program:
syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nombcache}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2}}, {@stripe={'stripe', 0x3d, 0x2004000}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@max_batch_time={'max_batch_time', 0x3d, 0x4}}]}, 0x3, 0x43a, &(0x7f0000000780)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xd, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000004db5bd7fee7c29e8626755c047b628a29c793fc21848da735ba86f172722d3b03ec2e82e6cb7777813d914099023912063137b4c71e43cc85a39f8b3092e56921ad71b787d240e101ade5704056c07549c50d3d2197dde4727c2b59ace3240ea1b61c8cadd4ffcb4c4ada060420b6007724fc50fa552527faf2c83a887687d9a400c9d74e9e2979e2df8359c5285327acfdc16c739213d906729bd10228b3dac252c9fef01b1db19bd06a1dc8cde84245da1bb2b86cf7fbef4982b60d2fccbc43c34a6e27ccba0a23923567b0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
socket(0x25, 0x5, 0x6)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={<r2=>0x0}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x85, &(0x7f00000000c0)={r2, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}, 0x0, 0x0, 0x0, 0x9}, &(0x7f00000001c0)=0x9c)
r3 = creat(&(0x7f0000000180)='./file0\x00', 0x10)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x111a00, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
creat(&(0x7f0000000600)='./bus\x00', 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
pwrite64(r5, &(0x7f0000000140)='2', 0x1, 0x8080c61)
creat(&(0x7f0000000300)='./bus\x00', 0x4)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r3, &(0x7f0000000400)="2ec8425d4ce2ef0035", 0x9)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
chdir(&(0x7f00000003c0)='./bus\x00')
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.memory_pressure\x00', 0x275a, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000340), 0x4, 0xc8d03)
ioctl$DRM_IOCTL_GEM_FLINK(r8, 0xc008640a, &(0x7f00000000c0))
ioctl$KVM_INTERRUPT(r7, 0x4004ae86, &(0x7f0000000080)=0x101)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r9 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)

[  135.190876][ T5314] Bluetooth: hci0: command tx timeout
[  135.264035][ T5333] loop0: detected capacity change from 0 to 512
[  135.290286][ T5333] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  135.305313][ T5333] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  135.309234][ T5333] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  135.351742][ T5333] loop0: detected capacity change from 0 to 64
[  135.355055][ T5333] =======================================================
[  135.355055][ T5333] WARNING: The mand mount option has been deprecated and
[  135.355055][ T5333]          and is ignored by this kernel. Remove the mand
[  135.355055][ T5333]          option from the mount to silence this warning.
[  135.355055][ T5333] =======================================================
[  136.188437][ T5333] hfs: request for non-existent node 8 in B*Tree
[  136.191275][ T5333] hfs: request for non-existent node 8 in B*Tree
[  136.244362][ T5333] 
[  136.245518][ T5333] ======================================================
[  136.248489][ T5333] WARNING: possible circular locking dependency detected
[  136.251479][ T5333] syzkaller #0 Not tainted
[  136.253491][ T5333] ------------------------------------------------------
[  136.256331][ T5333] syz.0.0/5333 is trying to acquire lock:
[  136.258570][ T5333] ffff888041eb40b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[  136.262533][ T5333] 
[  136.262533][ T5333] but task is already holding lock:
[  136.265713][ T5333] ffff88803300c1f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0
[  136.270081][ T5333] 
[  136.270081][ T5333] which lock already depends on the new lock.
