possible deadlock in hfsplus_find_init
5 views
Skip to first unread message
syzbot
Dec 3, 2022, 8:19:41 AM12/3/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11d7e1d3880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=777d200bb1b1fd2b12f7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+777d20...@syzkaller.appspotmail.com
XFS (loop5): Unmounting Filesystem
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/5786 is trying to acquire lock:
0000000048986fb5 (&mm->mmap_sem){++++}, at: __might_fault+0xef/0x1d0 mm/memory.c:4771
but task is already holding lock:
00000000fc516a48 (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&tree->tree_lock){+.+.}:
hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595
hfsplus_write_failed fs/hfsplus/inode.c:41 [inline]
hfsplus_write_begin+0x118/0x150 fs/hfsplus/inode.c:56
generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3170
__generic_file_write_iter+0x24b/0x610 mm/filemap.c:3295
generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x51b/0x770 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #6 (&hip->extents_lock){+.+.}:
hfsplus_ext_write_extent+0x7e/0x1f0 fs/hfsplus/extents.c:149
hfsplus_write_inode+0x1e/0x4b0 fs/hfsplus/super.c:153
write_inode fs/fs-writeback.c:1244 [inline]
__writeback_single_inode+0x733/0x11d0 fs/fs-writeback.c:1442
writeback_sb_inodes+0x537/0xef0 fs/fs-writeback.c:1647
wb_writeback+0x28d/0xcc0 fs/fs-writeback.c:1820
wb_do_writeback fs/fs-writeback.c:1965 [inline]
wb_workfn+0x29b/0x1250 fs/fs-writeback.c:2006
process_one_work+0x864/0x1570 kernel/workqueue.c:2153
worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
-> #5 ((work_completion)(&(&wb->dwork)->work)){+.+.}:
wb_shutdown+0x172/0x210 mm/backing-dev.c:374
bdi_unregister+0x169/0x610 mm/backing-dev.c:946
del_gendisk+0x7f6/0xa80 block/genhd.c:788
loop_remove drivers/block/loop.c:2066 [inline]
loop_control_ioctl drivers/block/loop.c:2165 [inline]
loop_control_ioctl+0x3b1/0x480 drivers/block/loop.c:2131
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #4 (loop_ctl_mutex){+.+.}:
lo_open+0x19/0xd0 drivers/block/loop.c:1771
__blkdev_get+0x372/0x1480 fs/block_dev.c:1494
blkdev_get+0xb0/0x940 fs/block_dev.c:1627
blkdev_open+0x202/0x290 fs/block_dev.c:1788
do_dentry_open+0x4aa/0x1160 fs/open.c:796
do_last fs/namei.c:3421 [inline]
path_openat+0x793/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #3 (&bdev->bd_mutex){+.+.}:
blkdev_put+0x30/0x520 fs/block_dev.c:1839
btrfs_close_bdev fs/btrfs/volumes.c:1033 [inline]
btrfs_close_one_device fs/btrfs/volumes.c:1057 [inline]
close_fs_devices.part.0+0x24d/0x8e0 fs/btrfs/volumes.c:1085
close_fs_devices fs/btrfs/volumes.c:1117 [inline]
btrfs_close_devices+0x95/0x1f0 fs/btrfs/volumes.c:1103
close_ctree+0x3c8/0x850 fs/btrfs/disk-io.c:4047
generic_shutdown_super+0x144/0x370 fs/super.c:456
kill_anon_super+0x36/0x60 fs/super.c:1032
btrfs_kill_super+0x49/0x550 fs/btrfs/super.c:2221
deactivate_locked_super+0x94/0x160 fs/super.c:329
deactivate_super+0x174/0x1a0 fs/super.c:360
cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #2 (&fs_devs->device_list_mutex){+.+.}:
btrfs_finish_chunk_alloc+0x27b/0xf90 fs/btrfs/volumes.c:4938
btrfs_create_pending_block_groups+0x242/0x590 fs/btrfs/extent-tree.c:10134
__btrfs_end_transaction+0x21a/0xb00 fs/btrfs/transaction.c:855
flush_space+0xa41/0xee0 fs/btrfs/extent-tree.c:4861
btrfs_async_reclaim_metadata_space+0x466/0x1050 fs/btrfs/extent-tree.c:4977
process_one_work+0x864/0x1570 kernel/workqueue.c:2153
worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
-> #1 (sb_internal#2){.+.+}:
IPVS: ftp: loaded support on port[0] = 21
sb_start_intwrite include/linux/fs.h:1626 [inline]
start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528
btrfs_dirty_inode+0xe3/0x210 fs/btrfs/inode.c:6165
btrfs_update_time+0x33b/0x3d0 fs/btrfs/inode.c:6207
update_time fs/inode.c:1675 [inline]
touch_atime+0x23c/0x2a0 fs/inode.c:1746
file_accessed include/linux/fs.h:2123 [inline]
btrfs_file_mmap+0x11b/0x160 fs/btrfs/file.c:2274
call_mmap include/linux/fs.h:1826 [inline]
mmap_region+0xc94/0x16b0 mm/mmap.c:1757
do_mmap+0x8e8/0x1080 mm/mmap.c:1530
do_mmap_pgoff include/linux/mm.h:2329 [inline]
vm_mmap_pgoff+0x197/0x200 mm/util.c:357
ksys_mmap_pgoff+0x298/0x5a0 mm/mmap.c:1580
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&mm->mmap_sem){++++}:
__might_fault mm/memory.c:4772 [inline]
__might_fault+0x152/0x1d0 mm/memory.c:4757
_copy_to_user+0x29/0x100 lib/usercopy.c:25
copy_to_user include/linux/uaccess.h:155 [inline]
filldir64+0x26e/0x430 fs/readdir.c:324
dir_emit_dot include/linux/fs.h:3432 [inline]
hfsplus_readdir+0x3c2/0xf20 fs/hfsplus/dir.c:159
iterate_dir+0x473/0x5c0 fs/readdir.c:51
ksys_getdents64+0x175/0x2b0 fs/readdir.c:357
__do_sys_getdents64 fs/readdir.c:376 [inline]
__se_sys_getdents64 fs/readdir.c:373 [inline]
__x64_sys_getdents64+0x6f/0xb0 fs/readdir.c:373
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
&mm->mmap_sem --> &hip->extents_lock --> &tree->tree_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&tree->tree_lock);
