program:
syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000180)=ANY=[], 0x1, 0x683, &(0x7f00000003c0)="$eJzs3U9sHFcdB/DvbDbrbFqCmyZtQJVqNRIgIhI7VgrmQkAI5VChqhw4W4nTWNmkxXGRWyHq8PfaQw+cUDnkgjghcY9UOHCBW04gHyshcekFc1o0s7P2+i/rNPFu2s8nmn3vzZt57ze/2Zn9Y0Ub4DPryrk076fIlXOvrJTttXuznbV7s7f69SQTSVaTZpJGkuI/3W73w+RyUmwMU2wrd3h/ce61Bx+vfdRrNeul2r6x337b1NutJr9tDKxerZdMJTlSl5/AlvGufuLxio3ILyc5W5cwckeTdLf40V+f3ugZ0N5t72OHEiPweBXV6+a1f2xfP5kcry/08n1A71Wx95o9Jla3tCYeai8AAAB48gzzGfjz61nPSnHiEMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAT4XVjd//L4tqafTrUyn6v//fqtelro+XFw+2+f3HFQcAAAAAAAAAHKIX17OelZzot7tF9Tf/l6rGqerxqbyVO1nIUs5nJfNZznKWMpNkcmCg1sr88vLSzBB7Xtx1z4v/J9CJumw/muMGAAAAAAAAgE+Zn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgHBTJkV6R4u7A6sk0mkmOJWmVK1aTv/frT7L7ow4AAAAADsFEsp6VnOi3u0VOJXmu+g7gWN7K7SxnMcvpZCHXqu8Fep/6G2v3Zjtr92ZvlcvOcb/97wOFUY2Y3ncPu898ptqinetZrNacz9W8kU6upVHtWTpTx9MfdSCuY0nuljEV36oNGdm1uiyP/L263OHdAx3sXg74ZcpklZGjGxmZrmMrs/FM/8zsfoYOeHa2zzSTxmCwW2ZqbT2Yh8r58bosj+dXe+V8JLZn4uLAs++5/XOefPlPf/jhdF0fn0MazpG67FaP7Z2ZmB3IxPPDZOJG5/bNG9fvnHvSMrHDdJWJ0xvtK/lefpBzmcqrWcpifpz5LGchU/luVZuvT34xcMnvkanLW1qv7hXBb+rbd6t+hvZOVhnTg6Fjeqna90QW8/28kWtZyMvVv4uZyddzKZcyN3CGT+9/hqurvrHHVd/93I4DKAM/+5W60U7y67ocD2V4zwzkdfCeO1n1Da7ZzNLJIbJ0wHtj84t1pZzj53U5HrZnYmYgE8/un4nfVbeVO53bN5duzL853HQn36sr5XX0y2RqtDeS1rb6yfJkVa2tz46y79ld+2aqvlMbfY0dfac3+npX6uqeV2qrfg+3c6SLVd/zu/bNVn1nBvp2e78FwNg7/tXjrfa/2n9rf9D+RftG+5Vj35n4xsQLrRz989FvNqePfKnxQvHHfJCfbn7+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt6dt9+5Od/pLCz1Kq0kVaXb7b67teuglWY9w0BXsfukj7qSqX8+VU6zS1f/58we4+zbK194Ojmsuca38t9ut1uvKfbY5vd/GZtEdWtjkboRVUZzPwIOz4XlW29euPP2O19bvDX/+sLrC7fnLl2am5679PLsheuLnYXp3uOoowQeh80X/VFHAgAAAAAAAAAAAAzrMP47waiPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiyXTmX5v0UmZk+P1221+7NdsqlX9/cspmkkaT4SVJ8mFxOb8nkwHDFXvO8vzj32oOP1z7aHKvZ376x337DWa2XTCU50ivvPqrxrtblvor9DqHYOMIyYWf7iYNR+18AAAD///fgA7k=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000440)={[{@lazytime}, {@user_xattr}, {@norecovery}, {@nodioread_nolock}, {@delalloc}, {@sysvgroups}, {@abort}, {@errors_remount}, {@oldalloc}]}, 0x0, 