program:
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="a72d11a15c048c010063acbc5cea1f8131aa9d3944e60bc2ad60aa0118b28f1bfd68", 0x22}], 0x1}, 0x0)
pipe(&(0x7f0000000580)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
rename(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file0\x00')
io_uring_setup(0x50d4, &(0x7f0000000080)={0x0, 0xd5d7, 0x8000, 0x3, 0x4015f, 0x0, r1}) (async)
r3 = io_uring_setup(0x50d4, &(0x7f0000000080)={0x0, 0xd5d7, 0x8000, 0x3, 0x4015f, 0x0, r1})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x80242, 0xd5)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000300)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r4, &(0x7f0000000200)='7', 0x1}]) (async)
io_submit(r5, 0x1, &(0x7f0000000300)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r4, &(0x7f0000000200)='7', 0x1}])
io_uring_enter(r3, 0x1d95, 0xee91, 0x28, &(0x7f0000000100), 0x8)
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=")
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
creat(&(0x7f0000000600)='./bus\x00', 0x6)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505330, &(0x7f0000000040)={{}, {0x18}, 0x0, 0x7})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/seq/clients\x00', 0x0, 0x0) (async)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/seq/clients\x00', 0x0, 0x0)
lseek(r8, 0x126, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
pwrite64(r6, &(0x7f0000000140)='2', 0x1, 0x8080c61)
creat(&(0x7f0000000300)='./bus\x00', 0x4) (async)
creat(&(0x7f0000000300)='./bus\x00', 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50) (async)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x20000000, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r9}, &(0x7f0000000200), &(0x7f00000003c0)='%ps    \x00'}, 0x20) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r9, <r10=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f00000003c0)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r10}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x25, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r10}}, @printk={@d, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r10}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)
splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) (async)
splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0)

[   87.914920][ T5296] Bluetooth: hci0: command tx timeout
[   88.138511][ T5318] loop0: detected capacity change from 0 to 64
[   88.160026][ T5318] =======================================================
[   88.160026][ T5318] WARNING: The mand mount option has been deprecated and
[   88.160026][ T5318]          and is ignored by this kernel. Remove the mand
[   88.160026][ T5318]          option from the mount to silence this warning.
[   88.160026][ T5318] =======================================================
[   88.981831][ T5318] hfs: request for non-existent node 8 in B*Tree
[   88.984890][ T5318] hfs: request for non-existent node 8 in B*Tree
[   88.997962][ T5318] 
[   88.999113][ T5318] ======================================================
[   89.002155][ T5318] WARNING: possible circular locking dependency detected
[   89.005259][ T5318] syzkaller #0 Not tainted
[   89.007297][ T5318] ------------------------------------------------------
[   89.010140][ T5318] syz.0.0/5318 is trying to acquire lock:
[   89.012505][ T5318] ffff88801f57e0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   89.016918][ T5318] 
[   89.016918][ T5318] but task is already holding lock:
[   89.020160][ T5318] ffff88801fd4c1f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0
[   89.024518][ T5318] 
[   89.024518][ T5318] which lock already depends on the new lock.