lock(&hip->extents_lock);
lock(&tree->tree_lock);
lock(&mm->mmap_sem);
*** DEADLOCK ***
3 locks held by syz-executor.1/5786:
#0: 0000000038671227 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
#1: 0000000090ead767 (&type->i_mutex_dir_key#16){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41
#2: 00000000fc516a48 (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30
stack backtrace:
CPU: 0 PID: 5786 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
check_prev_add kernel/locking/lockdep.c:1866 [inline]
check_prevs_add kernel/locking/lockdep.c:1979 [inline]
validate_chain kernel/locking/lockdep.c:2420 [inline]
__lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
__might_fault mm/memory.c:4772 [inline]
__might_fault+0x152/0x1d0 mm/memory.c:4757
_copy_to_user+0x29/0x100 lib/usercopy.c:25
copy_to_user include/linux/uaccess.h:155 [inline]
filldir64+0x26e/0x430 fs/readdir.c:324
dir_emit_dot include/linux/fs.h:3432 [inline]
hfsplus_readdir+0x3c2/0xf20 fs/hfsplus/dir.c:159
iterate_dir+0x473/0x5c0 fs/readdir.c:51
ksys_getdents64+0x175/0x2b0 fs/readdir.c:357
__do_sys_getdents64 fs/readdir.c:376 [inline]
__se_sys_getdents64 fs/readdir.c:373 [inline]
__x64_sys_getdents64+0x6f/0xb0 fs/readdir.c:373
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb86e8610d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb86cdd3168 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 00007fb86e980f80 RCX: 00007fb86e8610d9
RDX: 00000000000000ff RSI: 00000000200000c0 RDI: 0000000000000004
RBP: 00007fb86e8bcae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd81d39c9f R14: 00007fb86cdd3300 R15: 0000000000022000
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000009eaaa7b3: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
000000008578bab5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000004e9f34a8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a900e377: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000583f7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000006f18d594: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000033ce41ae: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000149befd6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
IPVS: ftp: loaded support on port[0] = 21
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000009a1268f9: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000ca1d3d32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000b95d7b8b: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003e6670ed: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000066e8e5af: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003c2faf64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000ea333d17: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000d227cc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
0000000057d7bc2c: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
000000001989819c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000083a0034e: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003bab6692: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a16f5e83: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000053195521: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000ca85b926: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
000000007c10e82c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000002bbe9dfa: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000015144b8d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000007f96b4d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000002a65042c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a06ed43e: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000007e580adc: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000f1fb0997: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000101c0f2f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000000511584a: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000006e611ca: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000003d688e8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000731deb90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000004170bf20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000ba78dd89: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000fadc5f70: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000cb534e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000198dd7ed: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000fad0d978: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000faf59661: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000002e8ae2e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000017c8962d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000620de9c8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000d3fb0b81: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
