program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) (async, rerun: 64)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) (rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2}, 0x18) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) (async)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000000640)=0xffffffffffffffff)
gettid() (async, rerun: 64)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000340)="db5a71bafb86667eabfc5daa22052f1b505d4f429ea1ce3730147ed30d5f749296ffa7cdbdd32e2ccf88c2562b1eb27a6583dd8d7e8935a0710dbb701379c8393496dfeead2faf4823233da3660db08f829aefb8b31bfaf8ea8efb4604693d06630c85bbbf5dae07fd4b22ab48f9cfa8656f194b09f887cba19b8990ed8f8b31652b086ec1af07a5b4f4afd99001e2fab8e926fe9a5a462beab56fa0e58906cb1de3ec90ddc064dba37231ef591bf9897990983dcf32fe", &(0x7f0000000580)="0a2e4c5bb6bd7c9552d33243cb095d021073f866424aebfbc573cf2fa6fb513eec4f0902063845581fa141bfb080b6aa71d05c3f5b2e0aecc51239d7ab1632aad503d25540153cbee36ee9ba82f70487b4e04cf1ba2d03afabc580d70231"}}, &(0x7f0000bbdffc)) (rerun: 64)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000000)={<r6=>0xffffffffffffffff})
read$FUSE(r6, &(0x7f000000b800)={0x2020, 0x0, 0x0, 0x0, <r7=>0x0}, 0xe80) (async)
close(r0) (async)
r8 = fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095", @ANYRES32=r7, @ANYRESHEX=0x0, @ANYRES32=r1], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r9}, 0x10) (async, rerun: 64)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (rerun: 64)
listen(r0, 0x9) (async)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_mount_image$hfs(&(0x7f0000000240), &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc10, &(0x7f0000002000)=ANY=[], 0x3, 0x314, &(0x7f0000000980)="$eJzs3b1rFE0cB/Dv7N4llychz+ZFApZRQSxEYyM2Ebm/QSxUjLkTwi0XyAsYGw9rEUu1s7CzFhtL+6C1aCUW9rlCWJm3u403u3vv68XvB+5c92Zmf7MvszMLmwER/bNulL++ufJdfgTgwwdwDfAAlIACgFNYKe3XAYFqJa0gX+WQHwGdU3Sk2axXXVllPpXDlBPI/xUw11o3M3g9yS2KoujbZz89zf9jC4dyoq7+qPM88IBpc3WqH0t5BDcCjbwDyJlooomHmM87DiIiype8/xd1x1/e5+dM/93zgHPmtj9h9//0XmtzfIH8lWL3fzXKioQ8vmqXidJ+fW9rL6xW9BBO/u7ZUWJKiX+u+GUXpqA7ksd6l7GtuKlYvJkHW2H14uZ2WPHwBOtGLNmy+q7oU9fKiHbVMTZNkV33JKrGXlHWYS0h/qWet1jsPY64o0gcirsiwCtUWv2/QqT2iDpSgR2EGzr+S2r5pmvjs/JLCJUqoZYLaiOnzRbw/m1mLWVT4zufItg4F+yp+1ivDGycz6fcBarVi+1HDbHaXU6IweZacuZay8i13M71w7ac5mxOztm/hGpb2xf0v8/ELbGKn3iHcqz/78m9LZt6CHudpgQpVEpzZqTWp6BSBl2E73WRhrqX3k48xX1cxfzuwaPaRhhWd7pd+PClh8TDWnj5Wi/4g5Rja97xUwGDRhhN66JHtRP6jFA2OT3ksifMqI8pgIZZY49JYmLbprnKEZ2HclIW4KwO0H05PqZRs23m0AIze7tR2wj1krujxAfyJ0WseVy5nZ08GkdMNFayDRF6/Kd68rpXd139Ji//QPXTi3D10zPPB1XiizuHevgQGxu0O6uL6vu/nkZws8kjuFgdUsdcZ84DZ1O2+PF4sYGJ84QQZXzCPT7/JyIiIiIiIiIiIiIiIiIiIiIiIiKaNJkvBhxFO7sH5vWWPt8MybmKREREREREREREREREREREREREREREREQTL23+XzVHpp7/N3GmJvtmQPL8v7G/6p09/++6LKhj/t/WFohomH4HAAD//7OKaOM=")
open(&(0x7f00000000c0)='./bus\x00', 0x68042, 0x62)
r11 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r11, 0x2007ffb)
connect$inet(r10, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) (async)
r12 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0)

[   74.206619][ T4668] Bluetooth: hci0: command tx timeout
[   74.349268][ T5320] loop0: detected capacity change from 0 to 64
[   74.399439][ T5320] 
[   74.400537][ T5320] ============================================
[   74.403045][ T5320] WARNING: possible recursive locking detected
[   74.405666][ T5320] syzkaller #0 Not tainted
