./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3623372601

<...>
DUID 00:04:ac:03:58:10:d0:76:5c:28:30:a7:8a:8b:4a:a3:06:e2
forked to background, child pid 4654
[   37.384015][ T4655] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.408720][ T4655] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts.
execve("./syz-executor3623372601", ["./syz-executor3623372601"], 0x7ffd4a1fa6b0 /* 10 vars */) = 0
brk(NULL)                               = 0x55555720b000
brk(0x55555720bc40)                     = 0x55555720bc40
arch_prctl(ARCH_SET_FS, 0x55555720b300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3623372601", 4096) = 28
brk(0x55555722cc40)                     = 0x55555722cc40
brk(0x55555722d000)                     = 0x55555722d000
mprotect(0x7fb5ef36c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached
, child_tidptr=0x55555720b5d0) = 5080
[pid  5080] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5080] setsid()                    = 1
[pid  5080] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5080] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5080] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5080] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5080] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5080] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5080] unshare(CLONE_NEWNS)        = 0
[pid  5080] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5080] unshare(CLONE_NEWIPC)       = 0
[pid  5080] unshare(CLONE_NEWCGROUP)    = 0
[pid  5080] unshare(CLONE_NEWUTS)       = 0
[pid  5080] unshare(CLONE_SYSVSEM)      = 0
[pid  5080] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "16777216", 8)     = 8
[pid  5080] close(3)                    = 0
[pid  5080] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "536870912", 9)    = 9
[pid  5080] close(3)                    = 0
[pid  5080] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "1024", 4)         = 4
[pid  5080] close(3)                    = 0
[pid  5080] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "8192", 4)         = 4
[pid  5080] close(3)                    = 0
[pid  5080] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "1024", 4)         = 4
[pid  5080] close(3)                    = 0
[pid  5080] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "1024", 4)         = 4
[pid  5080] close(3)                    = 0
[pid  5080] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5080] close(3)                    = 0
[pid  5080] getpid()                    = 1
[pid  5080] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5080] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5080] unshare(CLONE_NEWNET)       = 0
[pid  5080] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "0 65535", 7)      = 7
[pid  5080] close(3)                    = 0
[pid  5080] mkdir("/dev/binderfs", 0777) = 0
[pid  5080] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5080] memfd_create("syzkaller", 0) = 3
[pid  5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb5e6eb1000
[pid  5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid  5080] munmap(0x7fb5e6eb1000, 524288) = 0
[pid  5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5080] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5080] close(3)                    = 0
[pid  5080] mkdir("./file0", 0777)      = 0
[pid  5080] mount("/dev/loop0", "./file0", "hfsplus", MS_RDONLY|MS_NOSUID|MS_RELATIME|MS_KERNMOUNT|MS_I_VERSION, "umask=01777777777777777777775,umask=00000000000000000000004,umask=00000000000000000000007,") = 0
[pid  5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5080] chdir("./file0")            = 0
[pid  5080] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5080] close(4)                    = 0
[pid  5080] exit_group(1)               = ?
syzkaller login: [   59.660038][ T5080] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5080 'syz-executor362'
[   59.679473][ T5080] loop0: detected capacity change from 0 to 1024
[   59.722717][ T5080] ==================================================================
