Extracting prog: 1m15.926336474s Minimizing prog: 7m56.925108962s Simplifying prog options: 0s Extracting C: 30.622572571s Simplifying C: 8m18.467148352s 1 programs, timeouts [30s 6m0s] extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr detailed listing: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa08800, &(0x7f0000000140)=ANY=[], 0x1, 0x671, &(0x7f0000000a40)="$eJzs3c1rHOcdB/DvrFay5IKjJHbilkBFDGmpqS1ZKK16idtD0SGU4B5CoRdhy7HwWgmSUpRQivp+7SF/QHrQodBToXdDCj21veWqUwkUeslJN5eZnZVWllfZlSWt1Xw+ZnaemWeel/nNzDM7WswE+NJauJrmwxRZuPrmRrm8vTXb2t6aPVdnt5KU6UbSbM9SrCTFJ8nNtKd8tVxZb1/0auej5flbn36+/Vl7qVlP1faNw8r1Z7OeMpVkpJ4fNHqk+m73rO9wi7upYncPy4Bd6QQOhu3RAZuDFH/K6xZ4FhTt++YBk8n5JOP194DUo0PjdHt3/AYa5QAAAOCMem4nO9nIhWH3AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM6S+v3/RT01OumpFJ33/4/V61KnbzWG3Oen8XDYHQAAAAAAAACAY/D1nexkIxc6y4/av+y/Wn1erD6/kvezlqWs5lo2spj1rGc1M0kmuyoa21hcX1+d6aPkjSeWvHEaewsAAAAAAAAA/7d+lYW93/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBZUCQj7Vk1XeykJ9NoJhlPMlZut5n8q5M+I4onrXx4+v0AAACApzJ+hDLP7WQnG7nQWX5UVM/8L1XPy+N5PytZz3LW08pS7tTP0OVTf2N7a7a1vTX7YHtrtmr4p4/a2vV8/78DdaOqMe2/PTy55cvVFhO5m+VqzbXcrjpzJ42qZOly3Z/daX8jvyz7NPFGrc+e3annZWN/6PVXhOPQGLTAZFVodDci03XfyoqePzwSX3h0moe2NJPG7l9+Lh7SUmeXigFjfr5TLsnvHov5G//+00/6rOYE7EaikSoSN7rOvpcOj3nyjb/++e17rZX79+6uXT2x0+i0PH5OzHZF4uUzHYnmgNtPV5G4tLu8kB/mx7maqbyV1SznZ1nMepZSj4xZrM/n8nOyK0rJgUjd3Lf01hf1ZKw+Lu1RtJ8+TeVclVrMq1XZC1lOkXdzJ0t5vfp3IzP5TuYyl/muI3yp5xGu9q0aaRuDXfVXvpm9S/335UjdX7nk7/1uOLj2LbWM6/Ndce0ecyervO41e1F6oY/70YBjY/NrdaJs49dHuW2cmMcjMdMViRcPj8Qfq2tjrbVyf/Xe4ns96t98bPm10b30b0/yzjyw8nx5IeP1SLL/7CjzXtwdZfbHa6z+xaWd1ziQd6nKK4rOlfqjnlfqWP0d7mBNN6q8lw/mjXR6frkrb9/3rbz7j+HEE4ABnf/W+bGJ/0z8c+Ljid9M3Jt4c/wH57577pWxjP5t9HvN6ZHXGq8Uf8nH+cXe8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB0ax98eH+x1VpafXKi0TvreBNF/SKfXts0M5FT6MZpJopk89hrzvD3q49E5yWCT1vP2zefid0504mRJJ01I9nLqg/RUV4uCpwJ19cfvHd97YMPv738YPGdpXeWVkbn5uan5+den71+d7m1NN3+HHYvgZOw931g2D0BAAAAAAAAAAAA+nUa/9Ogq7mpIe4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEYtXE1zNEVmpq9Nl8vbW7Otcuqk97ZsJmk0kuLnSfFJcjPtKZNd1RW92vloef7Wp59vf7ZXV7OzfeOwcv3ZrKdMJRmp5weMHa2+273q61uxu4dlwK50AgfD9r8AAAD//4uaBUc=") setxattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='user.incfs.id\x00', 0x0, 0x0, 0x0) program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read single: successfully extracted reproducer found reproducer with 2 syscalls minimizing guilty program testing program (duration=1m7.223972695s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus detailed listing: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa08800, &(0x7f0000000140)=ANY=[], 0x1, 