[   74.407595][ T5320] --------------------------------------------
[   74.410277][ T5320] syz.0.0/5320 is trying to acquire lock:
[   74.412710][ T5320] ffff8880435ec0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   74.416766][ T5320] 
[   74.416766][ T5320] but task is already holding lock:
[   74.419896][ T5320] ffff8880435ec0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   74.423908][ T5320] 
[   74.423908][ T5320] other info that might help us debug this:
[   74.427130][ T5320]  Possible unsafe locking scenario:
[   74.427130][ T5320] 
[   74.430033][ T5320]        CPU0
[   74.431472][ T5320]        ----
[   74.433017][ T5320]   lock(&tree->tree_lock/1);
[   74.435117][ T5320]   lock(&tree->tree_lock/1);
[   74.437180][ T5320] 
[   74.437180][ T5320]  *** DEADLOCK ***
[   74.437180][ T5320] 
[   74.440947][ T5320]  May be due to missing lock nesting notation
[   74.440947][ T5320] 
[   74.445032][ T5320] 5 locks held by syz.0.0/5320:
[   74.447157][ T5320]  #0: ffff888012a18420 (sb_writers#12){.+.+}-{0:0}, at: do_ftruncate+0x47c/0x5c0
[   74.451090][ T5320]  #1: ffff888038b59620 (&sb->s_type->i_mutex_key#24){+.+.}-{4:4}, at: do_truncate+0x18f/0x250
[   74.455578][ T5320]  #2: ffff888038b59478 (&HFS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0
[   74.459815][ T5320]  #3: ffff8880435ec0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   74.463943][ T5320]  #4: ffff888038b580f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xf2/0x15e0
[   74.468584][ T5320] 
[   74.468584][ T5320] stack backtrace:
[   74.470995][ T5320] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   74.471011][ T5320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   74.471032][ T5320] Call Trace:
[   74.471037][ T5320]  <TASK>
[   74.471055][ T5320]  dump_stack_lvl+0xe8/0x150
[   74.471086][ T5320]  print_deadlock_bug+0x279/0x290
[   74.471099][ T5320]  __lock_acquire+0x253f/0x2cf0
[   74.471114][ T5320]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   74.471191][ T5320]  ? lockdep_hardirqs_on+0x7a/0x110
[   74.471201][ T5320]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   74.471216][ T5320]  ? stack_depot_save_flags+0x3f3/0x810
[   74.471252][ T5320]  ? hfs_find_init+0x18e/0x300
[   74.471262][ T5320]  lock_acquire+0x106/0x330
[   74.471276][ T5320]  ? hfs_find_init+0x18e/0x300
[   74.471291][ T5320]  __mutex_lock+0x19f/0x1300
[   74.471302][ T5320]  ? hfs_find_init+0x18e/0x300
[   74.471318][ T5320]  ? hfs_find_init+0x18e/0x300
[   74.471333][ T5320]  ? __pfx___mutex_lock+0x10/0x10
[   74.471344][ T5320]  ? rcu_is_watching+0x15/0xb0
[   74.471355][ T5320]  ? trace_kmalloc+0x1f/0xb0
[   74.471368][ T5320]  ? __kmalloc_noprof+0x42d/0x7e0
[   74.471376][ T5320]  ? hfs_find_init+0xaa/0x300
[   74.471386][ T5320]  hfs_find_init+0x18e/0x300
[   74.471396][ T5320]  hfs_extend_file+0x35c/0x15e0
[   74.471406][ T5320]  ? __pfx_hfs_extend_file+0x10/0x10
[   74.471413][ T5320]  ? __pfx___mutex_trylock_common+0x10/0x10
[   74.471422][ T5320]  ? rcu_is_watching+0x15/0xb0
[   74.471433][ T5320]  ? __asan_memset+0x22/0x50
[   74.471445][ T5320]  ? hfs_brec_find+0x19a/0x510
[   74.471460][ T5320]  hfs_bmap_reserve+0x107/0x430
[   74.471473][ T5320]  __hfs_ext_write_extent+0x1fa/0x470
[   74.471486][ T5320]  __hfs_ext_cache_extent+0x6b/0x9b0
[   74.471498][ T5320]  ? hfs_find_init+0x18e/0x300
[   74.471512][ T5320]  hfs_extend_file+0x39b/0x15e0
