Extracting prog: 1m27.540202666s
Minimizing prog: 4m8.076054946s
Simplifying prog options: 0s
Extracting C: 1m3.261042367s
Simplifying C: 18m4.722293662s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0x84, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYRESDEC], 0x89, 0x2c9, &(0x7f0000002100)="$eJzs3c1qE10cx/HfmUmT9GmfOtqKIC6kWnQlbd2Im4AU8RLcKGoToRharBXUjcG1eAHu3XgBXoQrEVzrypUX0F3knJw0Z5KZpGlJpsXvB9JMzpzXecmc/0A6AvDPurPx89PN3/ZlpFixpNtSZFddVknSeV2ovtze29prNurDKoqlqtzLSK6kGcizud3IKmrLuRJeYj+VNB+mYTLa7XL7V9GdQJGq/j3OWhlJFX92xmHm02Sm73MrlloF9eWkMPva1ystFN0PAECxTOf6Hvnr/Lyfv0eRtOIv++H1/8f/Bff3eK5pv+guFCy4/rsoq23s/j3jVvXiPRfC2fVRN0octx07eSyrc2SlJpgmHVUOBouuL9Hs061m48bmTrMe6Z1qjgnjwiVJNdV9zOqlejtY9XJGWlpZebWNZc6NYcaOYb3X/1otyLKY1ejRWxzNfDXfzEOT6KPqB/O/UtuEY/Z76u5Mr/+redXtPH9g35NOrpxRnnWNXExv2KGjjPMiEvkt1Y6VvkGQpPtZzixVVl+pzujW8lry9SxmllofUWrJlvoclOodzfklJ818MPfNsv7oizaC+X9kt/aKBs/M7EpcTn9kDB1PyeVMwqTWpcyc0fhjwZh62/i9nuiWFl68fvPscbPZ2LUL9nzbTaVMbkFTbIuFvoXuQXBS+nO0BfsdG6YoaeyWJtJW1J9SPvamq2pUnkqYORjp+r3Ozgsyd0/rQ7TevYE3sofT/FpCUXo7PT/P22l2CNNmvzxMJ/4L4pVVFyLZP8mQeXp71LQtqHEtIzaoHGT8L6jJ+Pvz+RHQXGYE19IYMdeV69LVIHFEzJXonDQ7dKynidnQdz3i/j8AAAAAAAAAAAAAAAAAAMBpM41fawTN8R99AAAAAAAAAAAAAAAAAAAAAAA4gvzn/1Y1wef/pn4HcOjn/1aOMVAAA/4GAAD//7eZbNg=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35)

program crashed: kernel BUG in hfs_write_inode
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=51.827974675s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0x84, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYRESDEC], 0x89, 0x2c9, &(0x7f0000002100)="$eJzs3c1qE10cx/HfmUmT9GmfOtqKIC6kWnQlbd2Im4AU8RLcKGoToRharBXUjcG1eAHu3XgBXoQrEVzrypUX0F3knJw0Z5KZpGlJpsXvB9JMzpzXecmc/0A6AvDPurPx89PN3/ZlpFixpNtSZFddVknSeV2ovtze29prNurDKoqlqtzLSK6kGcizud3IKmrLuRJeYj+VNB+mYTLa7XL7V9GdQJGq/j3OWhlJFX92xmHm02Sm73MrlloF9eWkMPva1ystFN0PAECxTOf6Hvnr/Lyfv0eRtOIv++H1/8f/Bff3eK5pv+guFCy4/rsoq23s/j3jVvXiPRfC2fVRN0octx07eSyrc2SlJpgmHVUOBouuL9Hs061m48bmTrMe6Z1qjgnjwiVJNdV9zOqlejtY9XJGWlpZebWNZc6NYcaOYb3X/1otyLKY1ejRWxzNfDXfzEOT6KPqB/O/UtuEY/Z76u5Mr/+redXtPH9g35NOrpxRnnWNXExv2KGjjPMiEvkt1Y6VvkGQpPtZzixVVl+pzujW8lry9SxmllofUWrJlvoclOodzfklJ818MPfNsv7oizaC+X9kt/aKBs/M7EpcTn9kDB1PyeVMwqTWpcyc0fhjwZh62/i9nuiWFl68fvPscbPZ2LUL9nzbTaVMbkFTbIuFvoXuQXBS+nO0BfsdG6YoaeyWJtJW1J9SPvamq2pUnkqYORjp+r3Ozgsyd0/rQ7TevYE3sofT/FpCUXo7PT/P22l2CNNmvzxMJ/4L4pVVFyLZP8mQeXp71LQtqHEtIzaoHGT8L6jJ+Pvz+RHQXGYE19IYMdeV69LVIHFEzJXonDQ7dKynidnQdz3i/j8AAAAAAAAAAAAAAAAAAMBpM41fawTN8R99AAAAAAAAAAAAAAAAAAAAAAA4gvzn/1Y1wef/pn4HcOjn/1aOMVAAA/4GAAD//7eZbNg=")

