program:
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4c2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x201, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x40000002, 0x0, 0x3}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61)
r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r4, 0x2007ffc)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x48a, &(0x7f0000000400)="$eJzs3MtvFVUYAPBvpi1vaEVEQdAqGomPlhZUFi7UaOJCExNd4LK2BZELNbQmQhqtxuDSkLg3Lo3+Be7cGHVhTNxqwtKQEG1MKK5q5kXL7W3p+0rv75fc3nPmcc/5ZubMPTOncwNoWd3ZnyRiR0T8HhGdRfbWBbqLt6nJ8cEbk+ODSUxPv/FXki93fXJ8sFq0Wm97mTmcRqSfJvF8Mrfc0QsXzwzUasPny3zv2Nn3ekcvXHzq9NmBU8Onhs/1Hz9+7Gjfs8/0P70qcWZxXd//4ciBfa+8dfm1wROX3/7p26xaew8W82fHcVs3GgTUQHe21f6eztXPe3QJdb8T7JyVTtqbWBGWpC0ist3Vkbf/zmiLmZ3XGS9/0tTKAWsq+27aPP/siWlgA0ui2TUAmqP6os+uf6vXOnU9/heuvRCxqUxPTY4PTt2Mvz3ScnrHGpbfHREnJv79MnvFUu9DAAAsQ963ebJR/y+Nvfl7MdaxqxxD6YqIuyJid0TcHRF7IuKeiHzZeyPivmLl6c5Flt9dl5/b/0mvNqzzKsn6f8/N6vtNzYq/fOtqK3M78/g7kpOna8NHym1yODo2Z/m+Bcr4/qXfPp9v3uz+X/bKyq/6gmUFrrbX3aAbGhgbWK2NcO3jiP3tjeJPbo4EZEfAvojYv7SP3lUlTj/+9YH5Frp9/AtYhXGm6a8iHiv2/0TUxV9JFh6f7N0SteEjvdVRMdfPv156fb7yVxT/Ksj2/7Zbj/+6JTr/SYrx2o6o1YbPjy69jEt/fDbvNc1yj/9NyZv5mPUv7xTTPhgYGzvfF7EpeTXPV9d0+fT+mXWrfLV8Fv/hQ43b/+5ynSz++yMiO4gPRsQDEfFgWfeHIuLhiDi0QPw/vvjIuwvEn0QSTd3/Qw3PfzeP/65k9nj9MhJtZ374br4R88Xt/2MxkZ9rC/n57zYWW8EVbj4AAAC4I6QRsSOStKdId++INO3pKf6Hf09sS2sjo2NPnBx5/9xQ8YxAV3Sk1Z2uzln3Q/uSifITi3x/ea+4mn+0vG/8RdvWPN8zOFIbanLs0Oq239r+o2r/mT/bml07YM15XgtaV337T5tUD2D9Leb737UAbEwN2v/WZtQDWH+u/6F1NWr/H9Xl9f9hY5rb/q80+Mk6YCPS/4fWpf1D69L+oSWt5Ln+5SeqhwWW/zlbFv2Ef6skql+8WMuytsbMlEibHnILJbIWs76FzvyGyoxvrqzv2QkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDl/gsAAP//joboZg==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r5 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)={0x509c80, 0x0, 0x26}, 0x17)
r6 = io_uring_setup(0x3eaf, &(0x7f0000000100))
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x22, 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @adiantum, 0x0, @desc1})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000080), 0x812014, &(0x7f0000000040))
chdir(&(0x7f00000003c0)='./bus\x00')
r7 = open(&(0x7f0000000200)='./bus\x00', 0x20e042, 0x14a)
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000280)={'ip6tnl0\x00', 0x100})
creat(&(0x7f0000026240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x3)
getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f00000002c0)=0xf98, &(0x7f0000000380)=0x4)

[   74.607713][ T4703] Bluetooth: hci0: command tx timeout
[   74.644421][ T5355] loop0: detected capacity change from 0 to 64
[   74.681730][ T5355] =======================================================
[   74.681730][ T5355] WARNING: The mand mount option has been deprecated and
[   74.681730][ T5355]          and is ignored by this kernel. Remove the mand
[   74.681730][ T5355]          option from the mount to silence this warning.
