Extracting prog: 1m58.519709504s
Minimizing prog: 4m1.870013416s
Simplifying prog options: 0s
Extracting C: 53.17071001s
Simplifying C: 16m29.587798389s


1 programs, timeouts [30s 1m40s 6m0s]
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x28c, &(0x7f0000001980)="$eJzs3U9rE0EYx/HfbNI02lK3f0QQT9WCJ2nrQfFSkLwDL57E2kQoXSpoBdtT9Sy+AO++BV+AR0/iWfDmyRcQvURmdtfsJtlsEppukn4/kJC48+w+szvrzJNQIgAX1sPaz093f9mHkUoqSXogeZKqUlnSVV2rvj482j8KGvV+Oyq5CPswCiNNV5u9w0avUBvnIiK+fVfWYvLfMB7VHzotOgcUz939PXjSfHR3uu3Vc89sPC76oDdNNfVGS0XnAQAoVjT/e9E8vxit3z1P2oim/fT8P+UTaLPoBMbsS872xPzvqqyWsdf3itvUrvdcCXcvCnFVovS3NWwuFYUjK7XANHlVpcvFu/R8P2jc2XsR1D29005krt1szT3Xw6Ebi2ta+/pt967X49q0MlD+yb0NZ8H1Yc72YTuZf6LJ6tkeMZ/5ar6ZJ8bXR9X/r//KLWNPhjsffseVCvPfzN6j62VFrlVGL5fdQa6nz3jfXpaUUZEovm7LSn9A4Ofl6aJWOqLC3m3lRK32jNrOiVrrjGqP5uzIcTMfzGOzrt/6rFpi/e/Zs72hQe5M28a1jEZG3/6UXUvfzSfRXXd6o2dLb9QeYQTv9Uz3tfTq+ORgNwgaL2f2hb0TJyCN45ODP62JSGM3COJBMCn5zOwLe5ILOXo874y+n8L+Z8I5al/0IQP5bmZW2HWXCeu/RL2y6RZr9slPr9Pnk7G5tWBij1sZtcGKe76cXcGlGPfRw0KPbxe7j9i35rp5W7o1yBFDfpTn5NkZJcjU9F1P+fwfAAAAAAAAAAAAAAAAAABg2pzdnxxUlbWp6D4CAAAAAAAAAAAAAAAAAAAAADDtJu73fx8pfMfv/wJj9y8AAP///Bl4Xg==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)

program crashed: kernel BUG in hfs_write_inode
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=53.186187769s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x28c, &(0x7f0000001980)="$eJzs3U9rE0EYx/HfbNI02lK3f0QQT9WCJ2nrQfFSkLwDL57E2kQoXSpoBdtT9Sy+AO++BV+AR0/iWfDmyRcQvURmdtfsJtlsEppukn4/kJC48+w+szvrzJNQIgAX1sPaz093f9mHkUoqSXogeZKqUlnSVV2rvj482j8KGvV+Oyq5CPswCiNNV5u9w0avUBvnIiK+fVfWYvLfMB7VHzotOgcUz939PXjSfHR3uu3Vc89sPC76oDdNNfVGS0XnAQAoVjT/e9E8vxit3z1P2oim/fT8P+UTaLPoBMbsS872xPzvqqyWsdf3itvUrvdcCXcvCnFVovS3NWwuFYUjK7XANHlVpcvFu/R8P2jc2XsR1D29005krt1szT3Xw6Ebi2ta+/pt967X49q0MlD+yb0NZ8H1Yc72YTuZf6LJ6tkeMZ/5ar6ZJ8bXR9X/r//KLWNPhjsffseVCvPfzN6j62VFrlVGL5fdQa6nz3jfXpaUUZEovm7LSn9A4Ofl6aJWOqLC3m3lRK32jNrOiVrrjGqP5uzIcTMfzGOzrt/6rFpi/e/Zs72hQe5M28a1jEZG3/6UXUvfzSfRXXd6o2dLb9QeYQTv9Uz3tfTq+ORgNwgaL2f2hb0TJyCN45ODP62JSGM3COJBMCn5zOwLe5ILOXo874y+n8L+Z8I5al/0IQP5bmZW2HWXCeu/RL2y6RZr9slPr9Pnk7G5tWBij1sZtcGKe76cXcGlGPfRw0KPbxe7j9i35rp5W7o1yBFDfpTn5NkZJcjU9F1P+fwfAAAAAAAAAAAAAAAAAABg2pzdnxxUlbWp6D4CAAAAAAAAAAAAAAAAAAAAADDtJu73fx8pfMfv/wJj9y8AAP///Bl4Xg==")

