program:
socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_procfs(0x0, &(0x7f0000000140)='setgroups\x00')
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001440)={0x14, 0x35, 0x107, 0x1, 0xfffffffe, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000006c0)="0000000000aa303e97380e90231bdbdaf6a4bd77eabcd3866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9d00000c0a498396b28c7d1784d04aa38922721cb781608144284d90a72d7d2e3152d35bd216ed78ffb6e711b889cda0346ce9bca2e6e9e46b15980456c43a659f7c7e3e6e9e16e0de93100734d432ca57c27d3bde66b2791ccc02c85c43e8652f13258bd412174ea931ded39a9830e593761d91c56f637f0e1568ea66a15d9f0eba504ab3eb205fda13d1068e7692f8d00a6527788c134204d9c0d3eda07c2d92d2fb48887b6f71c6de43a923bbcaa9e3ac5bd82ac0ec", 0xf4}, {&(0x7f0000000d00)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fbc84589ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe953054720185010000f1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac395430", 0x35d}], 0x2}, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=")
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
creat(&(0x7f0000000600)='./bus\x00', 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
pwrite64(r2, &(0x7f0000000140)='2', 0x1, 0x8080c61)
creat(&(0x7f0000000300)='./bus\x00', 0x4)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
r3 = fsopen(&(0x7f0000000040)='jffs2\x00', 0x0)
close_range(r3, r3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0xc00, 0x2)
r5 = fanotify_init(0xf00, 0x1001)
fanotify_mark(r5, 0x105, 0x5000003a, r4, 0x0)
readv(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/241, 0xf1}], 0x1)

[   83.223560][ T4666] Bluetooth: hci0: command tx timeout
[   83.354101][ T5324] loop0: detected capacity change from 0 to 64
[   83.367060][ T5324] =======================================================
[   83.367060][ T5324] WARNING: The mand mount option has been deprecated and
[   83.367060][ T5324]          and is ignored by this kernel. Remove the mand
[   83.367060][ T5324]          option from the mount to silence this warning.
[   83.367060][ T5324] =======================================================
[   84.303637][ T5324] hfs: request for non-existent node 8 in B*Tree
[   84.307369][ T5324] hfs: request for non-existent node 8 in B*Tree
[   84.502931][ T5324] 
[   84.508790][ T5324] ======================================================
[   84.537698][ T5324] WARNING: possible circular locking dependency detected
[   84.541381][ T5324] syzkaller #0 Not tainted
[   84.549896][ T5324] ------------------------------------------------------
[   84.559642][ T5324] syz.0.0/5324 is trying to acquire lock:
[   84.562585][ T5324] ffff888011f8a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   84.567272][ T5324] 
[   84.567272][ T5324] but task is already holding lock:
[   84.582232][ T5324] ffff888012af0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0
[   84.594854][ T5324] 
[   84.594854][ T5324] which lock already depends on the new lock.
