Extracting prog: 2m10.092116896s
Minimizing prog: 7m42.327303132s
Simplifying prog options: 0s
Extracting C: 43.361995791s
Simplifying C: 8m3.276534119s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143842, 0x0)
write(r0, &(0x7f0000004200)="74efc4c419fdb8d66bbba728f371d056ad6f01e9762d70401d1c9d331b48b925e9e6a7759abb206b9b18bfc3f3f96adb2b37c2121ef21e91bac768dd33df29649da1d82e826a55c4d620b6f510daee26004b741c951d528d806efbe00c439f2df46d3adf8be24e280b948a49afd17d56437c6e752d84f99bf37a88f0c54488dd13b848f2381d7d2aecb68ed16762e4a3c1a847565364b9f1af92c9c89e06e89fe6179cb7078a742cb968a9f09cc690dc473df29d6ad9af5879e9a2618c63702117a3a63d3a4236baee86f5f452e9663a795306dabb97db884348ab437bdc13b7cfb03eff1cf216f09d21078e1852fc7c96413d9d65c52ce9baa6bc26de7f028738a17120de30a433c9c3c8e276f3ae5e18a1f95767fffe8e98b0c3f134f12263b01c36866d4e0e856cc14ecf50279adb9438c6219c49cae973d8e7faf33dcdeb96d7ef7e89ae828cb91df22939307bb1f7fb7392e1e24f6b63166b89937c00eb8fea0245cd93e4aa803160bd71c1a0bbb6b8285d8ab654485ab985f1dd2eb9abf53131a9680dcafe4000d3ea528dd52aba3e4ff6a3883ec614253d5627bd91522d881128328ed1e00907fa6cc48cec5268bbedd85ec02d8bac3183460dd1a27fbc06b5642473a41a6cbfb07f53deab2473b37c3d10a125d610f1b9ea5c83e7d462048f25fc1e79295eeff750a23faf5d542758c421bb0673504c9dbae2959f77", 0xffe00)

program crashed: possible deadlock in hfs_find_init
single: successfully extracted reproducer
found reproducer with 3 syscalls
minimizing guilty program
testing program (duration=51.965316444s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143842, 0x0)

program did not crash
testing program (duration=51.965316444s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-write
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
write(0xffffffffffffffff, &(0x7f0000004200)="74efc4c419fdb8d66bbba728f371d056ad6f01e9762d70401d1c9d331b48b925e9e6a7759abb206b9b18bfc3f3f96adb2b37c2121ef21e91bac768dd33df29649da1d82e826a55c4d620b6f510daee26004b741c951d528d806efbe00c439f2df46d3adf8be24e280b948a49afd17d56437c6e752d84f99bf37a88f0c54488dd13b848f2381d7d2aecb68ed16762e4a3c1a847565364b9f1af92c9c89e06e89fe6179cb7078a742cb968a9f09cc690dc473df29d6ad9af5879e9a2618c63702117a3a63d3a4236baee86f5f452e9663a795306dabb97db884348ab437bdc13b7cfb03eff1cf216f09d21078e1852fc7c96413d9d65c52ce9baa6bc26de7f028738a17120de30a433c9c3c8e276f3ae5e18a1f95767fffe8e98b0c3f134f12263b01c36866d4e0e856cc14ecf50279adb9438c6219c49cae973d8e7faf33dcdeb96d7ef7e89ae828cb91df22939307bb1f7fb7392e1e24f6b63166b89937c00eb8fea0245cd93e4aa803160bd71c1a0bbb6b8285d8ab654485ab985f1dd2eb9abf53131a9680dcafe4000d3ea528dd52aba3e4ff6a3883ec614253d5627bd91522d881128328ed1e00907fa6cc48cec5268bbedd85ec02d8bac3183460dd1a27fbc06b5642473a41a6cbfb07f53deab2473b37c3d10a125d610f1b9ea5c83e7d462048f25fc1e79295eeff750a23faf5d542758c421bb0673504c9dbae2959f77", 0xffe00)

