program:
syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x3004048, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=")
setreuid(0xee00, 0x0)
r0 = open$dir(&(0x7f0000001240)='.\x00', 0x0, 0x0) (async)
r1 = getuid()
fchown(r0, r1, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x4}, [], {0x4, 0x1}, [{0x8, 0x1}], {0x10, 0x2}}, 0x2c, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0) (async)
creat(&(0x7f0000000100)='./bus\x00', 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
pwrite64(r2, &(0x7f0000000140)='2', 0x1, 0x8080c61)
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@rights={{0x14, 0x1, 0x1, [r4]}}], 0x18, 0x8084}, 0x20008044)
recvmmsg$unix(r4, &(0x7f0000000700)=[{{0x0, 0x0, 0x0}}], 0x1, 0x22, 0x0) (async)
creat(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
truncate(&(0x7f0000000080)='./file0\x00', 0x4) (async)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) (async)
perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async)
r6 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0)
setpgid(r6, r6) (async)
getpgid(r6) (async)
syz_open_procfs$namespace(r6, &(0x7f0000000280)='ns/uts\x00') (async, rerun: 64)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0) (rerun: 64)

[   76.745770][ T4690] Bluetooth: hci0: command tx timeout
[   76.812918][ T5342] loop0: detected capacity change from 0 to 64
[   76.841740][ T5342] =======================================================
[   76.841740][ T5342] WARNING: The mand mount option has been deprecated and
[   76.841740][ T5342]          and is ignored by this kernel. Remove the mand
[   76.841740][ T5342]          option from the mount to silence this warning.
[   76.841740][ T5342] =======================================================
[   76.975508][ T5345] 
[   76.976631][ T5345] ============================================
[   76.979010][ T5345] WARNING: possible recursive locking detected
[   76.981506][ T5345] syzkaller #0 Not tainted
[   76.983476][ T5345] --------------------------------------------
[   76.986135][ T5345] syz.0.0/5345 is trying to acquire lock:
[   76.988231][ T5345] ffff8880365180f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540
[   76.992226][ T5345] 
[   76.992226][ T5345] but task is already holding lock:
[   76.995284][ T5345] ffff888036518778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540
[   76.999214][ T5345] 
[   76.999214][ T5345] other info that might help us debug this:
[   77.002084][ T5345]  Possible unsafe locking scenario:
[   77.002084][ T5345] 
[   77.004960][ T5345]        CPU0
[   77.006282][ T5345]        ----
[   77.007553][ T5345]   lock(&HFS_I(tree->inode)->extents_lock);
[   77.009850][ T5345]   lock(&HFS_I(tree->inode)->extents_lock);
[   77.012191][ T5345] 
[   77.012191][ T5345]  *** DEADLOCK ***
[   77.012191][ T5345] 
[   77.015517][ T5345]  May be due to missing lock nesting notation
[   77.015517][ T5345] 
[   77.018823][ T5345] 5 locks held by syz.0.0/5345:
[   77.020886][ T5345]  #0: ffff888034e64420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   77.024828][ T5345]  #1: ffff888036518fa0 (&type->i_mutex_dir_key#8){+.+.}-{4:4}, at: path_openat+0xb47/0x3dd0