[   74.681730][ T5355] =======================================================
[   75.595291][ T5355] hfs: request for non-existent node 8 in B*Tree
[   75.598331][ T5355] hfs: request for non-existent node 8 in B*Tree
[   75.687526][ T5355] 
[   75.688698][ T5355] ======================================================
[   75.691608][ T5355] WARNING: possible circular locking dependency detected
[   75.694416][ T5355] syzkaller #0 Not tainted
[   75.696337][ T5355] ------------------------------------------------------
[   75.699363][ T5355] syz.0.0/5355 is trying to acquire lock:
[   75.701822][ T5355] ffff8880420920b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200
[   75.705751][ T5355] 
[   75.705751][ T5355] but task is already holding lock:
[   75.708806][ T5355] ffff8880339a8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230
[   75.713425][ T5355] 
[   75.713425][ T5355] which lock already depends on the new lock.
[   75.713425][ T5355] 
[   75.717797][ T5355] 
[   75.717797][ T5355] the existing dependency chain (in reverse order) is:
[   75.721545][ T5355] 
[   75.721545][ T5355] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}:
[   75.725413][ T5355]        lock_acquire+0x120/0x360
[   75.727581][ T5355]        __mutex_lock+0x187/0x1350
[   75.729915][ T5355]        hfs_extend_file+0xda/0x1230
[   75.732194][ T5355]        hfs_bmap_reserve+0x107/0x430
[   75.734421][ T5355]        __hfs_ext_write_extent+0x1fa/0x470
[   75.737012][ T5355]        __hfs_ext_cache_extent+0x6b/0x9b0
[   75.739487][ T5355]        hfs_extend_file+0x316/0x1230
[   75.741795][ T5355]        hfs_get_block+0x3d7/0xbd0
[   75.744015][ T5355]        __block_write_begin_int+0x6b5/0x1900
[   75.746732][ T5355]        cont_write_begin+0x789/0xb50
[   75.749105][ T5355]        hfs_write_begin+0x66/0xb0
[   75.751274][ T5355]        cont_write_begin+0x2fd/0xb50
[   75.753687][ T5355]        hfs_write_begin+0x66/0xb0
[   75.755934][ T5355]        hfs_file_truncate+0x190/0x9c0
[   75.758438][ T5355]        hfs_inode_setattr+0x4a9/0x670
[   75.760708][ T5355]        notify_change+0xb36/0xe40
[   75.762808][ T5355]        do_truncate+0x1a4/0x220
[   75.764973][ T5355]        do_ftruncate+0x489/0x540
[   75.767106][ T5355]        __x64_sys_ftruncate+0x92/0xf0
[   75.769972][ T5355]        do_syscall_64+0xfa/0x3b0
[   75.772134][ T5355]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.774816][ T5355] 
[   75.774816][ T5355] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[   75.778304][ T5355]        validate_chain+0xb9b/0x2140
[   75.780510][ T5355]        __lock_acquire+0xab9/0xd20
[   75.782613][ T5355]        lock_acquire+0x120/0x360
[   75.784551][ T5355]        __mutex_lock+0x187/0x1350
[   75.786629][ T5355]        hfs_find_init+0x184/0x200
[   75.788681][ T5355]        hfs_extend_file+0x2ee/0x1230
[   75.790820][ T5355]        hfs_bmap_reserve+0x107/0x430
[   75.792972][ T5355]        hfs_cat_create+0x1b3/0x640
[   75.794966][ T5355]        hfs_create+0x66/0xe0
[   75.796865][ T5355]        path_openat+0x14f1/0x3830
[   75.799036][ T5355]        do_filp_open+0x1fa/0x410
[   75.801107][ T5355]        do_sys_openat2+0x121/0x1c0
[   75.803318][ T5355]        __x64_sys_creat+0x8f/0xc0
[   75.805433][ T5355]        do_syscall_64+0xfa/0x3b0
[   75.807524][ T5355]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.810157][ T5355] 
[   75.810157][ T5355] other info that might help us debug this:
[   75.810157][ T5355] 
[   75.814180][ T5355]  Possible unsafe locking scenario:
[   75.814180][ T5355] 
[   75.817192][ T5355]        CPU0                    CPU1
[   75.819372][ T5355]        ----                    ----
[   75.821655][ T5355]   lock(&HFS_I(tree->inode)->extents_lock);
[   75.824130][ T5355]                                lock(&tree->tree_lock/1);
[   75.827097][ T5355]                                lock(&HFS_I(tree->inode)->extents_lock);
[   75.830587][ T5355]   lock(&tree->tree_lock/1);
[   75.832484][ T5355] 
[   75.832484][ T5355]  *** DEADLOCK ***
[   75.832484][ T5355] 
[   75.835839][ T5355] 4 locks held by syz.0.0/5355:
[   75.837834][ T5355]  #0: ffff88803350e428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   75.841621][ T5355]  #1: ffff8880339a8fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0x8da/0x3830
[   75.846190][ T5355]  #2: ffff8880420900b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200
[   75.850278][ T5355]  #3: ffff8880339a8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230
[   75.855107][ T5355] 
[   75.855107][ T5355] stack backtrace:
[   75.858129][ T5355] CPU: 0 UID: 0 PID: 5355 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.858147][ T5355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.858154][ T5355] Call Trace:
[   75.858162][ T5355]  <TASK>
[   75.858168][ T5355]  dump_stack_lvl+0x189/0x250
[   75.858186][ T5355]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.858201][ T5355]  ? __pfx__printk+0x10/0x10
[   75.858217][ T5355]  ? print_lock_name+0xde/0x100
[   75.858233][ T5355]  print_circular_bug+0x2ee/0x310
[   75.858247][ T5355]  check_noncircular+0x134/0x160
[   75.858261][ T5355]  validate_chain+0xb9b/0x2140
[   75.858273][ T5355]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.858287][ T5355]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.858306][ T5355]  __lock_acquire+0xab9/0xd20
[   75.858324][ T5355]  ? hfs_find_init+0x184/0x200
[   75.858335][ T5355]  lock_acquire+0x120/0x360
[   75.858350][ T5355]  ? hfs_find_init+0x184/0x200
[   75.858360][ T5355]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.858372][ T5355]  __mutex_lock+0x187/0x1350
[   75.858389][ T5355]  ? hfs_find_init+0x184/0x200
[   75.858402][ T5355]  ? hfs_find_init+0x184/0x200
[   75.858412][ T5355]  ? __pfx___mutex_lock+0x10/0x10
[   75.858428][ T5355]  ? rcu_is_watching+0x15/0xb0
[   75.858439][ T5355]  ? __kmalloc_noprof+0x29b/0x4f0
[   75.858451][ T5355]  ? hfs_find_init+0xaa/0x200
[   75.858462][ T5355]  hfs_find_init+0x184/0x200
[   75.858474][ T5355]  hfs_extend_file+0x2ee/0x1230
[   75.858490][ T5355]  ? __pfx_hfs_extend_file+0x10/0x10
[   75.858503][ T5355]  ? __mutex_lock+0x335/0x1350
[   75.858519][ T5355]  ? __pfx___mutex_lock+0x10/0x10
[   75.858535][ T5355]  hfs_bmap_reserve+0x107/0x430
[   75.858551][ T5355]  hfs_cat_create+0x1b3/0x640
[   75.858564][ T5355]  ? do_raw_spin_lock+0x121/0x290
[   75.858577][ T5355]  ? __pfx_hfs_cat_create+0x10/0x10
[   75.858594][ T5355]  ? _raw_spin_unlock+0x28/0x50
[   75.858606][ T5355]  ? hfs_new_inode+0x7c9/0xba0
[   75.858620][ T5355]  hfs_create+0x66/0xe0
[   75.858631][ T5355]  ? __pfx_hfs_create+0x10/0x10
[   75.858644][ T5355]  path_openat+0x14f1/0x3830
[   75.858663][ T5355]  ? __pfx_path_openat+0x10/0x10
[   75.858673][ T5355]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.858685][ T5355]  do_filp_open+0x1fa/0x410
[   75.858692][ T5355]  ? __lock_acquire+0xab9/0xd20
[   75.858702][ T5355]  ? __pfx_do_filp_open+0x10/0x10
[   75.858711][ T5355]  ? _raw_spin_unlock+0x28/0x50
[   75.858719][ T5355]  ? alloc_fd+0x64c/0x6c0
[   75.858729][ T5355]  do_sys_openat2+0x121/0x1c0
[   75.858739][ T5355]  ? __pfx_do_sys_openat2+0x10/0x10
[   75.858761][ T5355]  ? rcu_is_watching+0x15/0xb0
[   75.858772][ T5355]  __x64_sys_creat+0x8f/0xc0
[   75.858783][ T5355]  do_syscall_64+0xfa/0x3b0
[   75.858800][ T5355]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.858815][ T5355]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.858824][ T5355]  ? clear_bhb_loop+0x60/0xb0
[   75.858836][ T5355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.858847][ T5355] RIP: 0033:0x7fceb878ebe9
[   75.858858][ T5355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.858867][ T5355] RSP: 002b:00007fceb957b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[   75.858881][ T5355] RAX: ffffffffffffffda RBX: 00007fceb89c5fa0 RCX: 00007fceb878ebe9
[   75.858890][ T5355] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000026240
[   75.858898][ T5355] RBP: 00007fceb8811e19 R08: 0000000000000000 R09: 0000000000000000
[   75.858905][ T5355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.858912][ T5355] R13: 00007fceb89c6038 R14: 00007fceb89c5fa0 R15: 00007ffe2b144948
[   75.858923][ T5355]  </TASK>