program did not crash
testing program (duration=51.965316444s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat-write
detailed listing:
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143842, 0x0)
write(r0, &(0x7f0000004200)="74efc4c419fdb8d66bbba728f371d056ad6f01e9762d70401d1c9d331b48b925e9e6a7759abb206b9b18bfc3f3f96adb2b37c2121ef21e91bac768dd33df29649da1d82e826a55c4d620b6f510daee26004b741c951d528d806efbe00c439f2df46d3adf8be24e280b948a49afd17d56437c6e752d84f99bf37a88f0c54488dd13b848f2381d7d2aecb68ed16762e4a3c1a847565364b9f1af92c9c89e06e89fe6179cb7078a742cb968a9f09cc690dc473df29d6ad9af5879e9a2618c63702117a3a63d3a4236baee86f5f452e9663a795306dabb97db884348ab437bdc13b7cfb03eff1cf216f09d21078e1852fc7c96413d9d65c52ce9baa6bc26de7f028738a17120de30a433c9c3c8e276f3ae5e18a1f95767fffe8e98b0c3f134f12263b01c36866d4e0e856cc14ecf50279adb9438c6219c49cae973d8e7faf33dcdeb96d7ef7e89ae828cb91df22939307bb1f7fb7392e1e24f6b63166b89937c00eb8fea0245cd93e4aa803160bd71c1a0bbb6b8285d8ab654485ab985f1dd2eb9abf53131a9680dcafe4000d3ea528dd52aba3e4ff6a3883ec614253d5627bd91522d881128328ed1e00907fa6cc48cec5268bbedd85ec02d8bac3183460dd1a27fbc06b5642473a41a6cbfb07f53deab2473b37c3d10a125d610f1b9ea5c83e7d462048f25fc1e79295eeff750a23faf5d542758c421bb0673504c9dbae2959f77", 0xffe00)

program did not crash
testing program (duration=51.965316444s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
r0 = openat(0xffffffffffffff9c, 0x0, 0x143842, 0x0)
write(r0, &(0x7f0000004200)="74efc4c419fdb8d66bbba728f371d056ad6f01e9762d70401d1c9d331b48b925e9e6a7759abb206b9b18bfc3f3f96adb2b37c2121ef21e91bac768dd33df29649da1d82e826a55c4d620b6f510daee26004b741c951d528d806efbe00c439f2df46d3adf8be24e280b948a49afd17d56437c6e752d84f99bf37a88f0c54488dd13b848f2381d7d2aecb68ed16762e4a3c1a847565364b9f1af92c9c89e06e89fe6179cb7078a742cb968a9f09cc690dc473df29d6ad9af5879e9a2618c63702117a3a63d3a4236baee86f5f452e9663a795306dabb97db884348ab437bdc13b7cfb03eff1cf216f09d21078e1852fc7c96413d9d65c52ce9baa6bc26de7f028738a17120de30a433c9c3c8e276f3ae5e18a1f95767fffe8e98b0c3f134f12263b01c36866d4e0e856cc14ecf50279adb9438c6219c49cae973d8e7faf33dcdeb96d7ef7e89ae828cb91df22939307bb1f7fb7392e1e24f6b63166b89937c00eb8fea0245cd93e4aa803160bd71c1a0bbb6b8285d8ab654485ab985f1dd2eb9abf53131a9680dcafe4000d3ea528dd52aba3e4ff6a3883ec614253d5627bd91522d881128328ed1e00907fa6cc48cec5268bbedd85ec02d8bac3183460dd1a27fbc06b5642473a41a6cbfb07f53deab2473b37c3d10a125d610f1b9ea5c83e7d462048f25fc1e79295eeff750a23faf5d542758c421bb0673504c9dbae2959f77", 0xffe00)

program did not crash
testing program (duration=51.965316444s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143842, 0x0)
write(r0, 0x0, 0x0)

program did not crash
testing program (duration=51.965316444s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143842, 0x0)
write(r0, &(0x7f0000004200), 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=51.965316444s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
program crashed: possible deadlock in hfs_find_init
simplifying C reproducer
testing compiled C program (duration=51.965316444s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
program crashed: possible deadlock in hfs_find_init
testing compiled C program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
program crashed: possible deadlock in hfs_find_init
testing compiled C program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
program crashed: possible deadlock in hfs_find_init
testing compiled C program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
program crashed: possible deadlock in hfs_find_init
testing compiled C program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
program crashed: possible deadlock in hfs_find_init
testing compiled C program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
program crashed: possible deadlock in hfs_find_init
testing compiled C program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
program crashed: possible deadlock in hfs_find_init
testing program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143842, 0x0)
write(r0, &(0x7f0000004200)="74efc4c419fdb8d66bbba728f371d056ad6f01e9762d70401d1c9d331b48b925e9e6a7759abb206b9b18bfc3f3f96adb2b37c2121ef21e91bac768dd33df29649da1d82e826a55c4d620b6f510daee26004b741c951d528d806efbe00c439f2df46d3adf8be24e280b948a49afd17d56437c6e752d84f99bf37a88f0c54488dd13b848f2381d7d2aecb68ed16762e4a3c1a847565364b9f1af92c9c89e06e89fe6179cb7078a742cb968a9f09cc690dc473df29d6ad9af5879e9a2618c63702117a3a63d3a4236baee86f5f452e9663a795306dabb97db884348ab437bdc13b7cfb03eff1cf216f09d21078e1852fc7c96413d9d65c52ce9baa6bc26de7f028738a17120de30a433c9c3c8e276f3ae5e18a1f95767fffe8e98b0c3f134f12263b01c36866d4e0e856cc14ecf50279adb9438c6219c49cae973d8e7faf33dcdeb96d7ef7e89ae828cb91df22939307bb1f7fb7392e1e24f6b63166b89937c00eb8fea0245cd93e4aa803160bd71c1a0bbb6b8285d8ab654485ab985f1dd2eb9abf53131a9680dcafe4000d3ea528dd52aba3e4ff6a3883ec614253d5627bd91522d881128328ed1e00907fa6cc48cec5268bbedd85ec02d8bac3183460dd1a27fbc06b5642473a41a6cbfb07f53deab2473b37c3d10a125d610f1b9ea5c83e7d462048f25fc1e79295eeff750a23faf5d542758c421bb0673504c9dbae2959f77", 0xffe00)

