program:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={0xffffffffffffffff, 0x10000, 0x5})
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2d1, &(0x7f0000000280)="$eJzs3b9u01AUx/HfddI2pVVxaRESY6ESLAjKgliCUCaegAkBTZAqoiKgiD9TQUwIwc7GwCvwECwgXgAmJh6gTEb32o6T2I7dqI0b+H6kRnbia58bX9vnRKquAPy3rrd+fLr8y/4Zqaaa9Oaq5ElqSHVJJ3Wq8WR7Z2un22mP2lHNtbB/RmFLk9pmc7uT1dS2cy0ivl2ra7H/vdDCeJ1EriAIrv2sOghUzl39GTxpTrPJemOCMZXxcsx2uwccx7Qxe9rTMy1VHQcAoFrR898LM3ktRvm750nr0WPf5QdH7fk/rr2qAzh0wchP+57/rsoKjD2/x91HSb3nSjj7uRdXiWWOPDO07tJHbyjBNEVVpYvFm7+31e1c2HzQbXt6pWakb7NV99oOh26sINq1jNp0hBJ9N9kZpatXvRnbh40w/qeSBuJfGfOIKWWvTPPFfDO3jK8Pavfyv3pg7GlyZ8ofOlNh/Bfz9+h66dutFN02ms2mN7DJsjvIafWXEkW9bGRXJIpH1LIGfyDwi+J0rU4MtQp7d6mg1Upmq414LafV6kAr25veaM4/3mEz78xNs6bf+qxWX/7v2fjWNfLKTK4asx4OOPeNh/2ZzT5c3e3TT43P9OXS+xbn8kL/M3xPu/ExGH2bQ563uqsrWnr8/MX9WrfbeWQX7mQsPFzsvTPzWsrcpuIF7SbvzClwUhvHD6VJBnb+QHdo7x+FG9ur7EiclH96ofX1sAbSfDRMq+9phfcmTExy0quOBBWxeZcJ67+kXqmHyZ598TPz9JLlRrTHwObYvQouaRuEGbmkY/uq4BbyK7h0zZWqGV3NdeacdLb8Ef0ozmlm+hL4lr7rNr//AwAAAAAAAAAAAAAAAAAATJtJ/DtB1X0EAAAAAAAAAAAAAAAAAAAAAGDa9eb/VTz/r8rN/zs878pBzv/7flvZ8//GcuaaAbAvfwMAAP//QTZ8Yw==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0) (async)
open(&(0x7f0000000080)='./bus\x00', 0x14d27e, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r3, 0x8b1a, &(0x7f0000000040))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) (async)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000380)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x7}, 0x0, 0x0, 0x0, 0x6, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300))
ioctl$SIOCSIFHWADDR(r7, 0x8b0f, &(0x7f0000000000)={'wlan1\x00', @random='\\\x00\x00 \x00'}) (async)
ioctl$SIOCSIFHWADDR(r7, 0x8b0f, &(0x7f0000000000)={'wlan1\x00', @random='\\\x00\x00 \x00'})
pipe2$9p(&(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x0)
vmsplice(r8, &(0x7f0000001180)=[{&(0x7f0000000040)="7117d5ba", 0x4}], 0x1, 0x2) (async)
vmsplice(r8, &(0x7f0000001180)=[{&(0x7f0000000040)="7117d5ba", 0x4}], 0x1, 0x2)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xb8}}, 0x0)

[   86.779422][ T5306] Bluetooth: hci0: command tx timeout
[   86.871751][ T5334] loop0: detected capacity change from 0 to 64
[   86.891123][ T5334] =======================================================
[   86.891123][ T5334] WARNING: The mand mount option has been deprecated and
[   86.891123][ T5334]          and is ignored by this kernel. Remove the mand
[   86.891123][ T5334]          option from the mount to silence this warning.