0x671, &(0x7f0000000a40)="$eJzs3c1rHOcdB/DvrFay5IKjJHbilkBFDGmpqS1ZKK16idtD0SGU4B5CoRdhy7HwWgmSUpRQivp+7SF/QHrQodBToXdDCj21veWqUwkUeslJN5eZnZVWllfZlSWt1Xw+ZnaemWeel/nNzDM7WswE+NJauJrmwxRZuPrmRrm8vTXb2t6aPVdnt5KU6UbSbM9SrCTFJ8nNtKd8tVxZb1/0auej5flbn36+/Vl7qVlP1faNw8r1Z7OeMpVkpJ4fNHqk+m73rO9wi7upYncPy4Bd6QQOhu3RAZuDFH/K6xZ4FhTt++YBk8n5JOP194DUo0PjdHt3/AYa5QAAAOCMem4nO9nIhWH3AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM6S+v3/RT01OumpFJ33/4/V61KnbzWG3Oen8XDYHQAAAAAAAACAY/D1nexkIxc6y4/av+y/Wn1erD6/kvezlqWs5lo2spj1rGc1M0kmuyoa21hcX1+d6aPkjSeWvHEaewsAAAAAAAAA/7d+lYW93/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBZUCQj7Vk1XeykJ9NoJhlPMlZut5n8q5M+I4onrXx4+v0AAACApzJ+hDLP7WQnG7nQWX5UVM/8L1XPy+N5PytZz3LW08pS7tTP0OVTf2N7a7a1vTX7YHtrtmr4p4/a2vV8/78DdaOqMe2/PTy55cvVFhO5m+VqzbXcrjpzJ42qZOly3Z/daX8jvyz7NPFGrc+e3annZWN/6PVXhOPQGLTAZFVodDci03XfyoqePzwSX3h0moe2NJPG7l9+Lh7SUmeXigFjfr5TLsnvHov5G//+00/6rOYE7EaikSoSN7rOvpcOj3nyjb/++e17rZX79+6uXT2x0+i0PH5OzHZF4uUzHYnmgNtPV5G4tLu8kB/mx7maqbyV1SznZ1nMepZSj4xZrM/n8nOyK0rJgUjd3Lf01hf1ZKw+Lu1RtJ8+TeVclVrMq1XZC1lOkXdzJ0t5vfp3IzP5TuYyl/muI3yp5xGu9q0aaRuDXfVXvpm9S/335UjdX7nk7/1uOLj2LbWM6/Ndce0ecyervO41e1F6oY/70YBjY/NrdaJs49dHuW2cmMcjMdMViRcPj8Qfq2tjrbVyf/Xe4ns96t98bPm10b30b0/yzjyw8nx5IeP1SLL/7CjzXtwdZfbHa6z+xaWd1ziQd6nKK4rOlfqjnlfqWP0d7mBNN6q8lw/mjXR6frkrb9/3rbz7j+HEE4ABnf/W+bGJ/0z8c+Ljid9M3Jt4c/wH57577pWxjP5t9HvN6ZHXGq8Uf8nH+cXe8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB0ax98eH+x1VpafXKi0TvreBNF/SKfXts0M5FT6MZpJopk89hrzvD3q49E5yWCT1vP2zefid0504mRJJ01I9nLqg/RUV4uCpwJ19cfvHd97YMPv738YPGdpXeWVkbn5uan5+den71+d7m1NN3+HHYvgZOw931g2D0BAAAAAAAAAAAA+nUa/9Ogq7mpIe4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEYtXE1zNEVmpq9Nl8vbW7Otcuqk97ZsJmk0kuLnSfFJcjPtKZNd1RW92vloef7Wp59vf7ZXV7OzfeOwcv3ZrKdMJRmp5weMHa2+273q61uxu4dlwK50AgfD9r8AAAD//4uaBUc=") program did not crash testing program (duration=1m7.223972695s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setxattr detailed listing: executing program 0: setxattr(&(0x7f0000000240)='./file1\x00', &(0x7f00000000c0)=@known='user.incfs.id\x00', 0x0, 0x0, 0x0) program did not crash testing program (duration=1m7.223972695s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr detailed listing: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa08800, &(0x7f0000000140)=ANY=[], 0x1, 0x671, &(0x7f0000000a40)="$eJzs3c1rHOcdB/DvrFay5IKjJHbilkBFDGmpqS1ZKK16idtD0SGU4B5CoRdhy7HwWgmSUpRQivp+7SF/QHrQodBToXdDCj21veWqUwkUeslJN5eZnZVWllfZlSWt1Xw+ZnaemWeel/nNzDM7WswE+NJauJrmwxRZuPrmRrm8vTXb2t6aPVdnt5KU6UbSbM9SrCTFJ8nNtKd8tVxZb1/0auej5flbn36+/Vl7qVlP1faNw8r1Z7OeMpVkpJ4fNHqk+m73rO9wi7upYncPy4Bd6QQOhu3RAZuDFH/K6xZ4FhTt++YBk8n5JOP194DUo0PjdHt3/AYa5QAAAOCMem4nO9nIhWH3AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM6S+v3/RT01OumpFJ33/4/V61KnbzWG3Oen8XDYHQAAAAAAAACAY/D1nexkIxc6y4/av+y/Wn1erD6/kvezlqWs5lo2spj1rGc1M0kmuyoa21hcX1+d6aPkjSeWvHEaewsAAAAAAAAA/7d+lYW93/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBZUCQj7Vk1XeykJ9NoJhlPMlZut5n8q5M+I4onrXx4+v0AAACApzJ+hDLP7WQnG7nQWX5UVM/8L1XPy+N5PytZz3LW08pS7tTP0OVTf2N7a7a1vTX7YHtrtmr4p4/a2vV8/78DdaOqMe2/PTy55cvVFhO5m+VqzbXcrjpzJ42qZOly3Z/daX8jvyz7NPFGrc+e3annZWN/6PVXhOPQGLTAZFVodDci03XfyoqePzwSX3h0moe2NJPG7l9+Lh7SUmeXigFjfr5TLsnvHov5G//+00/6rOYE7EaikSoSN7rOvpcOj3nyjb/++e17rZX79+6uXT2x0+i0PH5OzHZF4uUzHYnmgNtPV5G4tLu8kB/mx7maqbyV1SznZ1nMepZSj4xZrM/n8nOyK0rJgUjd3Lf01hf1ZKw+Lu1RtJ8+TeVclVrMq1XZC1lOkXdzJ0t5vfp3IzP5TuYyl/muI3yp5xGu9q0aaRuDXfVXvpm9S/335UjdX7nk7/1uOLj2LbWM6/Ndce0ecyervO41e1F6oY/70YBjY/NrdaJs49dHuW2cmMcjMdMViRcPj8Qfq2tjrbVyf/Xe4ns96t98bPm10b30b0/yzjyw8nx5IeP1SLL/7CjzXtwdZfbHa6z+xaWd1ziQd6nKK4rOlfqjnlfqWP0d7mBNN6q8lw/mjXR6frkrb9/3rbz7j+HEE4ABnf/W+bGJ/0z8c+Ljid9M3Jt4c/wH57577pWxjP5t9HvN6ZHXGq8Uf8nH+cXe8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB0ax98eH+x1VpafXKi0TvreBNF/SKfXts0M5FT6MZpJopk89hrzvD3q49E5yWCT1vP2zefid0504mRJJ01I9nLqg/RUV4uCpwJ19cfvHd97YMPv738YPGdpXeWVkbn5uan5+den71+d7m1NN3+HHYvgZOw931g2D0BAAAAAAAAAAAA+nUa/9Ogq7mpIe4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEYtXE1zNEVmpq9Nl8vbW7Otcuqk97ZsJmk0kuLnSfFJcjPtKZNd1RW92vloef7Wp59vf7ZXV7OzfeOwcv3ZrKdMJRmp5weMHa2+273q61uxu4dlwK50AgfD9r8AAAD//4uaBUc=") setxattr(0x0, &(0x7f00000000c0)=@known='user.incfs.id\x00', 0x0, 0x0, 0x0) program did not crash testing program (duration=1m7.223972695s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr detailed listing: executing program 0: syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0xa08800, &(0x7f0000000140)=ANY=[], 0x1, 0x671, &(0x7f0000000a40)="$eJzs3c1rHOcdB/DvrFay5IKjJHbilkBFDGmpqS1ZKK16idtD0SGU4B5CoRdhy7HwWgmSUpRQivp+7SF/QHrQodBToXdDCj21veWqUwkUeslJN5eZnZVWllfZlSWt1Xw+ZnaemWeel/nNzDM7WswE+NJauJrmwxRZuPrmRrm8vTXb2t6aPVdnt5KU6UbSbM9SrCTFJ8nNtKd8tVxZb1/0auej5flbn36+/Vl7qVlP1faNw8r1Z7OeMpVkpJ4fNHqk+m73rO9wi7upYncPy4Bd6QQOhu3RAZuDFH/K6xZ4FhTt++YBk8n5JOP194DUo0PjdHt3/AYa5QAAAOCMem4nO9nIhWH3AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM6S+v3/RT01OumpFJ33/4/V61KnbzWG3Oen8XDYHQAAAAAAAACAY/D1nexkIxc6y4/av+y/Wn1erD6/kvezlqWs5lo2spj1rGc1M0kmuyoa21hcX1+d6aPkjSeWvHEaewsAAAAAAAAA/7d+lYW93/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBZUCQj7Vk1XeykJ9NoJhlPMlZut5n8q5M+I4onrXx4+v0AAACApzJ+hDLP7WQnG7nQWX5UVM/8L1XPy+N5PytZz3LW08pS7tTP0OVTf2N7a7a1vTX7YHtrtmr4p4/a2vV8/78DdaOqMe2/PTy55cvVFhO5m+VqzbXcrjpzJ42qZOly3Z/daX8jvyz7NPFGrc+e3annZWN/6PVXhOPQGLTAZFVodDci03XfyoqePzwSX3h0moe2NJPG7l9+Lh7SUmeXigFjfr5TLsnvHov5G//+00/6rOYE7EaikSoSN7rOvpcOj3nyjb/++e17rZX79+6uXT2x0+i0PH5OzHZF4uUzHYnmgNtPV5G4tLu8kB/mx7maqbyV1SznZ1nMepZSj4xZrM/n8nOyK0rJgUjd3Lf01hf1ZKw+Lu1RtJ8+TeVclVrMq1XZC1lOkXdzJ0t5vfp3IzP5TuYyl/muI3yp5xGu9q0aaRuDXfVXvpm9S/335UjdX7nk7/1uOLj2LbWM6/Ndce0ecyervO41e1F6oY/70YBjY/NrdaJs49dHuW2cmMcjMdMViRcPj8Qfq2tjrbVyf/Xe4ns96t98bPm10b30b0/yzjyw8nx5IeP1SLL/7CjzXtwdZfbHa6z+xaWd1ziQd6nKK4rOlfqjnlfqWP0d7mBNN6q8lw/mjXR6frkrb9/3rbz7j+HEE4ABnf/W+bGJ/0z8c+Ljid9M3Jt4c/wH57577pWxjP5t9HvN6ZHXGq8Uf8nH+cXe8z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB0ax98eH+x1VpafXKi0TvreBNF/SKfXts0M5FT6MZpJopk89hrzvD3q49E5yWCT1vP2zefid0504mRJJ01I9nLqg/RUV4uCpwJ19cfvHd97YMPv738YPGdpXeWVkbn5uan5+den71+d7m1NN3+HHYvgZOw931g2D0BAAAAAAAAAAAA+nUa/9Ogq7mpIe4qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEYtXE1zNEVmpq9Nl8vbW7Otcuqk97ZsJmk0kuLnSfFJcjPtKZNd1RW92vloef7Wp59vf7ZXV7OzfeOwcv3ZrKdMJRmp5weMHa2+273q61uxu4dlwK50AgfD9r8AAAD//4uaBUc=") setxattr(&(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=1m7.223972695s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read simplifying C reproducer testing compiled C program (duration=1m7.223972695s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read testing compiled C program (duration=1m7.223972695s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read testing compiled C program (duration=1m7.223972695s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read testing compiled C program (duration=1m7.223972695s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read testing compiled C program (duration=1m7.223972695s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read testing compiled C program (duration=1m7.223972695s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read testing compiled C program (duration=1m7.223972695s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfsplus-setxattr program crashed: KASAN: slab-out-of-bounds Write in hfsplus_bnode_read reproducing took 18m1.941202119s repro crashed as (corrupted=false): loop0: detected capacity change from 0 to 1024 ================================================================== BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x120/0x24c fs/hfsplus/bnode.c:32 Write of size 4026 at addr ffff0000cb9b2800 by task syz-executor409/4015 CPU: 1 PID: 4015 Comm: syz-executor409 Not tainted 5.15.167-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0x174/0x1e4 mm/kasan/report.c:451 kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189 memcpy+0xb4/0xe8 mm/kasan/shadow.c:66 hfsplus_bnode_read+0x120/0x24c fs/hfsplus/bnode.c:32 hfsplus_bnode_read_key+0x170/0x278 fs/hfsplus/bnode.c:72 hfsplus_brec_insert+0x520/0xaa0 fs/hfsplus/brec.c:141 hfsplus_create_attr+0x3b0/0x568 fs/hfsplus/attributes.c:252 __hfsplus_setxattr+0x9a8/0x1df0 fs/hfsplus/xattr.c:354 hfsplus_setxattr+0xb4/0xec fs/hfsplus/xattr.c:434 hfsplus_user_setxattr+0x54/0x6c fs/hfsplus/xattr_user.c:30 __vfs_setxattr+0x388/0x3a4 fs/xattr.c:182 __vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216 __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277 vfs_setxattr+0x1a8/0x344 fs/xattr.c:303 do_setxattr fs/xattr.c:588 [inline] setxattr+0x250/0x2b4 fs/xattr.c:611 path_setxattr+0x17c/0x258 fs/xattr.c:630 __do_sys_setxattr fs/xattr.c:646 [inline] __se_sys_setxattr fs/xattr.c:642 [inline] __arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 Allocated by task 4015: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] ____kasan_kmalloc+0xbc/0xfc mm/kasan/common.c:513 __kasan_kmalloc+0x10/0x1c mm/kasan/common.c:522 kasan_kmalloc include/linux/kasan.h:264 [inline] __kmalloc+0x29c/0x4c8 mm/slub.c:4407 kmalloc include/linux/slab.h:596 [inline] hfsplus_find_init+0x84/0x1bc fs/hfsplus/bfind.c:21 hfsplus_create_attr+0x14c/0x568 fs/hfsplus/attributes.c:216 __hfsplus_setxattr+0x9a8/0x1df0 fs/hfsplus/xattr.c:354 hfsplus_setxattr+0xb4/0xec fs/hfsplus/xattr.c:434 hfsplus_user_setxattr+0x54/0x6c fs/hfsplus/xattr_user.c:30 __vfs_setxattr+0x388/0x3a4 fs/xattr.c:182 __vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216 __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277 vfs_setxattr+0x1a8/0x344 fs/xattr.c:303 do_setxattr fs/xattr.c:588 [inline] setxattr+0x250/0x2b4 fs/xattr.c:611 path_setxattr+0x17c/0x258 fs/xattr.c:630 __do_sys_setxattr fs/xattr.c:646 [inline] __se_sys_setxattr fs/xattr.c:642 [inline] __arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 The buggy address belongs to the object at ffff0000cb9b2800 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 0 bytes inside of 1024-byte region [ffff0000cb9b2800, ffff0000cb9b2c00) The buggy address belongs to the page: page:000000000dedc095 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b9b0 head:000000000dedc095 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000cb9b2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000cb9b2980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff0000cb9b2a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff0000cb9b2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff0000cb9b2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== final repro crashed as (corrupted=false): loop0: detected capacity change from 0 to 1024 ================================================================== BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x120/0x24c fs/hfsplus/bnode.c:32 Write of size 4026 at addr ffff0000cb9b2800 by task syz-executor409/4015 CPU: 1 PID: 4015 Comm: syz-executor409 Not tainted 5.15.167-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call trace: dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0x174/0x1e4 mm/kasan/report.c:451 kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189 