000000003f407e76: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000003e4321f4: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000793d0d9c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000b124489f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000411d8a08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000486aa238: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000517dfa9f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000014aa12bb: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000ac414e46: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
0000000041065555: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000073d8b9b9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000009ef507a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000c8a3ca09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000b2fa74b9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000f78a7850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000145815b6: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000fc310cff: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
0000000034a0c4e2: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000096b45b5a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a5860b3a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000008723cbff: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a3ea47b6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000e7ca9f1a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
000000006af89314: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
000000008254527a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000ee0c39e7: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000014bcae72: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a583ce52: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000001fc91581: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000000fa1713a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000f8952342: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
000000004db81b57: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000993207e6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000e499706a: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000caa6663f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000e914e3de: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000007961c6c8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a5664fb8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000d49e9750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000080c2b232: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
000000003ea09d59: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000c41c0e46: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
000000000881784a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000ad859461: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003e7b82f9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000024a7757e: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000002f91c343: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000085571cd8: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000cd80cd8d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
sctp: [Deprecated]: syz-executor.4 (pid 6498) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000f497bf11: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000d014bb5a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003bf033c5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000cc733db3: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000d9e5f18d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003ea16615: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
000000009eb6945f: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
0000000070a5ac60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000fcbf31f9: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000c27a3221: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000cadb0979: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000023b746dc: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000940de050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000084e773b6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000056d18290: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000d6448ce9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11d7e1d3880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=777d200bb1b1fd2b12f7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+777d20...@syzkaller.appspotmail.com
XFS (loop5): Unmounting Filesystem
======================================================
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/5786 is trying to acquire lock:
0000000048986fb5 (&mm->mmap_sem){++++}, at: __might_fault+0xef/0x1d0 mm/memory.c:4771
but task is already holding lock:
00000000fc516a48 (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #7 (&tree->tree_lock){+.+.}:
hfsplus_file_truncate+0xde7/0x1040 fs/hfsplus/extents.c:595
hfsplus_write_failed fs/hfsplus/inode.c:41 [inline]
hfsplus_write_begin+0x118/0x150 fs/hfsplus/inode.c:56
generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3170
