hfs: request for non-existent node 10 in B*Tree
======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
kworker/u9:2/418 is trying to acquire lock:
ffff8881237f34f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230

but task is already holding lock:
ffff8881124d20b0 (&tree->tree_lock#2/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&tree->tree_lock#2/1){+.+.}-{4:4}:
       lock_acquire+0x120/0x360
       __mutex_lock+0x187/0x1350
       hfs_find_init+0x184/0x200
       hfs_extend_file+0x2ee/0x1230
       hfs_bmap_reserve+0x107/0x430
       hfs_cat_create+0x1b3/0x640
       hfs_create+0x66/0xe0
       path_openat+0x14f4/0x3830
       do_filp_open+0x1fa/0x410
       do_sys_openat2+0x121/0x1c0
       __x64_sys_openat+0x138/0x170
       do_syscall_64+0xfa/0x3b0
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}:
       validate_chain+0xb9b/0x2140
       __lock_acquire+0xab9/0xd20
       lock_acquire+0x120/0x360
       __mutex_lock+0x187/0x1350
       hfs_extend_file+0xda/0x1230
       hfs_bmap_reserve+0x107/0x430
       hfs_bmap_alloc+0x7e/0x640
       hfs_bnode_split+0xcc/0xef0
       hfs_brec_insert+0x377/0xbd0
       __hfs_ext_write_extent+0x2a1/0x470
       hfs_ext_write_extent+0x161/0x1e0
       hfs_write_inode+0x91/0x7d0
       __writeback_single_inode+0x6f1/0xff0
       writeback_sb_inodes+0x6c7/0x1010
       wb_writeback+0x43b/0xaf0
       wb_workfn+0x409/0xef0
       process_scheduled_works+0xae1/0x17b0
       worker_thread+0x8a0/0xda0
       kthread+0x711/0x8a0
       ret_from_fork+0x3fc/0x770
       ret_from_fork_asm+0x1a/0x30

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&tree->tree_lock#2/1);
                               lock(&HFS_I(tree->inode)->extents_lock);
                               lock(&tree->tree_lock#2/1);
  lock(&HFS_I(tree->inode)->extents_lock);

 *** DEADLOCK ***

3 locks held by kworker/u9:2/418:
 #0: ffff888102a9f948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
 #1: ffffc9000361fbc0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
 #2: ffff8881124d20b0 (&tree->tree_lock#2/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200

stack backtrace:
CPU: 0 UID: 0 PID: 418 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: writeback wb_workfn (flush-7:5)
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250
 print_circular_bug+0x2ee/0x310
 check_noncircular+0x134/0x160
 validate_chain+0xb9b/0x2140
 __lock_acquire+0xab9/0xd20
 lock_acquire+0x120/0x360
 __mutex_lock+0x187/0x1350
 hfs_extend_file+0xda/0x1230
 hfs_bmap_reserve+0x107/0x430
 hfs_bmap_alloc+0x7e/0x640
 hfs_bnode_split+0xcc/0xef0
 hfs_brec_insert+0x377/0xbd0
 __hfs_ext_write_extent+0x2a1/0x470
 hfs_ext_write_extent+0x161/0x1e0
 hfs_write_inode+0x91/0x7d0
 __writeback_single_inode+0x6f1/0xff0
 writeback_sb_inodes+0x6c7/0x1010
 wb_writeback+0x43b/0xaf0
 wb_workfn+0x409/0xef0
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
hfs: request for non-existent node 11 in B*Tree
hfs: request for non-existent node 11 in B*Tree
kworker/u9:2: attempt to access beyond end of device
loop5: rw=1, sector=179, nr_sectors = 1 limit=64
Buffer I/O error on dev loop5, logical block 179, lost async page write
kworker/u9:2: attempt to access beyond end of device
loop5: rw=1, sector=180, nr_sectors = 1 limit=64
Buffer I/O error on dev loop5, logical block 180, lost async page write
kworker/u9:2: attempt to access beyond end of device
loop5: rw=1, sector=181, nr_sectors = 1 limit=64
Buffer I/O error on dev loop5, logical block 181, lost async page write
