./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3279025176

<...>
forked to background, child pid 4642
no interfaces have a carrier
[   27.430349][ T4643] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.439505][ T4643] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts.
execve("./syz-executor3279025176", ["./syz-executor3279025176"], 0x7ffca9e7d470 /* 10 vars */) = 0
brk(NULL)                               = 0x55555600e000
brk(0x55555600ec40)                     = 0x55555600ec40
arch_prctl(ARCH_SET_FS, 0x55555600e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3279025176", 4096) = 28
brk(0x55555602fc40)                     = 0x55555602fc40
brk(0x555556030000)                     = 0x555556030000
mprotect(0x7fdd980a1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached
, child_tidptr=0x55555600e5d0) = 5071
[pid  5071] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5071] setsid()                    = 1
[pid  5071] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5071] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5071] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5071] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5071] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5071] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5071] unshare(CLONE_NEWNS)        = 0
[pid  5071] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5071] unshare(CLONE_NEWIPC)       = 0
[pid  5071] unshare(CLONE_NEWCGROUP)    = 0
[pid  5071] unshare(CLONE_NEWUTS)       = 0
[pid  5071] unshare(CLONE_SYSVSEM)      = 0
[pid  5071] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "16777216", 8)     = 8
[pid  5071] close(3)                    = 0
[pid  5071] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "536870912", 9)    = 9
[pid  5071] close(3)                    = 0
[pid  5071] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "1024", 4)         = 4
[pid  5071] close(3)                    = 0
[pid  5071] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "8192", 4)         = 4
[pid  5071] close(3)                    = 0
[pid  5071] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "1024", 4)         = 4
[pid  5071] close(3)                    = 0
[pid  5071] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "1024", 4)         = 4
[pid  5071] close(3)                    = 0
[pid  5071] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5071] close(3)                    = 0
[pid  5071] getpid()                    = 1
[pid  5071] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5071] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5071] unshare(CLONE_NEWNET)       = 0
[pid  5071] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "0 65535", 7)      = 7
[pid  5071] close(3)                    = 0
[pid  5071] mkdir("/dev/binderfs", 0777) = 0
[pid  5071] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5071] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5071] memfd_create("syzkaller", 0) = 3
[pid  5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdd8fbe6000
[pid  5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid  5071] munmap(0x7fdd8fbe6000, 524288) = 0
[pid  5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5071] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5071] close(3)                    = 0
[pid  5071] mkdir("./file0", 0777)      = 0
[pid  5071] mount("/dev/loop0", "./file0", "hfsplus", MS_POSIXACL|MS_RELATIME|MS_I_VERSION, "part=0x000000000") = 0
[pid  5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5071] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5071] close(4)                    = 0
[pid  5071] exit_group(1)               = ?
