program:
syz_mount_image$hfs(&(0x7f00000007c0), &(0x7f0000000280)='./file1\x00', 0x30008c0, &(0x7f0000000800)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030373737372c6469725f756d61736b3d30303030303030303030303030303030303030303030302c696f636861727365743d69736f383835392d362c636f6465706167653d63703835352c63726561746f723d4ddd71752c00eeabc72a9832436950c6116498dda8be60a94746ea68766f63d1d63944fbda2a9337439b37b6f2a694ba98f40070d09c3890bd28a2018f1adfe1e0a630020a9cac1a43800a70a9328ddb2a2f2e207da7cd3caf243b39eaff4966b7aa97cb6cc7d2cfc59e7a976de0a00d23c7ffaaa056cc4f8bc7b4c0f9a21db642b3e832e30a90ba1b9e7933b77c60f6a1b9ca9128f0a2d0e23373c9d15c79865bae97ddd82b98001b6aa9c5390e4deaf5f0ee492c6842b1c08486e479a889491459a257e9d4083634dac6cd58520f72e6c2f11bbd5b03655bb1863b16f3"], 0x11, 0x2fe, &(0x7f00000004c0)="$eJzs3U1rE0EcBvBndtNma0tdbUXwIFIN2ItovYiXSMmH8CRqk0JxqagtvuChiicRe/fu0aufQbwogud68iSe60FG5iXZl+xuEsnuJvr8oGGzszP7n8zOzkygWRDRf2u9dfD28nf1JwAXLvDyKuAA8IAagBM46e1u72ztBJ12XkEuTtdNLgGTU/Qds7HdScvqweawfPWuhoXoPiqGlPLat6qDoMrp3i/d+M4z+k5Qt71TJ3oVxZfl2ehZfs4B2CsimImS31LiEId4hMXSwiEiookkzPju2HF+wc7fHQdo2MFEz8Ynbfz/W4dVB1A4mZsaGf91u0qh2v2oTgrXe3oJp9Kd7ioxrax3ifczifezMFdWbHYpBq0qdSzO3OZW0LmwcTdoO3iOphU5bFm/ts2l25UXLYCVlLVpjl5pc5mHiPQZ5byuw4yqw5qJ/yGAWPxLuWcsgPgoPosbwscbtHvzv5oUqpl0S/mJljLxX8wuUdfSV0fB3jaazaYTO+SYPskpewZrQC09uFlnnLVlxr4g8AfFqXMdT+Qytbs0INdSaq41vb0KJyPXciyXqs3mVvAh+1SlEK/FdbGCH3iPVmT+76j4GsjtmWGvEQ0zFOhPXPXOeMtG1Bo2RY8cu18Pnpr9/d2l9ynWs0L/lX9PoxG8wm1cweKDx0/uuEHQua82bgXqctUbvT33FuxG0Jl5AUSTJmUDe+GeOqTWd3B3UCozsNWxFqjuHylJqmOFe1QvK7xe6j4wAe1e3Ubr03gupO60IZb0W0pZYnX2bcdIJlV3a6LyhI0+3PEpUx2abqpJhVn/heuVmpnsqRc/dZ4+5BcBtkSp5ti9FVyYV5oZOYAjI63g5rNXcP1rrr41o15znT0PnBv+jL6N8x8hWviCm/z+n4iIiIiIiIiIiIiIiIiIiIiIiIho2pTx/xJV15GIiIiIiIiIiIiIiIiIiIiIiIiIiIiIaNqtezC/e43u838x3PN/k49icc1Pgo/l+b/72+Dzf4mK9ycAAP//m053Mg==")
r0 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)
ftruncate(r0, 0x2008002)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000240)={0x48, 0x1, r2, 0x0, 0x0, 0x2})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x1, r2, 0x0, 0xfffffffffffffffe, 0x2})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000340)={0x28, 0x6, r2, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2b8000000000000})
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0e0000"], 0x14}, 0x1, 0x620b}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x1, r2, 0x0, &(0x7f0000000000), 0x0, 0x3ff})
creat(&(0x7f0000000040)='./file0\x00', 0x4b)
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000006000000000000000000000d03000000000000000000000604000000140000000000001202000000000000005f00d69dadab142cbd7eca9f7c373cd2fd"], 0x0, 0x42}, 0x28)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000050000000026000400"}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "f5000000000000000000000200000000000000000000000000008879e66485201a0015ca837400"/55}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)

[   75.232449][ T5335] Bluetooth: hci0: command tx timeout
[   75.258000][ T5355] loop0: detected capacity change from 0 to 64
[   75.301428][ T5355] =======================================================
[   75.301428][ T5355] WARNING: The mand mount option has been deprecated and
[   75.301428][ T5355]          and is ignored by this kernel. Remove the mand
[   75.301428][ T5355]          option from the mount to silence this warning.
