program:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_SRC={0x8, 0x2, @loopback}]}, 0x24}}, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x683, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbDbrbFqCmyZtQJVqNRIgIhI7VgrmQkAI5VChqhw4W4nTWNmkxXGRWyHq8PfaQw+cUDnkgjghcY9UOHCBW04gHyshcekFc1o0s7P2+i/rNPFu2s8nmn3vzZt57ze/2Zn9Y0Ub4DPryrk076fIlXOvrJTttXuznbV7s7f69SQTSVaTZpJGkuI/3W73w+RyUmwMU2wrd3h/ce61Bx+vfdRrNeul2r6x337b1NutJr9tDKxerZdMJTlSl5/AlvGufuLxio3ILyc5W5cwckeTdLf40V+f3ugZ0N5t72OHEiPweBXV6+a1f2xfP5kcry/08n1A71Wx95o9Jla3tCYeai8AAAB48gzzGfjz61nPSnHiEMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4XVjd//L4tqafTrUyn6v//fqtelro+XFw+2+f3HFQcAAAAAAAAAHKIX17OelZzot7tF9Tf/l6rGqerxqbyVO1nIUs5nJfNZznKWMpNkcmCg1sr88vLSzBB7Xtx1z4v/J9CJumw/muMGAAAAAAAAgE+Zn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJkV6R4u7A6sk0mkmOJWmVK1aTv/frT7L7ow4AAAAADsFEsp6VnOi3u0VOJXmu+g7gWN7K7SxnMcvpZCHXqu8Fep/6G2v3Zjtr92ZvlcvOcb/97wOFUY2Y3ncPu898ptqinetZrNacz9W8kU6upVHtWTpTx9MfdSCuY0nuljEV36oNGdm1uiyP/L263OHdAx3sXg74ZcpklZGjGxmZrmMrs/FM/8zsfoYOeHa2zzSTxmCwW2ZqbT2Yh8r58bosj+dXe+V8JLZn4uLAs++5/XOefPlPf/jhdF0fn0MazpG67FaP7Z2ZmB3IxPPDZOJG5/bNG9fvnHvSMrHDdJWJ0xvtK/lefpBzmcqrWcpifpz5LGchU/luVZuvT34xcMnvkanLW1qv7hXBb+rbd6t+hvZOVhnTg6Fjeqna90QW8/28kWtZyMvVv4uZyddzKZcyN3CGT+9/hqurvrHHVd/93I4DKAM/+5W60U7y67ocD2V4zwzkdfCeO1n1Da7ZzNLJIbJ0wHtj84t1pZzj53U5HrZnYmYgE8/un4nfVbeVO53bN5duzL853HQn36sr5XX0y2RqtDeS1rb6yfJkVa2tz46y79ld+2aqvlMbfY0dfac3+npX6uqeV2qrfg+3c6SLVd/zu/bNVn1nBvp2e78FwNg7/tXjrfa/2n9rf9D+RftG+5Vj35n4xsQLrRz989FvNqePfKnxQvHHfJCfbn7+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt6dt9+5Od/pLCz1Kq0kVaXb7b67teuglWY9w0BXsfukj7qSqX8+VU6zS1f/58we4+zbK194Ojmsuca38t9ut1uvKfbY5vd/GZtEdWtjkboRVUZzPwIOz4XlW29euPP2O19bvDX/+sLrC7fnLl2am5679PLsheuLnYXp3uOoowQeh80X/VFHAgAAAAAAAAAAAAzrMP47waiPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiyXTmX5v0UmZk+P1221+7NdsqlX9/cspmkkaT4SVJ8mFxOb8nkwHDFXvO8vzj32oOP1z7aHKvZ376x337DWa2XTCU50ivvPqrxrtblvor9DqHYOMIyYWf7iYNR+18AAAD///fgA7k=")
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
setresuid(0x0, 0xee00, 0x0)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
r2 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, r2)
openat$cgroup_ro(r1, &(0x7f0000000a80)='net_prio.prioidx\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0\x00', 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

[   73.563081][ T5292] Bluetooth: hci0: command tx timeout
[   73.665592][ T5313] loop0: detected capacity change from 0 to 1024
[   73.810288][ T5313] 
[   73.811482][ T5313] ======================================================
[   73.814504][ T5313] WARNING: possible circular locking dependency detected
[   73.817546][ T5313] syzkaller #0 Not tainted
[   73.819530][ T5313] ------------------------------------------------------
[   73.822625][ T5313] syz.0.0/5313 is trying to acquire lock:
[   73.825142][ T5313] ffff8880388c60b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0
[   73.829261][ T5313] 
[   73.829261][ T5313] but task is already holding lock:
[   73.832439][ T5313] ffff88803ba81c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30
[   73.837246][ T5313] 
[   73.837246][ T5313] which lock already depends on the new lock.
