program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000300)=[@rdma_dest={0x18, 0x114, 0x2, {0xa, 0xd}}], 0x18, 0x40000}, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="600000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="05a00200000000073800128009000000766c616e00000000280059b81c0003800c00010008000000000000000c0001000880000075f3ffff060001000100010008000500", @ANYRES32=r3, @ANYBLOB], 0x60}, 0x1, 0xba01, 0x0, 0x4000810}, 0x0)
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0x54, r5, 0x20, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @random="e947462493bc"}, @NL80211_ATTR_REASON_CODE={0x6}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040000}, 0x10008884)
creat(&(0x7f0000000600)='./bus\x00', 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
pwrite64(r4, &(0x7f0000000140)='2', 0x1, 0x8080c61)
creat(&(0x7f0000000300)='./bus\x00', 0x4)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)
add_key(&(0x7f0000000000)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$rds(0x15, 0x5, 0x0) (async)
bind$rds(r1, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) (async)
sendmsg$rds(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000300)=[@rdma_dest={0x18, 0x114, 0x2, {0xa, 0xd}}], 0x18, 0x40000}, 0x0) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="600000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="05a00200000000073800128009000000766c616e00000000280059b81c0003800c00010008000000000000000c0001000880000075f3ffff060001000100010008000500", @ANYRES32=r3, @ANYBLOB], 0x60}, 0x1, 0xba01, 0x0, 0x4000810}, 0x0) (async)
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") (async)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r4) (async)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0x54, r5, 0x20, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x1}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @random="e947462493bc"}, @NL80211_ATTR_REASON_CODE={0x6}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040000}, 0x10008884) (async)
creat(&(0x7f0000000600)='./bus\x00', 0x6) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
pwrite64(r4, &(0x7f0000000140)='2', 0x1, 0x8080c61) (async)
creat(&(0x7f0000000300)='./bus\x00', 0x4) (async)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) (async)
add_key(&(0x7f0000000000)='cifs.spnego\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) (async)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) (async)

[   76.111917][ T5318] Bluetooth: hci0: command tx timeout
[   76.206314][ T5340] loop0: detected capacity change from 0 to 64
[   76.232428][ T5340] =======================================================
[   76.232428][ T5340] WARNING: The mand mount option has been deprecated and
[   76.232428][ T5340]          and is ignored by this kernel. Remove the mand
[   76.232428][ T5340]          option from the mount to silence this warning.
[   76.232428][ T5340] =======================================================
[   76.307704][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[   76.310664][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[   76.906535][ T5340] hfs: request for non-existent node 8 in B*Tree
[   76.909509][ T5340] hfs: request for non-existent node 8 in B*Tree
[   76.945168][ T5340] 
[   76.946286][ T5340] ======================================================
[   76.949198][ T5340] WARNING: possible circular locking dependency detected
[   76.952146][ T5340] syzkaller #0 Not tainted
[   76.954063][ T5340] ------------------------------------------------------
[   76.957108][ T5340] syz.0.0/5340 is trying to acquire lock:
[   76.959512][ T5340] ffff88801f9740b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   76.963470][ T5340] 
[   76.963470][ T5340] but task is already holding lock:
[   76.966590][ T5340] ffff8880335e8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540
[   76.970961][ T5340] 
[   76.970961][ T5340] which lock already depends on the new lock.
[   76.970961][ T5340] 
[   76.975260][ T5340] 
[   76.975260][ T5340] the existing dependency chain (in reverse order) is:
[   76.978988][ T5340] 
[   76.978988][ T5340] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}:
[   76.982836][ T5340]        __mutex_lock+0x187/0x1350
[   76.985015][ T5340]        hfs_extend_file+0xda/0x1540
[   76.987434][ T5340]        hfs_bmap_reserve+0x107/0x430
[   76.989736][ T5340]        __hfs_ext_write_extent+0x1fa/0x470
[   76.992237][ T5340]        __hfs_ext_cache_extent+0x6b/0x9b0
[   76.994795][ T5340]        hfs_extend_file+0x31e/0x1540
[   76.997116][ T5340]        hfs_get_block+0x3d7/0xbd0
[   76.999390][ T5340]        __block_write_begin_int+0x6b5/0x1900
[   77.001884][ T5340]        cont_write_begin+0x78c/0xb50
[   77.004205][ T5340]        hfs_write_begin+0x66/0xb0
[   77.006444][ T5340]        cont_write_begin+0x2fd/0xb50
[   77.008726][ T5340]        hfs_write_begin+0x66/0xb0
[   77.010913][ T5340]        generic_perform_write+0x2c5/0x900
[   77.013409][ T5340]        generic_file_write_iter+0x117/0x550
[   77.015953][ T5340]        vfs_write+0x5c9/0xb30
[   77.018107][ T5340]        __x64_sys_pwrite64+0x193/0x220
[   77.020442][ T5340]        do_syscall_64+0xec/0xf80
[   77.022679][ T5340]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.025472][ T5340] 
[   77.025472][ T5340] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[   77.028906][ T5340]        __lock_acquire+0x15a6/0x2cf0
[   77.031203][ T5340]        lock_acquire+0x107/0x340
[   77.033412][ T5340]        __mutex_lock+0x187/0x1350
[   77.035525][ T5340]        hfs_find_init+0x18e/0x300
[   77.037810][ T5340]        hfs_extend_file+0x2f6/0x1540
[   77.040117][ T5340]        hfs_bmap_reserve+0x107/0x430
[   77.042346][ T5340]        hfs_cat_create+0x1c5/0x770
[   77.044548][ T5340]        hfs_create+0x66/0xe0
[   77.046624][ T5340]        path_openat+0x18bb/0x3dd0
[   77.048726][ T5340]        do_filp_open+0x1fa/0x410
[   77.050887][ T5340]        do_sys_openat2+0x121/0x200
[   77.052980][ T5340]        __x64_sys_openat+0x138/0x170
[   77.055154][ T5340]        do_syscall_64+0xec/0xf80
[   77.057349][ T5340]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.059948][ T5340] 
[   77.059948][ T5340] other info that might help us debug this:
[   77.059948][ T5340] 
[   77.063855][ T5340]  Possible unsafe locking scenario:
[   77.063855][ T5340] 
[   77.067045][ T5340]        CPU0                    CPU1
[   77.069142][ T5340]        ----                    ----
[   77.071154][ T5340]   lock(&HFS_I(tree->inode)->extents_lock);
[   77.073564][ T5340]                                lock(&tree->tree_lock/1);
[   77.076432][ T5340]                                lock(&HFS_I(tree->inode)->extents_lock);
[   77.079674][ T5340]   lock(&tree->tree_lock/1);
[   77.081679][ T5340] 
[   77.081679][ T5340]  *** DEADLOCK ***
[   77.081679][ T5340] 
[   77.085054][ T5340] 4 locks held by syz.0.0/5340:
[   77.087184][ T5340]  #0: ffff88801f976420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   77.090867][ T5340]  #1: ffff8880335e8fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb47/0x3dd0
[   77.095087][ T5340]  #2: ffff88801f9720b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   77.098830][ T5340]  #3: ffff8880335e8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540
[   77.103226][ T5340] 
[   77.103226][ T5340] stack backtrace:
[   77.105479][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.105492][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.105498][ T5340] Call Trace:
[   77.105504][ T5340]  <TASK>
[   77.105510][ T5340]  dump_stack_lvl+0xe8/0x150
[   77.105526][ T5340]  print_circular_bug+0x2e2/0x300
[   77.105538][ T5340]  check_noncircular+0x12e/0x150