[   89.024518][ T5318] 
[   89.028888][ T5318] 
[   89.028888][ T5318] the existing dependency chain (in reverse order) is:
[   89.032625][ T5318] 
[   89.032625][ T5318] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}:
[   89.038449][ T5318]        __mutex_lock+0x19f/0x1300
[   89.040776][ T5318]        hfs_extend_file+0xf2/0x15e0
[   89.043086][ T5318]        hfs_bmap_reserve+0x107/0x430
[   89.045362][ T5318]        __hfs_ext_write_extent+0x1fa/0x470
[   89.047898][ T5318]        __hfs_ext_cache_extent+0x6b/0x9b0
[   89.050316][ T5318]        hfs_extend_file+0x39b/0x15e0
[   89.052730][ T5318]        hfs_get_block+0x412/0xc50
[   89.054923][ T5318]        __block_write_begin_int+0x6c6/0x1910
[   89.057640][ T5318]        cont_write_begin+0x737/0xae0
[   89.060025][ T5318]        hfs_write_begin+0x66/0xb0
[   89.062224][ T5318]        cont_write_begin+0x2e7/0xae0
[   89.064631][ T5318]        hfs_write_begin+0x66/0xb0
[   89.067098][ T5318]        generic_perform_write+0x2e2/0x8f0
[   89.069795][ T5318]        generic_file_write_iter+0x14a/0x680
[   89.072491][ T5318]        vfs_write+0x61d/0xb90
[   89.074519][ T5318]        __x64_sys_pwrite64+0x199/0x230
[   89.076651][ T5318]        do_syscall_64+0x14d/0xf80
[   89.078905][ T5318]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.081794][ T5318] 
[   89.081794][ T5318] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[   89.085780][ T5318]        __lock_acquire+0x15a5/0x2cf0
[   89.087990][ T5318]        lock_acquire+0xf0/0x2e0
[   89.090038][ T5318]        __mutex_lock+0x19f/0x1300
[   89.092128][ T5318]        hfs_find_init+0x18e/0x300
[   89.093993][ T5318]        hfs_extend_file+0x35c/0x15e0
[   89.096287][ T5318]        hfs_bmap_reserve+0x107/0x430
[   89.098557][ T5318]        hfs_cat_create+0x20f/0x800
[   89.100859][ T5318]        hfs_create+0x75/0xe0
[   89.102877][ T5318]        path_openat+0x1395/0x3860
[   89.105131][ T5318]        do_file_open+0x23e/0x4a0
[   89.107576][ T5318]        do_sys_openat2+0x113/0x200
[   89.109784][ T5318]        __x64_sys_creat+0x8f/0xc0
[   89.112071][ T5318]        do_syscall_64+0x14d/0xf80
[   89.114569][ T5318]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.117350][ T5318] 
[   89.117350][ T5318] other info that might help us debug this:
[   89.117350][ T5318] 
[   89.121624][ T5318]  Possible unsafe locking scenario:
[   89.121624][ T5318] 
[   89.124960][ T5318]        CPU0                    CPU1
[   89.127371][ T5318]        ----                    ----
[   89.129587][ T5318]   lock(&HFS_I(tree->inode)->extents_lock);
[   89.132072][ T5318]                                lock(&tree->tree_lock/1);
[   89.135257][ T5318]                                lock(&HFS_I(tree->inode)->extents_lock);
[   89.139164][ T5318]   lock(&tree->tree_lock/1);
[   89.141189][ T5318] 
[   89.141189][ T5318]  *** DEADLOCK ***
[   89.141189][ T5318] 
[   89.144648][ T5318] 4 locks held by syz.0.0/5318:
[   89.146741][ T5318]  #0: ffff888012192420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   89.150553][ T5318]  #1: ffff88801fd4bd20 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb4c/0x3860
[   89.155081][ T5318]  #2: ffff88801f5340b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   89.159145][ T5318]  #3: ffff88801fd4c1f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0
[   89.164010][ T5318] 
[   89.164010][ T5318] stack backtrace:
[   89.166608][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   89.166623][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   89.166630][ T5318] Call Trace:
[   89.166638][ T5318]  <TASK>