memcpy+0xb4/0xe8 mm/kasan/shadow.c:66 hfsplus_bnode_read+0x120/0x24c fs/hfsplus/bnode.c:32 hfsplus_bnode_read_key+0x170/0x278 fs/hfsplus/bnode.c:72 hfsplus_brec_insert+0x520/0xaa0 fs/hfsplus/brec.c:141 hfsplus_create_attr+0x3b0/0x568 fs/hfsplus/attributes.c:252 __hfsplus_setxattr+0x9a8/0x1df0 fs/hfsplus/xattr.c:354 hfsplus_setxattr+0xb4/0xec fs/hfsplus/xattr.c:434 hfsplus_user_setxattr+0x54/0x6c fs/hfsplus/xattr_user.c:30 __vfs_setxattr+0x388/0x3a4 fs/xattr.c:182 __vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216 __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277 vfs_setxattr+0x1a8/0x344 fs/xattr.c:303 do_setxattr fs/xattr.c:588 [inline] setxattr+0x250/0x2b4 fs/xattr.c:611 path_setxattr+0x17c/0x258 fs/xattr.c:630 __do_sys_setxattr fs/xattr.c:646 [inline] __se_sys_setxattr fs/xattr.c:642 [inline] __arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 Allocated by task 4015: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] ____kasan_kmalloc+0xbc/0xfc mm/kasan/common.c:513 __kasan_kmalloc+0x10/0x1c mm/kasan/common.c:522 kasan_kmalloc include/linux/kasan.h:264 [inline] __kmalloc+0x29c/0x4c8 mm/slub.c:4407 kmalloc include/linux/slab.h:596 [inline] hfsplus_find_init+0x84/0x1bc fs/hfsplus/bfind.c:21 hfsplus_create_attr+0x14c/0x568 fs/hfsplus/attributes.c:216 __hfsplus_setxattr+0x9a8/0x1df0 fs/hfsplus/xattr.c:354 hfsplus_setxattr+0xb4/0xec fs/hfsplus/xattr.c:434 hfsplus_user_setxattr+0x54/0x6c fs/hfsplus/xattr_user.c:30 __vfs_setxattr+0x388/0x3a4 fs/xattr.c:182 __vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216 __vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277 vfs_setxattr+0x1a8/0x344 fs/xattr.c:303 do_setxattr fs/xattr.c:588 [inline] setxattr+0x250/0x2b4 fs/xattr.c:611 path_setxattr+0x17c/0x258 fs/xattr.c:630 __do_sys_setxattr fs/xattr.c:646 [inline] __se_sys_setxattr fs/xattr.c:642 [inline] __arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:642 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 The buggy address belongs to the object at ffff0000cb9b2800 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 0 bytes inside of 1024-byte region [ffff0000cb9b2800, ffff0000cb9b2c00) The buggy address belongs to the page: page:000000000dedc095 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b9b0 head:000000000dedc095 order:3 compound_mapcount:0 compound_pincount:0 flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000cb9b2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff0000cb9b2980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff0000cb9b2a00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff0000cb9b2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff0000cb9b2b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================