[   84.594854][ T5324] 
[   84.608074][ T5324] 
[   84.608074][ T5324] the existing dependency chain (in reverse order) is:
[   84.612521][ T5324] 
[   84.612521][ T5324] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}:
[   84.617314][ T5324]        __mutex_lock+0x19f/0x1300
[   84.630662][ T5324]        hfs_extend_file+0xf2/0x15e0
[   84.633649][ T5324]        hfs_bmap_reserve+0x107/0x430
[   84.637852][ T5324]        __hfs_ext_write_extent+0x1fa/0x470
[   84.649779][ T5324]        __hfs_ext_cache_extent+0x6b/0x9b0
[   84.654813][ T5324]        hfs_extend_file+0x39b/0x15e0
[   84.658373][ T5324]        hfs_get_block+0x412/0xc50
[   84.671229][ T5324]        __block_write_begin_int+0x6c6/0x1910
[   84.677469][ T5324]        cont_write_begin+0x737/0xae0
[   84.687440][ T5324]        hfs_write_begin+0x66/0xb0
[   84.700472][ T5324]        cont_write_begin+0x2e7/0xae0
[   84.703601][ T5324]        hfs_write_begin+0x66/0xb0
[   84.707054][ T5324]        generic_perform_write+0x2e2/0x8f0
[   84.742656][ T5324]        generic_file_write_iter+0x14a/0x680
[   84.746174][ T5324]        vfs_write+0x61d/0xb90
[   84.748780][ T5324]        __x64_sys_pwrite64+0x199/0x230
[   84.751443][ T5324]        do_syscall_64+0xe2/0xf80
[   84.753855][ T5324]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.756831][ T5324] 
[   84.756831][ T5324] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[   84.781816][ T5324]        __lock_acquire+0x15a5/0x2cf0
[   84.784256][ T5324]        lock_acquire+0x106/0x330
[   84.786550][ T5324]        __mutex_lock+0x19f/0x1300
[   84.816771][ T5324]        hfs_find_init+0x18e/0x300
[   84.828586][ T5324]        hfs_extend_file+0x35c/0x15e0
[   84.838992][ T5324]        hfs_bmap_reserve+0x107/0x430
[   84.847454][ T5324]        hfs_cat_create+0x20f/0x800
[   84.859564][ T5324]        hfs_mkdir+0x6c/0xe0
[   84.866076][ T5324]        vfs_mkdir+0x753/0x870
[   84.871542][ T5324]        do_mkdirat+0x27d/0x4b0
[   84.882045][ T5324]        __x64_sys_mkdirat+0x87/0xa0
[   84.885526][ T5324]        do_syscall_64+0xe2/0xf80
[   84.898898][ T5324]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.906127][ T5324] 
[   84.906127][ T5324] other info that might help us debug this:
[   84.906127][ T5324] 
[   84.920725][ T5324]  Possible unsafe locking scenario:
[   84.920725][ T5324] 
[   84.929430][ T5324]        CPU0                    CPU1
[   84.931877][ T5324]        ----                    ----
[   84.940869][ T5324]   lock(&HFS_I(tree->inode)->extents_lock);
[   84.943303][ T5324]                                lock(&tree->tree_lock/1);
[   84.946218][ T5324]                                lock(&HFS_I(tree->inode)->extents_lock);
[   84.960762][ T5324]   lock(&tree->tree_lock/1);
[   84.962799][ T5324] 
[   84.962799][ T5324]  *** DEADLOCK ***
[   84.962799][ T5324] 
[   84.977010][ T5324] 4 locks held by syz.0.0/5324:
[   84.985364][ T5324]  #0: ffff888012ade420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   85.000583][ T5324]  #1: ffff888012af0fa0 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_create+0x200/0x370
[   85.011123][ T5324]  #2: ffff888011f880b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   85.015452][ T5324]  #3: ffff888012af0778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0
[   85.041366][ T5324] 
[   85.041366][ T5324] stack backtrace:
[   85.051869][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.051890][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.051899][ T5324] Call Trace:
[   85.051907][ T5324]  <TASK>
[   85.051913][ T5324]  dump_stack_lvl+0xe8/0x150
[   85.051935][ T5324]  print_circular_bug+0x2e1/0x300
[   85.051958][ T5324]  check_noncircular+0x12e/0x150