program crashed: possible deadlock in hfs_find_init
validation run: crashed=true
testing program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143842, 0x0)
write(r0, &(0x7f0000004200)="74efc4c419fdb8d66bbba728f371d056ad6f01e9762d70401d1c9d331b48b925e9e6a7759abb206b9b18bfc3f3f96adb2b37c2121ef21e91bac768dd33df29649da1d82e826a55c4d620b6f510daee26004b741c951d528d806efbe00c439f2df46d3adf8be24e280b948a49afd17d56437c6e752d84f99bf37a88f0c54488dd13b848f2381d7d2aecb68ed16762e4a3c1a847565364b9f1af92c9c89e06e89fe6179cb7078a742cb968a9f09cc690dc473df29d6ad9af5879e9a2618c63702117a3a63d3a4236baee86f5f452e9663a795306dabb97db884348ab437bdc13b7cfb03eff1cf216f09d21078e1852fc7c96413d9d65c52ce9baa6bc26de7f028738a17120de30a433c9c3c8e276f3ae5e18a1f95767fffe8e98b0c3f134f12263b01c36866d4e0e856cc14ecf50279adb9438c6219c49cae973d8e7faf33dcdeb96d7ef7e89ae828cb91df22939307bb1f7fb7392e1e24f6b63166b89937c00eb8fea0245cd93e4aa803160bd71c1a0bbb6b8285d8ab654485ab985f1dd2eb9abf53131a9680dcafe4000d3ea528dd52aba3e4ff6a3883ec614253d5627bd91522d881128328ed1e00907fa6cc48cec5268bbedd85ec02d8bac3183460dd1a27fbc06b5642473a41a6cbfb07f53deab2473b37c3d10a125d610f1b9ea5c83e7d462048f25fc1e79295eeff750a23faf5d542758c421bb0673504c9dbae2959f77", 0xffe00)