0x7b8, &(0x7f0000001780)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0imVbchzHslL8+cBY780PvfedN/PmWTNIARxYo+mfXMTRiL40OZzNTyKbEb0Rp+vrPV5dKaRTEmtrr3yX1NZ5tLpSiKZtUoezzB8j4rM3Io7ltpZbWVqenSqVigtZfrw6d3m8srR8/NLc1Exxpjh/cmJy8sSpf5w6uXex/vDl8pH7b///rx+d/un1P9x56/MkTseRbFlzHHtlNEazfdKX7sIN/rfXhXVZ0u0KsCvpqdlTP8vjaAxHzzYt+Z99rRkA0CnXImJtlwZ3vSUA0F2JqzgAHDCNzwEera4UGlPU7+dc7+oHE/vkwX8jYrAef+P+Zn1Jb/2e3VeDtfugQ4+S2j2ShiQiRvag/NGIuHn33O10ig7dhwRo5fqNiLgwMrq5/097uM3PLDyrv+1gndFNef0f7J9P0vHPP7eO/yJy2fk/WPu7efwz0OLc3Y125/96Wbl7G1bo24NCm6Tjv383Pdv2uCn+zEhPlvtNbczXl1y8VCqmfdtvI2Is+gbS/MQ2ZYw9/Plhu2XN47/v33ntg7T89HV9jdy93oGN20xPVaeeJ+ZmD25E/Km3VfzJk/ZP2ox/z+6wjJf+9eb77Zal8afxNqat8XfW2q2Iv7Rs//XnoJJtn08crx0O442DooWPv35vqF35ze1/825a0kqh8b/Afkjbf2j7+EeS5uc1K89exhe3hj9tt2xj/Odup+VvjL/18d+fvFpL92fzrk5VqwsTEf3Jy1vnn1jftpFvrJ/GP/bn1uf/dsd/2g1dyNJrT3n4sff+tx/uPv7OSuOfTts/yYJ4avs/e+LO49meduXvrP0na6mxbM7W/q93y/vutILPtfMAAAAAAAAAAAAAAAAAAAAAAAAAYIdyEXEkklz+STqXy+frv+H9+xjKlcqV6rGL5cX56aj9VvZI9OUaX3U53PR9qBPZ9+E38ic25f8eEb+LiHcHDtXy+UK5NN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgc7jN7/+nvhnodu0AgI4Z7HYFAIB95/oPAAdP/frfs3l2f+u1D3W8PgBA59Wu/0lvt6sBAOwjn/8DwMHj+g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnT1zJp3WflxdKaT56StLi7PlK8eni5XZ/NxiIV8oL1zOz5TLM6VivlCea/tG1+svpXL58mTML14drxYr1fHK0vL5ufLifPX8pbmpmeL5Yt++RQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO1dZWp6dKpWKCxLbJ669ENW4kTVbt/eGxAuRGIiIThXR3Esc6k7nBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAr8EsAAAD//4BOHek=")
fsopen(&(0x7f0000000040)='vxfs\x00', 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r1 = socket(0x10, 0x400000000080803, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x10, 0x0, 0x45, 0x7, 0x8fc1, 0x1, 0x20000, 0x0, 0xf}})
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)

[  156.973206][ T4667] Bluetooth: hci0: command tx timeout
[  157.074575][ T5337] loop0: detected capacity change from 0 to 1024
[  157.246797][ T5337] 
[  157.248066][ T5337] ======================================================
[  157.251244][ T5337] WARNING: possible circular locking dependency detected
[  157.254489][ T5337] syzkaller #0 Not tainted
[  157.257190][ T5337] ------------------------------------------------------
[  157.260131][ T5337] syz.0.0/5337 is trying to acquire lock:
[  157.262580][ T5337] ffff888011c180b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfsplus_find_init+0x168/0x2d0
[  157.266952][ T5337] 
[  157.266952][ T5337] but task is already holding lock:
[  157.270706][ T5337] ffff888037969c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30
[  157.275984][ T5337] 
[  157.275984][ T5337] which lock already depends on the new lock.
