Hello,
syzbot found the following issue on:
HEAD commit: 179ef7fe8677 Linux 4.14.300
git tree: linux-4.14.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=1303a6a1880000
kernel config:
https://syzkaller.appspot.com/x/.config?x=aa85f51ec321d5a9
dashboard link:
https://syzkaller.appspot.com/bug?extid=8ab0c27512c80303a4d4
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/d311ef57b59a/disk-179ef7fe.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/25bf5d729f69/vmlinux-179ef7fe.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/db9b96571e69/bzImage-179ef7fe.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+8ab0c2...@syzkaller.appspotmail.com
============================================
WARNING: possible recursive locking detected
4.14.300-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.2/9508 is trying to acquire lock:
(&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2dbd9>] hfsplus_get_block+0x1f9/0x820 fs/hfsplus/extents.c:260
but task is already holding lock:
(&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2e3ba>] hfsplus_file_truncate+0x1ba/0xe80 fs/hfsplus/extents.c:571
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&HFSPLUS_I(inode)->extents_lock);
lock(&HFSPLUS_I(inode)->extents_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
5 locks held by syz-executor.2/9508:
#0: (sb_writers#14){.+.+}, at: [<ffffffff818e1bca>] sb_start_write include/linux/fs.h:1551 [inline]
#0: (sb_writers#14){.+.+}, at: [<ffffffff818e1bca>] mnt_want_write+0x3a/0xb0 fs/namespace.c:386
#1: (&sb->s_type->i_mutex_key#22){+.+.}, at: [<ffffffff81867080>] inode_lock include/linux/fs.h:719 [inline]
#1: (&sb->s_type->i_mutex_key#22){+.+.}, at: [<ffffffff81867080>] do_truncate+0xf0/0x1a0 fs/open.c:61
#2: (&HFSPLUS_I(inode)->extents_lock){+.+.}, at: [<ffffffff81d2e3ba>] hfsplus_file_truncate+0x1ba/0xe80 fs/hfsplus/extents.c:571
#3: (&tree->tree_lock/1){+.+.}, at: [<ffffffff81d40011>] hfsplus_find_init+0x161/0x220 fs/hfsplus/bfind.c:33
#4: (&sbi->alloc_mutex){+.+.}, at: [<ffffffff81d45b97>] hfsplus_block_free+0xc7/0x560 fs/hfsplus/bitmap.c:182
stack backtrace:
CPU: 0 PID: 9508 Comm: syz-executor.2 Not tainted 4.14.300-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
print_deadlock_bug kernel/locking/lockdep.c:1800 [inline]
check_deadlock kernel/locking/lockdep.c:1847 [inline]
validate_chain kernel/locking/lockdep.c:2448 [inline]
__lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491
lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
hfsplus_get_block+0x1f9/0x820 fs/hfsplus/extents.c:260
block_read_full_page+0x25e/0x8d0 fs/buffer.c:2316
do_read_cache_page+0x38e/0xc10 mm/filemap.c:2713
read_mapping_page include/linux/pagemap.h:398 [inline]
hfsplus_block_free+0x177/0x560 fs/hfsplus/bitmap.c:185
hfsplus_free_extents+0x170/0x440 fs/hfsplus/extents.c:360
hfsplus_file_truncate+0xbc0/0xe80 fs/hfsplus/extents.c:585
hfsplus_setattr+0x182/0x310 fs/hfsplus/inode.c:264
notify_change+0x56b/0xd10 fs/attr.c:315
do_truncate+0xff/0x1a0 fs/open.c:63
handle_truncate fs/namei.c:3010 [inline]
do_last fs/namei.c:3437 [inline]
path_openat+0x1dcc/0x2970 fs/namei.c:3571
do_filp_open+0x179/0x3c0 fs/namei.c:3605
do_sys_open+0x296/0x410 fs/open.c:1081
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x5e/0xd3
REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop0): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop0): checking transaction log (loop0)
9pnet_virtio: no channels available for device syz
REISERFS (device loop0): Using r5 hash to sort names
REISERFS (device loop0): using 3.5.x disk format
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3633, free_space(entry_count) 2
REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck?
REISERFS (device loop0): Remounting filesystem read-only
REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
REISERFS (device loop0): using ordered data mode
reiserfs: using flush barriers
REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop0): checking transaction log (loop0)
REISERFS (device loop0): Using r5 hash to sort names
REISERFS (device loop0): using 3.5.x disk format
REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 3 0(1) DIR], item_len 35, item_location 3633, free_space(entry_count) 2
REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck?
REISERFS (device loop0): Remounting filesystem read-only