program:
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xd4)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@can_delroute={0x24, 0x19, 0x1, 0x70bd28, 0x25dfdbfc, {0x1d, 0x1, 0x2}, [@CGW_SRC_IF={0x8}, @CGW_DST_IF={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008844}, 0x30004016)
ftruncate(r2, 0xc17a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0)
set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000240), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r6=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010025bd7000fddbdf2501000000100007800c0001a008000100", @ANYRES32=r6, @ANYBLOB="0c0002000500000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x4010}, 0x40040)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="81010000000000000000030000000800010000000000100007800c00018008000100", @ANYRES32, @ANYBLOB="5079368c072a5db061ffd6c4a9d3cb6782a8cc7e37a8efcfa20fb63f7bf3f5f289c64b4e1a3bc5930099807a2e9b2b3212479278bed2ab4e96b2c28dd17d61a049b062f05eae82dde7811ea4405ae9d07359619502d1c436ea71c37929ca1462a20f013ef39273c9773ba2e80d0b506e3900d660d4be221aa1b7e660d6eb69b72d30c6a85900000000000000cf814960aedeefd31a86a95665070010563c84e5b01fb0ed46a930c05682dbbf9a9d552e061ea914c44d2ec036d7aebad152207620d01d6fcf2295029f870d3fb0c467d3ccc2afde78d942752f233a9e50e56da5cefade2ac1cd3c6783312233c7ee84d8997d87b24dd8b97f088f80f68757ae4ea173f6acada16de938d6ca672a331ee063f5b3d27d4e7164e369da74774b3cd1a12e991bacd108787e664c51fbc580985539fc9e9a95abe52b1ca801bbc7eb740e8577630af265e0d8f5efe4b585c0343de8a68dea760137d9ab77b43a7151b16ddb57660d8dfe3715ba3dc0733f4950ffd028cf11760d967cee491a8e2b73f935c62b6b37304c41decab7cc70f0cb8963924d99bb710e688a2e8182f2ff7b45"], 0x2c}, 0x1, 0x0, 0x0, 0x20044000}, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x8040, 0x0)
r10 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
renameat2(r10, &(0x7f0000000380)='./bus\x00', r10, &(0x7f0000000400)='./file1\x00', 0x0)
write$binfmt_script(r9, &(0x7f0000000000), 0x208e24b)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)

[   67.948215][ T4658] Bluetooth: hci0: command tx timeout
[   67.983167][ T5313] loop0: detected capacity change from 0 to 64
[   68.019262][ T5313] =======================================================
[   68.019262][ T5313] WARNING: The mand mount option has been deprecated and
[   68.019262][ T5313]          and is ignored by this kernel. Remove the mand
[   68.019262][ T5313]          option from the mount to silence this warning.
[   68.019262][ T5313] =======================================================
[   68.162192][ T5314] nbd: socks must be embedded in a SOCK_ITEM attr
[   68.217567][ T5314] block nbd0: not configured, cannot reconfigure
[   68.222396][ T5314] 
[   68.223458][ T5314] ======================================================
[   68.226342][ T5314] WARNING: possible circular locking dependency detected
[   68.229127][ T5314] 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 Not tainted
[   68.232107][ T5314] ------------------------------------------------------
[   68.235017][ T5314] syz.0.0/5314 is trying to acquire lock:
[   68.237505][ T5314] ffff88803513a0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0
[   68.241538][ T5314] 
[   68.241538][ T5314] but task is already holding lock:
[   68.244545][ T5314] ffff888043568778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230
[   68.249289][ T5314] 
[   68.249289][ T5314] which lock already depends on the new lock.