syzkaller login: [   46.329956][ T5071] loop0: detected capacity change from 0 to 1024
[   46.370376][ T5071] ==================================================================
[   46.378484][ T5071] BUG: KASAN: use-after-free in hfsplus_release_folio+0x554/0x5f0
[   46.386344][ T5071] Read of size 4 at addr ffff888029a36038 by task syz-executor327/5071
[   46.394559][ T5071] 
[   46.396862][ T5071] CPU: 1 PID: 5071 Comm: syz-executor327 Not tainted 6.1.0-syzkaller-13139-gf9ff5644bcc0 #0
[   46.406900][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   46.417135][ T5071] Call Trace:
[   46.420396][ T5071]  <TASK>
[   46.423322][ T5071]  dump_stack_lvl+0xd1/0x138
[   46.427897][ T5071]  print_report+0x15e/0x45d
[   46.432380][ T5071]  ? __phys_addr+0xc8/0x140
[   46.436867][ T5071]  ? hfsplus_release_folio+0x554/0x5f0
[   46.442305][ T5071]  kasan_report+0xbf/0x1f0
[   46.446702][ T5071]  ? hfsplus_release_folio+0x554/0x5f0
[   46.452140][ T5071]  hfsplus_release_folio+0x554/0x5f0
[   46.457405][ T5071]  ? hfsplus_show_options+0x670/0x670
[   46.462757][ T5071]  filemap_release_folio+0x13f/0x1b0
[   46.468027][ T5071]  block_invalidate_folio+0x4dc/0x5e0
[   46.473382][ T5071]  ? end_buffer_write_sync+0xf0/0xf0
[   46.478647][ T5071]  ? end_buffer_write_sync+0xf0/0xf0
[   46.484002][ T5071]  truncate_cleanup_folio+0x31a/0x3f0
[   46.489364][ T5071]  truncate_inode_pages_range+0x238/0xec0
[   46.495114][ T5071]  ? truncate_inode_partial_folio+0xb90/0xb90
[   46.501179][ T5071]  ? lock_chain_count+0x20/0x20
[   46.506014][ T5071]  ? find_held_lock+0x2d/0x110
[   46.510762][ T5071]  ? truncate_inode_pages_final+0x63/0x90
[   46.516465][ T5071]  ? mark_held_locks+0x9f/0xe0
[   46.521206][ T5071]  ? rwlock_bug.part.0+0x90/0x90
[   46.526134][ T5071]  ? _raw_spin_unlock_irq+0x23/0x50
[   46.531314][ T5071]  ? lockdep_hardirqs_on+0x7d/0x100
[   46.536490][ T5071]  hfsplus_evict_inode+0x1a/0xe0
[   46.541408][ T5071]  ? hfsplus_remount+0x300/0x300
[   46.546338][ T5071]  evict+0x2ed/0x6b0
[   46.550218][ T5071]  iput.part.0+0x59b/0x880
[   46.554616][ T5071]  iput+0x5c/0x80
[   46.558231][ T5071]  hfsplus_put_super+0x274/0x3f0
[   46.563960][ T5071]  ? hfsplus_sync_fs+0xb10/0xb10
[   46.569088][ T5071]  generic_shutdown_super+0x158/0x410
[   46.574446][ T5071]  kill_block_super+0x9b/0xf0
[   46.579105][ T5071]  deactivate_locked_super+0x98/0x160
[   46.584454][ T5071]  deactivate_super+0xb1/0xd0
[   46.589127][ T5071]  cleanup_mnt+0x2ae/0x3d0
[   46.593522][ T5071]  task_work_run+0x16f/0x270
[   46.598094][ T5071]  ? task_work_cancel+0x30/0x30
[   46.602928][ T5071]  do_exit+0xaa8/0x2950
[   46.607066][ T5071]  ? lock_downgrade+0x6e0/0x6e0
[   46.611891][ T5071]  ? do_raw_spin_lock+0x124/0x2b0
[   46.616982][ T5071]  ? mm_update_next_owner+0x7b0/0x7b0
[   46.622604][ T5071]  ? rwlock_bug.part.0+0x90/0x90
[   46.627543][ T5071]  ? _raw_spin_unlock_irq+0x23/0x50
[   46.632743][ T5071]  do_group_exit+0xd4/0x2a0
[   46.637241][ T5071]  __x64_sys_exit_group+0x3e/0x50
[   46.642254][ T5071]  do_syscall_64+0x39/0xb0
[   46.646728][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.652619][ T5071] RIP: 0033:0x7fdd98031989
[   46.657010][ T5071] Code: Unable to access opcode bytes at 0x7fdd9803195f.