[   89.166643][ T5318]  dump_stack_lvl+0xe8/0x150
[   89.166663][ T5318]  print_circular_bug+0x2e1/0x300
[   89.166681][ T5318]  check_noncircular+0x12e/0x150
[   89.166698][ T5318]  __lock_acquire+0x15a5/0x2cf0
[   89.166712][ T5318]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   89.166757][ T5318]  ? kasan_save_track+0x4f/0x80
[   89.166773][ T5318]  ? kasan_save_track+0x3e/0x80
[   89.166786][ T5318]  ? __kasan_kmalloc+0x93/0xb0
[   89.166801][ T5318]  ? __kmalloc_noprof+0x35c/0x760
[   89.166816][ T5318]  ? hfs_find_init+0xaa/0x300
[   89.166830][ T5318]  ? hfs_extend_file+0x35c/0x15e0
[   89.166840][ T5318]  ? hfs_bmap_reserve+0x107/0x430
[   89.166850][ T5318]  lock_acquire+0xf0/0x2e0
[   89.166862][ T5318]  ? hfs_find_init+0x18e/0x300
[   89.166885][ T5318]  __mutex_lock+0x19f/0x1300
[   89.166900][ T5318]  ? hfs_find_init+0x18e/0x300
[   89.166916][ T5318]  ? hfs_find_init+0x18e/0x300
[   89.166929][ T5318]  ? __pfx___mutex_lock+0x10/0x10
[   89.166944][ T5318]  ? rcu_is_watching+0x15/0xb0
[   89.166960][ T5318]  ? __kmalloc_noprof+0x37d/0x760
[   89.166974][ T5318]  ? kasan_save_track+0x4f/0x80
[   89.166988][ T5318]  ? hfs_find_init+0xaa/0x300
[   89.167000][ T5318]  ? __kmalloc_noprof+0x1b8/0x760
[   89.167016][ T5318]  hfs_find_init+0x18e/0x300
[   89.167030][ T5318]  hfs_extend_file+0x35c/0x15e0
[   89.167042][ T5318]  ? __pfx_hfs_extend_file+0x10/0x10
[   89.167054][ T5318]  ? __mutex_lock+0x319/0x1300
[   89.167072][ T5318]  ? __pfx___mutex_lock+0x10/0x10
[   89.167086][ T5318]  ? rcu_is_watching+0x15/0xb0
[   89.167101][ T5318]  hfs_bmap_reserve+0x107/0x430
[   89.167113][ T5318]  hfs_cat_create+0x20f/0x800
[   89.167126][ T5318]  ? do_raw_spin_lock+0x12b/0x2f0
[   89.167136][ T5318]  ? __pfx_hfs_cat_create+0x10/0x10
[   89.167149][ T5318]  ? _raw_spin_unlock+0x28/0x50
[   89.167161][ T5318]  ? hfs_new_inode+0x92d/0xc70
[   89.167174][ T5318]  hfs_create+0x75/0xe0
[   89.167184][ T5318]  ? __pfx_hfs_create+0x10/0x10
[   89.167193][ T5318]  path_openat+0x1395/0x3860
[   89.167216][ T5318]  ? __pfx_path_openat+0x10/0x10
[   89.167229][ T5318]  ? __x64_sys_creat+0x8f/0xc0
[   89.167244][ T5318]  ? __lock_acquire+0x6b5/0x2cf0
[   89.167258][ T5318]  do_file_open+0x23e/0x4a0
[   89.167274][ T5318]  ? __pfx_do_file_open+0x10/0x10
[   89.167293][ T5318]  ? _raw_spin_unlock+0x28/0x50
[   89.167304][ T5318]  ? alloc_fd+0x64b/0x6c0
[   89.167318][ T5318]  do_sys_openat2+0x113/0x200
[   89.167329][ T5318]  ? __se_sys_futex+0x3a8/0x450
[   89.167343][ T5318]  ? __pfx_do_sys_openat2+0x10/0x10
[   89.167356][ T5318]  ? rcu_is_watching+0x15/0xb0
[   89.167371][ T5318]  __x64_sys_creat+0x8f/0xc0
[   89.167384][ T5318]  do_syscall_64+0x14d/0xf80
[   89.167399][ T5318]  ? trace_irq_disable+0x3b/0x150
[   89.167411][ T5318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.167418][ T5318]  ? clear_bhb_loop+0x40/0x90
[   89.167428][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.167438][ T5318] RIP: 0033:0x7fe89dd9c629
[   89.167451][ T5318] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   89.167460][ T5318] RSP: 002b:00007fe89eb7d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   89.167472][ T5318] RAX: ffffffffffffffda RBX: 00007fe89e016090 RCX: 00007fe89dd9c629
[   89.167480][ T5318] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000200000000300
[   89.167487][ T5318] RBP: 00007fe89de32b39 R08: 0000000000000000 R09: 0000000000000000
[   89.167493][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.167499][ T5318] R13: 00007fe89e016128 R14: 00007fe89e016090 R15: 00007ffdacef19f8
[   89.167510][ T5318]  </TASK>