detected
4.14.302-syzkaller #0 Not tainted
--------------------------------------------
syz-executor729/7983 is trying to acquire lock:
(&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2d0a8>] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452
but task is already holding lock:
(&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2d0a8>] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&HFSPLUS_I(inode)->extents_lock);
lock(&HFSPLUS_I(inode)->extents_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
4 locks held by syz-executor729/7983:
#0: (sb_writers#10){.+.+}, at: [<ffffffff81867ecb>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#10){.+.+}, at: [<ffffffff81867ecb>] do_sys_ftruncate.constprop.0+0x1fb/0x480 fs/open.c:200
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff818674b0>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#17){+.+.}, at: [<ffffffff818674b0>] do_truncate+0xf0/0x1a0 fs/open.c:61
#2: (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2d0a8>] hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452
#3: (&tree->tree_lock/1){+.+.}, at: [<ffffffff81d40441>] hfsplus_find_init+0x161/0x220 fs/hfsplus/bfind.c:33
stack backtrace:
CPU: 1 PID: 7983 Comm: syz-executor729 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_deadlock_bug kernel/locking/lockdep.c:1800 [inline]
check_deadlock kernel/locking/lockdep.c:1847 [inline]
validate_chain kernel/locking/lockdep.c:2448 [inline]
__lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
hfsplus_file_extend+0x188/0xef0 fs/hfsplus/extents.c:452
hfsplus_bmap_reserve+0x26e/0x410 fs/hfsplus/btree.c:357
__hfsplus_ext_write_extent+0x415/0x560 fs/hfsplus/extents.c:104
__hfsplus_ext_cache_extent fs/hfsplus/extents.c:186 [inline]
hfsplus_ext_read_extent+0x81a/0x9e0 fs/hfsplus/extents.c:218
hfsplus_file_extend+0x616/0xef0 fs/hfsplus/extents.c:456
hfsplus_get_block+0x15b/0x820 fs/hfsplus/extents.c:245
__block_write_begin_int+0x35c/0x11d0 fs/buffer.c:2038
__block_write_begin fs/buffer.c:2088 [inline]
block_write_begin+0x58/0x270 fs/buffer.c:2147
cont_write_begin+0x4a3/0x740 fs/buffer.c:2497
hfsplus_write_begin+0x87/0x130 fs/hfsplus/inode.c:53
cont_expand_zero fs/buffer.c:2424 [inline]
cont_write_begin+0x296/0x740 fs/buffer.c:2487
hfsplus_write_begin+0x87/0x130 fs/hfsplus/inode.c:53
generic_cont_expand_simple+0xe1/0x130 fs/buffer.c:2388
hfsplus_setattr+0x139/0x310 fs/hfsplus/inode.c:258
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
do_sys_ftruncate.constprop.0+0x3a3/0x480 fs/open.c:205
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f273fdce799
RSP: 002b:00007ffd44f0db68 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f273fdce799
RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 0000000000000004
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages