Extracting prog: 3m51.422180804s
Minimizing prog: 6m7.920689237s
Simplifying prog options: 0s
Extracting C: 47.92306506s
Simplifying C: 11m1.189366071s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES8, @ANYRESOCT], 0x1, 0x273, &(0x7f00000005c0)="$eJzs3U9rE0EYx/HfbNIabalrWxHEg1QLnsTWi3gRpO/AiydRmwjFUEErqBerZ/EFePctePAleBLPQm6e9J5bZP7EbNJsNo2Jk8TvBxI2yTw7z2RnOzO7lAjAf+v2TuPj9R/2YaSSSpJuSomkilSWdFbnKs/3D/YO6rXqoB2VXIR9GPlIc6TM7n6tX6iNcxFBal+VtZx9D5NR+R47A0wDd/Z7v7LvJ9KJcHa6zytRshu/w9gJRGaaauqFVmLnAQCIK4z/SRjnl8P8PUmkzTDsd4//Mz6ANmMnEFlm/HerrJaxx/e0+6iz3jN+9meFVeIodS3K96xSVwJFq0qXS3Ly0V69dnX3Sb2a6K1uBZli6+656rtuWyOT7Zuju97oszYdoDFy25dcGxZsG7Zz8l8bb43FzBfz1dwzqT6o+mf+V24Ze5jckUp7jpTP/1r+Hl0rU18qp5VnXCXnQw3BwFaW1JNG1mLYZ9cFgrQoTxe12hPlW7dVELXWN2q7IGq9N6rTm/MjJ828N3fNhn7qk3Yy8//EftubGubMtGVcydAzBran7EqmbjwxF91bhxf6lkxGbhKO750e6oZWnr189fhBvV57ysYIG6/Dlzkt+Qy70e4E05LP3G7YLzlK7eW/7plR/irhH+sc9GMGcm9mXth5l/Hrv/Z65fNCuH1nn9IB8/RW0c4zK6CtnLXBqns+lb+C62LcpYclmbxbEcOuuS5dkS4PU6OXhjznhNnRN93n+j8AAAAAAAAAAAAAAAAAAMCsGd+/HFSU91HsNgIAAAAAAAAAAAAAAAAAAAAAMOum7vd/78i/4vd/gYn7HQAA//8NSnOZ")
open(&(0x7f0000000080)='./file1\x00', 0x145142, 0x19)
program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES8, @ANYRESOCT], 0x1, 0x273, &(0x7f00000005c0)="$eJzs3U9rE0EYx/HfbNIabalrWxHEg1QLnsTWi3gRpO/AiydRmwjFUEErqBerZ/EFePctePAleBLPQm6e9J5bZP7EbNJsNo2Jk8TvBxI2yTw7z2RnOzO7lAjAf+v2TuPj9R/2YaSSSpJuSomkilSWdFbnKs/3D/YO6rXqoB2VXIR9GPlIc6TM7n6tX6iNcxFBal+VtZx9D5NR+R47A0wDd/Z7v7LvJ9KJcHa6zytRshu/w9gJRGaaauqFVmLnAQCIK4z/SRjnl8P8PUmkzTDsd4//Mz6ANmMnEFlm/HerrJaxx/e0+6iz3jN+9meFVeIodS3K96xSVwJFq0qXS3Ly0V69dnX3Sb2a6K1uBZli6+656rtuWyOT7Zuju97oszYdoDFy25dcGxZsG7Zz8l8bb43FzBfz1dwzqT6o+mf+V24Ze5jckUp7jpTP/1r+Hl0rU18qp5VnXCXnQw3BwFaW1JNG1mLYZ9cFgrQoTxe12hPlW7dVELXWN2q7IGq9N6rTm/MjJ828N3fNhn7qk3Yy8//EftubGubMtGVcydAzBran7EqmbjwxF91bhxf6lkxGbhKO750e6oZWnr189fhBvV57ysYIG6/Dlzkt+Qy70e4E05LP3G7YLzlK7eW/7plR/irhH+sc9GMGcm9mXth5l/Hrv/Z65fNCuH1nn9IB8/RW0c4zK6CtnLXBqns+lb+C62LcpYclmbxbEcOuuS5dkS4PU6OXhjznhNnRN93n+j8AAAAAAAAAAAAAAAAAAMCsGd+/HFSU91HsNgIAAAAAAAAAAAAAAAAAAAAAMOum7vd/78i/4vd/gYn7HQAA//8NSnOZ")
open(&(0x7f0000000080)='./file1\x00', 0x145142, 0x19)
program crashed: kernel BUG in hfs_write_inode