[   46.664001][ T5071] RSP: 002b:00007ffecf5eb6c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   46.672394][ T5071] RAX: ffffffffffffffda RBX: 00007fdd980a7330 RCX: 00007fdd98031989
[   46.680352][ T5071] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   46.688307][ T5071] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00000000000005f2
[   46.696267][ T5071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd980a7330
[   46.704216][ T5071] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   46.712171][ T5071]  </TASK>
[   46.715181][ T5071] 
[   46.717483][ T5071] Allocated by task 5071:
[   46.721871][ T5071]  kasan_save_stack+0x22/0x40
[   46.726528][ T5071]  kasan_set_track+0x25/0x30
[   46.731111][ T5071]  __kasan_kmalloc+0xa5/0xb0
[   46.735683][ T5071]  hfsplus_btree_open+0x52/0xcd0
[   46.740615][ T5071]  hfsplus_fill_super+0xae5/0x1a30
[   46.746053][ T5071]  mount_bdev+0x351/0x410
[   46.750455][ T5071]  legacy_get_tree+0x109/0x220
[   46.755202][ T5071]  vfs_get_tree+0x8d/0x2f0
[   46.759598][ T5071]  path_mount+0x132a/0x1e20
[   46.764081][ T5071]  __x64_sys_mount+0x283/0x300
[   46.768828][ T5071]  do_syscall_64+0x39/0xb0
[   46.773230][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.779107][ T5071] 
[   46.781408][ T5071] Freed by task 5071:
[   46.785363][ T5071]  kasan_save_stack+0x22/0x40
[   46.790018][ T5071]  kasan_set_track+0x25/0x30
[   46.794586][ T5071]  kasan_save_free_info+0x2e/0x40
[   46.799586][ T5071]  ____kasan_slab_free+0x160/0x1c0
[   46.804689][ T5071]  slab_free_freelist_hook+0x8b/0x1c0
[   46.810043][ T5071]  __kmem_cache_free+0xaf/0x3b0
[   46.814867][ T5071]  hfsplus_btree_close+0x1e5/0x380
[   46.819961][ T5071]  hfsplus_put_super+0x224/0x3f0
[   46.824886][ T5071]  generic_shutdown_super+0x158/0x410
[   46.830245][ T5071]  kill_block_super+0x9b/0xf0
[   46.834989][ T5071]  deactivate_locked_super+0x98/0x160
[   46.840338][ T5071]  deactivate_super+0xb1/0xd0
[   46.844994][ T5071]  cleanup_mnt+0x2ae/0x3d0
[   46.849389][ T5071]  task_work_run+0x16f/0x270
[   46.853958][ T5071]  do_exit+0xaa8/0x2950
[   46.858094][ T5071]  do_group_exit+0xd4/0x2a0
[   46.862575][ T5071]  __x64_sys_exit_group+0x3e/0x50
[   46.867580][ T5071]  do_syscall_64+0x39/0xb0
[   46.871980][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   46.877853][ T5071] 
[   46.880195][ T5071] The buggy address belongs to the object at ffff888029a36000
[   46.880195][ T5071]  which belongs to the cache kmalloc-4k of size 4096
[   46.894312][ T5071] The buggy address is located 56 bytes inside of
[   46.894312][ T5071]  4096-byte region [ffff888029a36000, ffff888029a37000)
[   46.907564][ T5071] 
[   46.909865][ T5071] The buggy address belongs to the physical page:
[   46.916339][ T5071] page:ffffea0000a68c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29a30
[   46.926553][ T5071] head:ffffea0000a68c00 order:3 compound_mapcount:0 subpages_mapcount:0 compound_pincount:0
[   46.936589][ T5071] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   46.944565][ T5071] raw: 00fff00000010200 ffff888012042140 dead000000000122 0000000000000000
[   46.953133][ T5071] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   46.961688][ T5071] page dumped because: kasan: bad access detected