[   59.730825][ T5080] BUG: KASAN: slab-use-after-free in hfsplus_release_folio+0x554/0x5f0
[   59.739111][ T5080] Read of size 4 at addr ffff88807ac58038 by task syz-executor362/5080
[   59.747359][ T5080] 
[   59.749668][ T5080] CPU: 0 PID: 5080 Comm: syz-executor362 Not tainted 6.2.0-rc6-next-20230131-syzkaller-09515-g80bd9028feca #0
[   59.761279][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   59.771317][ T5080] Call Trace:
[   59.774599][ T5080]  <TASK>
[   59.777520][ T5080]  dump_stack_lvl+0xd9/0x150
[   59.782107][ T5080]  print_address_description.constprop.0+0x2c/0x3c0
[   59.788692][ T5080]  ? hfsplus_release_folio+0x554/0x5f0
[   59.794139][ T5080]  kasan_report+0x11c/0x130
[   59.798651][ T5080]  ? hfsplus_release_folio+0x554/0x5f0
[   59.804101][ T5080]  hfsplus_release_folio+0x554/0x5f0
[   59.809377][ T5080]  ? hfsplus_show_options+0x680/0x680
[   59.814745][ T5080]  filemap_release_folio+0x13f/0x1b0
[   59.820022][ T5080]  block_invalidate_folio+0x4dc/0x5e0
[   59.825393][ T5080]  ? end_buffer_write_sync+0xf0/0xf0
[   59.830758][ T5080]  ? end_buffer_write_sync+0xf0/0xf0
[   59.836054][ T5080]  truncate_cleanup_folio+0x31a/0x3f0
[   59.841441][ T5080]  truncate_inode_pages_range+0x238/0xec0
[   59.847185][ T5080]  ? truncate_inode_partial_folio+0x750/0x750
[   59.853267][ T5080]  ? print_usage_bug.part.0+0x660/0x660
[   59.858815][ T5080]  ? find_held_lock+0x2d/0x110
[   59.863579][ T5080]  ? truncate_inode_pages_final+0x63/0x90
[   59.869292][ T5080]  ? mark_held_locks+0x9f/0xe0
[   59.874047][ T5080]  ? _raw_spin_unlock_irq+0x23/0x50
[   59.879240][ T5080]  ? lockdep_hardirqs_on+0x7d/0x100
[   59.884446][ T5080]  hfsplus_evict_inode+0x1a/0xe0
[   59.889394][ T5080]  ? hfsplus_remount+0x470/0x470
[   59.894339][ T5080]  evict+0x2ed/0x6b0
[   59.898244][ T5080]  iput+0x52b/0x8e0
[   59.902044][ T5080]  hfsplus_put_super+0x274/0x3f0
[   59.906974][ T5080]  ? hfsplus_sync_fs+0xb10/0xb10
[   59.911903][ T5080]  generic_shutdown_super+0x158/0x480
[   59.917265][ T5080]  kill_block_super+0x9b/0xf0
[   59.921947][ T5080]  deactivate_locked_super+0x98/0x160
[   59.927338][ T5080]  deactivate_super+0xb1/0xd0
[   59.932017][ T5080]  cleanup_mnt+0x2ae/0x3d0
[   59.936452][ T5080]  task_work_run+0x16f/0x270
[   59.941034][ T5080]  ? task_work_cancel+0x30/0x30
[   59.945892][ T5080]  do_exit+0xb42/0x2b60
[   59.950065][ T5080]  ? mm_update_next_owner+0x7b0/0x7b0
[   59.955426][ T5080]  ? _raw_spin_unlock_irq+0x23/0x50
[   59.960621][ T5080]  do_group_exit+0xd4/0x2a0
[   59.965113][ T5080]  __x64_sys_exit_group+0x3e/0x50
[   59.970126][ T5080]  do_syscall_64+0x39/0xb0
[   59.974555][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.980448][ T5080] RIP: 0033:0x7fb5ef2fccd9
[   59.984865][ T5080] Code: Unable to access opcode bytes at 0x7fb5ef2fccaf.
[   59.991865][ T5080] RSP: 002b:00007fffe2b31d18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   60.000262][ T5080] RAX: ffffffffffffffda RBX: 00007fb5ef3723f0 RCX: 00007fb5ef2fccd9
[   60.008219][ T5080] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   60.016175][ T5080] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00000000000005f6
[   60.024130][ T5080] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb5ef3723f0
[   60.032108][ T5080] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   60.040096][ T5080]  </TASK>
[   60.043108][ T5080] 
[   60.045413][ T5080] Allocated by task 5080:
[   60.049724][ T5080]  kasan_save_stack+0x22/0x40
[   60.054400][ T5080]  kasan_set_track+0x25/0x30
[   60.058984][ T5080]  __kasan_kmalloc+0xa2/0xb0
[   60.063574][ T5080]  hfsplus_btree_open+0x51/0xe70
[   60.068501][ T5080]  hfsplus_fill_super+0xa4e/0x1c40
[   60.073599][ T5080]  mount_bdev+0x351/0x410
[   60.077915][ T5080]  legacy_get_tree+0x109/0x220
[   60.082669][ T5080]  vfs_get_tree+0x8d/0x350
[   60.087073][ T5080]  path_mount+0x1342/0x1e40
[   60.091569][ T5080]  __x64_sys_mount+0x283/0x300
[   60.096347][ T5080]  do_syscall_64+0x39/0xb0
[   60.100756][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.106636][ T5080] 