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES8, @ANYRESOCT], 0x1, 0x273, &(0x7f00000005c0)="$eJzs3U9rE0EYx/HfbNIabalrWxHEg1QLnsTWi3gRpO/AiydRmwjFUEErqBerZ/EFePctePAleBLPQm6e9J5bZP7EbNJsNo2Jk8TvBxI2yTw7z2RnOzO7lAjAf+v2TuPj9R/2YaSSSpJuSomkilSWdFbnKs/3D/YO6rXqoB2VXIR9GPlIc6TM7n6tX6iNcxFBal+VtZx9D5NR+R47A0wDd/Z7v7LvJ9KJcHa6zytRshu/w9gJRGaaauqFVmLnAQCIK4z/SRjnl8P8PUmkzTDsd4//Mz6ANmMnEFlm/HerrJaxx/e0+6iz3jN+9meFVeIodS3K96xSVwJFq0qXS3Ly0V69dnX3Sb2a6K1uBZli6+656rtuWyOT7Zuju97oszYdoDFy25dcGxZsG7Zz8l8bb43FzBfz1dwzqT6o+mf+V24Ze5jckUp7jpTP/1r+Hl0rU18qp5VnXCXnQw3BwFaW1JNG1mLYZ9cFgrQoTxe12hPlW7dVELXWN2q7IGq9N6rTm/MjJ828N3fNhn7qk3Yy8//EftubGubMtGVcydAzBran7EqmbjwxF91bhxf6lkxGbhKO750e6oZWnr189fhBvV57ysYIG6/Dlzkt+Qy70e4E05LP3G7YLzlK7eW/7plR/irhH+sc9GMGcm9mXth5l/Hrv/Z65fNCuH1nn9IB8/RW0c4zK6CtnLXBqns+lb+C62LcpYclmbxbEcOuuS5dkS4PU6OXhjznhNnRN93n+j8AAAAAAAAAAAAAAAAAAMCsGd+/HFSU91HsNgIAAAAAAAAAAAAAAAAAAAAAMOum7vd/78i/4vd/gYn7HQAA//8NSnOZ")
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open
detailed listing:
executing program 0:
open(&(0x7f0000000080)='./file1\x00', 0x145142, 0x19)
program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES8, @ANYRESOCT], 0x1, 0x273, &(0x7f00000005c0)="$eJzs3U9rE0EYx/HfbNIabalrWxHEg1QLnsTWi3gRpO/AiydRmwjFUEErqBerZ/EFePctePAleBLPQm6e9J5bZP7EbNJsNo2Jk8TvBxI2yTw7z2RnOzO7lAjAf+v2TuPj9R/2YaSSSpJuSomkilSWdFbnKs/3D/YO6rXqoB2VXIR9GPlIc6TM7n6tX6iNcxFBal+VtZx9D5NR+R47A0wDd/Z7v7LvJ9KJcHa6zytRshu/w9gJRGaaauqFVmLnAQCIK4z/SRjnl8P8PUmkzTDsd4//Mz6ANmMnEFlm/HerrJaxx/e0+6iz3jN+9meFVeIodS3K96xSVwJFq0qXS3Ly0V69dnX3Sb2a6K1uBZli6+656rtuWyOT7Zuju97oszYdoDFy25dcGxZsG7Zz8l8bb43FzBfz1dwzqT6o+mf+V24Ze5jckUp7jpTP/1r+Hl0rU18qp5VnXCXnQw3BwFaW1JNG1mLYZ9cFgrQoTxe12hPlW7dVELXWN2q7IGq9N6rTm/MjJ828N3fNhn7qk3Yy8//EftubGubMtGVcydAzBran7EqmbjwxF91bhxf6lkxGbhKO750e6oZWnr189fhBvV57ysYIG6/Dlzkt+Qy70e4E05LP3G7YLzlK7eW/7plR/irhH+sc9GMGcm9mXth5l/Hrv/Z65fNCuH1nn9IB8/RW0c4zK6CtnLXBqns+lb+C62LcpYclmbxbEcOuuS5dkS4PU6OXhjznhNnRN93n+j8AAAAAAAAAAAAAAAAAAMCsGd+/HFSU91HsNgIAAAAAAAAAAAAAAAAAAAAAMOum7vd/78i/4vd/gYn7HQAA//8NSnOZ")
open(0x0, 0x145142, 0x19)
program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
program crashed: kernel BUG in hfs_write_inode
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
program crashed: kernel BUG in hfs_write_inode
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES8, @ANYRESOCT], 0x1, 0x273, &(0x7f00000005c0)="$eJzs3U9rE0EYx/HfbNIabalrWxHEg1QLnsTWi3gRpO/AiydRmwjFUEErqBerZ/EFePctePAleBLPQm6e9J5bZP7EbNJsNo2Jk8TvBxI2yTw7z2RnOzO7lAjAf+v2TuPj9R/2YaSSSpJuSomkilSWdFbnKs/3D/YO6rXqoB2VXIR9GPlIc6TM7n6tX6iNcxFBal+VtZx9D5NR+R47A0wDd/Z7v7LvJ9KJcHa6zytRshu/w9gJRGaaauqFVmLnAQCIK4z/SRjnl8P8PUmkzTDsd4//Mz6ANmMnEFlm/HerrJaxx/e0+6iz3jN+9meFVeIodS3K96xSVwJFq0qXS3Ly0V69dnX3Sb2a6K1uBZli6+656rtuWyOT7Zuju97oszYdoDFy25dcGxZsG7Zz8l8bb43FzBfz1dwzqT6o+mf+V24Ze5jckUp7jpTP/1r+Hl0rU18qp5VnXCXnQw3BwFaW1JNG1mLYZ9cFgrQoTxe12hPlW7dVELXWN2q7IGq9N6rTm/MjJ828N3fNhn7qk3Yy8//EftubGubMtGVcydAzBran7EqmbjwxF91bhxf6lkxGbhKO750e6oZWnr189fhBvV57ysYIG6/Dlzkt+Qy70e4E05LP3G7YLzlK7eW/7plR/irhH+sc9GMGcm9mXth5l/Hrv/Z65fNCuH1nn9IB8/RW0c4zK6CtnLXBqns+lb+C62LcpYclmbxbEcOuuS5dkS4PU6OXhjznhNnRN93n+j8AAAAAAAAAAAAAAAAAAMCsGd+/HFSU91HsNgIAAAAAAAAAAAAAAAAAAAAAMOum7vd/78i/4vd/gYn7HQAA//8NSnOZ")
open(&(0x7f0000000080)='./file1\x00', 0x145142, 0x19)
program crashed: kernel BUG in hfs_write_inode
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES8, @ANYRESOCT], 0x1, 0x273, &(0x7f00000005c0)="$eJzs3U9rE0EYx/HfbNIabalrWxHEg1QLnsTWi3gRpO/AiydRmwjFUEErqBerZ/EFePctePAleBLPQm6e9J5bZP7EbNJsNo2Jk8TvBxI2yTw7z2RnOzO7lAjAf+v2TuPj9R/2YaSSSpJuSomkilSWdFbnKs/3D/YO6rXqoB2VXIR9GPlIc6TM7n6tX6iNcxFBal+VtZx9D5NR+R47A0wDd/Z7v7LvJ9KJcHa6zytRshu/w9gJRGaaauqFVmLnAQCIK4z/SRjnl8P8PUmkzTDsd4//Mz6ANmMnEFlm/HerrJaxx/e0+6iz3jN+9meFVeIodS3K96xSVwJFq0qXS3Ly0V69dnX3Sb2a6K1uBZli6+656rtuWyOT7Zuju97oszYdoDFy25dcGxZsG7Zz8l8bb43FzBfz1dwzqT6o+mf+V24Ze5jckUp7jpTP/1r+Hl0rU18qp5VnXCXnQw3BwFaW1JNG1mLYZ9cFgrQoTxe12hPlW7dVELXWN2q7IGq9N6rTm/MjJ828N3fNhn7qk3Yy8//EftubGubMtGVcydAzBran7EqmbjwxF91bhxf6lkxGbhKO750e6oZWnr189fhBvV57ysYIG6/Dlzkt+Qy70e4E05LP3G7YLzlK7eW/7plR/irhH+sc9GMGcm9mXth5l/Hrv/Z65fNCuH1nn9IB8/RW0c4zK6CtnLXBqns+lb+C62LcpYclmbxbEcOuuS5dkS4PU6OXhjznhNnRN93n+j8AAAAAAAAAAAAAAAAAAMCsGd+/HFSU91HsNgIAAAAAAAAAAAAAAAAAAAAAMOum7vd/78i/4vd/gYn7HQAA//8NSnOZ")
open(&(0x7f0000000080)='./file1\x00', 0x145142, 0x19)
program crashed: kernel BUG in hfs_write_inode
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-open
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRES32=0x0, @ANYRES8, @ANYRESOCT], 0x1, 0x273, &(0x7f00000005c0)="$eJzs3U9rE0EYx/HfbNIabalrWxHEg1QLnsTWi3gRpO/AiydRmwjFUEErqBerZ/EFePctePAleBLPQm6e9J5bZP7EbNJsNo2Jk8TvBxI2yTw7z2RnOzO7lAjAf+v2TuPj9R/2YaSSSpJuSomkilSWdFbnKs/3D/YO6rXqoB2VXIR9GPlIc6TM7n6tX6iNcxFBal+VtZx9D5NR+R47A0wDd/Z7v7LvJ9KJcHa6zytRshu/w9gJRGaaauqFVmLnAQCIK4z/SRjnl8P8PUmkzTDsd4//Mz6ANmMnEFlm/HerrJaxx/e0+6iz3jN+9meFVeIodS3K96xSVwJFq0qXS3Ly0V69dnX3Sb2a6K1uBZli6+656rtuWyOT7Zuju97oszYdoDFy25dcGxZsG7Zz8l8bb43FzBfz1dwzqT6o+mf+V24