[   46.968074][ T5071] page_owner tracks the page as allocated
[   46.973757][ T5071] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5071, tgid 5071 (syz-executor327), ts 46338673547, free_ts 42741516779
[   46.994678][ T5071]  get_page_from_freelist+0x119c/0x2ce0
[   47.000210][ T5071]  __alloc_pages+0x1cb/0x5b0
[   47.004791][ T5071]  alloc_pages+0x1aa/0x270
[   47.009187][ T5071]  allocate_slab+0x25f/0x350
[   47.013847][ T5071]  ___slab_alloc+0xa91/0x1400
[   47.018500][ T5071]  __slab_alloc.constprop.0+0x56/0xa0
[   47.023849][ T5071]  __kmem_cache_alloc_node+0x1a4/0x430
[   47.029290][ T5071]  __kmalloc+0x4a/0xd0
[   47.033354][ T5071]  tomoyo_realpath_from_path+0xc3/0x600
[   47.038881][ T5071]  tomoyo_mount_acl+0x2d1/0x840
[   47.043711][ T5071]  tomoyo_mount_permission+0x163/0x410
[   47.049167][ T5071]  security_sb_mount+0x6a/0xc0
[   47.053910][ T5071]  path_mount+0x133/0x1e20
[   47.058674][ T5071]  __x64_sys_mount+0x283/0x300
[   47.063433][ T5071]  do_syscall_64+0x39/0xb0
[   47.067836][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   47.073711][ T5071] page last free stack trace:
[   47.078357][ T5071]  free_pcp_prepare+0x65c/0xc00
[   47.083184][ T5071]  free_unref_page+0x1d/0x490
[   47.087839][ T5071]  __unfreeze_partials+0x17c/0x1a0
[   47.092933][ T5071]  qlist_free_all+0x6a/0x170
[   47.097502][ T5071]  kasan_quarantine_reduce+0x192/0x220
[   47.102941][ T5071]  __kasan_slab_alloc+0x66/0x90
[   47.107770][ T5071]  kmem_cache_alloc_lru+0x26d/0x760
[   47.112944][ T5071]  alloc_inode+0x168/0x230
[   47.117432][ T5071]  new_inode_pseudo+0x17/0x80
[   47.122092][ T5071]  create_pipe_files+0x51/0x890
[   47.126939][ T5071]  do_pipe2+0x96/0x1b0
[   47.130984][ T5071]  __x64_sys_pipe+0x33/0x40
[   47.135463][ T5071]  do_syscall_64+0x39/0xb0
[   47.139864][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   47.145738][ T5071] 
[   47.148037][ T5071] Memory state around the buggy address:
[   47.153638][ T5071]  ffff888029a35f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.161687][ T5071]  ffff888029a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.169723][ T5071] >ffff888029a36000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.177942][ T5071]                                         ^
[   47.183806][ T5071]  ffff888029a36080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.192016][ T5071]  ffff888029a36100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.200053][ T5071] ==================================================================
[   47.208604][ T5071] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   47.215802][ T5071] CPU: 1 PID: 5071 Comm: syz-executor327 Not tainted 6.1.0-syzkaller-13139-gf9ff5644bcc0 #0
[   47.225860][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   47.235985][ T5071] Call Trace:
[   47.239243][ T5071]  <TASK>
[   47.242158][ T5071]  dump_stack_lvl+0xd1/0x138
[   47.246739][ T5071]  panic+0x2cc/0x626
[   47.250705][ T5071]  ? panic_print_sys_info.part.0+0x110/0x110
[   47.256670][ T5071]  ? preempt_schedule_thunk+0x1a/0x20
[   47.262031][ T5071]  ? preempt_schedule_common+0x59/0xc0