[   73.837246][ T5313] 
[   73.841665][ T5313] 
[   73.841665][ T5313] the existing dependency chain (in reverse order) is:
[   73.845589][ T5313] 
[   73.845589][ T5313] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}:
[   73.849139][ T5313]        __mutex_lock+0x19f/0x1300
[   73.851262][ T5313]        hfsplus_file_extend+0x215/0x1d70
[   73.853546][ T5313]        hfsplus_bmap_reserve+0x125/0x510
[   73.855817][ T5313]        __hfsplus_ext_write_extent+0x28d/0x5b0
[   73.858359][ T5313]        __hfsplus_ext_cache_extent+0x89/0xe30
[   73.861022][ T5313]        hfsplus_file_extend+0x4af/0x1d70
[   73.863424][ T5313]        hfsplus_get_block+0x42c/0x1670
[   73.865612][ T5313]        __block_write_begin_int+0x6c6/0x1910
[   73.868021][ T5313]        cont_write_begin+0x737/0xae0
[   73.870132][ T5313]        hfsplus_write_begin+0x66/0xb0
[   73.872342][ T5313]        generic_perform_write+0x2e2/0x8f0
[   73.874664][ T5313]        generic_file_write_iter+0x14a/0x680
[   73.877115][ T5313]        vfs_write+0x61d/0xb90
[   73.879177][ T5313]        ksys_write+0x150/0x270
[   73.881385][ T5313]        do_syscall_64+0x14d/0xf80
[   73.883703][ T5313]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.886374][ T5313] 
[   73.886374][ T5313] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[   73.889796][ T5313]        __lock_acquire+0x15a5/0x2cf0
[   73.892245][ T5313]        lock_acquire+0x106/0x330
[   73.894472][ T5313]        __mutex_lock+0x19f/0x1300
[   73.896722][ T5313]        hfsplus_find_init+0x168/0x2d0
[   73.899057][ T5313]        hfsplus_file_truncate+0x39b/0xc30
[   73.901560][ T5313]        hfsplus_delete_inode+0x180/0x230
[   73.903826][ T5313]        hfsplus_unlink+0x4ee/0x930
[   73.906024][ T5313]        vfs_unlink+0x272/0x6c0
[   73.908105][ T5313]        filename_unlinkat+0x3cd/0x610
[   73.910270][ T5313]        __se_sys_unlinkat+0x83/0x1a0
[   73.912478][ T5313]        do_syscall_64+0x14d/0xf80
[   73.914514][ T5313]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.917241][ T5313] 
[   73.917241][ T5313] other info that might help us debug this:
[   73.917241][ T5313] 
[   73.921540][ T5313]  Possible unsafe locking scenario:
[   73.921540][ T5313] 
[   73.924660][ T5313]        CPU0                    CPU1
[   73.926911][ T5313]        ----                    ----
[   73.929145][ T5313]   lock(&HFSPLUS_I(inode)->extents_lock);
[   73.931695][ T5313]                                lock(&tree->tree_lock/1);
[   73.934776][ T5313]                                lock(&HFSPLUS_I(inode)->extents_lock);
[   73.938325][ T5313]   lock(&tree->tree_lock/1);
[   73.940178][ T5313] 
[   73.940178][ T5313]  *** DEADLOCK ***
[   73.940178][ T5313] 
[   73.943343][ T5313] 5 locks held by syz.0.0/5313:
[   73.945431][ T5313]  #0: ffff88801f3c4420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   73.949397][ T5313]  #1: ffff88803ba824b8 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_unlinkat+0x2a7/0x610
[   73.953933][ T5313]  #2: ffff88803ba81df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: vfs_unlink+0xed/0x6c0
[   73.957920][ T5313]  #3: ffff8880409ce998 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x182/0x930
[   73.961960][ T5313]  #4: ffff88803ba81c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30