[   74.471522][ T5320]  ? percpu_ref_get_many+0x19/0x140
[   74.471537][ T5320]  ? __pfx_hfs_extend_file+0x10/0x10
[   74.471549][ T5320]  ? percpu_ref_get_many+0x19/0x140
[   74.471564][ T5320]  ? __lock_acquire+0x6b5/0x2cf0
[   74.471581][ T5320]  hfs_get_block+0x412/0xc50
[   74.471594][ T5320]  ? __pfx_hfs_get_block+0x10/0x10
[   74.471607][ T5320]  ? do_raw_spin_unlock+0x4d/0x210
[   74.471619][ T5320]  ? _raw_spin_unlock+0x28/0x50
[   74.471661][ T5320]  __block_write_begin_int+0x6c6/0x1910
[   74.471680][ T5320]  ? __pfx_hfs_get_block+0x10/0x10
[   74.471691][ T5320]  ? __pfx___block_write_begin_int+0x10/0x10
[   74.471708][ T5320]  cont_write_begin+0x737/0xae0
[   74.471724][ T5320]  ? __pfx_cont_write_begin+0x10/0x10
[   74.471738][ T5320]  ? folio_unlock+0x101/0x160
[   74.471753][ T5320]  hfs_write_begin+0x66/0xb0
[   74.471766][ T5320]  ? __pfx_hfs_get_block+0x10/0x10
[   74.471778][ T5320]  cont_write_begin+0x2e7/0xae0
[   74.471791][ T5320]  ? __pfx_truncate_inode_pages_range+0x10/0x10
[   74.471805][ T5320]  ? __pfx_cont_write_begin+0x10/0x10
[   74.471820][ T5320]  hfs_write_begin+0x66/0xb0
[   74.471831][ T5320]  ? __pfx_hfs_get_block+0x10/0x10
[   74.471843][ T5320]  hfs_file_truncate+0x1cf/0xb70
[   74.471854][ T5320]  ? __up_read+0x291/0x6b0
[   74.471867][ T5320]  ? __pfx_hfs_file_truncate+0x10/0x10
[   74.471879][ T5320]  ? unmap_mapping_range+0xe6/0x180
[   74.471892][ T5320]  ? __pfx_unmap_mapping_range+0x10/0x10
[   74.471902][ T5320]  ? setattr_prepare+0x1e6/0xac0
[   74.471915][ T5320]  ? truncate_setsize+0xcf/0xf0
[   74.471929][ T5320]  hfs_inode_setattr+0x4a9/0x670
[   74.471942][ T5320]  ? try_break_deleg+0x79/0x120
[   74.471955][ T5320]  ? __pfx_hfs_inode_setattr+0x10/0x10
[   74.471967][ T5320]  notify_change+0xc1a/0xf40
[   74.471982][ T5320]  do_truncate+0x1c2/0x250
[   74.471996][ T5320]  ? __pfx_do_truncate+0x10/0x10
[   74.472018][ T5320]  do_ftruncate+0x4db/0x5c0
[   74.472033][ T5320]  ? __pfx_do_ftruncate+0x10/0x10
[   74.472046][ T5320]  ? __fget_files+0x2a/0x420
[   74.472057][ T5320]  __x64_sys_ftruncate+0x92/0xf0
[   74.472068][ T5320]  do_syscall_64+0xe2/0xf80
[   74.472075][ T5320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.472082][ T5320]  ? trace_irq_disable+0x37/0x100
[   74.472090][ T5320]  ? clear_bhb_loop+0x60/0xb0
[   74.472097][ T5320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.472105][ T5320] RIP: 0033:0x7f76d8b9aeb9
[   74.472135][ T5320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.472145][ T5320] RSP: 002b:00007f76d9aac028 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[   74.472157][ T5320] RAX: ffffffffffffffda RBX: 00007f76d8e16090 RCX: 00007f76d8b9aeb9
[   74.472165][ T5320] RDX: 0000000000000000 RSI: 0000000002007ffb RDI: 000000000000000d
[   74.472172][ T5320] RBP: 00007f76d8c08c1f R08: 0000000000000000 R09: 0000000000000000
[   74.472179][ T5320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.472186][ T5320] R13: 00007f76d8e16128 R14: 00007f76d8e16090 R15: 00007ffdef90db08
[   74.472195][ T5320]  </TASK>
[   76.215875][ T4668] Bluetooth: hci0: command tx timeout
[   76.540980][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[   76.543782][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[   78.296198][ T4668] Bluetooth: hci0: command tx timeout
[   80.375686][ T4668] Bluetooth: hci0: command tx timeout