[   68.249289][ T5314] 
[   68.253644][ T5314] 
[   68.253644][ T5314] the existing dependency chain (in reverse order) is:
[   68.257492][ T5314] 
[   68.257492][ T5314] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}:
[   68.261392][ T5314]        lock_acquire+0x120/0x360
[   68.263481][ T5314]        __mutex_lock+0x182/0xe80
[   68.265668][ T5314]        hfs_extend_file+0xda/0x1230
[   68.267922][ T5314]        hfs_bmap_reserve+0x107/0x430
[   68.270198][ T5314]        __hfs_ext_write_extent+0x1fa/0x470
[   68.272721][ T5314]        __hfs_ext_cache_extent+0x6b/0x9b0
[   68.275229][ T5314]        hfs_extend_file+0x316/0x1230
[   68.277521][ T5314]        hfs_get_block+0x3d7/0xbd0
[   68.279657][ T5314]        __block_write_begin_int+0x6b2/0x1900
[   68.282242][ T5314]        cont_write_begin+0x789/0xb50
[   68.284441][ T5314]        hfs_write_begin+0x66/0xb0
[   68.286523][ T5314]        cont_write_begin+0x2fa/0xb50
[   68.288748][ T5314]        hfs_write_begin+0x66/0xb0
[   68.290904][ T5314]        generic_perform_write+0x2c4/0x910
[   68.293279][ T5314]        generic_file_write_iter+0x10f/0x540
[   68.295498][ T5314]        vfs_write+0x548/0xa90
[   68.297523][ T5314]        __x64_sys_pwrite64+0x193/0x220
[   68.299734][ T5314]        do_syscall_64+0xf6/0x210
[   68.301620][ T5314]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.304137][ T5314] 
[   68.304137][ T5314] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[   68.307336][ T5314]        validate_chain+0xb9b/0x2140
[   68.309430][ T5314]        __lock_acquire+0xaac/0xd20
[   68.311543][ T5314]        lock_acquire+0x120/0x360
[   68.313602][ T5314]        __mutex_lock+0x182/0xe80
[   68.315629][ T5314]        hfs_find_init+0x165/0x1e0
[   68.317796][ T5314]        hfs_extend_file+0x2ee/0x1230
[   68.320012][ T5314]        hfs_bmap_reserve+0x107/0x430
[   68.322252][ T5314]        hfs_cat_create+0x1b3/0x640
[   68.324403][ T5314]        hfs_create+0x66/0xe0
[   68.326379][ T5314]        path_openat+0x14f1/0x3830
[   68.328565][ T5314]        do_filp_open+0x1fa/0x410
[   68.330694][ T5314]        do_sys_openat2+0x121/0x1c0
[   68.332729][ T5314]        __x64_sys_openat+0x138/0x170
[   68.334821][ T5314]        do_syscall_64+0xf6/0x210
[   68.336885][ T5314]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.339478][ T5314] 
[   68.339478][ T5314] other info that might help us debug this:
[   68.339478][ T5314] 
[   68.343466][ T5314]  Possible unsafe locking scenario:
[   68.343466][ T5314] 
[   68.346703][ T5314]        CPU0                    CPU1
[   68.349024][ T5314]        ----                    ----
[   68.351249][ T5314]   lock(&HFS_I(tree->inode)->extents_lock);
[   68.353769][ T5314]                                lock(&tree->tree_lock/1);
[   68.356729][ T5314]                                lock(&HFS_I(tree->inode)->extents_lock);
[   68.360108][ T5314]   lock(&tree->tree_lock/1);
[   68.362139][ T5314] 
[   68.362139][ T5314]  *** DEADLOCK ***
[   68.362139][ T5314] 
[   68.365104][ T5314] 4 locks held by syz.0.0/5314:
[   68.367173][ T5314]  #0: ffff88803324a420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   68.370981][ T5314]  #1: ffff888043568fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830
[   68.375266][ T5314]  #2: ffff88803513c0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x165/0x1e0
[   68.379806][ T5314]  #3: ffff888043568778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230
[   68.384297][ T5314] 
[   68.384297][ T5314] stack backtrace:
[   68.386683][ T5314] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) 