Ze5jckUp7jpTP/1r+Hl0rU18qp5VnXCXnQw3BwFaW1JNG1mLYZ9cFgrQoTxe12hPlW7dVELXWN2q7IGq9N6rTm/MjJ828N3fNhn7qk3Yy8//EftubGubMtGVcydAzBran7EqmbjwxF91bhxf6lkxGbhKO750e6oZWnr189fhBvV57ysYIG6/Dlzkt+Qy70e4E05LP3G7YLzlK7eW/7plR/irhH+sc9GMGcm9mXth5l/Hrv/Z65fNCuH1nn9IB8/RW0c4zK6CtnLXBqns+lb+C62LcpYclmbxbEcOuuS5dkS4PU6OXhjznhNnRN93n+j8AAAAAAAAAAAAAAAAAAMCsGd+/HFSU91HsNgIAAAAAAAAAAAAAAAAAAAAAMOum7vd/78i/4vd/gYn7HQAA//8NSnOZ")
open(&(0x7f0000000080)='./file1\x00', 0x145142, 0x19)
program crashed: kernel BUG in hfs_write_inode
validation run: crashed=true
reproducing took 25m53.326231354s
repro crashed as (corrupted=false):
------------[ cut here ]------------
kernel BUG at fs/hfs/inode.c:456!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 2152 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:hfs_write_inode+0x86f/0x8a0 fs/hfs/inode.c:456
Code: 69 32 0c 89 de 81 e6 00 00 00 40 31 ff e8 a9 a1 27 ff 81 e3 00 00 00 40 75 12 e8 ec 9c 27 ff e9 55 f8 ff ff e8 e2 9c 27 ff 90 <0f> 0b e8 da 9c 27 ff e8 25 64 9a fe e9 3e f8 ff ff 44 89 f1 80 e1
RSP: 0018:ffffc9000629f180 EFLAGS: 00010293
RAX: ffffffff82980f4e RBX: ffff888058fe9048 RCX: ffff888029395ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000629f308 R08: ffff888029395ac0 R09: 0000000000000003
R10: 0000000000000100 R11: 0000000000000004 R12: dffffc0000000000
R13: 1ffff92000c53e34 R14: 0000000000000000 R15: ffff888058fe9008
FS: 0000000000000000(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a4e6836b30 CR3: 0000000020f96000 CR4: 00000000003526f0
Call Trace:
write_inode fs/fs-writeback.c:1582 [inline]
__writeback_single_inode+0x7e4/0x1240 fs/fs-writeback.c:1802
writeback_sb_inodes+0x8c8/0x1840 fs/fs-writeback.c:2030
wb_writeback+0x42b/0xaa0 fs/fs-writeback.c:2216
wb_do_writeback fs/fs-writeback.c:2363 [inline]
wb_workfn+0x3fe/0xee0 fs/fs-writeback.c:2403
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_write_inode+0x86f/0x8a0 fs/hfs/inode.c:456
Code: 69 32 0c 89 de 81 e6 00 00 00 40 31 ff e8 a9 a1 27 ff 81 e3 00 00 00 40 75 12 e8 ec 9c 27 ff e9 55 f8 ff ff e8 e2 9c 27 ff 90 <0f> 0b e8 da 9c 27 ff e8 25 64 9a fe e9 3e f8 ff ff 44 89 f1 80 e1
RSP: 0018:ffffc9000629f180 EFLAGS: 00010293
RAX: ffffffff82980f4e RBX: ffff888058fe9048 RCX: ffff888029395ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000629f308 R08: ffff888029395ac0 R09: 0000000000000003
R10: 0000000000000100 R11: 0000000000000004 R12: dffffc0000000000
