======================================================
WARNING: possible circular locking dependency detected
syzkaller #0 Not tainted
------------------------------------------------------
syz.0.0/5319 is trying to acquire lock:
ffff8880440180b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0 fs/hfsplus/bfind.c:28

but task is already holding lock:
ffff888032e6dc08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 fs/hfsplus/extents.c:260

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}:
       __mutex_lock_common kernel/locking/mutex.c:614 [inline]
       __mutex_lock+0x19f/0x1300 kernel/locking/mutex.c:776
       hfsplus_file_extend+0x215/0x1d70 fs/hfsplus/extents.c:453
       hfsplus_bmap_reserve+0x125/0x510 fs/hfsplus/btree.c:358
       __hfsplus_ext_write_extent+0x28d/0x5b0 fs/hfsplus/extents.c:104
       __hfsplus_ext_cache_extent+0x89/0xe30 fs/hfsplus/extents.c:186
       hfsplus_ext_read_extent fs/hfsplus/extents.c:218 [inline]
       hfsplus_file_extend+0x4af/0x1d70 fs/hfsplus/extents.c:457
       hfsplus_get_block+0x42c/0x1670 fs/hfsplus/extents.c:245
       __block_write_begin_int+0x6c6/0x1910 fs/buffer.c:2142
       block_write_begin fs/buffer.c:2253 [inline]
       cont_write_begin+0x737/0xae0 fs/buffer.c:2591
       hfsplus_write_begin+0x66/0xb0 fs/hfsplus/inode.c:48
       generic_perform_write+0x2e2/0x8f0 mm/filemap.c:4319
       generic_file_write_iter+0x14a/0x680 mm/filemap.c:4462
       aio_write+0x5cd/0x870 fs/aio.c:1633
       __io_submit_one fs/aio.c:-1 [inline]
       io_submit_one+0x7bb/0x14c0 fs/aio.c:2052
       __do_sys_io_submit fs/aio.c:2111 [inline]
       __se_sys_io_submit+0x195/0x340 fs/aio.c:2081
       do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
       do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
       entry_SYSCALL_64_after_hwframe+0x77/0x7f

-> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
       check_prev_add kernel/locking/lockdep.c:3165 [inline]
       check_prevs_add kernel/locking/lockdep.c:3284 [inline]
       validate_chain kernel/locking/lockdep.c:3908 [inline]
       __lock_acquire+0x15a5/0x2cf0 kernel/locking/lockdep.c:5237
       lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
       __mutex_lock_common kernel/locking/mutex.c:614 [inline]
       __mutex_lock+0x19f/0x1300 kernel/locking/mutex.c:776
       hfsplus_find_init+0x168/0x2d0 fs/hfsplus/bfind.c:28
       hfsplus_ext_read_extent fs/hfsplus/extents.c:216 [inline]
       hfsplus_get_block+0x91e/0x1670 fs/hfsplus/extents.c:268
       block_read_full_folio+0x29f/0x830 fs/buffer.c:2417
       read_pages+0x373/0x5a0 mm/readahead.c:173
       page_cache_ra_unbounded+0x79c/0xa50 mm/readahead.c:304
       do_page_cache_ra mm/readahead.c:334 [inline]
       page_cache_ra_order+0xaf2/0xeb0 mm/readahead.c:538
       do_sync_mmap_readahead+0x6ad/0x8e0 mm/filemap.c:3405
       filemap_fault+0x6e2/0x1320 mm/filemap.c:3554
       __do_fault+0x138/0x390 mm/memory.c:5364
       do_shared_fault mm/memory.c:5863 [inline]
       do_fault mm/memory.c:5937 [inline]
       do_pte_missing+0x5c4/0x3490 mm/memory.c:4477
       handle_pte_fault mm/memory.c:6317 [inline]
       __handle_mm_fault mm/memory.c:6455 [inline]
       handle_mm_fault+0x1bec/0x3310 mm/memory.c:6624
       do_user_addr_fault+0xa73/0x1340 arch/x86/mm/fault.c:1334
       handle_page_fault arch/x86/mm/fault.c:1474 [inline]
       exc_page_fault+0x6a/0xc0 arch/x86/mm/fault.c:1527
       asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&HFSPLUS_I(inode)->extents_lock);
                               lock(&tree->tree_lock/1);
                               lock(&HFSPLUS_I(inode)->extents_lock);
  lock(&tree->tree_lock/1);

