[   20.812285][ T3636] 8021q: adding VLAN 0 to HW filter on device bond0
[   20.826139][ T3636] eql: remember to turn off Van-Jacobson compression on your slave devices
[   20.872934][    T9] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   20.878576][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.139' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   43.681954][ T4052] loop0: detected capacity change from 0 to 1024
[   43.701333][ T4052] ==================================================================
[   43.703497][ T4052] BUG: KASAN: use-after-free in hfsplus_releasepage+0x40c/0x4a8
[   43.705437][ T4052] Read of size 4 at addr ffff0000da23e038 by task syz-executor939/4052
[   43.708111][ T4052] 
[   43.708726][ T4052] CPU: 0 PID: 4052 Comm: syz-executor939 Not tainted 5.15.98-syzkaller #0
[   43.710840][ T4052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   43.713436][ T4052] Call trace:
[   43.714282][ T4052]  dump_backtrace+0x0/0x530
[   43.715442][ T4052]  show_stack+0x2c/0x3c
[   43.716657][ T4052]  dump_stack_lvl+0x108/0x170
[   43.717823][ T4052]  print_address_description+0x7c/0x3f0
[   43.719245][ T4052]  kasan_report+0x174/0x1e4
[   43.720384][ T4052]  __asan_report_load4_noabort+0x44/0x50
[   43.721862][ T4052]  hfsplus_releasepage+0x40c/0x4a8
[   43.723179][ T4052]  try_to_release_page+0x204/0x2d0
[   43.724468][ T4052]  block_invalidatepage+0x408/0x4bc
[   43.725836][ T4052]  truncate_cleanup_page+0x15c/0x414
[   43.727161][ T4052]  truncate_inode_pages_range+0x254/0xbe0
[   43.728607][ T4052]  truncate_inode_pages_final+0x94/0xd0
[   43.730094][ T4052]  hfsplus_evict_inode+0x2c/0xc0
[   43.731371][ T4052]  evict+0x260/0x68c
[   43.732404][ T4052]  iput+0x8cc/0x9ac
[   43.733410][ T4052]  hfsplus_put_super+0x1b0/0x2ec
[   43.734658][ T4052]  generic_shutdown_super+0x130/0x29c
[   43.736064][ T4052]  kill_block_super+0x70/0xdc
[   43.737307][ T4052]  deactivate_locked_super+0xb8/0x13c
[   43.738786][ T4052]  deactivate_super+0x108/0x128
[   43.740070][ T4052]  cleanup_mnt+0x3c0/0x474
[   43.741265][ T4052]  __cleanup_mnt+0x20/0x30
[   43.742381][ T4052]  task_work_run+0x130/0x1e4
[   43.743574][ T4052]  do_exit+0x55c/0x1c20
[   43.744677][ T4052]  do_group_exit+0x110/0x268
[   43.745896][ T4052]  __wake_up_parent+0x0/0x60
[   43.747139][ T4052]  invoke_syscall+0x98/0x2b8
[   43.748344][ T4052]  el0_svc_common+0x138/0x258
[   43.749587][ T4052]  do_el0_svc+0x58/0x14c
[   43.750764][ T4052]  el0_svc+0x7c/0x1f0
[   43.751776][ T4052]  el0t_64_sync_handler+0x84/0xe4
[   43.753079][ T4052]  el0t_64_sync+0x1a0/0x1a4
[   43.754284][ T4052] 
[   43.754908][ T4052] Allocated by task 4052:
[   43.756020][ T4052]  ____kasan_kmalloc+0xbc/0xfc
[   43.757237][ T4052]  __kasan_kmalloc+0x10/0x1c
[   43.758435][ T4052]  kmem_cache_alloc_trace+0x248/0x3b4
[   43.759826][ T4052]  hfsplus_btree_open+0x6c/0xd10
[   43.761081][ T4052]  hfsplus_fill_super+0x914/0x167c
[   43.762491][ T4052]  mount_bdev+0x26c/0x368
[   43.763630][ T4052]  hfsplus_mount+0x44/0x58
[   43.764810][ T4052]  legacy_get_tree+0xd4/0x16c
[   43.766013][ T4052]  vfs_get_tree+0x90/0x274
[   43.767175][ T4052]  do_new_mount+0x25c/0x8c8
[   43.768307][ T4052]  path_mount+0x590/0x104c