[   47.267474][ T5071]  check_panic_on_warn.cold+0x19/0x35
[   47.272832][ T5071]  end_report.part.0+0x36/0x73
[   47.277580][ T5071]  ? hfsplus_release_folio+0x554/0x5f0
[   47.283026][ T5071]  kasan_report.cold+0xa/0xf
[   47.287607][ T5071]  ? hfsplus_release_folio+0x554/0x5f0
[   47.293593][ T5071]  hfsplus_release_folio+0x554/0x5f0
[   47.298865][ T5071]  ? hfsplus_show_options+0x670/0x670
[   47.304311][ T5071]  filemap_release_folio+0x13f/0x1b0
[   47.309585][ T5071]  block_invalidate_folio+0x4dc/0x5e0
[   47.314944][ T5071]  ? end_buffer_write_sync+0xf0/0xf0
[   47.320216][ T5071]  ? end_buffer_write_sync+0xf0/0xf0
[   47.325491][ T5071]  truncate_cleanup_folio+0x31a/0x3f0
[   47.330853][ T5071]  truncate_inode_pages_range+0x238/0xec0
[   47.336565][ T5071]  ? truncate_inode_partial_folio+0xb90/0xb90
[   47.342789][ T5071]  ? lock_chain_count+0x20/0x20
[   47.347626][ T5071]  ? find_held_lock+0x2d/0x110
[   47.352382][ T5071]  ? truncate_inode_pages_final+0x63/0x90
[   47.358090][ T5071]  ? mark_held_locks+0x9f/0xe0
[   47.362834][ T5071]  ? rwlock_bug.part.0+0x90/0x90
[   47.367759][ T5071]  ? _raw_spin_unlock_irq+0x23/0x50
[   47.372949][ T5071]  ? lockdep_hardirqs_on+0x7d/0x100
[   47.378136][ T5071]  hfsplus_evict_inode+0x1a/0xe0
[   47.383148][ T5071]  ? hfsplus_remount+0x300/0x300
[   47.388090][ T5071]  evict+0x2ed/0x6b0
[   47.391996][ T5071]  iput.part.0+0x59b/0x880
[   47.396407][ T5071]  iput+0x5c/0x80
[   47.400035][ T5071]  hfsplus_put_super+0x274/0x3f0
[   47.405011][ T5071]  ? hfsplus_sync_fs+0xb10/0xb10
[   47.409940][ T5071]  generic_shutdown_super+0x158/0x410
[   47.415305][ T5071]  kill_block_super+0x9b/0xf0
[   47.419971][ T5071]  deactivate_locked_super+0x98/0x160
[   47.425335][ T5071]  deactivate_super+0xb1/0xd0
[   47.430009][ T5071]  cleanup_mnt+0x2ae/0x3d0
[   47.434442][ T5071]  task_work_run+0x16f/0x270
[   47.439037][ T5071]  ? task_work_cancel+0x30/0x30
[   47.443881][ T5071]  do_exit+0xaa8/0x2950
[   47.448032][ T5071]  ? lock_downgrade+0x6e0/0x6e0
[   47.452895][ T5071]  ? do_raw_spin_lock+0x124/0x2b0
[   47.457919][ T5071]  ? mm_update_next_owner+0x7b0/0x7b0
[   47.463284][ T5071]  ? rwlock_bug.part.0+0x90/0x90
[   47.468208][ T5071]  ? _raw_spin_unlock_irq+0x23/0x50
[   47.473404][ T5071]  do_group_exit+0xd4/0x2a0
[   47.477902][ T5071]  __x64_sys_exit_group+0x3e/0x50
[   47.482920][ T5071]  do_syscall_64+0x39/0xb0
[   47.487329][ T5071]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   47.493211][ T5071] RIP: 0033:0x7fdd98031989
[   47.497613][ T5071] Code: Unable to access opcode bytes at 0x7fdd9803195f.
[   47.504694][ T5071] RSP: 002b:00007ffecf5eb6c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   47.513098][ T5071] RAX: ffffffffffffffda RBX: 00007fdd980a7330 RCX: 00007fdd98031989
[   47.521063][ T5071] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[   47.529023][ T5071] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00000000000005f2
[   47.536977][ T5071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd980a7330
[   47.544931][ T5071] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   47.553066][ T5071]  </TASK>
[   47.556788][ T5071] Kernel Offset: disabled
[   47.561097][ T5071] Rebooting in 86400 seconds..