[  157.275984][ T5337] 
[  157.280895][ T5337] 
[  157.280895][ T5337] the existing dependency chain (in reverse order) is:
[  157.285668][ T5337] 
[  157.285668][ T5337] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}:
[  157.290500][ T5337]        __mutex_lock+0x19f/0x1300
[  157.292894][ T5337]        hfsplus_file_extend+0x215/0x1d70
[  157.295623][ T5337]        hfsplus_bmap_reserve+0x125/0x510
[  157.298246][ T5337]        __hfsplus_ext_write_extent+0x28d/0x5b0
[  157.301175][ T5337]        __hfsplus_ext_cache_extent+0x89/0xe30
[  157.304672][ T5337]        hfsplus_file_extend+0x4af/0x1d70
[  157.308757][ T5337]        hfsplus_get_block+0x42c/0x1670
[  157.311968][ T5337]        __block_write_begin_int+0x6c6/0x1910
[  157.314704][ T5337]        cont_write_begin+0x737/0xae0
[  157.317340][ T5337]        hfsplus_write_begin+0x66/0xb0
[  157.320384][ T5337]        generic_perform_write+0x2e2/0x8f0
[  157.323796][ T5337]        generic_file_write_iter+0x14a/0x680
[  157.326788][ T5337]        vfs_write+0x61d/0xb90
[  157.329118][ T5337]        ksys_write+0x150/0x270
[  157.331383][ T5337]        do_syscall_64+0x14d/0xf80
[  157.333673][ T5337]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.337257][ T5337] 
[  157.337257][ T5337] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}:
[  157.341574][ T5337]        __lock_acquire+0x15a5/0x2cf0
[  157.344199][ T5337]        lock_acquire+0xf0/0x2e0
[  157.346488][ T5337]        __mutex_lock+0x19f/0x1300
[  157.349185][ T5337]        hfsplus_find_init+0x168/0x2d0
[  157.352031][ T5337]        hfsplus_file_truncate+0x39b/0xc30
[  157.355264][ T5337]        hfsplus_delete_inode+0x180/0x230
[  157.358033][ T5337]        hfsplus_unlink+0x4ee/0x930
[  157.360441][ T5337]        vfs_unlink+0x272/0x6c0
[  157.362498][ T5337]        filename_unlinkat+0x3cd/0x610
[  157.365033][ T5337]        __se_sys_unlinkat+0x83/0x1a0
[  157.368135][ T5337]        do_syscall_64+0x14d/0xf80
[  157.370237][ T5337]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.373139][ T5337] 
[  157.373139][ T5337] other info that might help us debug this:
[  157.373139][ T5337] 
[  157.377827][ T5337]  Possible unsafe locking scenario:
[  157.377827][ T5337] 
[  157.381278][ T5337]        CPU0                    CPU1
[  157.383596][ T5337]        ----                    ----
[  157.386366][ T5337]   lock(&HFSPLUS_I(inode)->extents_lock);
[  157.389857][ T5337]                                lock(&tree->tree_lock/1);
[  157.393527][ T5337]                                lock(&HFSPLUS_I(inode)->extents_lock);
[  157.397328][ T5337]   lock(&tree->tree_lock/1);
[  157.399485][ T5337] 
[  157.399485][ T5337]  *** DEADLOCK ***
[  157.399485][ T5337] 
[  157.403125][ T5337] 5 locks held by syz.0.0/5337:
[  157.405544][ T5337]  #0: ffff88800019e420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  157.410084][ T5337]  #1: ffff88803796a4b8 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_unlinkat+0x2a7/0x610
[  157.417025][ T5337]  #2: ffff888037969df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: vfs_unlink+0xed/0x6c0
[  157.421892][ T5337]  #3: ffff88801efd8198 (&sbi->vh_mutex){+.+.}-{4:4}, at: hfsplus_unlink+0x182/0x930
[  157.426267][ T5337]  #4: ffff888037969c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30