[  136.270081][ T5333] 
[  136.274541][ T5333] 
[  136.274541][ T5333] the existing dependency chain (in reverse order) is:
[  136.278090][ T5333] 
[  136.278090][ T5333] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}:
[  136.282315][ T5333]        __mutex_lock+0x19f/0x1300
[  136.284631][ T5333]        hfs_extend_file+0xf2/0x15e0
[  136.286872][ T5333]        hfs_bmap_reserve+0x107/0x430
[  136.289105][ T5333]        __hfs_ext_write_extent+0x1fa/0x470
[  136.291521][ T5333]        __hfs_ext_cache_extent+0x6b/0x9b0
[  136.294001][ T5333]        hfs_extend_file+0x39b/0x15e0
[  136.296463][ T5333]        hfs_get_block+0x412/0xc50
[  136.298611][ T5333]        __block_write_begin_int+0x6c6/0x1910
[  136.301331][ T5333]        cont_write_begin+0x737/0xae0
[  136.303577][ T5333]        hfs_write_begin+0x66/0xb0
[  136.305794][ T5333]        cont_write_begin+0x2e7/0xae0
[  136.308151][ T5333]        hfs_write_begin+0x66/0xb0
[  136.310443][ T5333]        generic_perform_write+0x2e2/0x8f0
[  136.313006][ T5333]        generic_file_write_iter+0x14a/0x680
[  136.315583][ T5333]        vfs_write+0x61d/0xb90
[  136.317686][ T5333]        __x64_sys_pwrite64+0x199/0x230
[  136.320013][ T5333]        do_syscall_64+0x14d/0xf80
[  136.322012][ T5333]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.324525][ T5333] 
[  136.324525][ T5333] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[  136.327845][ T5333]        __lock_acquire+0x15a5/0x2cf0
[  136.330059][ T5333]        lock_acquire+0xf0/0x2e0
[  136.332111][ T5333]        __mutex_lock+0x19f/0x1300
[  136.334244][ T5333]        hfs_find_init+0x18e/0x300
[  136.336377][ T5333]        hfs_extend_file+0x35c/0x15e0
[  136.338973][ T5333]        hfs_bmap_reserve+0x107/0x430
[  136.341416][ T5333]        hfs_cat_create+0x20f/0x800
[  136.343624][ T5333]        hfs_create+0x75/0xe0
[  136.345630][ T5333]        path_openat+0x1395/0x3860
[  136.347961][ T5333]        do_file_open+0x23e/0x4a0
[  136.350036][ T5333]        do_sys_openat2+0x113/0x200
[  136.352185][ T5333]        __x64_sys_openat+0x138/0x170
[  136.354391][ T5333]        do_syscall_64+0x14d/0xf80
[  136.356544][ T5333]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.359216][ T5333] 
[  136.359216][ T5333] other info that might help us debug this:
[  136.359216][ T5333] 
[  136.363524][ T5333]  Possible unsafe locking scenario:
[  136.363524][ T5333] 
[  136.366638][ T5333]        CPU0                    CPU1
[  136.368798][ T5333]        ----                    ----
[  136.371043][ T5333]   lock(&HFS_I(tree->inode)->extents_lock);
[  136.373673][ T5333]                                lock(&tree->tree_lock/1);
[  136.376841][ T5333]                                lock(&HFS_I(tree->inode)->extents_lock);
[  136.380473][ T5333]   lock(&tree->tree_lock/1);
[  136.382471][ T5333] 
[  136.382471][ T5333]  *** DEADLOCK ***
[  136.382471][ T5333] 
[  136.385710][ T5333] 4 locks held by syz.0.0/5333:
[  136.387891][ T5333]  #0: ffff8880439ee420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  136.391659][ T5333]  #1: ffff88803300bd20 (&type->i_mutex_dir_key#8){++++}-{4:4}, at: path_openat+0xb4c/0x3860
[  136.396085][ T5333]  #2: ffff888041fb60b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[  136.400203][ T5333]  #3: ffff88803300c1f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0
[  136.404802][ T5333] 
[  136.404802][ T5333] stack backtrace:
[  136.407370][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  136.407389][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  136.407442][ T5333] Call Trace:
[  136.407450][ T5333]  <TASK>
[  136.407457][ T5333]  dump_stack_lvl+0xe8/0x150
[  136.407503][ T5333]  print_circular_bug+0x2e1/0x300
[  136.407520][ T5333]  check_noncircular+0x12e/0x150
[  136.407536][ T5333]  __lock_acquire+0x15a5/0x2cf0
[  136.407549][ T5333]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  136.407564][ T5333]  ? kasan_save_track+0x4f/0x80