[   43.769414][ T4052]  __arm64_sys_mount+0x510/0x5e0
[   43.770721][ T4052]  invoke_syscall+0x98/0x2b8
[   43.771956][ T4052]  el0_svc_common+0x138/0x258
[   43.773193][ T4052]  do_el0_svc+0x58/0x14c
[   43.774244][ T4052]  el0_svc+0x7c/0x1f0
[   43.775302][ T4052]  el0t_64_sync_handler+0x84/0xe4
[   43.776599][ T4052]  el0t_64_sync+0x1a0/0x1a4
[   43.777846][ T4052] 
[   43.778450][ T4052] Freed by task 4052:
[   43.779479][ T4052]  kasan_set_track+0x4c/0x84
[   43.780655][ T4052]  kasan_set_free_info+0x28/0x4c
[   43.782029][ T4052]  ____kasan_slab_free+0x118/0x164
[   43.783462][ T4052]  __kasan_slab_free+0x18/0x28
[   43.784783][ T4052]  slab_free_freelist_hook+0x128/0x1ec
[   43.786216][ T4052]  kfree+0x1a8/0x478
[   43.787249][ T4052]  hfsplus_btree_close+0x25c/0x288
[   43.788604][ T4052]  hfsplus_put_super+0x140/0x2ec
[   43.789873][ T4052]  generic_shutdown_super+0x130/0x29c
[   43.791266][ T4052]  kill_block_super+0x70/0xdc
[   43.792474][ T4052]  deactivate_locked_super+0xb8/0x13c
[   43.793877][ T4052]  deactivate_super+0x108/0x128
[   43.795150][ T4052]  cleanup_mnt+0x3c0/0x474
[   43.796284][ T4052]  __cleanup_mnt+0x20/0x30
[   43.797478][ T4052]  task_work_run+0x130/0x1e4
[   43.798674][ T4052]  do_exit+0x55c/0x1c20
[   43.799710][ T4052]  do_group_exit+0x110/0x268
[   43.800924][ T4052]  __wake_up_parent+0x0/0x60
[   43.802135][ T4052]  invoke_syscall+0x98/0x2b8
[   43.803368][ T4052]  el0_svc_common+0x138/0x258
[   43.804585][ T4052]  do_el0_svc+0x58/0x14c
[   43.805646][ T4052]  el0_svc+0x7c/0x1f0
[   43.806717][ T4052]  el0t_64_sync_handler+0x84/0xe4
[   43.808028][ T4052]  el0t_64_sync+0x1a0/0x1a4
[   43.809192][ T4052] 
[   43.809792][ T4052] The buggy address belongs to the object at ffff0000da23e000
[   43.809792][ T4052]  which belongs to the cache kmalloc-4k of size 4096
[   43.813505][ T4052] The buggy address is located 56 bytes inside of
[   43.813505][ T4052]  4096-byte region [ffff0000da23e000, ffff0000da23f000)
[   43.816942][ T4052] The buggy address belongs to the page:
[   43.818384][ T4052] page:00000000805e355b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a238
[   43.821053][ T4052] head:00000000805e355b order:3 compound_mapcount:0 compound_pincount:0
[   43.823156][ T4052] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   43.825333][ T4052] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002a80
[   43.827614][ T4052] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   43.829821][ T4052] page dumped because: kasan: bad access detected
[   43.831535][ T4052] 
[   43.832139][ T4052] Memory state around the buggy address:
[   43.833622][ T4052]  ffff0000da23df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.835738][ T4052]  ffff0000da23df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.837821][ T4052] >ffff0000da23e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.839920][ T4052]                                         ^
[   43.841536][ T4052]  ffff0000da23e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.843613][ T4052]  ffff0000da23e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.845690][ T4052] ==================================================================
[   43.847809][ T4052] Disabling lock debugging due to kernel taint