[   60.108945][ T5080] Freed by task 5080:
[   60.112904][ T5080]  kasan_save_stack+0x22/0x40
[   60.117574][ T5080]  kasan_set_track+0x25/0x30
[   60.122153][ T5080]  kasan_save_free_info+0x2e/0x40
[   60.127164][ T5080]  ____kasan_slab_free+0x160/0x1c0
[   60.132269][ T5080]  slab_free_freelist_hook+0x8b/0x1c0
[   60.137631][ T5080]  __kmem_cache_free+0xaf/0x2d0
[   60.142483][ T5080]  hfsplus_btree_close+0x28a/0x390
[   60.147585][ T5080]  hfsplus_put_super+0x224/0x3f0
[   60.152509][ T5080]  generic_shutdown_super+0x158/0x480
[   60.157874][ T5080]  kill_block_super+0x9b/0xf0
[   60.162538][ T5080]  deactivate_locked_super+0x98/0x160
[   60.167902][ T5080]  deactivate_super+0xb1/0xd0
[   60.172570][ T5080]  cleanup_mnt+0x2ae/0x3d0
[   60.176982][ T5080]  task_work_run+0x16f/0x270
[   60.181560][ T5080]  do_exit+0xb42/0x2b60
[   60.185701][ T5080]  do_group_exit+0xd4/0x2a0
[   60.190190][ T5080]  __x64_sys_exit_group+0x3e/0x50
[   60.195199][ T5080]  do_syscall_64+0x39/0xb0
[   60.199612][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.205513][ T5080] 
[   60.207836][ T5080] The buggy address belongs to the object at ffff88807ac58000
[   60.207836][ T5080]  which belongs to the cache kmalloc-4k of size 4096
[   60.222312][ T5080] The buggy address is located 56 bytes inside of
[   60.222312][ T5080]  freed 4096-byte region [ffff88807ac58000, ffff88807ac59000)
[   60.236092][ T5080] 
[   60.238404][ T5080] The buggy address belongs to the physical page:
[   60.244829][ T5080] page:ffffea0001eb1600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ac58
[   60.254969][ T5080] head:ffffea0001eb1600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   60.263887][ T5080] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   60.271895][ T5080] raw: 00fff00000010200 ffff888012442140 dead000000000122 0000000000000000
[   60.280530][ T5080] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   60.289106][ T5080] page dumped because: kasan: bad access detected
[   60.295533][ T5080] page_owner tracks the page as allocated
[   60.301230][ T5080] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5080, tgid 5080 (syz-executor362), ts 59692317166, free_ts 53510393193
[   60.322844][ T5080]  get_page_from_freelist+0x11bb/0x2d50
[   60.328394][ T5080]  __alloc_pages+0x1cb/0x5c0
[   60.332988][ T5080]  alloc_pages+0x1aa/0x270
[   60.337399][ T5080]  allocate_slab+0x28e/0x380
[   60.341980][ T5080]  ___slab_alloc+0xa91/0x1400
[   60.346648][ T5080]  __slab_alloc.constprop.0+0x56/0xa0
[   60.352017][ T5080]  __kmem_cache_alloc_node+0x136/0x330
[   60.357489][ T5080]  kmalloc_trace+0x26/0x60
[   60.361897][ T5080]  hfsplus_btree_open+0x51/0xe70
[   60.366826][ T5080]  hfsplus_fill_super+0xa4e/0x1c40
[   60.371924][ T5080]  mount_bdev+0x351/0x410
[   60.376252][ T5080]  legacy_get_tree+0x109/0x220
[   60.381015][ T5080]  vfs_get_tree+0x8d/0x350
[   60.385422][ T5080]  path_mount+0x1342/0x1e40
[   60.389915][ T5080]  __x64_sys_mount+0x283/0x300
[   60.394669][ T5080]  do_syscall_64+0x39/0xb0
[   60.399081][ T5080] page last free stack trace:
[   60.403734][ T5080]  free_pcp_prepare+0x4d0/0x910
[   60.408583][ T5080]  free_unref_page+0x1d/0x490
[   60.413264][ T5080]  __folio_put+0x109/0x140
[   60.417664][ T5080]  skb_release_data+0x522/0x820
[   60.422529][ T5080]  skb_attempt_defer_free+0x309/0x3f0
[   60.427890][ T5080]  tcp_recvmsg_locked+0x124e/0x22e0
[   60.433076][ T5080]  tcp_recvmsg+0x117/0x620
[   60.437480][ T5080]  inet_recvmsg+0x114/0x640
[   60.441975][ T5080]  sock_recvmsg+0xe2/0x160
[   60.446382][ T5080]  sock_read_iter+0x2bd/0x3b0
[   60.451046][ T5080]  vfs_read+0x7fa/0x930
[   60.455194][ T5080]  ksys_read+0x1ec/0x250
[   60.459421][ T5080]  do_syscall_64+0x39/0xb0
[   60.463828][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.469732][ T5080] 
[   60.472067][ T5080] Memory state around the buggy address:
[   60.477678][ T5080]  ffff88807ac57f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.486088][ T5080]  ffff88807ac57f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   60.494131][ T5080] >ffff88807ac58000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.502171][ T5080]                                         ^
[   60.508044][ T5080]  ffff88807ac58080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.516086][ T5080]  ffff88807ac58100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.524145][ T5080] ==================================================================
[   60.544612][ T5080] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   60.551928][ T5080] CPU: 1 PID: 5080 Comm: syz-executor362 Not tainted 6.2.0-rc6-next-20230131-syzkaller-09515-g80bd9028feca #0
[   60.563541][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[   60.573597][ T5080] Call Trace:
[   60.576869][ T5080]  <TASK>
[   60.579787][ T5080]  dump_stack_lvl+0xd9/0x150
[   60.584625][ T5080]  panic+0x61b/0x6c0
[   60.588514][ T5080]  ? panic_smp_self_stop+0x90/0x90
[   60.593615][ T5080]  ? preempt_schedule_thunk+0x1a/0x20
[   60.599005][ T5080]  ? preempt_schedule_common+0x45/0xb0
[   60.604453][ T5080]  check_panic_on_warn+0xb1/0xc0
[   60.609403][ T5080]  end_report+0xf6/0x180
[   60.613734][ T5080]  ? hfsplus_release_folio+0x554/0x5f0
[   60.619180][ T5080]  kasan_report+0xf9/0x130
[   60.623591][ T5080]  ? hfsplus_release_folio+0x554/0x5f0
[   60.629069][ T5080]  hfsplus_release_folio+0x554/0x5f0
[   60.634345][ T5080]  ? hfsplus_show_options+0x680/0x680
[   60.639714][ T5080]  filemap_release_folio+0x13f/0x1b0
[   60.645018][ T5080]  block_invalidate_folio+0x4dc/0x5e0
[   60.650387][ T5080]  ? end_buffer_write_sync+0xf0/0xf0
[   60.655670][ T5080]  ? end_buffer_write_sync+0xf0/0xf0
[   60.660962][ T5080]  truncate_cleanup_folio+0x31a/0x3f0
[   60.666320][ T5080]  truncate_inode_pages_range+0x238/0xec0
[   60.672046][ T5080]  ? truncate_inode_partial_folio+0x750/0x750
[   60.678102][ T5080]  ? print_usage_bug.part.0+0x660/0x660
[   60.683653][ T5080]  ? find_held_lock+0x2d/0x110
[   60.688403][ T5080]  ? truncate_inode_pages_final+0x63/0x90
[   60.694116][ T5080]  ? mark_held_locks+0x9f/0xe0
[   60.698868][ T5080]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.704059][ T5080]  ? lockdep_hardirqs_on+0x7d/0x100
[   60.709252][ T5080]  hfsplus_evict_inode+0x1a/0xe0
[   60.714180][ T5080]  ? hfsplus_remount+0x470/0x470
[   60.719115][ T5080]  evict+0x2ed/0x6b0
[   60.723012][ T5080]  iput+0x52b/0x8e0
[   60.726832][ T5080]  hfsplus_put_super+0x274/0x3f0
[   60.731762][ T5080]  ? hfsplus_sync_fs+0xb10/0xb10
[   60.736701][ T5080]  generic_shutdown_super+0x158/0x480
[   60.742077][ T5080]  kill_block_super+0x9b/0xf0
[   60.746748][ T5080]  deactivate_locked_super+0x98/0x160
[   60.752113][ T5080]  deactivate_super+0xb1/0xd0
[   60.756782][ T5080]  cleanup_mnt+0x2ae/0x3d0
[   60.761191][ T5080]  task_work_run+0x16f/0x270
[   60.765771][ T5080]  ? task_work_cancel+0x30/0x30
[   60.770612][ T5080]  do_exit+0xb42/0x2b60
[   60.774778][ T5080]  ? mm_update_next_owner+0x7b0/0x7b0
[   60.780145][ T5080]  ? _raw_spin_unlock_irq+0x23/0x50
[   60.785742][ T5080]  do_group_exit+0xd4/0x2a0
[   60.790250][ T5080]  __x64_sys_exit_group+0x3e/0x50
[   60.795265][ T5080]  do_syscall_64+0x39/0xb0
[   60.799682][ T5080]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.805578][ T5080] RIP: 0033:0x7fb5ef2fccd9
[   60.809978][ T5080] Code: Unable to access opcode bytes at 0x7fb5ef2fccaf.
[   60.816992][ T5080] RSP: 002b:00007fffe2b31d18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   60.825418][ T5080] RAX: ffffffffffffffda RBX: 00007fb5ef3723f0 RCX: 00007fb5ef2fccd9
[   60.833408][ T5080] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   60.841388][ T5080] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00000000000005f6
[   60.849355][ T5080] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb5ef3723f0
[   60.857317][ T5080] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   60.865291][ T5080]  </TASK>
[   60.868476][ T5080] Kernel Offset: disabled
[   60.872804][ T5080] Rebooting in 86400 seconds..