[   86.891123][ T5334] =======================================================
[   86.966517][ T5335] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   86.987004][ T5335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   87.023213][ T5332] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   87.028201][ T5332] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[   87.045526][ T5335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   87.050168][   T13] wlan1: authenticated
[   87.055564][ T5335] 
[   87.056773][ T5335] ============================================
[   87.059098][ T5335] WARNING: possible recursive locking detected
[   87.061242][ T5335] syzkaller #0 Not tainted
[   87.063000][ T5335] --------------------------------------------
[   87.065447][ T5335] syz.0.0/5335 is trying to acquire lock:
[   87.067724][ T5335] ffff88803f5000f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0
[   87.072161][ T5335] 
[   87.072161][ T5335] but task is already holding lock:
[   87.075253][ T5335] ffff88803f500778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0
[   87.079818][ T5335] 
[   87.079818][ T5335] other info that might help us debug this:
[   87.083564][ T5335]  Possible unsafe locking scenario:
[   87.083564][ T5335] 
[   87.086949][ T5335]        CPU0
[   87.088463][ T5335]        ----
[   87.089918][ T5335]   lock(&HFS_I(tree->inode)->extents_lock);
[   87.092607][ T5335]   lock(&HFS_I(tree->inode)->extents_lock);
[   87.095319][ T5335] 
[   87.095319][ T5335]  *** DEADLOCK ***
[   87.095319][ T5335] 
[   87.098456][ T5335]  May be due to missing lock nesting notation
[   87.098456][ T5335] 
[   87.101687][ T5335] 5 locks held by syz.0.0/5335:
[   87.103624][ T5335]  #0: ffff88803b156420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   87.107185][ T5335]  #1: ffff88803f500fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830
[   87.111348][ T5335]  #2: ffff88801f0520b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0
[   87.115212][ T5335]  #3: ffff88803f500778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x14c0
[   87.119584][ T5335]  #4: ffff88801f0500b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x2c0
[   87.123186][ T5335] 
[   87.123186][ T5335] stack backtrace:
[   87.125664][ T5335] CPU: 0 UID: 0 PID: 5335 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.125678][ T5335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.125685][ T5335] Call Trace:
[   87.125693][ T5335]  <TASK>
[   87.125698][ T5335]  dump_stack_lvl+0x189/0x250
[   87.125718][ T5335]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.125731][ T5335]  ? __pfx__printk+0x10/0x10
[   87.125741][ T5335]  ? print_lock_name+0xde/0x100
[   87.125751][ T5335]  print_deadlock_bug+0x28b/0x2a0
[   87.125764][ T5335]  validate_chain+0x1a3f/0x2140
[   87.125775][ T5335]  ? rcu_is_watching+0x15/0xb0
[   87.125787][ T5335]  ? rcu_is_watching+0x15/0xb0
[   87.125797][ T5335]  ? lock_release+0x4b/0x3e0
[   87.125806][ T5335]  ? lock_release+0x4b/0x3e0
[   87.125815][ T5335]  ? look_up_lock_class+0x74/0x170
[   87.125873][ T5335]  ? register_lock_class+0x51/0x320
[   87.125883][ T5335]  __lock_acquire+0xab9/0xd20
[   87.125894][ T5335]  ? hfs_extend_file+0xda/0x14c0
[   87.125909][ T5335]  lock_acquire+0x120/0x360