[   75.301428][ T5355] =======================================================
[   75.345596][ T5355] hfs: unable to locate alternate MDB
[   75.347891][ T5355] hfs: continuing without an alternate MDB
[   75.391800][   T25] audit: type=1800 audit(1756661919.716:2): pid=5355 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=21 res=0 errno=0
[   75.439941][ T5356] Bluetooth: MGMT ver 1.23
[   75.448331][ T5356] Bluetooth: hci0: invalid length 0, exp 2 for type 14
[   75.513213][ T5355] 
[   75.514276][ T5355] ============================================
[   75.516875][ T5355] WARNING: possible recursive locking detected
[   75.519568][ T5355] syzkaller #0 Not tainted
[   75.521570][ T5355] --------------------------------------------
[   75.524316][ T5355] syz.0.0/5355 is trying to acquire lock:
[   75.526894][ T5355] ffff8880358a20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200
[   75.531096][ T5355] 
[   75.531096][ T5355] but task is already holding lock:
[   75.533885][ T5355] ffff8880358a20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200
[   75.537676][ T5355] 
[   75.537676][ T5355] other info that might help us debug this:
[   75.541103][ T5355]  Possible unsafe locking scenario:
[   75.541103][ T5355] 
[   75.543951][ T5355]        CPU0
[   75.545372][ T5355]        ----
[   75.546772][ T5355]   lock(&tree->tree_lock/1);
[   75.548875][ T5355]   lock(&tree->tree_lock/1);
[   75.550990][ T5355] 
[   75.550990][ T5355]  *** DEADLOCK ***
[   75.550990][ T5355] 
[   75.554306][ T5355]  May be due to missing lock nesting notation
[   75.554306][ T5355] 
[   75.557686][ T5355] 5 locks held by syz.0.0/5355:
[   75.559741][ T5355]  #0: ffff888035f7e428 (sb_writers#12){.+.+}-{0:0}, at: do_ftruncate+0x42a/0x540
[   75.563967][ T5355]  #1: ffff888043a69620 (&sb->s_type->i_mutex_key#20){+.+.}-{4:4}, at: do_truncate+0x171/0x220
[   75.568334][ T5355]  #2: ffff888043a69478 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230
[   75.572805][ T5355]  #3: ffff8880358a20b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200
[   75.576805][ T5355]  #4: ffff888043a680f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230
[   75.581409][ T5355] 
[   75.581409][ T5355] stack backtrace:
[   75.584331][ T5355] CPU: 0 UID: 0 PID: 5355 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.584349][ T5355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.584357][ T5355] Call Trace:
[   75.584365][ T5355]  <TASK>
[   75.584370][ T5355]  dump_stack_lvl+0x189/0x250
[   75.584390][ T5355]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.584404][ T5355]  ? __pfx__printk+0x10/0x10
[   75.584420][ T5355]  ? print_lock_name+0xde/0x100
[   75.584434][ T5355]  print_deadlock_bug+0x28b/0x2a0
[   75.584447][ T5355]  validate_chain+0x1a3f/0x2140
[   75.584458][ T5355]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.584516][ T5355]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   75.584535][ T5355]  __lock_acquire+0xab9/0xd20
[   75.584551][ T5355]  ? hfs_find_init+0x184/0x200
[   75.584561][ T5355]  lock_acquire+0x120/0x360
[   75.584576][ T5355]  ? hfs_find_init+0x184/0x200
[   75.584587][ T5355]  ? cont_write_begin+0x2fd/0xb50
[   75.584597][ T5355]  ? hfs_file_truncate+0x190/0x9c0
[   75.584610][ T5355]  ? notify_change+0xb36/0xe40
[   75.584622][ T5355]  __mutex_lock+0x187/0x1350
[   75.584637][ T5355]  ? hfs_find_init+0x184/0x200
[   75.584650][ T5355]  ? hfs_find_init+0x184/0x200
[   75.584661][ T5355]  ? __pfx___mutex_lock+0x10/0x10
[   75.584678][ T5355]  ? rcu_is_watching+0x15/0xb0
[   75.584688][ T5355]  ? __kmalloc_noprof+0x29b/0x4f0
[   75.584701][ T5355]  ? hfs_find_init+0xaa/0x200
[   75.584711][ T5355]  hfs_find_init+0x184/0x200
[   75.584723][ T5355]  hfs_extend_file+0x2ee/0x1230
[   75.584762][ T5355]  ? __pfx_hfs_extend_file+0x10/0x10
[   75.584777][ T5355]  ? __pfx___mutex_trylock_common+0x10/0x10
[   75.584789][ T5355]  ? notify_change+0xb36/0xe40