program crashed: possible deadlock in hfs_find_init
validation run: crashed=true
testing program (duration=51.965316444s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat-write
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f00000000c0), &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x3, 0x2a6, &(0x7f0000000c00)="$eJzs3c9OE1EUx/HfHQaYCsERMCbGhUFJjAsjuDFuNIaHcGVUWhPiBBPAKGxE18YHcO8r+BCujC/gSlc+QFeOuXdu6ZR2ZvjTMoLfT0I7nd4zPbfz597ThIwA/Lcervz4fOeX/TPSmMYk3ZMCpYqkUNJFXYperW+tbSWtZtmGxmQj7J9RFmn62hi1BoXaOBfhxfZVqOloCP1DuSidbPjFicPGppm3w88KJ82d/Wr0rQ+kSX922muDzso5uVt3AjUzbbX1RjN15wEAqFc2/tvh3j1P+/l7EEiLftg/U+N/u+4ERqJ//lYkN/67yis1dv+ed2916z1Xwtn3g06VeJSsXGER+ANoL4GqqtLlEjSeryWtW6svk2ag97rv5ZrNu8dmduh2+Gzdwfquf9MLA2rTEkfv+5Trw7jtw3JB/nPD/cRq5qv5Zh6bWJ/U3Jv/hamxu8ntqXjfnsryv128RdfLOGtV0MsL7kMu9xaZFb2MsjT++DIz/9aE32aYTzWuytNFzfb81NDp3VJF1NzAqOWKqPn9UXtH80/7MikOHyHz0TwyC/qtL1rJzf8D+00u6iBnpm3jWgbjDfuN27OzsGXoWsb5VbtXBrYMDrAGx+YvfR/0THc1s7m9M/E0SVobm9s7L1goX/BXonTknxWOuDudY+Gf+FaPu6C4tdFO07TufB5c1XA3aMeQ+rpT4yUKJ6a70+vOBDWxsyyT1X9TUXe+7+YJ9iEumaenvS/7y6pcBbTUrQ2Urw1m3eO57nTv5uvsuaQ2mCqu4A5ac127IV3PrayoRmKf5xlhVvRdT/j9HwAAAAAAAAAAAAAAAAAA4LQ5iX8nqLuPAAAAAAAAAAAAAAAAAAAAAACcdkX3/9Uo7v+7un6o+//23jwHwLD9DQAA//9SVYus")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143842, 0x0)
write(r0, &(0x7f0000004200)="74efc4c419fdb8d66bbba728f371d056ad6f01e9762d70401d1c9d331b48b925e9e6a7759abb206b9b18bfc3f3f96adb2b37c2121ef21e91bac768dd33df29649da1d82e826a55c4d620b6f510daee26004b741c951d528d806efbe00c439f2df46d3adf8be24e280b948a49afd17d56437c6e752d84f99bf37a88f0c54488dd13b848f2381d7d2aecb68ed16762e4a3c1a847565364b9f1af92c9c89e06e89fe6179cb7078a742cb968a9f09cc690dc473df29d6ad9af5879e9a2618c63702117a3a63d3a4236baee86f5f452e9663a795306dabb97db884348ab437bdc13b7cfb03eff1cf216f09d21078e1852fc7c96413d9d65c52ce9baa6bc26de7f028738a17120de30a433c9c3c8e276f3ae5e18a1f95767fffe8e98b0c3f134f12263b01c36866d4e0e856cc14ecf50279adb9438c6219c49cae973d8e7faf33dcdeb96d7ef7e89ae828cb91df22939307bb1f7fb7392e1e24f6b63166b89937c00eb8fea0245cd93e4aa803160bd71c1a0bbb6b8285d8ab654485ab985f1dd2eb9abf53131a9680dcafe4000d3ea528dd52aba3e4ff6a3883ec614253d5627bd91522d881128328ed1e00907fa6cc48cec5268bbedd85ec02d8bac3183460dd1a27fbc06b5642473a41a6cbfb07f53deab2473b37c3d10a125d610f1b9ea5c83e7d462048f25fc1e79295eeff750a23faf5d542758c421bb0673504c9dbae2959f77", 0xffe00)

program crashed: possible deadlock in hfs_find_init
validation run: crashed=true
reproducing took 22m8.62521526s
repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 64
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
syz.0.17/4324 is trying to acquire lock:
ffff88807de200b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 fs/hfs/bfind.c:-1

but task is already holding lock:
ffff88807de200b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 fs/hfs/bfind.c:-1

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&tree->tree_lock/1);
  lock(&tree->tree_lock/1);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz.0.17/4324:
 #0: ffff888075a0a460 (sb_writers#13){.+.+}-{0:0}, at: vfs_write+0x28a/0xd00 fs/read_write.c:590
 #1: ffff88807e230928 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff88807e230928 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: generic_file_write_iter+0x7e/0x1b0 mm/filemap.c:3941
 #2: ffff88807e230778 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xd7/0x1280 fs/hfs/extent.c:397
 #3: ffff88807de200b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 fs/hfs/bfind.c:-1
 #4: ffff88807dad00f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xd7/0x1280 fs/hfs/extent.c:397