[   77.105549][ T5340]  __lock_acquire+0x15a6/0x2cf0
[   77.105558][ T5340]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   77.105572][ T5340]  ? lockdep_hardirqs_on+0x7b/0x110
[   77.105579][ T5340]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   77.105592][ T5340]  ? stack_depot_save_flags+0x3f3/0x810
[   77.105607][ T5340]  ? hfs_find_init+0x18e/0x300
[   77.105620][ T5340]  lock_acquire+0x107/0x340
[   77.105630][ T5340]  ? hfs_find_init+0x18e/0x300
[   77.105640][ T5340]  __mutex_lock+0x187/0x1350
[   77.105648][ T5340]  ? hfs_find_init+0x18e/0x300
[   77.105659][ T5340]  ? hfs_find_init+0x18e/0x300
[   77.105668][ T5340]  ? __pfx___mutex_lock+0x10/0x10
[   77.105677][ T5340]  ? rcu_is_watching+0x15/0xb0
[   77.105688][ T5340]  ? trace_kmalloc+0x1f/0xb0
[   77.105698][ T5340]  ? __kmalloc_noprof+0x43e/0x800
[   77.105708][ T5340]  ? hfs_find_init+0xaa/0x300
[   77.105718][ T5340]  hfs_find_init+0x18e/0x300
[   77.105726][ T5340]  hfs_extend_file+0x2f6/0x1540
[   77.105739][ T5340]  ? __pfx_hfs_extend_file+0x10/0x10
[   77.105749][ T5340]  ? __mutex_lock+0x335/0x1350
[   77.105760][ T5340]  ? __pfx___mutex_lock+0x10/0x10
[   77.105769][ T5340]  hfs_bmap_reserve+0x107/0x430
[   77.105781][ T5340]  hfs_cat_create+0x1c5/0x770
[   77.105791][ T5340]  ? do_raw_spin_lock+0x121/0x290
[   77.105801][ T5340]  ? __pfx_hfs_cat_create+0x10/0x10
[   77.105814][ T5340]  ? _raw_spin_unlock+0x28/0x50
[   77.105825][ T5340]  ? hfs_new_inode+0x837/0xbd0
[   77.105837][ T5340]  hfs_create+0x66/0xe0
[   77.105846][ T5340]  ? __pfx_hfs_create+0x10/0x10
[   77.105858][ T5340]  path_openat+0x18bb/0x3dd0
[   77.105880][ T5340]  ? __pfx_path_openat+0x10/0x10
[   77.105894][ T5340]  do_filp_open+0x1fa/0x410
[   77.105909][ T5340]  ? __pfx_do_filp_open+0x10/0x10
[   77.105923][ T5340]  ? _raw_spin_unlock+0x28/0x50
[   77.105933][ T5340]  ? alloc_fd+0x64c/0x6c0
[   77.105943][ T5340]  do_sys_openat2+0x121/0x200
[   77.105953][ T5340]  ? __se_sys_futex+0x36f/0x400
[   77.105962][ T5340]  ? __pfx_do_sys_openat2+0x10/0x10
[   77.105972][ T5340]  ? rcu_is_watching+0x15/0xb0
[   77.105982][ T5340]  __x64_sys_openat+0x138/0x170
[   77.105992][ T5340]  do_syscall_64+0xec/0xf80
[   77.106001][ T5340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.106009][ T5340]  ? trace_irq_disable+0x37/0x100
[   77.106019][ T5340]  ? clear_bhb_loop+0x60/0xb0
[   77.106028][ T5340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.106037][ T5340] RIP: 0033:0x7f162698f7c9
[   77.106047][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.106054][ T5340] RSP: 002b:00007f162785e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   77.106064][ T5340] RAX: ffffffffffffffda RBX: 00007f1626be5fa0 RCX: 00007f162698f7c9
[   77.106071][ T5340] RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   77.106076][ T5340] RBP: 00007f1626a13f91 R08: 0000000000000000 R09: 0000000000000000
[   77.106082][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.106087][ T5340] R13: 00007f1626be6038 R14: 00007f1626be5fa0 R15: 00007ffc6f812028
[   77.106095][ T5340]  </TASK>
[   77.305772][ T5341] syz.0.0: attempt to access beyond end of device
[   77.305772][ T5341] loop0: rw=8388608, sector=27869, nr_sectors = 1 limit=64
[   77.326044][ T5341] Buffer I/O error on dev loop0, logical block 27869, async page read
[   77.329637][ T5341] syz.0.0: attempt to access beyond end of device
[   77.329637][ T5341] loop0: rw=8388608, sector=27871, nr_sectors = 1 limit=64
[   77.335606][ T5341] Buffer I/O error on dev loop0, logical block 27871, async page read
[   77.339266][ T5341] syz.0.0: attempt to access beyond end of device
[   77.339266][ T5341] loop0: rw=8388608, sector=27872, nr_sectors = 1 limit=64
[   77.346538][ T5341] Buffer I/O error on dev loop0, logical block 27872, async page read