[  136.407600][ T5333]  ? kasan_save_track+0x3e/0x80
[  136.407613][ T5333]  ? __kasan_kmalloc+0x93/0xb0
[  136.407626][ T5333]  ? __kmalloc_noprof+0x35c/0x760
[  136.407662][ T5333]  ? hfs_find_init+0xaa/0x300
[  136.407677][ T5333]  ? hfs_extend_file+0x35c/0x15e0
[  136.407686][ T5333]  ? hfs_bmap_reserve+0x107/0x430
[  136.407697][ T5333]  lock_acquire+0xf0/0x2e0
[  136.407708][ T5333]  ? hfs_find_init+0x18e/0x300
[  136.407720][ T5333]  __mutex_lock+0x19f/0x1300
[  136.407734][ T5333]  ? hfs_find_init+0x18e/0x300
[  136.407749][ T5333]  ? hfs_find_init+0x18e/0x300
[  136.407762][ T5333]  ? __pfx___mutex_lock+0x10/0x10
[  136.407775][ T5333]  ? rcu_is_watching+0x15/0xb0
[  136.407817][ T5333]  ? __kmalloc_noprof+0x37d/0x760
[  136.407831][ T5333]  ? kasan_save_track+0x4f/0x80
[  136.407844][ T5333]  ? hfs_find_init+0xaa/0x300
[  136.407855][ T5333]  ? __kmalloc_noprof+0x1b8/0x760
[  136.407869][ T5333]  hfs_find_init+0x18e/0x300
[  136.407882][ T5333]  hfs_extend_file+0x35c/0x15e0
[  136.407893][ T5333]  ? __pfx_hfs_extend_file+0x10/0x10
[  136.407902][ T5333]  ? __mutex_lock+0x319/0x1300
[  136.407920][ T5333]  ? __pfx___mutex_lock+0x10/0x10
[  136.407934][ T5333]  ? rcu_is_watching+0x15/0xb0
[  136.407950][ T5333]  hfs_bmap_reserve+0x107/0x430
[  136.407962][ T5333]  hfs_cat_create+0x20f/0x800
[  136.407973][ T5333]  ? do_raw_spin_lock+0x12b/0x2f0
[  136.407983][ T5333]  ? __pfx_hfs_cat_create+0x10/0x10
[  136.407996][ T5333]  ? _raw_spin_unlock+0x28/0x50
[  136.408006][ T5333]  ? hfs_new_inode+0x92d/0xc70
[  136.408017][ T5333]  hfs_create+0x75/0xe0
[  136.408027][ T5333]  ? __pfx_hfs_create+0x10/0x10
[  136.408036][ T5333]  path_openat+0x1395/0x3860
[  136.408056][ T5333]  ? __pfx_path_openat+0x10/0x10
[  136.408068][ T5333]  ? __x64_sys_openat+0x138/0x170
[  136.408081][ T5333]  ? __lock_acquire+0x6b5/0x2cf0
[  136.408095][ T5333]  do_file_open+0x23e/0x4a0
[  136.408110][ T5333]  ? __pfx_do_file_open+0x10/0x10
[  136.408128][ T5333]  ? _raw_spin_unlock+0x28/0x50
[  136.408140][ T5333]  ? alloc_fd+0x64b/0x6c0
[  136.408153][ T5333]  do_sys_openat2+0x113/0x200
[  136.408164][ T5333]  ? __se_sys_futex+0x3a8/0x450
[  136.408199][ T5333]  ? __pfx_do_sys_openat2+0x10/0x10
[  136.408213][ T5333]  ? rcu_is_watching+0x15/0xb0
[  136.408246][ T5333]  __x64_sys_openat+0x138/0x170
[  136.408257][ T5333]  do_syscall_64+0x14d/0xf80
[  136.408271][ T5333]  ? trace_irq_disable+0x3b/0x150
[  136.408311][ T5333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.408323][ T5333]  ? clear_bhb_loop+0x40/0x90
[  136.408334][ T5333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.408345][ T5333] RIP: 0033:0x7fb6c4f9c629
[  136.408358][ T5333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  136.408367][ T5333] RSP: 002b:00007fb6c13f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  136.408385][ T5333] RAX: ffffffffffffffda RBX: 00007fb6c5215fa0 RCX: 00007fb6c4f9c629
[  136.408393][ T5333] RDX: 000000000000275a RSI: 0000200000000140 RDI: ffffffffffffff9c
[  136.408401][ T5333] RBP: 00007fb6c5032b39 R08: 0000000000000000 R09: 0000000000000000
[  136.408408][ T5333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  136.408415][ T5333] R13: 00007fb6c5216038 R14: 00007fb6c5215fa0 R15: 00007ffc6e2d3d68
[  136.408425][ T5333]  </TASK>
[  136.582197][ T5333] syz.0.0: attempt to access beyond end of device
[  136.582197][ T5333] loop0: rw=8388608, sector=27869, nr_sectors = 1 limit=64
[  136.588797][ T5333] Buffer I/O error on dev loop0, logical block 27869, async page read
[  136.592182][ T5333] syz.0.0: attempt to access beyond end of device
[  136.592182][ T5333] loop0: rw=8388608, sector=27871, nr_sectors = 1 limit=64
[  136.597862][ T5333] Buffer I/O error on dev loop0, logical block 27871, async page read
[  136.601280][ T5333] syz.0.0: attempt to access beyond end of device
[  136.601280][ T5333] loop0: rw=8388608, sector=27872, nr_sectors = 1 limit=64
[  136.606570][ T5333] Buffer I/O error on dev loop0, logical block 27872, async page read