Extracting prog: 1m52.026852593s
Minimizing prog: 31.13µs
Simplifying prog options: 0s
Extracting C: 28.869663235s
Simplifying C: 8m41.342898602s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
detailed listing:
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6de, &(0x7f0000003480)="$eJzs3cFvHFcdB/DvrNeON1Sp0yY0QkVYiVSQIhInVgrhgkEI5VChqhx6thKnsbpJqsRFaYXABQQnJA79AwqSbxwQEvegcOFSbr36WAmJS8Qh6mXRzM7au/ba3iT2OqGfTzSe9+bNvPnNb97MeNdZbYAvrStn07yfIlfOvnGvrK+vzbfX1+aP1M3tJGW5kTS7sxS3kuJBslC2F31T+ubbfLx8+a3PHq5/3q0166laf2Jju+mRQh6yj9V6ymzd3+zQLSdH6r/bVxVeXkhytZ4Pmhq1r4EVy6Sdqedw6DrbrG42Htlz8x2vd+DZ13s6Fd3n5jYzydH6yVzdDeq7Q2N8ER6M1cMOAAAAAMbg09uHHQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8f+rv/y/qqVHPM5ui9/3/U71ldfkZtDDymvcPNA4AAAAAAAAAGI9vPMqj3MuxXr1TVH/zP11VTuSLTvKVvJ+7WcqdnMu9LGYlK7mTC0lm+jqaure4snLnwsaWpeFbXhy65cVxHTEAAAAAAAAA/F/6VVqbf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBnQZFMdGfVdKKeZyaNZjbbspr8K8nUYcf7GIphC++PPw4AAAB4KtNPsM2Lj1rJvRzr1TtF9Zr/q9Xr5em8n1tZyXJW0s5SrtWvoctX/Y31tfn2+tr8zXIq64P9/uA/jxXGVN3DRFUbtudT1RqtXM9yteRcrlbBXEuju+8zyalePH1x9fmojKn4fm3EyJp1Wsud/WGndxH2xeBbEY1d1mxtBpdsZGSujq3c8ng3A0X1Rk2yNRN7np3mQG2m6nVyY08X0th45+fEAeT8aD0vj+e3B5rzx7WRiUaqTFzsjb7ymtk9E8k3//bnt2+0b7174/rds8/OIe1hYoflW8fEfF8mXnmuM9F8zPXnqkyc3KhfyY/z05zNbN7MnSznZ1nMSpbSqdsX6/Fc/pzZPVMLA7U394pkqj4v3XM2Skyz+VFVWszpattjWU6R27mWpbxe/buYC/lOLuVSLved4ZM7xl0dW3XVN7Ze9b0z/fehwZ/5Vl0o726/27zLLex2xDuNzv3SvfeXeT3el9fuqH+4sdbxvutgri9LL/WyMzm08ye5Nza/VhfKffx6j+fEeM3UmSgvoN5Tohfdy91MNKtn0fZx/sdOuV3atzqdG4vv7dD/6pb6a/W8HFZrX99r7Z7hp2J/lePlpUzXd5LB0VG2vbxxl+lr62yO5W7b4BO33O5k1VYUvSv1J7ldDYDtV+pU/Tvc9p4uVm2vDG2br9pO9bUN/L6V22nn2hjyB8CT+OfbG8WZHJ1q/bv1aeuT1m9aN1pvTP/wyHePvDqVyX9Mfq85N/Fa49Xir/kkv9h8/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADy5ux98+O5iu710Z3ihsXPTQKGVrUt26vnI8H6K+gt9RtjXc1GYTjKwpPqeo7GH0doaxrZC55fJ2PPT+xLB4ev8viw0t42oYYWFgSV/2d7hR48ZYTHadXGAhUbGu9OJDB8Ae946Oi8e6J0JOGjnV26+d/7uBx9+e/nm4jtL7yzdmrx06fLc5Uuvz5+/vtxemuv+POwogYOw+dA/7EgAAAAAAAAAAACAUQ37YMDpF3b90MjEiJ/x8D8LAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH1x5Wya91Pkwty5ubK+vjbfLqdeeXPNZpJGIyl+nhQPkoV0p8z0dVfkTw/S6VswUc8/Xr781mcP1z/f7KvZXT9p1POd7d6aZLWeMlvvcnbkBOzaX7Xjq0/dX/Hf3jGUCfui0+ksPF18sD/+FwAA//9ym/RV")

program crashed: WARNING in hfsplus_bnode_create
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
extracting C reproducer
testing compiled C program (duration=57.241834098s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: WARNING in hfsplus_bnode_create
simplifying C reproducer
testing compiled C program (duration=57.241834098s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: WARNING in hfsplus_bnode_create
testing compiled C program (duration=57.241834098s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: WARNING in hfsplus_bnode_create
testing compiled C program (duration=57.241834098s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: WARNING in hfsplus_bnode_create
testing compiled C program (duration=57.241834098s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: WARNING in hfsplus_bnode_create
testing compiled C program (duration=57.241834098s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: WARNING in hfsplus_bnode_create
testing compiled C program (duration=57.241834098s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: WARNING in hfsplus_bnode_create
testing compiled C program (duration=57.241834098s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus
program crashed: WARNING in hfsplus_bnode_create
reproducing took 11m2.239465331s
repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
hfsplus: new node 0 already hashed?