[   73.966729][ T5313] 
[   73.966729][ T5313] stack backtrace:
[   73.969288][ T5313] CPU: 0 UID: 60928 PID: 5313 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   73.969305][ T5313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   73.969351][ T5313] Call Trace:
[   73.969359][ T5313]  <TASK>
[   73.969366][ T5313]  dump_stack_lvl+0xe8/0x150
[   73.969393][ T5313]  print_circular_bug+0x2e1/0x300
[   73.969411][ T5313]  check_noncircular+0x12e/0x150
[   73.969428][ T5313]  __lock_acquire+0x15a5/0x2cf0
[   73.969442][ T5313]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   73.969456][ T5313]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   73.969468][ T5313]  ? stack_depot_save_flags+0x3f3/0x810
[   73.969535][ T5313]  ? kasan_save_track+0x4f/0x80
[   73.969550][ T5313]  ? kasan_save_track+0x3e/0x80
[   73.969565][ T5313]  ? hfsplus_find_init+0x168/0x2d0
[   73.969581][ T5313]  lock_acquire+0x106/0x330
[   73.969594][ T5313]  ? hfsplus_find_init+0x168/0x2d0
[   73.969611][ T5313]  __mutex_lock+0x19f/0x1300
[   73.969626][ T5313]  ? hfsplus_find_init+0x168/0x2d0
[   73.969637][ T5313]  ? hfsplus_find_init+0x168/0x2d0
[   73.969648][ T5313]  ? __pfx___mutex_lock+0x10/0x10
[   73.969658][ T5313]  ? rcu_is_watching+0x15/0xb0
[   73.969670][ T5313]  ? trace_kmalloc+0x1f/0xb0
[   73.969683][ T5313]  ? __kmalloc_noprof+0x37d/0x760
[   73.969697][ T5313]  ? hfsplus_find_init+0x8c/0x2d0
[   73.969710][ T5313]  ? __kmalloc_noprof+0x1b8/0x760
[   73.969724][ T5313]  hfsplus_find_init+0x168/0x2d0
[   73.969739][ T5313]  hfsplus_file_truncate+0x39b/0xc30
[   73.969763][ T5313]  ? hfsplus_delete_cat+0x860/0xe80
[   73.969774][ T5313]  ? __pfx_hfsplus_file_truncate+0x10/0x10
[   73.969788][ T5313]  ? __pfx___mutex_lock+0x10/0x10
[   73.969805][ T5313]  hfsplus_delete_inode+0x180/0x230
[   73.969825][ T5313]  hfsplus_unlink+0x4ee/0x930
[   73.969839][ T5313]  ? __pfx_hfsplus_unlink+0x10/0x10
[   73.969854][ T5313]  ? __pfx_down_write+0x10/0x10
[   73.969869][ T5313]  ? try_break_deleg+0x5b/0x180
[   73.969883][ T5313]  vfs_unlink+0x272/0x6c0
[   73.969900][ T5313]  filename_unlinkat+0x3cd/0x610
[   73.969917][ T5313]  ? __pfx_filename_unlinkat+0x10/0x10
[   73.969933][ T5313]  ? do_getname+0x151/0x250
[   73.969950][ T5313]  __se_sys_unlinkat+0x83/0x1a0
[   73.969964][ T5313]  do_syscall_64+0x14d/0xf80
[   73.969974][ T5313]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.969982][ T5313]  ? trace_irq_disable+0x37/0x100
[   73.969993][ T5313]  ? clear_bhb_loop+0x40/0x90
[   73.970007][ T5313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.970020][ T5313] RIP: 0033:0x7fa38079bf79
[   73.970033][ T5313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   73.970043][ T5313] RSP: 002b:00007fa381602028 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[   73.970063][ T5313] RAX: ffffffffffffffda RBX: 00007fa380a15fa0 RCX: 00007fa38079bf79
[   73.970072][ T5313] RDX: 0000000000000000 RSI: 0000200000000180 RDI: ffffffffffffff9c
[   73.970080][ T5313] RBP: 00007fa3808327e0 R08: 0000000000000000 R09: 0000000000000000
[   73.970087][ T5313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.970093][ T5313] R13: 00007fa380a16038 R14: 00007fa380a15fa0 R15: 00007ffc408dea68
[   73.970102][ T5313]  </TASK>