program did not crash
testing program (duration=53.186187769s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro
detailed listing:
executing program 0:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)

program did not crash
testing program (duration=53.186187769s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
detailed listing:
executing program 0:
syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x28c, &(0x7f0000001980)="$eJzs3U9rE0EYx/HfbNI02lK3f0QQT9WCJ2nrQfFSkLwDL57E2kQoXSpoBdtT9Sy+AO++BV+AR0/iWfDmyRcQvURmdtfsJtlsEppukn4/kJC48+w+szvrzJNQIgAX1sPaz093f9mHkUoqSXogeZKqUlnSVV2rvj482j8KGvV+Oyq5CPswCiNNV5u9w0avUBvnIiK+fVfWYvLfMB7VHzotOgcUz939PXjSfHR3uu3Vc89sPC76oDdNNfVGS0XnAQAoVjT/e9E8vxit3z1P2oim/fT8P+UTaLPoBMbsS872xPzvqqyWsdf3itvUrvdcCXcvCnFVovS3NWwuFYUjK7XANHlVpcvFu/R8P2jc2XsR1D29005krt1szT3Xw6Ebi2ta+/pt967X49q0MlD+yb0NZ8H1Yc72YTuZf6LJ6tkeMZ/5ar6ZJ8bXR9X/r//KLWNPhjsffseVCvPfzN6j62VFrlVGL5fdQa6nz3jfXpaUUZEovm7LSn9A4Ofl6aJWOqLC3m3lRK32jNrOiVrrjGqP5uzIcTMfzGOzrt/6rFpi/e/Zs72hQe5M28a1jEZG3/6UXUvfzSfRXXd6o2dLb9QeYQTv9Uz3tfTq+ORgNwgaL2f2hb0TJyCN45ODP62JSGM3COJBMCn5zOwLe5ILOXo874y+n8L+Z8I5al/0IQP5bmZW2HWXCeu/RL2y6RZr9slPr9Pnk7G5tWBij1sZtcGKe76cXcGlGPfRw0KPbxe7j9i35rp5W7o1yBFDfpTn5NkZJcjU9F1P+fwfAAAAAAAAAAAAAAAAAABg2pzdnxxUlbWp6D4CAAAAAAAAAAAAAAAAAAAAADDtJu73fx8pfMfv/wJj9y8AAP///Bl4Xg==")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=53.186187769s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
simplifying C reproducer
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program did not crash
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
testing compiled C program (duration=53.186187769s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$hfs-openat$cgroup_ro
program crashed: kernel BUG in hfs_write_inode
reproducing took 23m23.148253688s
repro crashed as (corrupted=false):
------------[ cut here ]------------
kernel BUG at fs/hfs/inode.c:445!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 2502 Comm: kworker/u8:9 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:hfs_write_inode+0xeb9/0xec0 fs/hfs/inode.c:445
Code: e9 88 fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9d fb ff ff e8 57 e5 75 ff e9 93 fb ff ff e8 5d 3e 2f 09 e8 48 c1 11 ff 90 <0f> 0b 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900092f7160 EFLAGS: 00010293
RAX: ffffffff8281cb18 RBX: 0000000000000000 RCX: ffff88802f4c1e00
RDX: 0000000000000000 RSI: ffffffff8e95c580 RDI: 0000000000000000
RBP: ffffc900092f72f0 R08: 0000000000000007 R09: ffffffff8281bdc2
R10: 0000000000000003 R11: ffff88802f4c1e00 R12: 1ffff9200125ee30
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888031c20e58
FS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9079595ed8 CR3: 0000000033918000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 write_inode fs/fs-writeback.c:1497 [inline]
 __writeback_single_inode+0x6b9/0x10b0 fs/fs-writeback.c:1716
 writeback_sb_inodes+0x99c/0x1380 fs/fs-writeback.c:1947
 wb_writeback+0x481/0xd40 fs/fs-writeback.c:2127
 wb_do_writeback fs/fs-writeback.c:2274 [inline]
 wb_workfn+0x410/0x1090 fs/fs-writeback.c:2314
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd10 kernel/workqueue.c:3389
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_write_inode+0xeb9/0xec0 fs/hfs/inode.c:445
Code: e9 88 fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9d fb ff ff e8 57 e5 75 ff e9 93 fb ff ff e8 5d 3e 2f 09 e8 48 c1 11 ff 90 <0f> 0b 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900092f7160 EFLAGS: 00010293
RAX: ffffffff8281cb18 RBX: 0000000000000000 RCX: ffff88802f4c1e00
RDX: 0000000000000000 RSI: ffffffff8e95c580 RDI: 0000000000000000
RBP: ffffc900092f72f0 R08: 0000000000000007 R09: ffffffff8281bdc2
R10: 0000000000000003 R11: ffff88802f4c1e00 R12: 1ffff9200125ee30
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888031c20e58
FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcdae346130 CR3: 0000000033be8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