R13: 1ffff92000c53e34 R14: 0000000000000000 R15: ffff888058fe9008
FS: 0000000000000000(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a4e6836b30 CR3: 0000000020f96000 CR4: 00000000003526f0
final repro crashed as (corrupted=false):
------------[ cut here ]------------
kernel BUG at fs/hfs/inode.c:456!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 1 UID: 0 PID: 2152 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT_{RT,(full)}
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:hfs_write_inode+0x86f/0x8a0 fs/hfs/inode.c:456
Code: 69 32 0c 89 de 81 e6 00 00 00 40 31 ff e8 a9 a1 27 ff 81 e3 00 00 00 40 75 12 e8 ec 9c 27 ff e9 55 f8 ff ff e8 e2 9c 27 ff 90 <0f> 0b e8 da 9c 27 ff e8 25 64 9a fe e9 3e f8 ff ff 44 89 f1 80 e1
RSP: 0018:ffffc9000629f180 EFLAGS: 00010293
RAX: ffffffff82980f4e RBX: ffff888058fe9048 RCX: ffff888029395ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000629f308 R08: ffff888029395ac0 R09: 0000000000000003
R10: 0000000000000100 R11: 0000000000000004 R12: dffffc0000000000
R13: 1ffff92000c53e34 R14: 0000000000000000 R15: ffff888058fe9008
FS: 0000000000000000(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a4e6836b30 CR3: 0000000020f96000 CR4: 00000000003526f0
Call Trace:
write_inode fs/fs-writeback.c:1582 [inline]
__writeback_single_inode+0x7e4/0x1240 fs/fs-writeback.c:1802
writeback_sb_inodes+0x8c8/0x1840 fs/fs-writeback.c:2030
wb_writeback+0x42b/0xaa0 fs/fs-writeback.c:2216
wb_do_writeback fs/fs-writeback.c:2363 [inline]
wb_workfn+0x3fe/0xee0 fs/fs-writeback.c:2403
process_one_work kernel/workqueue.c:3257 [inline]
process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_write_inode+0x86f/0x8a0 fs/hfs/inode.c:456
Code: 69 32 0c 89 de 81 e6 00 00 00 40 31 ff e8 a9 a1 27 ff 81 e3 00 00 00 40 75 12 e8 ec 9c 27 ff e9 55 f8 ff ff e8 e2 9c 27 ff 90 <0f> 0b e8 da 9c 27 ff e8 25 64 9a fe e9 3e f8 ff ff 44 89 f1 80 e1
RSP: 0018:ffffc9000629f180 EFLAGS: 00010293
RAX: ffffffff82980f4e RBX: ffff888058fe9048 RCX: ffff888029395ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc9000629f308 R08: ffff888029395ac0 R09: 0000000000000003
R10: 0000000000000100 R11: 0000000000000004 R12: dffffc0000000000
R13: 1ffff92000c53e34 R14: 0000000000000000 R15: ffff888058fe9008
FS: 0000000000000000(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a4e6836b30 CR3: 0000000020f96000 CR4: 00000000003526f0