stack backtrace:
CPU: 0 PID: 4324 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 __lock_acquire+0x1227/0x7c60 kernel/locking/lockdep.c:-1
 lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
 __mutex_lock_common+0x1eb/0x2390 kernel/locking/mutex.c:596
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 hfs_find_init+0x15b/0x1d0 fs/hfs/bfind.c:-1
 hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
 hfs_extend_file+0x2eb/0x1280 fs/hfs/extent.c:401
 hfs_bmap_reserve+0x103/0x420 fs/hfs/btree.c:231
 __hfs_ext_write_extent+0x1fa/0x470 fs/hfs/extent.c:121
 __hfs_ext_cache_extent+0x6b/0x9b0 fs/hfs/extent.c:174
 hfs_ext_read_extent fs/hfs/extent.c:202 [inline]
 hfs_extend_file+0x313/0x1280 fs/hfs/extent.c:401
 hfs_get_block+0x3d4/0xbd0 fs/hfs/extent.c:353
 __block_write_begin_int+0x54e/0x15a0 fs/buffer.c:2012
 __block_write_begin fs/buffer.c:2062 [inline]
 block_write_begin fs/buffer.c:2122 [inline]
 cont_write_begin+0x58a/0x7b0 fs/buffer.c:2471
 hfs_write_begin+0x92/0xe0 fs/hfs/inode.c:59
 generic_perform_write+0x2aa/0x530 mm/filemap.c:3785
 __generic_file_write_iter+0x25f/0x4e0 mm/filemap.c:3912
 generic_file_write_iter+0xa6/0x1b0 mm/filemap.c:3944
 call_write_iter include/linux/fs.h:2173 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0x712/0xd00 fs/read_write.c:594
 ksys_write+0x14d/0x250 fs/read_write.c:647
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f5a9f330749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffda7a52d68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f5a9f586fa0 RCX: 00007f5a9f330749
RDX: 00000000000ffe00 RSI: 0000200000004200 RDI: 0000000000000004
RBP: 00007f5a9f3b4f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5a9f586fa0 R14: 00007f5a9f586fa0 R15: 0000000000000003
 </TASK>

final repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 64
============================================
WARNING: possible recursive locking detected
syzkaller #0 Not tainted
--------------------------------------------
syz.0.17/4324 is trying to acquire lock:
ffff88807de200b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 fs/hfs/bfind.c:-1

but task is already holding lock:
ffff88807de200b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 fs/hfs/bfind.c:-1

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&tree->tree_lock/1);
  lock(&tree->tree_lock/1);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

5 locks held by syz.0.17/4324:
 #0: ffff888075a0a460 (sb_writers#13){.+.+}-{0:0}, at: vfs_write+0x28a/0xd00 fs/read_write.c:590
 #1: ffff88807e230928 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: inode_lock include/linux/fs.h:787 [inline]
 #1: ffff88807e230928 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: generic_file_write_iter+0x7e/0x1b0 mm/filemap.c:3941
 #2: ffff88807e230778 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xd7/0x1280 fs/hfs/extent.c:397
 #3: ffff88807de200b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 fs/hfs/bfind.c:-1
 #4: ffff88807dad00f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xd7/0x1280 fs/hfs/extent.c:397

stack backtrace:
CPU: 0 PID: 4324 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 __lock_acquire+0x1227/0x7c60 kernel/locking/lockdep.c:-1
 lock_acquire+0x197/0x3f0 kernel/locking/lockdep.c:5623
 __mutex_lock_common+0x1eb/0x2390 kernel/locking/mutex.c:596
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 hfs_find_init+0x15b/0x1d0 fs/hfs/bfind.c:-1
 hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
 hfs_extend_file+0x2eb/0x1280 fs/hfs/extent.c:401
 hfs_bmap_reserve+0x103/0x420 fs/hfs/btree.c:231
 __hfs_ext_write_extent+0x1fa/0x470 fs/hfs/extent.c:121
 __hfs_ext_cache_extent+0x6b/0x9b0 fs/hfs/extent.c:174
 hfs_ext_read_extent fs/hfs/extent.c:202 [inline]
 hfs_extend_file+0x313/0x1280 fs/hfs/extent.c:401
 hfs_get_block+0x3d4/0xbd0 fs/hfs/extent.c:353
 __block_write_begin_int+0x54e/0x15a0 fs/buffer.c:2012
 __block_write_begin fs/buffer.c:2062 [inline]
 block_write_begin fs/buffer.c:2122 [inline]
 cont_write_begin+0x58a/0x7b0 fs/buffer.c:2471
 hfs_write_begin+0x92/0xe0 fs/hfs/inode.c:59
 generic_perform_write+0x2aa/0x530 mm/filemap.c:3785
 __generic_file_write_iter+0x25f/0x4e0 mm/filemap.c:3912
 generic_file_write_iter+0xa6/0x1b0 mm/filemap.c:3944
 call_write_iter include/linux/fs.h:2173 [inline]
 new_sync_write fs/read_write.c:507 [inline]
 vfs_write+0x712/0xd00 fs/read_write.c:594
 ksys_write+0x14d/0x250 fs/read_write.c:647
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f5a9f330749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffda7a52d68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f5a9f586fa0 RCX: 00007f5a9f330749
RDX: 00000000000ffe00 RSI: 0000200000004200 RDI: 0000000000000004
RBP: 00007f5a9f3b4f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5a9f586fa0 R14: 00007f5a9f586fa0 R15: 0000000000000003
 </TASK>