[   85.051972][ T5324]  __lock_acquire+0x15a5/0x2cf0
[   85.051990][ T5324]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   85.052008][ T5324]  ? lockdep_hardirqs_on+0x7a/0x110
[   85.052020][ T5324]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   85.052038][ T5324]  ? stack_depot_save_flags+0x3f3/0x810
[   85.052280][ T5324]  ? hfs_find_init+0x18e/0x300
[   85.052299][ T5324]  lock_acquire+0x106/0x330
[   85.052315][ T5324]  ? hfs_find_init+0x18e/0x300
[   85.052332][ T5324]  __mutex_lock+0x19f/0x1300
[   85.052345][ T5324]  ? hfs_find_init+0x18e/0x300
[   85.052368][ T5324]  ? hfs_find_init+0x18e/0x300
[   85.052390][ T5324]  ? __pfx___mutex_lock+0x10/0x10
[   85.052406][ T5324]  ? rcu_is_watching+0x15/0xb0
[   85.052419][ T5324]  ? trace_kmalloc+0x1f/0xb0
[   85.052435][ T5324]  ? __kmalloc_noprof+0x42d/0x7e0
[   85.052450][ T5324]  ? hfs_find_init+0xaa/0x300
[   85.052466][ T5324]  hfs_find_init+0x18e/0x300
[   85.052482][ T5324]  hfs_extend_file+0x35c/0x15e0
[   85.052496][ T5324]  ? __pfx_hfs_extend_file+0x10/0x10
[   85.052508][ T5324]  ? __mutex_lock+0x319/0x1300
[   85.052524][ T5324]  ? __pfx___mutex_lock+0x10/0x10
[   85.052538][ T5324]  hfs_bmap_reserve+0x107/0x430
[   85.052554][ T5324]  hfs_cat_create+0x20f/0x800
[   85.052567][ T5324]  ? do_raw_spin_lock+0x12b/0x2f0
[   85.052580][ T5324]  ? __pfx_hfs_cat_create+0x10/0x10
[   85.052595][ T5324]  ? hfs_new_inode+0x838/0xbd0
[   85.052611][ T5324]  hfs_mkdir+0x6c/0xe0
[   85.052623][ T5324]  vfs_mkdir+0x753/0x870
[   85.052639][ T5324]  do_mkdirat+0x27d/0x4b0
[   85.052655][ T5324]  ? __pfx_do_mkdirat+0x10/0x10
[   85.052668][ T5324]  ? getname_flags+0x1e4/0x540
[   85.052684][ T5324]  __x64_sys_mkdirat+0x87/0xa0
[   85.052698][ T5324]  do_syscall_64+0xe2/0xf80
[   85.052709][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.052720][ T5324]  ? trace_irq_disable+0x37/0x100
[   85.052731][ T5324]  ? clear_bhb_loop+0x60/0xb0
[   85.052745][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.052756][ T5324] RIP: 0033:0x7f545019aeb9
[   85.052768][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.052777][ T5324] RSP: 002b:00007f5450ffc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[   85.052791][ T5324] RAX: ffffffffffffffda RBX: 00007f5450415fa0 RCX: 00007f545019aeb9
[   85.052800][ T5324] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[   85.052808][ T5324] RBP: 00007f5450208c1f R08: 0000000000000000 R09: 0000000000000000
[   85.052815][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.052822][ T5324] R13: 00007f5450416038 R14: 00007f5450415fa0 R15: 00007ffdc86d05a8
[   85.052866][ T5324]  </TASK>
[   85.355764][ T4666] Bluetooth: hci0: command tx timeout
[   85.449862][   T31] kworker/u4:2: attempt to access beyond end of device
[   85.449862][   T31] loop0: rw=8388609, sector=4200, nr_sectors = 1 limit=64
[   85.473080][   T31] Buffer I/O error on dev loop0, logical block 4200, lost async page write
[   85.477091][   T31] kworker/u4:2: attempt to access beyond end of device
[   85.477091][   T31] loop0: rw=8388609, sector=4201, nr_sectors = 1 limit=64
[   85.523497][   T31] Buffer I/O error on dev loop0, logical block 4201, lost async page write
[   85.552901][   T31] kworker/u4:2: attempt to access beyond end of device
[   85.552901][   T31] loop0: rw=8388609, sector=4202, nr_sectors = 1 limit=64
[   85.631906][   T31] Buffer I/O error on dev loop0, logical block 4202, lost async page write
[   85.677520][   T31] kworker/u4:2: attempt to access beyond end of device
[   85.677520][   T31] loop0: rw=8388609, sector=4203, nr_sectors = 1 limit=64
[   85.684757][   T31] Buffer I/O error on dev loop0, logical block 4203, lost async page write