[   87.125918][ T5335]  ? hfs_extend_file+0xda/0x14c0
[   87.125933][ T5335]  __mutex_lock+0x187/0x1350
[   87.125942][ T5335]  ? hfs_extend_file+0xda/0x14c0
[   87.125952][ T5335]  ? lockdep_unlock+0x89/0x120
[   87.125961][ T5335]  ? hfs_extend_file+0xda/0x14c0
[   87.125973][ T5335]  ? __pfx___mutex_lock+0x10/0x10
[   87.125987][ T5335]  hfs_extend_file+0xda/0x14c0
[   87.126004][ T5335]  ? __pfx_hfs_extend_file+0x10/0x10
[   87.126017][ T5335]  ? __pfx___mutex_trylock_common+0x10/0x10
[   87.126029][ T5335]  ? rcu_is_watching+0x15/0xb0
[   87.126040][ T5335]  ? trace_contention_end+0x39/0x120
[   87.126052][ T5335]  ? __asan_memset+0x22/0x50
[   87.126064][ T5335]  ? hfs_brec_find+0x1a7/0x510
[   87.126076][ T5335]  hfs_bmap_reserve+0x107/0x430
[   87.126091][ T5335]  __hfs_ext_write_extent+0x1fa/0x470
[   87.126106][ T5335]  __hfs_ext_cache_extent+0x6b/0x9b0
[   87.126121][ T5335]  ? hfs_find_init+0x18e/0x2c0
[   87.126132][ T5335]  hfs_extend_file+0x31e/0x14c0
[   87.126147][ T5335]  ? __pfx_hfs_extend_file+0x10/0x10
[   87.126165][ T5335]  ? __mutex_lock+0x335/0x1350
[   87.126180][ T5335]  ? __pfx___mutex_lock+0x10/0x10
[   87.126193][ T5335]  hfs_bmap_reserve+0x107/0x430
[   87.126209][ T5335]  hfs_cat_create+0x1c5/0x730
[   87.126224][ T5335]  ? do_raw_spin_lock+0x121/0x290
[   87.126236][ T5335]  ? __pfx_hfs_cat_create+0x10/0x10
[   87.126253][ T5335]  ? _raw_spin_unlock+0x28/0x50
[   87.126263][ T5335]  ? hfs_new_inode+0x837/0xbd0
[   87.126274][ T5335]  hfs_create+0x66/0xe0
[   87.126287][ T5335]  ? __pfx_hfs_create+0x10/0x10
[   87.126300][ T5335]  path_openat+0x14f4/0x3830
[   87.126317][ T5335]  ? __pfx_path_openat+0x10/0x10
[   87.126336][ T5335]  do_filp_open+0x1fa/0x410
[   87.126345][ T5335]  ? __lock_acquire+0xab9/0xd20
[   87.126354][ T5335]  ? __pfx_do_filp_open+0x10/0x10
[   87.126368][ T5335]  ? _raw_spin_unlock+0x28/0x50
[   87.126377][ T5335]  ? alloc_fd+0x64c/0x6c0
[   87.126392][ T5335]  do_sys_openat2+0x121/0x1c0
[   87.126403][ T5335]  ? __pfx_do_sys_openat2+0x10/0x10
[   87.126413][ T5335]  ? rcu_is_watching+0x15/0xb0
[   87.126424][ T5335]  __x64_sys_openat+0x138/0x170
[   87.126435][ T5335]  do_syscall_64+0xfa/0xfa0
[   87.126448][ T5335]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.126459][ T5335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.126469][ T5335]  ? clear_bhb_loop+0x60/0xb0
[   87.126479][ T5335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.126490][ T5335] RIP: 0033:0x7f0ff3b8efc9
[   87.126501][ T5335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.126509][ T5335] RSP: 002b:00007f0ff4a41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   87.126520][ T5335] RAX: ffffffffffffffda RBX: 00007f0ff3de6090 RCX: 00007f0ff3b8efc9
[   87.126528][ T5335] RDX: 00000000000026e1 RSI: 0000200000000280 RDI: ffffffffffffff9c
[   87.126534][ T5335] RBP: 00007f0ff3c11f91 R08: 0000000000000000 R09: 0000000000000000
[   87.126540][ T5335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.126545][ T5335] R13: 00007f0ff3de6128 R14: 00007f0ff3de6090 R15: 00007fffc6336ee8
[   87.126556][ T5335]  </TASK>
[   87.308802][   T13] wlan1: associate with 08:02:11:00:00:00 (try 1/3)
[   87.322068][ T5334] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   87.868822][   T13] wlan1: associate with 08:02:11:00:00:00 (try 2/3)