__generic_file_write_iter+0x24b/0x610 mm/filemap.c:3295
generic_file_write_iter+0x3f8/0x730 mm/filemap.c:3323
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x51b/0x770 fs/read_write.c:487
vfs_write+0x1f3/0x540 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #6 (&hip->extents_lock){+.+.}:
hfsplus_ext_write_extent+0x7e/0x1f0 fs/hfsplus/extents.c:149
hfsplus_write_inode+0x1e/0x4b0 fs/hfsplus/super.c:153
write_inode fs/fs-writeback.c:1244 [inline]
__writeback_single_inode+0x733/0x11d0 fs/fs-writeback.c:1442
writeback_sb_inodes+0x537/0xef0 fs/fs-writeback.c:1647
wb_writeback+0x28d/0xcc0 fs/fs-writeback.c:1820
wb_do_writeback fs/fs-writeback.c:1965 [inline]
wb_workfn+0x29b/0x1250 fs/fs-writeback.c:2006
process_one_work+0x864/0x1570 kernel/workqueue.c:2153
worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
-> #5 ((work_completion)(&(&wb->dwork)->work)){+.+.}:
wb_shutdown+0x172/0x210 mm/backing-dev.c:374
bdi_unregister+0x169/0x610 mm/backing-dev.c:946
del_gendisk+0x7f6/0xa80 block/genhd.c:788
loop_remove drivers/block/loop.c:2066 [inline]
loop_control_ioctl drivers/block/loop.c:2165 [inline]
loop_control_ioctl+0x3b1/0x480 drivers/block/loop.c:2131
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #4 (loop_ctl_mutex){+.+.}:
lo_open+0x19/0xd0 drivers/block/loop.c:1771
__blkdev_get+0x372/0x1480 fs/block_dev.c:1494
blkdev_get+0xb0/0x940 fs/block_dev.c:1627
blkdev_open+0x202/0x290 fs/block_dev.c:1788
do_dentry_open+0x4aa/0x1160 fs/open.c:796
do_last fs/namei.c:3421 [inline]
path_openat+0x793/0x2df0 fs/namei.c:3537
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #3 (&bdev->bd_mutex){+.+.}:
blkdev_put+0x30/0x520 fs/block_dev.c:1839
btrfs_close_bdev fs/btrfs/volumes.c:1033 [inline]
btrfs_close_one_device fs/btrfs/volumes.c:1057 [inline]
close_fs_devices.part.0+0x24d/0x8e0 fs/btrfs/volumes.c:1085
close_fs_devices fs/btrfs/volumes.c:1117 [inline]
btrfs_close_devices+0x95/0x1f0 fs/btrfs/volumes.c:1103
close_ctree+0x3c8/0x850 fs/btrfs/disk-io.c:4047
generic_shutdown_super+0x144/0x370 fs/super.c:456
kill_anon_super+0x36/0x60 fs/super.c:1032
btrfs_kill_super+0x49/0x550 fs/btrfs/super.c:2221
deactivate_locked_super+0x94/0x160 fs/super.c:329
deactivate_super+0x174/0x1a0 fs/super.c:360
cleanup_mnt+0x1a8/0x290 fs/namespace.c:1098
task_work_run+0x148/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x251/0x2a0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #2 (&fs_devs->device_list_mutex){+.+.}:
btrfs_finish_chunk_alloc+0x27b/0xf90 fs/btrfs/volumes.c:4938
btrfs_create_pending_block_groups+0x242/0x590 fs/btrfs/extent-tree.c:10134
__btrfs_end_transaction+0x21a/0xb00 fs/btrfs/transaction.c:855
flush_space+0xa41/0xee0 fs/btrfs/extent-tree.c:4861
btrfs_async_reclaim_metadata_space+0x466/0x1050 fs/btrfs/extent-tree.c:4977
process_one_work+0x864/0x1570 kernel/workqueue.c:2153
worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
-> #1 (sb_internal#2){.+.+}:
IPVS: ftp: loaded support on port[0] = 21
sb_start_intwrite include/linux/fs.h:1626 [inline]
start_transaction+0xa37/0xf90 fs/btrfs/transaction.c:528
btrfs_dirty_inode+0xe3/0x210 fs/btrfs/inode.c:6165
btrfs_update_time+0x33b/0x3d0 fs/btrfs/inode.c:6207
update_time fs/inode.c:1675 [inline]
touch_atime+0x23c/0x2a0 fs/inode.c:1746
file_accessed include/linux/fs.h:2123 [inline]
btrfs_file_mmap+0x11b/0x160 fs/btrfs/file.c:2274
call_mmap include/linux/fs.h:1826 [inline]
mmap_region+0xc94/0x16b0 mm/mmap.c:1757
do_mmap+0x8e8/0x1080 mm/mmap.c:1530
do_mmap_pgoff include/linux/mm.h:2329 [inline]
vm_mmap_pgoff+0x197/0x200 mm/util.c:357
ksys_mmap_pgoff+0x298/0x5a0 mm/mmap.c:1580
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&mm->mmap_sem){++++}:
__might_fault mm/memory.c:4772 [inline]
__might_fault+0x152/0x1d0 mm/memory.c:4757
_copy_to_user+0x29/0x100 lib/usercopy.c:25
copy_to_user include/linux/uaccess.h:155 [inline]
filldir64+0x26e/0x430 fs/readdir.c:324
dir_emit_dot include/linux/fs.h:3432 [inline]
hfsplus_readdir+0x3c2/0xf20 fs/hfsplus/dir.c:159
iterate_dir+0x473/0x5c0 fs/readdir.c:51
ksys_getdents64+0x175/0x2b0 fs/readdir.c:357
__do_sys_getdents64 fs/readdir.c:376 [inline]
__se_sys_getdents64 fs/readdir.c:373 [inline]
__x64_sys_getdents64+0x6f/0xb0 fs/readdir.c:373
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
&mm->mmap_sem --> &hip->extents_lock --> &tree->tree_lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&tree->tree_lock);
lock(&hip->extents_lock);
lock(&tree->tree_lock);
lock(&mm->mmap_sem);
*** DEADLOCK ***
3 locks held by syz-executor.1/5786:
#0: 0000000038671227 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310 fs/file.c:767
#1: 0000000090ead767 (&type->i_mutex_dir_key#16){++++}, at: iterate_dir+0xd2/0x5c0 fs/readdir.c:41
#2: 00000000fc516a48 (&tree->tree_lock){+.+.}, at: hfsplus_find_init+0x1b7/0x220 fs/hfsplus/bfind.c:30
stack backtrace:
CPU: 0 PID: 5786 Comm: syz-executor.1 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
check_prev_add kernel/locking/lockdep.c:1866 [inline]
check_prevs_add kernel/locking/lockdep.c:1979 [inline]
