hfs: request for non-existent node 10 in B*Tree
hfs: request for non-existent node 10 in B*Tree
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/u8:6/1095 is trying to acquire lock:
ffff88802f0e0fa8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 fs/hfs/extent.c:397

but task is already holding lock:
ffff8880524de0a0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 fs/hfs/bfind.c:-1

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&tree->tree_lock/1){+.+.}-{4:4}:
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       __mutex_lock_common kernel/locking/rtmutex_api.c:535 [inline]
       mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:547
       hfs_find_init+0x184/0x200 fs/hfs/bfind.c:-1
       hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
       hfs_extend_file+0x2ee/0x1230 fs/hfs/extent.c:401
       hfs_bmap_reserve+0x107/0x430 fs/hfs/btree.c:269
       hfs_cat_create+0x1b3/0x640 fs/hfs/catalog.c:104
       hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232
       vfs_mkdir+0x306/0x510 fs/namei.c:4366
       do_mkdirat+0x247/0x590 fs/namei.c:4399
       __do_sys_mkdirat fs/namei.c:4416 [inline]
       __se_sys_mkdirat fs/namei.c:4414 [inline]
       __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4414
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3165 [inline]
       check_prevs_add kernel/locking/lockdep.c:3284 [inline]
       validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
       __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
       lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
       __mutex_lock_common kernel/locking/rtmutex_api.c:535 [inline]
       mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:547
       hfs_extend_file+0xda/0x1230 fs/hfs/extent.c:397
       hfs_bmap_reserve+0x107/0x430 fs/hfs/btree.c:269
       hfs_bmap_alloc+0x7e/0x640 fs/hfs/btree.c:296
       hfs_bnode_split+0xcc/0xef0 fs/hfsplus/brec.c:245
       hfs_brec_insert+0x377/0xbd0 fs/hfs/brec.c:102
       __hfs_ext_write_extent+0x2a1/0x470 fs/hfs/extent.c:124
       hfs_ext_write_extent+0x161/0x1e0 fs/hfs/extent.c:144
       hfs_write_inode+0x91/0x7d0 fs/hfs/inode.c:429
       write_inode fs/fs-writeback.c:1525 [inline]
       __writeback_single_inode+0x6f1/0x1000 fs/fs-writeback.c:1745
       writeback_sb_inodes+0x6b7/0xf60 fs/fs-writeback.c:1976
       wb_writeback+0x43b/0xaf0 fs/fs-writeback.c:2156
       wb_do_writeback fs/fs-writeback.c:2303 [inline]
       wb_workfn+0x40e/0xf00 fs/fs-writeback.c:2343
       process_one_work kernel/workqueue.c:3236 [inline]
       process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
       worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
       kthread+0x711/0x8a0 kernel/kthread.c:463
       ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
       ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&tree->tree_lock/1);
                               lock(&HFS_I(tree->inode)->extents_lock);
                               lock(&tree->tree_lock/1);
  lock(&HFS_I(tree->inode)->extents_lock);

 *** DEADLOCK ***

3 locks held by kworker/u8:6/1095:
 #0: ffff8881404bb138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3211 [inline]
 #0: ffff8881404bb138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 kernel/workqueue.c:3319
 #1: ffffc90004737bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3212 [inline]
 #1: ffffc90004737bc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 kernel/workqueue.c:3319
 #2: ffff8880524de0a0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 fs/hfs/bfind.c:-1

stack backtrace:
CPU: 1 UID: 0 PID: 1095 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: writeback wb_workfn (flush-7:5)
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_circular_bug+0x2ee/0x310 kernel/locking/lockdep.c:2043
 check_noncircular+0x134/0x160 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3284 [inline]
 validate_chain+0xb9b/0x2140 kernel/locking/lockdep.c:3908
 __lock_acquire+0xab9/0xd20 kernel/locking/lockdep.c:5237
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868
 __mutex_lock_common kernel/locking/rtmutex_api.c:535 [inline]
 mutex_lock_nested+0x5a/0x1d0 kernel/locking/rtmutex_api.c:547
 hfs_extend_file+0xda/0x1230 fs/hfs/extent.c:397
 hfs_bmap_reserve+0x107/0x430 fs/hfs/btree.c:269
 hfs_bmap_alloc+0x7e/0x640 fs/hfs/btree.c:296
 hfs_bnode_split+0xcc/0xef0 fs/hfsplus/brec.c:245
 hfs_brec_insert+0x377/0xbd0 fs/hfs/brec.c:102
 __hfs_ext_write_extent+0x2a1/0x470 fs/hfs/extent.c:124
 hfs_ext_write_extent+0x161/0x1e0 fs/hfs/extent.c:144
 hfs_write_inode+0x91/0x7d0 fs/hfs/inode.c:429
 write_inode fs/fs-writeback.c:1525 [inline]
 __writeback_single_inode+0x6f1/0x1000 fs/fs-writeback.c:1745
 writeback_sb_inodes+0x6b7/0xf60 fs/fs-writeback.c:1976
 wb_writeback+0x43b/0xaf0 fs/fs-writeback.c:2156
 wb_do_writeback fs/fs-writeback.c:2303 [inline]
 wb_workfn+0x40e/0xf00 fs/fs-writeback.c:2343
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
hfs: request for non-existent node 11 in B*Tree
hfs: request for non-existent node 11 in B*Tree
kworker/u8:6: attempt to access beyond end of device
loop5: rw=1, sector=179, nr_sectors = 1 limit=64
Buffer I/O error on dev loop5, logical block 179, lost async page write
kworker/u8:6: attempt to access beyond end of device
loop5: rw=1, sector=180, nr_sectors = 1 limit=64
Buffer I/O error on dev loop5, logical block 180, lost async page write
kworker/u8:6: attempt to access beyond end of device
loop5: rw=1, sector=181, nr_sectors = 1 limit=64
Buffer I/O error on dev loop5, logical block 181, lost async page write
kworker/u8:6: attempt to access beyond end of device
loop5: rw=1, sector=182, nr_sectors = 1 limit=64
Buffer I/O error on dev loop5, logical block 182, lost async page write