program did not crash
testing program (duration=51.827974675s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat
detailed listing:
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35)

program did not crash
testing program (duration=51.827974675s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000000340), &(0x7f0000000080)='./file0\x00', 0x84, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYRESDEC], 0x89, 0x2c9, &(0x7f0000002100)="$eJzs3c1qE10cx/HfmUmT9GmfOtqKIC6kWnQlbd2Im4AU8RLcKGoToRharBXUjcG1eAHu3XgBXoQrEVzrypUX0F3knJw0Z5KZpGlJpsXvB9JMzpzXecmc/0A6AvDPurPx89PN3/ZlpFixpNtSZFddVknSeV2ovtze29prNurDKoqlqtzLSK6kGcizud3IKmrLuRJeYj+VNB+mYTLa7XL7V9GdQJGq/j3OWhlJFX92xmHm02Sm73MrlloF9eWkMPva1ystFN0PAECxTOf6Hvnr/Lyfv0eRtOIv++H1/8f/Bff3eK5pv+guFCy4/rsoq23s/j3jVvXiPRfC2fVRN0octx07eSyrc2SlJpgmHVUOBouuL9Hs061m48bmTrMe6Z1qjgnjwiVJNdV9zOqlejtY9XJGWlpZebWNZc6NYcaOYb3X/1otyLKY1ejRWxzNfDXfzEOT6KPqB/O/UtuEY/Z76u5Mr/+redXtPH9g35NOrpxRnnWNXExv2KGjjPMiEvkt1Y6VvkGQpPtZzixVVl+pzujW8lry9SxmllofUWrJlvoclOodzfklJ818MPfNsv7oizaC+X9kt/aKBs/M7EpcTn9kDB1PyeVMwqTWpcyc0fhjwZh62/i9nuiWFl68fvPscbPZ2LUL9nzbTaVMbkFTbIuFvoXuQXBS+nO0BfsdG6YoaeyWJtJW1J9SPvamq2pUnkqYORjp+r3Ozgsyd0/rQ7TevYE3sofT/FpCUXo7PT/P22l2CNNmvzxMJ/4L4pVVFyLZP8mQeXp71LQtqHEtIzaoHGT8L6jJ+Pvz+RHQXGYE19IYMdeV69LVIHFEzJXonDQ7dKynidnQdz3i/j8AAAAAAAAAAAAAAAAAAMBpM41fawTN8R99AAAAAAAAAAAAAAAAAAAAAAA4gvzn/1Y1wef/pn4HcOjn/1aOMVAAA/4GAAD//7eZbNg=")
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x35)