[   77.029265][ T5345]  #2: ffff8880360620b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   77.033404][ T5345]  #3: ffff888036518778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1540
[   77.037785][ T5345]  #4: ffff8880360600b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x18e/0x300
[   77.041805][ T5345] 
[   77.041805][ T5345] stack backtrace:
[   77.044103][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   77.044113][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.044119][ T5345] Call Trace:
[   77.044126][ T5345]  <TASK>
[   77.044131][ T5345]  dump_stack_lvl+0xe8/0x150
[   77.044147][ T5345]  print_deadlock_bug+0x279/0x290
[   77.044158][ T5345]  __lock_acquire+0x2540/0x2cf0
[   77.044170][ T5345]  ? lock_release+0x4b/0x3b0
[   77.044179][ T5345]  ? lock_release+0x4b/0x3b0
[   77.044188][ T5345]  ? is_bpf_text_address+0x292/0x2b0
[   77.044212][ T5345]  ? hfs_extend_file+0xda/0x1540
[   77.044225][ T5345]  lock_acquire+0x107/0x340
[   77.044234][ T5345]  ? hfs_extend_file+0xda/0x1540
[   77.044249][ T5345]  __mutex_lock+0x187/0x1350
[   77.044298][ T5345]  ? hfs_extend_file+0xda/0x1540
[   77.044309][ T5345]  ? stack_trace_save+0x9c/0xe0
[   77.044323][ T5345]  ? __pfx_stack_trace_save+0x10/0x10
[   77.044337][ T5345]  ? check_noncircular+0xda/0x150
[   77.044348][ T5345]  ? hfs_extend_file+0xda/0x1540
[   77.044366][ T5345]  ? __pfx___mutex_lock+0x10/0x10
[   77.044375][ T5345]  ? __lock_acquire+0x146f/0x2cf0
[   77.044382][ T5345]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   77.044396][ T5345]  hfs_extend_file+0xda/0x1540
[   77.044411][ T5345]  ? __pfx_hfs_extend_file+0x10/0x10
[   77.044422][ T5345]  ? __pfx___mutex_trylock_common+0x10/0x10
[   77.044434][ T5345]  ? rcu_is_watching+0x15/0xb0
[   77.044445][ T5345]  ? trace_contention_end+0x39/0x100
[   77.044459][ T5345]  ? __asan_memset+0x22/0x50
[   77.044471][ T5345]  ? hfs_brec_find+0x1a7/0x510
[   77.044481][ T5345]  hfs_bmap_reserve+0x107/0x430
[   77.044497][ T5345]  __hfs_ext_write_extent+0x1fa/0x470
[   77.044510][ T5345]  __hfs_ext_cache_extent+0x6b/0x9b0
[   77.044523][ T5345]  ? hfs_find_init+0x18e/0x300
[   77.044535][ T5345]  hfs_extend_file+0x31e/0x1540
[   77.044548][ T5345]  ? __pfx_hfs_extend_file+0x10/0x10
[   77.044560][ T5345]  ? __mutex_lock+0x335/0x1350
[   77.044574][ T5345]  ? __pfx___mutex_lock+0x10/0x10
[   77.044584][ T5345]  hfs_bmap_reserve+0x107/0x430
[   77.044597][ T5345]  hfs_cat_create+0x1c5/0x770
[   77.044609][ T5345]  ? do_raw_spin_lock+0x121/0x290
[   77.044622][ T5345]  ? __pfx_hfs_cat_create+0x10/0x10
[   77.044638][ T5345]  ? _raw_spin_unlock+0x28/0x50
[   77.044650][ T5345]  ? hfs_new_inode+0x837/0xbd0
[   77.044666][ T5345]  hfs_create+0x66/0xe0
[   77.044677][ T5345]  ? __pfx_hfs_create+0x10/0x10
[   77.044689][ T5345]  path_openat+0x18bb/0x3dd0
[   77.044702][ T5345]  ? lock_acquire+0x107/0x340
[   77.044744][ T5345]  ? __pfx_path_openat+0x10/0x10
[   77.044756][ T5345]  ? arch_do_signal_or_restart+0x9a/0x7a0
[   77.044772][ T5345]  do_filp_open+0x1fa/0x410
[   77.044785][ T5345]  ? __pfx_do_filp_open+0x10/0x10
[   77.044802][ T5345]  ? trace_kmem_cache_alloc+0x1f/0xb0