final repro crashed as (corrupted=false):
------------[ cut here ]------------
kernel BUG at fs/hfs/inode.c:445!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 2502 Comm: kworker/u8:9 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Workqueue: writeback wb_workfn (flush-7:0)
RIP: 0010:hfs_write_inode+0xeb9/0xec0 fs/hfs/inode.c:445
Code: e9 88 fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9d fb ff ff e8 57 e5 75 ff e9 93 fb ff ff e8 5d 3e 2f 09 e8 48 c1 11 ff 90 <0f> 0b 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900092f7160 EFLAGS: 00010293
RAX: ffffffff8281cb18 RBX: 0000000000000000 RCX: ffff88802f4c1e00
RDX: 0000000000000000 RSI: ffffffff8e95c580 RDI: 0000000000000000
RBP: ffffc900092f72f0 R08: 0000000000000007 R09: ffffffff8281bdc2
R10: 0000000000000003 R11: ffff88802f4c1e00 R12: 1ffff9200125ee30
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888031c20e58
FS:  0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9079595ed8 CR3: 0000000033918000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 write_inode fs/fs-writeback.c:1497 [inline]
 __writeback_single_inode+0x6b9/0x10b0 fs/fs-writeback.c:1716
 writeback_sb_inodes+0x99c/0x1380 fs/fs-writeback.c:1947
 wb_writeback+0x481/0xd40 fs/fs-writeback.c:2127
 wb_do_writeback fs/fs-writeback.c:2274 [inline]
 wb_workfn+0x410/0x1090 fs/fs-writeback.c:2314
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd10 kernel/workqueue.c:3389
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_write_inode+0xeb9/0xec0 fs/hfs/inode.c:445
Code: e9 88 fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9d fb ff ff e8 57 e5 75 ff e9 93 fb ff ff e8 5d 3e 2f 09 e8 48 c1 11 ff 90 <0f> 0b 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc900092f7160 EFLAGS: 00010293
RAX: ffffffff8281cb18 RBX: 0000000000000000 RCX: ffff88802f4c1e00
RDX: 0000000000000000 RSI: ffffffff8e95c580 RDI: 0000000000000000
RBP: ffffc900092f72f0 R08: 0000000000000007 R09: ffffffff8281bdc2
R10: 0000000000000003 R11: ffff88802f4c1e00 R12: 1ffff9200125ee30
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888031c20e58
FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcdae346130 CR3: 0000000033be8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400