program did not crash
extracting C reproducer
testing compiled C program (duration=51.827974675s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
simplifying C reproducer
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program did not crash
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=51.827974675s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat
program crashed: kernel BUG in hfs_write_inode
reproducing took 24m43.59964057s
repro crashed as (corrupted=false):
------------[ cut here ]------------
kernel BUG at fs/hfs/inode.c:444!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 3031 Comm: kworker/u8:9 Not tainted 6.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:hfs_write_inode+0xeb9/0xec0 fs/hfs/inode.c:444
Code: e9 88 fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9d fb ff ff e8 f7 82 82 ff e9 93 fb ff ff e8 9d 45 40 09 e8 38 a3 1e ff 90 <0f> 0b 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000b6d7260 EFLAGS: 00010293
RAX: ffffffff8280c438 RBX: 0000000000000000 RCX: ffff888030883c00
RDX: 0000000000000000 RSI: ffffffff8eb53da0 RDI: 0000000000000000
RBP: ffffc9000b6d73f0 R08: 0000000000000007 R09: ffffffff8280b6e2
R10: 0000000000000003 R11: ffff888030883c00 R12: 1ffff920016dae50
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88807d4014d8
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f66be795ed8 CR3: 0000000034458000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 write_inode fs/fs-writeback.c:1525 [inline]
 __writeback_single_inode+0x708/0x10d0 fs/fs-writeback.c:1745
 writeback_sb_inodes+0x820/0x1360 fs/fs-writeback.c:1976
 wb_writeback+0x413/0xb80 fs/fs-writeback.c:2156
 wb_do_writeback fs/fs-writeback.c:2303 [inline]
 wb_workfn+0x410/0x1080 fs/fs-writeback.c:2343
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_write_inode+0xeb9/0xec0 fs/hfs/inode.c:444
Code: e9 88 fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9d fb ff ff e8 f7 82 82 ff e9 93 fb ff ff e8 9d 45 40 09 e8 38 a3 1e ff 90 <0f> 0b 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000b6d7260 EFLAGS: 00010293
RAX: ffffffff8280c438 RBX: 0000000000000000 RCX: ffff888030883c00
RDX: 0000000000000000 RSI: ffffffff8eb53da0 RDI: 0000000000000000
RBP: ffffc9000b6d73f0 R08: 0000000000000007 R09: ffffffff8280b6e2
R10: 0000000000000003 R11: ffff888030883c00 R12: 1ffff920016dae50
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88807d4014d8
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f66be795ed8 CR3: 0000000034458000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

final repro crashed as (corrupted=false):
------------[ cut here ]------------
kernel BUG at fs/hfs/inode.c:444!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 3031 Comm: kworker/u8:9 Not tainted 6.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:hfs_write_inode+0xeb9/0xec0 fs/hfs/inode.c:444
Code: e9 88 fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9d fb ff ff e8 f7 82 82 ff e9 93 fb ff ff e8 9d 45 40 09 e8 38 a3 1e ff 90 <0f> 0b 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000b6d7260 EFLAGS: 00010293
RAX: ffffffff8280c438 RBX: 0000000000000000 RCX: ffff888030883c00
RDX: 0000000000000000 RSI: ffffffff8eb53da0 RDI: 0000000000000000
RBP: ffffc9000b6d73f0 R08: 0000000000000007 R09: ffffffff8280b6e2
R10: 0000000000000003 R11: ffff888030883c00 R12: 1ffff920016dae50
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88807d4014d8
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f66be795ed8 CR3: 0000000034458000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 write_inode fs/fs-writeback.c:1525 [inline]
 __writeback_single_inode+0x708/0x10d0 fs/fs-writeback.c:1745
 writeback_sb_inodes+0x820/0x1360 fs/fs-writeback.c:1976
 wb_writeback+0x413/0xb80 fs/fs-writeback.c:2156
 wb_do_writeback fs/fs-writeback.c:2303 [inline]
 wb_workfn+0x410/0x1080 fs/fs-writeback.c:2343
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_write_inode+0xeb9/0xec0 fs/hfs/inode.c:444
Code: e9 88 fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9d fb ff ff e8 f7 82 82 ff e9 93 fb ff ff e8 9d 45 40 09 e8 38 a3 1e ff 90 <0f> 0b 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000b6d7260 EFLAGS: 00010293
RAX: ffffffff8280c438 RBX: 0000000000000000 RCX: ffff888030883c00
RDX: 0000000000000000 RSI: ffffffff8eb53da0 RDI: 0000000000000000
RBP: ffffc9000b6d73f0 R08: 0000000000000007 R09: ffffffff8280b6e2
R10: 0000000000000003 R11: ffff888030883c00 R12: 1ffff920016dae50
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88807d4014d8
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f66be795ed8 CR3: 0000000034458000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400