validate_chain kernel/locking/lockdep.c:2420 [inline]
__lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
__might_fault mm/memory.c:4772 [inline]
__might_fault+0x152/0x1d0 mm/memory.c:4757
_copy_to_user+0x29/0x100 lib/usercopy.c:25
copy_to_user include/linux/uaccess.h:155 [inline]
filldir64+0x26e/0x430 fs/readdir.c:324
dir_emit_dot include/linux/fs.h:3432 [inline]
hfsplus_readdir+0x3c2/0xf20 fs/hfsplus/dir.c:159
iterate_dir+0x473/0x5c0 fs/readdir.c:51
ksys_getdents64+0x175/0x2b0 fs/readdir.c:357
__do_sys_getdents64 fs/readdir.c:376 [inline]
__se_sys_getdents64 fs/readdir.c:373 [inline]
__x64_sys_getdents64+0x6f/0xb0 fs/readdir.c:373
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb86e8610d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb86cdd3168 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 00007fb86e980f80 RCX: 00007fb86e8610d9
RDX: 00000000000000ff RSI: 00000000200000c0 RDI: 0000000000000004
RBP: 00007fb86e8bcae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd81d39c9f R14: 00007fb86cdd3300 R15: 0000000000022000
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000009eaaa7b3: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
000000008578bab5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000004e9f34a8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a900e377: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000583f7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000006f18d594: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000033ce41ae: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000149befd6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
IPVS: ftp: loaded support on port[0] = 21
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000009a1268f9: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000ca1d3d32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000b95d7b8b: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003e6670ed: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000066e8e5af: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003c2faf64: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000ea333d17: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000d227cc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
0000000057d7bc2c: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
000000001989819c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000083a0034e: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003bab6692: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a16f5e83: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000053195521: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000ca85b926: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
000000007c10e82c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000002bbe9dfa: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000015144b8d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000007f96b4d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000002a65042c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a06ed43e: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000007e580adc: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000f1fb0997: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000101c0f2f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000000511584a: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000006e611ca: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000003d688e8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000731deb90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000004170bf20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000ba78dd89: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000fadc5f70: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000cb534e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000198dd7ed: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000fad0d978: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000faf59661: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000002e8ae2e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000017c8962d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000620de9c8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000d3fb0b81: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
000000003f407e76: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
000000003e4321f4: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000793d0d9c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000b124489f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000411d8a08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000486aa238: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000517dfa9f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000014aa12bb: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000ac414e46: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