[   75.584799][ T5355]  ? do_ftruncate+0x489/0x540
[   75.584813][ T5355]  ? rcu_is_watching+0x15/0xb0
[   75.584824][ T5355]  ? __mutex_lock+0x335/0x1350
[   75.584838][ T5355]  ? hfs_brec_find+0x18e/0x500
[   75.584849][ T5355]  hfs_bmap_reserve+0x107/0x430
[   75.584865][ T5355]  __hfs_ext_write_extent+0x1fa/0x470
[   75.584880][ T5355]  __hfs_ext_cache_extent+0x6b/0x9b0
[   75.584893][ T5355]  ? hfs_find_init+0x184/0x200
[   75.584903][ T5355]  hfs_extend_file+0x316/0x1230
[   75.584914][ T5355]  ? __pfx_filemap_get_folios_tag+0x10/0x10
[   75.584933][ T5355]  ? __pfx_hfs_extend_file+0x10/0x10
[   75.584947][ T5355]  ? clean_bdev_aliases+0x5c9/0x6b0
[   75.584966][ T5355]  ? __pfx_clean_bdev_aliases+0x10/0x10
[   75.584995][ T5355]  hfs_get_block+0x3d7/0xbd0
[   75.585015][ T5355]  ? __pfx_hfs_get_block+0x10/0x10
[   75.585030][ T5355]  ? do_raw_spin_unlock+0x4d/0x240
[   75.585045][ T5355]  ? _raw_spin_unlock+0x28/0x50
[   75.585061][ T5355]  __block_write_begin_int+0x6b5/0x1900
[   75.585074][ T5355]  ? folio_add_lru+0x1b2/0x3d0
[   75.585090][ T5355]  ? __pfx_hfs_get_block+0x10/0x10
[   75.585104][ T5355]  ? __pfx___block_write_begin_int+0x10/0x10
[   75.585116][ T5355]  cont_write_begin+0x789/0xb50
[   75.585129][ T5355]  ? __pfx_cont_write_begin+0x10/0x10
[   75.585140][ T5355]  ? folio_unlock+0x101/0x160
[   75.585154][ T5355]  hfs_write_begin+0x66/0xb0
[   75.585167][ T5355]  ? __pfx_hfs_get_block+0x10/0x10
[   75.585181][ T5355]  cont_write_begin+0x2fd/0xb50
[   75.585194][ T5355]  ? __pfx_cont_write_begin+0x10/0x10
[   75.585206][ T5355]  hfs_write_begin+0x66/0xb0
[   75.585219][ T5355]  ? __pfx_hfs_get_block+0x10/0x10
[   75.585233][ T5355]  hfs_file_truncate+0x190/0x9c0
[   75.585247][ T5355]  ? __up_read+0x280/0x680
[   75.585259][ T5355]  ? __pfx___up_read+0x10/0x10
[   75.585271][ T5355]  ? __pfx_hfs_file_truncate+0x10/0x10
[   75.585285][ T5355]  ? unmap_mapping_range+0xde/0x170
[   75.585297][ T5355]  ? __pfx_unmap_mapping_range+0x10/0x10
[   75.585307][ T5355]  ? pagecache_isize_extended+0x11a/0x4f0
[   75.585326][ T5355]  ? truncate_setsize+0xcf/0xf0
[   75.585338][ T5355]  hfs_inode_setattr+0x4a9/0x670
[   75.585355][ T5355]  ? try_break_deleg+0x79/0x130
[   75.585366][ T5355]  ? __pfx_hfs_inode_setattr+0x10/0x10
[   75.585380][ T5355]  notify_change+0xb36/0xe40
[   75.585395][ T5355]  do_truncate+0x1a4/0x220
[   75.585409][ T5355]  ? __pfx_do_truncate+0x10/0x10
[   75.585426][ T5355]  do_ftruncate+0x489/0x540
[   75.585440][ T5355]  ? __pfx_do_ftruncate+0x10/0x10
[   75.585450][ T5355]  ? __fget_files+0x2a/0x420
[   75.585460][ T5355]  __x64_sys_ftruncate+0x92/0xf0
[   75.585471][ T5355]  do_syscall_64+0xfa/0x3b0
[   75.585487][ T5355]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.585500][ T5355]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.585511][ T5355]  ? clear_bhb_loop+0x60/0xb0
[   75.585531][ T5355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.585542][ T5355] RIP: 0033:0x7f5eb3f8ebe9
[   75.585554][ T5355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.585565][ T5355] RSP: 002b:00007f5eb4e32038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[   75.585578][ T5355] RAX: ffffffffffffffda RBX: 00007f5eb41c5fa0 RCX: 00007f5eb3f8ebe9
[   75.585587][ T5355] RDX: 0000000000000000 RSI: 0000000002008002 RDI: 0000000000000004
[   75.585594][ T5355] RBP: 00007f5eb4011e19 R08: 0000000000000000 R09: 0000000000000000
[   75.585601][ T5355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.585608][ T5355] R13: 00007f5eb41c6038 R14: 00007f5eb41c5fa0 R15: 00007ffc55a14278
[   75.585619][ T5355]  </TASK>
[   76.502266][ T1317] ieee802154 phy0 wpan0: encryption failed: -22
[   76.505281][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[   77.301009][ T5335] Bluetooth: hci0: command tx timeout
[   79.381744][ T5335] Bluetooth: hci0: command tx timeout
[   81.461047][ T5335] Bluetooth: hci0: command tx timeout