[  157.431680][ T5337] 
[  157.431680][ T5337] stack backtrace:
[  157.434937][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  157.434962][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  157.434973][ T5337] Call Trace:
[  157.434985][ T5337]  <TASK>
[  157.435411][ T5337]  dump_stack_lvl+0xe8/0x150
[  157.435467][ T5337]  print_circular_bug+0x2e1/0x300
[  157.435493][ T5337]  check_noncircular+0x12e/0x150
[  157.435520][ T5337]  __lock_acquire+0x15a5/0x2cf0
[  157.435541][ T5337]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  157.435589][ T5337]  ? kasan_save_track+0x4f/0x80
[  157.435886][ T5337]  ? kasan_save_track+0x3e/0x80
[  157.435906][ T5337]  ? __kasan_kmalloc+0x93/0xb0
[  157.435915][ T5337]  ? __kmalloc_noprof+0x35c/0x760
[  157.435963][ T5337]  ? hfsplus_find_init+0x8c/0x2d0
[  157.435980][ T5337]  ? hfsplus_file_truncate+0x39b/0xc30
[  157.436002][ T5337]  ? hfsplus_delete_inode+0x180/0x230
[  157.436022][ T5337]  lock_acquire+0xf0/0x2e0
[  157.436036][ T5337]  ? hfsplus_find_init+0x168/0x2d0
[  157.436056][ T5337]  __mutex_lock+0x19f/0x1300
[  157.436073][ T5337]  ? hfsplus_find_init+0x168/0x2d0
[  157.436092][ T5337]  ? hfsplus_find_init+0x168/0x2d0
[  157.436105][ T5337]  ? __pfx___mutex_lock+0x10/0x10
[  157.436120][ T5337]  ? rcu_is_watching+0x15/0xb0
[  157.436161][ T5337]  ? __kmalloc_noprof+0x37d/0x760
[  157.436177][ T5337]  ? hfsplus_find_init+0x8c/0x2d0
[  157.436190][ T5337]  ? __kmalloc_noprof+0x1b8/0x760
[  157.436208][ T5337]  hfsplus_find_init+0x168/0x2d0
[  157.436220][ T5337]  hfsplus_file_truncate+0x39b/0xc30
[  157.436238][ T5337]  ? hfsplus_delete_cat+0x860/0xe80
[  157.436251][ T5337]  ? __pfx_hfsplus_file_truncate+0x10/0x10
[  157.436269][ T5337]  ? __pfx___mutex_lock+0x10/0x10
[  157.436289][ T5337]  hfsplus_delete_inode+0x180/0x230
[  157.436305][ T5337]  hfsplus_unlink+0x4ee/0x930
[  157.436318][ T5337]  ? __pfx_hfsplus_unlink+0x10/0x10
[  157.436331][ T5337]  ? __pfx_down_write+0x10/0x10
[  157.436379][ T5337]  ? try_break_deleg+0x5b/0x180
[  157.436406][ T5337]  vfs_unlink+0x272/0x6c0
[  157.436422][ T5337]  filename_unlinkat+0x3cd/0x610
[  157.436436][ T5337]  ? __pfx_filename_unlinkat+0x10/0x10
[  157.436448][ T5337]  ? do_getname+0x151/0x250
[  157.436462][ T5337]  __se_sys_unlinkat+0x83/0x1a0
[  157.436475][ T5337]  do_syscall_64+0x14d/0xf80
[  157.436492][ T5337]  ? trace_irq_disable+0x3b/0x150
[  157.436540][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.436554][ T5337]  ? clear_bhb_loop+0x40/0x90
[  157.436570][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.436584][ T5337] RIP: 0033:0x7f2a83d9c799
[  157.436601][ T5337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  157.436611][ T5337] RSP: 002b:00007f2a84ca0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[  157.436648][ T5337] RAX: ffffffffffffffda RBX: 00007f2a84015fa0 RCX: 00007f2a83d9c799
[  157.436658][ T5337] RDX: 0000000000000000 RSI: 0000200000000c40 RDI: ffffffffffffff9c
[  157.436668][ T5337] RBP: 00007f2a83e32bd9 R08: 0000000000000000 R09: 0000000000000000
[  157.436677][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  157.436691][ T5337] R13: 00007f2a84016038 R14: 00007f2a84015fa0 R15: 00007ffc83134c48
[  157.436714][ T5337]  </TASK>