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5822 at fs/hfsplus/bnode.c:573 hfsplus_bnode_create+0x3b6/0x440 fs/hfsplus/bnode.c:573
Modules linked in:
CPU: 1 UID: 0 PID: 5822 Comm: syz-executor425 Not tainted 6.12.0-rc5-syzkaller-00047-g4236f913808c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:hfsplus_bnode_create+0x3b6/0x440 fs/hfsplus/bnode.c:573
Code: 44 89 e6 e8 2c b2 37 09 e9 78 fd ff ff e8 d2 33 11 ff 4c 89 ff e8 3a 79 44 09 48 c7 c7 40 1c 22 8c 44 89 e6 e8 0b b2 37 09 90 <0f> 0b 90 eb af 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 83 fc ff ff 48
RSP: 0018:ffffc90003d66f58 EFLAGS: 00010246
RAX: 0000000000000023 RBX: ffff88801daf2c00 RCX: e16ce92aac9faf00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8174a0ec R09: 1ffff920007acd88
R10: dffffc0000000000 R11: fffff520007acd89 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88807d6e6000 R15: ffff88807d6e60e0
FS:  0000555569d65380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffee9bd4000 CR3: 000000007620e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hfsplus_bmap_alloc+0x59a/0x640 fs/hfsplus/btree.c:415
 hfs_bnode_split+0xde/0x1110 fs/hfsplus/brec.c:245
 hfsplus_brec_insert+0x3a6/0xde0 fs/hfsplus/brec.c:100
 hfsplus_create_cat+0x49f/0x1b70 fs/hfsplus/catalog.c:292
 hfsplus_fill_super+0x13ee/0x1ca0 fs/hfsplus/super.c:566
 mount_bdev+0x20a/0x2d0 fs/super.c:1679
 legacy_get_tree+0xee/0x190 fs/fs_context.c:662
 vfs_get_tree+0x90/0x2b0 fs/super.c:1800
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f76380a497a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffee9bd3a68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffee9bd3a80 RCX: 00007f76380a497a
RDX: 0000000020000100 RSI: 0000000020002900 RDI: 00007ffee9bd3a80
RBP: 0000000000000004 R08: 00007ffee9bd3ac0 R09: 00000000000006d8
R10: 0000000002000010 R11: 0000000000000286 R12: 0000000002000010
R13: 00007ffee9bd3ac0 R14: 0000000000000003 R15: 0000000000080000
 </TASK>

final repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 1024
hfsplus: new node 0 already hashed?
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5822 at fs/hfsplus/bnode.c:573 hfsplus_bnode_create+0x3b6/0x440 fs/hfsplus/bnode.c:573
Modules linked in:
CPU: 1 UID: 0 PID: 5822 Comm: syz-executor425 Not tainted 6.12.0-rc5-syzkaller-00047-g4236f913808c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:hfsplus_bnode_create+0x3b6/0x440 fs/hfsplus/bnode.c:573
Code: 44 89 e6 e8 2c b2 37 09 e9 78 fd ff ff e8 d2 33 11 ff 4c 89 ff e8 3a 79 44 09 48 c7 c7 40 1c 22 8c 44 89 e6 e8 0b b2 37 09 90 <0f> 0b 90 eb af 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 83 fc ff ff 48
RSP: 0018:ffffc90003d66f58 EFLAGS: 00010246
RAX: 0000000000000023 RBX: ffff88801daf2c00 RCX: e16ce92aac9faf00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8174a0ec R09: 1ffff920007acd88
R10: dffffc0000000000 R11: fffff520007acd89 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88807d6e6000 R15: ffff88807d6e60e0
FS:  0000555569d65380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffee9bd4000 CR3: 000000007620e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hfsplus_bmap_alloc+0x59a/0x640 fs/hfsplus/btree.c:415
 hfs_bnode_split+0xde/0x1110 fs/hfsplus/brec.c:245
 hfsplus_brec_insert+0x3a6/0xde0 fs/hfsplus/brec.c:100
 hfsplus_create_cat+0x49f/0x1b70 fs/hfsplus/catalog.c:292
 hfsplus_fill_super+0x13ee/0x1ca0 fs/hfsplus/super.c:566
 mount_bdev+0x20a/0x2d0 fs/super.c:1679
 legacy_get_tree+0xee/0x190 fs/fs_context.c:662
 vfs_get_tree+0x90/0x2b0 fs/super.c:1800
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f76380a497a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffee9bd3a68 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffee9bd3a80 RCX: 00007f76380a497a
RDX: 0000000020000100 RSI: 0000000020002900 RDI: 00007ffee9bd3a80
RBP: 0000000000000004 R08: 00007ffee9bd3ac0 R09: 00000000000006d8
R10: 0000000002000010 R11: 0000000000000286 R12: 0000000002000010
R13: 00007ffee9bd3ac0 R14: 0000000000000003 R15: 0000000000080000
 </TASK>