[   77.044814][ T5345]  ? kmem_cache_alloc_noprof+0x3ce/0x710
[   77.044826][ T5345]  ? getname_kernel+0x146/0x2f0
[   77.044835][ T5345]  ? build_open_flags+0x44a/0x5b0
[   77.044846][ T5345]  filp_open+0x176/0x1d0
[   77.044853][ T5345]  ? __pfx_filp_open+0x10/0x10
[   77.044859][ T5345]  ? kmem_cache_alloc_noprof+0x3ce/0x710
[   77.044870][ T5345]  ? getname_kernel+0x20e/0x2f0
[   77.044879][ T5345]  vfs_coredump+0x1d6e/0x3e60
[   77.044893][ T5345]  ? __pfx_vfs_coredump+0x10/0x10
[   77.044904][ T5345]  ? __lock_acquire+0x6b6/0x2cf0
[   77.044913][ T5345]  ? __lock_acquire+0x6b6/0x2cf0
[   77.044924][ T5345]  ? __lock_acquire+0x6b6/0x2cf0
[   77.044934][ T5345]  ? __lock_acquire+0x6b6/0x2cf0
[   77.044943][ T5345]  ? __lock_acquire+0x6b6/0x2cf0
[   77.044954][ T5345]  ? unwind_next_frame+0xa5/0x23d0
[   77.044964][ T5345]  ? lock_acquire+0x107/0x340
[   77.044973][ T5345]  ? unwind_next_frame+0xa5/0x23d0
[   77.044984][ T5345]  ? is_bpf_text_address+0x26/0x2b0
[   77.044997][ T5345]  ? lock_acquire+0x107/0x340
[   77.045007][ T5345]  ? is_bpf_text_address+0x26/0x2b0
[   77.045020][ T5345]  ? is_bpf_text_address+0x292/0x2b0
[   77.045032][ T5345]  ? is_bpf_text_address+0x26/0x2b0
[   77.045045][ T5345]  ? kernel_text_address+0xa5/0xe0
[   77.045059][ T5345]  ? __kernel_text_address+0xd/0x40
[   77.045070][ T5345]  ? unwind_get_return_address+0x4d/0x90
[   77.045080][ T5345]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   77.045094][ T5345]  ? arch_stack_walk+0xfc/0x150
[   77.045108][ T5345]  ? stack_trace_save+0x9c/0xe0
[   77.045121][ T5345]  ? __pfx_stack_trace_save+0x10/0x10
[   77.045134][ T5345]  ? stack_depot_save_flags+0x33/0x810
[   77.045146][ T5345]  ? kasan_save_track+0x4f/0x80
[   77.045159][ T5345]  ? kasan_save_track+0x3e/0x80
[   77.045171][ T5345]  ? kasan_save_free_info+0x46/0x50
[   77.045181][ T5345]  ? __kasan_slab_free+0x5c/0x80
[   77.045201][ T5345]  ? kmem_cache_free+0x197/0x620
[   77.045213][ T5345]  ? get_signal+0xa4b/0x1340
[   77.045222][ T5345]  ? arch_do_signal_or_restart+0x9a/0x7a0
[   77.045234][ T5345]  ? irqentry_exit+0x178/0x670
[   77.045242][ T5345]  ? asm_exc_page_fault+0x26/0x30
[   77.045264][ T5345]  ? _raw_spin_unlock_irq+0x23/0x50
[   77.045277][ T5345]  get_signal+0x1108/0x1340
[   77.045290][ T5345]  arch_do_signal_or_restart+0x9a/0x7a0
[   77.045303][ T5345]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   77.045320][ T5345]  irqentry_exit+0x178/0x670
[   77.045329][ T5345]  ? trace_irq_disable+0x37/0x100
[   77.045342][ T5345]  asm_exc_page_fault+0x26/0x30
[   77.045352][ T5345] RIP: 0033:0x7fedac58f7d1
[   77.045363][ T5345] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[   77.045371][ T5345] RSP: 002b:0000000000000050 EFLAGS: 00010217
[   77.045381][ T5345] RAX: 0000000000000000 RBX: 00007fedac7e5fa0 RCX: 00007fedac58f7c9
[   77.045387][ T5345] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000000000904000
[   77.045393][ T5345] RBP: 00007fedac613f91 R08: 0000000000000000 R09: 0000000000000000
[   77.045399][ T5345] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   77.045404][ T5345] R13: 00007fedac7e6038 R14: 00007fedac7e5fa0 R15: 00007ffe6f72d278
[   77.045414][ T5345]  </TASK>