 *** DEADLOCK ***

2 locks held by syz.0.0/5319:
 #0: ffff888032e6df98 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: filemap_invalidate_lock_shared include/linux/fs.h:1093 [inline]
 #0: ffff888032e6df98 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: do_page_cache_ra mm/readahead.c:333 [inline]
 #0: ffff888032e6df98 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_order+0xae2/0xeb0 mm/readahead.c:538
 #1: ffff888032e6dc08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_get_block+0x39e/0x1670 fs/hfsplus/extents.c:260

stack backtrace:
CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_circular_bug+0x2e1/0x300 kernel/locking/lockdep.c:2043
 check_noncircular+0x12e/0x150 kernel/locking/lockdep.c:2175
 check_prev_add kernel/locking/lockdep.c:3165 [inline]
 check_prevs_add kernel/locking/lockdep.c:3284 [inline]
 validate_chain kernel/locking/lockdep.c:3908 [inline]
 __lock_acquire+0x15a5/0x2cf0 kernel/locking/lockdep.c:5237
 lock_acquire+0xf0/0x2e0 kernel/locking/lockdep.c:5868
 __mutex_lock_common kernel/locking/mutex.c:614 [inline]
 __mutex_lock+0x19f/0x1300 kernel/locking/mutex.c:776
 hfsplus_find_init+0x168/0x2d0 fs/hfsplus/bfind.c:28
 hfsplus_ext_read_extent fs/hfsplus/extents.c:216 [inline]
 hfsplus_get_block+0x91e/0x1670 fs/hfsplus/extents.c:268
 block_read_full_folio+0x29f/0x830 fs/buffer.c:2417
 read_pages+0x373/0x5a0 mm/readahead.c:173
 page_cache_ra_unbounded+0x79c/0xa50 mm/readahead.c:304
 do_page_cache_ra mm/readahead.c:334 [inline]
 page_cache_ra_order+0xaf2/0xeb0 mm/readahead.c:538
 do_sync_mmap_readahead+0x6ad/0x8e0 mm/filemap.c:3405
 filemap_fault+0x6e2/0x1320 mm/filemap.c:3554
 __do_fault+0x138/0x390 mm/memory.c:5364
 do_shared_fault mm/memory.c:5863 [inline]
 do_fault mm/memory.c:5937 [inline]
 do_pte_missing+0x5c4/0x3490 mm/memory.c:4477
 handle_pte_fault mm/memory.c:6317 [inline]
 __handle_mm_fault mm/memory.c:6455 [inline]
 handle_mm_fault+0x1bec/0x3310 mm/memory.c:6624
 do_user_addr_fault+0xa73/0x1340 arch/x86/mm/fault.c:1334
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x6a/0xc0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f9c2756cdc8
Code: 66 89 74 17 02 88 0f c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 c5 fa 7f 07 c5 fa 7f 4c 17 f0 c3 0f 1f 44 00 00 48 8b 4c 16 f8 48 8b 36 <48> 89 37 48 89 4c 17 f8 c3 62 e1 fe 28 6f 54 16 ff 62 e1 fe 28 6f
RSP: 002b:00007ffef18ec3a8 EFLAGS: 00010246
RAX: 0000200000000240 RBX: 0000000000000004 RCX: 0031656c69662f2e
RDX: 0000000000000008 RSI: 0031656c69662f2e RDI: 0000200000000240
RBP: fffffffffffffffe R08: 00007f9c273ff030 R09: 0000000000000001
R10: 7ffffffffffffff7 R11: 0000000000000009 R12: 00007ffef18ec4d0
R13: 00007f9c27815fac R14: 0000000000011f0f R15: 00007f9c27815fa0
 </TASK>