0000000041065555: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000073d8b9b9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000009ef507a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000c8a3ca09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000b2fa74b9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000f78a7850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
00000000145815b6: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000fc310cff: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
0000000034a0c4e2: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000096b45b5a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a5860b3a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000008723cbff: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a3ea47b6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000e7ca9f1a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
000000006af89314: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
000000008254527a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000ee0c39e7: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
0000000014bcae72: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a583ce52: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000001fc91581: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000000fa1713a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000f8952342: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
000000004db81b57: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000993207e6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000e499706a: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000caa6663f: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000e914e3de: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000007961c6c8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000a5664fb8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000d49e9750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000080c2b232: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
000000003ea09d59: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000c41c0e46: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
000000000881784a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000ad859461: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003e7b82f9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000024a7757e: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000002f91c343: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000085571cd8: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000cd80cd8d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
sctp: [Deprecated]: syz-executor.4 (pid 6498) Use of struct sctp_assoc_value in delayed_ack socket option.
Use struct sctp_sack_info instead
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000f497bf11: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000d014bb5a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003bf033c5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000cc733db3: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000d9e5f18d: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000003ea16615: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
000000009eb6945f: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
0000000070a5ac60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
XFS (loop5): Mounting V4 Filesystem
XFS (loop5): Ending clean mount
XFS (loop5): Metadata corruption detected at xfs_inode_buf_verify+0x467/0x530 fs/xfs/libxfs/xfs_inode_buf.c:118, xfs_inode block 0x30 xfs_inode_buf_verify
XFS (loop5): Unmount and run xfs_repair
XFS (loop5): First 128 bytes of corrupted metadata buffer:
00000000fcbf31f9: 49 4e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 IN..............
00000000c27a3221: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000cadb0979: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000023b746dc: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000000940de050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000000084e773b6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 5c ...............\
0000000056d18290: 55 d8 45 b8 28 4c 00 00 00 00 00 00 00 00 00 00 U.E.(L..........
00000000d6448ce9: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
XFS (loop5): metadata I/O error in "xfs_trans_read_buf_map" at daddr 0x30 len 16 error 117
XFS (loop5): xfs_do_force_shutdown(0x1) called from line 300 of file fs/xfs/xfs_trans_buf.c. Return address = 00000000dee49690
XFS (loop5): I/O Error Detected. Shutting down filesystem
XFS (loop5): Please umount the filesystem and rectify the problem(s)
XFS (loop5): xfs_imap_to_bp: xfs_trans_read_buf() returned error -117.
XFS (loop5): Unmounting Filesystem
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 1, 2023, 8:11:38 AM1/1/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10f5b092480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b65eb2480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d69c1fa925d4/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+777d20...@syzkaller.appspotmail.com
will be removed in v5.15!