[   68.386699][ T5314] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.386706][ T5314] Call Trace:
[   68.386719][ T5314]  <TASK>
[   68.386726][ T5314]  dump_stack_lvl+0x189/0x250
[   68.386745][ T5314]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.386760][ T5314]  ? __pfx__printk+0x10/0x10
[   68.386771][ T5314]  ? print_lock_name+0xde/0x100
[   68.386789][ T5314]  print_circular_bug+0x2ee/0x310
[   68.386801][ T5314]  check_noncircular+0x134/0x160
[   68.386812][ T5314]  validate_chain+0xb9b/0x2140
[   68.386823][ T5314]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.386840][ T5314]  __lock_acquire+0xaac/0xd20
[   68.386855][ T5314]  ? hfs_find_init+0x165/0x1e0
[   68.386868][ T5314]  lock_acquire+0x120/0x360
[   68.386882][ T5314]  ? hfs_find_init+0x165/0x1e0
[   68.386896][ T5314]  __mutex_lock+0x182/0xe80
[   68.386908][ T5314]  ? hfs_find_init+0x165/0x1e0
[   68.386922][ T5314]  ? hfs_find_init+0x165/0x1e0
[   68.386935][ T5314]  ? __pfx___mutex_lock+0x10/0x10
[   68.386948][ T5314]  ? rcu_is_watching+0x15/0xb0
[   68.386962][ T5314]  ? __kmalloc_noprof+0x29b/0x4f0
[   68.386972][ T5314]  ? hfs_find_init+0x8b/0x1e0
[   68.386983][ T5314]  hfs_find_init+0x165/0x1e0
[   68.386996][ T5314]  hfs_extend_file+0x2ee/0x1230
[   68.387005][ T5314]  ? __pfx___mutex_trylock_common+0x10/0x10
[   68.387017][ T5314]  ? __pfx_hfs_extend_file+0x10/0x10
[   68.387026][ T5314]  ? trace_contention_end+0x39/0x120
[   68.387036][ T5314]  ? __mutex_lock+0x330/0xe80
[   68.387048][ T5314]  ? hfs_find_init+0x165/0x1e0
[   68.387056][ T5314]  ? __pfx___mutex_lock+0x10/0x10
[   68.387064][ T5314]  hfs_bmap_reserve+0x107/0x430
[   68.387075][ T5314]  hfs_cat_create+0x1b3/0x640
[   68.387084][ T5314]  ? do_raw_spin_lock+0x121/0x290
[   68.387090][ T5314]  ? __pfx_hfs_cat_create+0x10/0x10
[   68.387101][ T5314]  ? _raw_spin_unlock+0x28/0x50
[   68.387106][ T5314]  ? hfs_new_inode+0x7c9/0xba0
[   68.387113][ T5314]  hfs_create+0x66/0xe0
[   68.387118][ T5314]  ? __pfx_hfs_create+0x10/0x10
[   68.387123][ T5314]  path_openat+0x14f1/0x3830
[   68.387129][ T5314]  ? arch_stack_walk+0xfc/0x150
[   68.387146][ T5314]  ? __pfx_path_openat+0x10/0x10
[   68.387154][ T5314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.387166][ T5314]  do_filp_open+0x1fa/0x410
[   68.387176][ T5314]  ? __pfx_do_filp_open+0x10/0x10
[   68.387190][ T5314]  ? _raw_spin_unlock+0x28/0x50
[   68.387199][ T5314]  ? alloc_fd+0x64c/0x6c0
[   68.387212][ T5314]  do_sys_openat2+0x121/0x1c0
[   68.387225][ T5314]  ? __pfx_do_sys_openat2+0x10/0x10
[   68.387234][ T5314]  ? rcu_is_watching+0x15/0xb0
[   68.387244][ T5314]  __x64_sys_openat+0x138/0x170
[   68.387253][ T5314]  do_syscall_64+0xf6/0x210
[   68.387261][ T5314]  ? clear_bhb_loop+0x45/0xa0
[   68.387267][ T5314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.387273][ T5314] RIP: 0033:0x7fa17558e969
[   68.387281][ T5314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.387286][ T5314] RSP: 002b:00007fa1719f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   68.387294][ T5314] RAX: ffffffffffffffda RBX: 00007fa1757b6080 RCX: 00007fa17558e969
[   68.387299][ T5314] RDX: 0000000000008040 RSI: 0000200000000080 RDI: ffffffffffffff9c
[   68.387304][ T5314] RBP: 00007fa175610ab1 R08: 0000000000000000 R09: 0000000000000000
[   68.387308][ T5314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.387312][ T5314] R13: 0000000000000000 R14: 00007fa1757b6080 R15: 00007ffc7a02a658
[   68.387320][ T5314]  </TASK>
[   68.848458][ T5313] hfs: request for non-existent node 8 in B*Tree
[   68.851121][ T5313] hfs: request for non-existent node 8 in B*Tree