======================================================
audit: type=1800 audit(1672578591.604:2): pid=8106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor950" name="bus" dev="loop0" ino=25 res=0
======================================================
audit: type=1800 audit(1672578591.634:3): pid=8106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor950" name="file1" dev="loop0" ino=20 res=0
0000000014babfec (&tree->tree_lock/1){+.+.}, at: hfsplus_find_init+0x170/0x220 fs/hfsplus/bfind.c:33
but task is already holding lock:
00000000a7fe7b0f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}:
hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457
hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357
__hfsplus_ext_write_extent+0x45b/0x5a0 fs/hfsplus/extents.c:104
__hfsplus_ext_cache_extent fs/hfsplus/extents.c:186 [inline]
hfsplus_ext_read_extent+0x910/0xab0 fs/hfsplus/extents.c:218
hfsplus_file_extend+0x672/0xf40 fs/hfsplus/extents.c:461
hfsplus_get_block+0x196/0x960 fs/hfsplus/extents.c:245
__block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978
__block_write_begin fs/buffer.c:2028 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2087
cont_write_begin+0x55a/0x820 fs/buffer.c:2440
hfsplus_write_begin+0x87/0x150 fs/hfsplus/inode.c:52
cont_expand_zero fs/buffer.c:2367 [inline]
cont_write_begin+0x2ee/0x820 fs/buffer.c:2430
hfsplus_write_begin+0x87/0x150 fs/hfsplus/inode.c:52
generic_cont_expand_simple+0x106/0x170 fs/buffer.c:2331
hfsplus_setattr+0x18b/0x310 fs/hfsplus/inode.c:257
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&tree->tree_lock/1){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:937 [inline]
__mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
hfsplus_find_init+0x170/0x220 fs/hfsplus/bfind.c:33
hfsplus_file_truncate+0x297/0x1040 fs/hfsplus/extents.c:582
hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
lock(&tree->tree_lock/1);
lock(&HFSPLUS_I(inode)->extents_lock);
lock(&tree->tree_lock/1);
*** DEADLOCK ***
3 locks held by syz-executor950/8106:
#0: 000000006bb158e5 (sb_writers#11){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000006bb158e5 (sb_writers#11){.+.+}, at: do_sys_ftruncate+0x297/0x560 fs/open.c:189
#1: 00000000a653ec8e (&sb->s_type->i_mutex_key#17){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
#1: 00000000a653ec8e (&sb->s_type->i_mutex_key#17){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61
#2: 00000000a7fe7b0f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576
stack backtrace:
CPU: 0 PID: 8106 Comm: syz-executor950 Not tainted 4.19.211-syzkaller #0
__mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
hfsplus_find_init+0x170/0x220 fs/hfsplus/bfind.c:33
hfsplus_file_truncate+0x297/0x1040 fs/hfsplus/extents.c:582
hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fce51aec7e9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffed9e28f78 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fce51aec7e9
RDX: 00007fce51aec7e9 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00007fce51aac080 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce51aac110
R13: 0000000000000000 R14: 00000000000000
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=777d200bb1b1fd2b12f7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15a11982480000
dashboard link: https://syzkaller.appspot.com/bug?extid=777d200bb1b1fd2b12f7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b65eb2480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+777d20...@syzkaller.appspotmail.com
======================================================
audit: type=1800 audit(1672578591.604:2): pid=8106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor950" name="bus" dev="loop0" ino=25 res=0
======================================================
audit: type=1800 audit(1672578591.634:3): pid=8106 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor950" name="file1" dev="loop0" ino=20 res=0
WARNING: possible circular locking dependency detected
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor950/8106 is trying to acquire lock:
4.19.211-syzkaller #0 Not tainted
------------------------------------------------------
0000000014babfec (&tree->tree_lock/1){+.+.}, at: hfsplus_find_init+0x170/0x220 fs/hfsplus/bfind.c:33
but task is already holding lock:
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
hfsplus_file_extend+0x1bb/0xf40 fs/hfsplus/extents.c:457
hfsplus_bmap_reserve+0x298/0x440 fs/hfsplus/btree.c:357
__hfsplus_ext_write_extent+0x45b/0x5a0 fs/hfsplus/extents.c:104
__hfsplus_ext_cache_extent fs/hfsplus/extents.c:186 [inline]
hfsplus_ext_read_extent+0x910/0xab0 fs/hfsplus/extents.c:218
hfsplus_file_extend+0x672/0xf40 fs/hfsplus/extents.c:461
hfsplus_get_block+0x196/0x960 fs/hfsplus/extents.c:245
__block_write_begin_int+0x46c/0x17b0 fs/buffer.c:1978
__block_write_begin fs/buffer.c:2028 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2087
cont_write_begin+0x55a/0x820 fs/buffer.c:2440
hfsplus_write_begin+0x87/0x150 fs/hfsplus/inode.c:52
cont_expand_zero fs/buffer.c:2367 [inline]
cont_write_begin+0x2ee/0x820 fs/buffer.c:2430
hfsplus_write_begin+0x87/0x150 fs/hfsplus/inode.c:52
generic_cont_expand_simple+0x106/0x170 fs/buffer.c:2331
hfsplus_setattr+0x18b/0x310 fs/hfsplus/inode.c:257
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #0 (&tree->tree_lock/1){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:937 [inline]
__mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
hfsplus_find_init+0x170/0x220 fs/hfsplus/bfind.c:33
hfsplus_file_truncate+0x297/0x1040 fs/hfsplus/extents.c:582
hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&HFSPLUS_I(inode)->extents_lock);
CPU0 CPU1
---- ----
lock(&tree->tree_lock/1);
lock(&HFSPLUS_I(inode)->extents_lock);
lock(&tree->tree_lock/1);
*** DEADLOCK ***
3 locks held by syz-executor950/8106:
#0: 000000006bb158e5 (sb_writers#11){.+.+}, at: sb_start_write include/linux/fs.h:1579 [inline]
#0: 000000006bb158e5 (sb_writers#11){.+.+}, at: do_sys_ftruncate+0x297/0x560 fs/open.c:189
#1: 00000000a653ec8e (&sb->s_type->i_mutex_key#17){+.+.}, at: inode_lock include/linux/fs.h:748 [inline]
#1: 00000000a653ec8e (&sb->s_type->i_mutex_key#17){+.+.}, at: do_truncate+0x125/0x1f0 fs/open.c:61
#2: 00000000a7fe7b0f (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: hfsplus_file_truncate+0x1e2/0x1040 fs/hfsplus/extents.c:576
stack backtrace:
CPU: 0 PID: 8106 Comm: syz-executor950 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
check_prev_add kernel/locking/lockdep.c:1866 [inline]
check_prevs_add kernel/locking/lockdep.c:1979 [inline]
validate_chain kernel/locking/lockdep.c:2420 [inline]
__lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
__mutex_lock_common kernel/locking/mutex.c:937 [inline]
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1222
check_prev_add kernel/locking/lockdep.c:1866 [inline]
check_prevs_add kernel/locking/lockdep.c:1979 [inline]
validate_chain kernel/locking/lockdep.c:2420 [inline]
__lock_acquire+0x30c9/0x3ff0 kernel/locking/lockdep.c:3416
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
__mutex_lock+0xd7/0x1190 kernel/locking/mutex.c:1078
hfsplus_find_init+0x170/0x220 fs/hfsplus/bfind.c:33
hfsplus_file_truncate+0x297/0x1040 fs/hfsplus/extents.c:582
hfsplus_setattr+0x1e7/0x310 fs/hfsplus/inode.c:263
notify_change+0x70b/0xfc0 fs/attr.c:334
do_truncate+0x134/0x1f0 fs/open.c:63
do_sys_ftruncate+0x492/0x560 fs/open.c:194
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fce51aec7e9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffed9e28f78 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fce51aec7e9
RDX: 00007fce51aec7e9 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00007fce51aac080 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce51aac110
R13: 0000000000000000 R14: 00000000000000
Reply all
Reply to author
Forward
0 new messages