[   15.162597][ T3895] 8021q: adding VLAN 0 to HW filter on device bond0
[   15.166091][ T3895] eql: remember to turn off Van-Jacobson compression on your slave devices
[   15.208009][    T9] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   15.211754][   T14] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts.
executing program
syzkaller login: [   31.890527][ T4226] loop0: detected capacity change from 0 to 1024
[   31.893597][ T4226] =======================================================
[   31.893597][ T4226] WARNING: The mand mount option has been deprecated and
[   31.893597][ T4226]          and is ignored by this kernel. Remove the mand
[   31.893597][ T4226]          option from the mount to silence this warning.
[   31.893597][ T4226] =======================================================
[   31.909749][ T4226] ==================================================================
[   31.911847][ T4226] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x624/0x1018
[   31.913829][ T4226] Read of size 2 at addr ffff0000ca12c40c by task syz-executor263/4226
[   31.915971][ T4226] 
[   31.916549][ T4226] CPU: 0 PID: 4226 Comm: syz-executor263 Not tainted 6.1.64-syzkaller #0
[   31.918674][ T4226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   31.921204][ T4226] Call trace:
[   31.922047][ T4226]  dump_backtrace+0x1c8/0x1f4
[   31.923239][ T4226]  show_stack+0x2c/0x3c
[   31.924290][ T4226]  dump_stack_lvl+0x108/0x170
[   31.925489][ T4226]  print_report+0x174/0x4c0
[   31.926644][ T4226]  kasan_report+0xd4/0x130
[   31.927778][ T4226]  __asan_report_load2_noabort+0x2c/0x38
[   31.929290][ T4226]  hfsplus_uni2asc+0x624/0x1018
[   31.930517][ T4226]  hfsplus_readdir+0x7a0/0xf28
[   31.931744][ T4226]  iterate_dir+0x1f4/0x4e4
[   31.932875][ T4226]  __arm64_sys_getdents64+0x1c4/0x4a0
[   31.934250][ T4226]  invoke_syscall+0x98/0x2c0
[   31.935472][ T4226]  el0_svc_common+0x138/0x258
[   31.936667][ T4226]  do_el0_svc+0x64/0x218
[   31.937831][ T4226]  el0_svc+0x58/0x168
[   31.938842][ T4226]  el0t_64_sync_handler+0x84/0xf0
[   31.940133][ T4226]  el0t_64_sync+0x18c/0x190
[   31.941274][ T4226] 
[   31.941867][ T4226] Allocated by task 4226:
[   31.942983][ T4226]  kasan_set_track+0x4c/0x80
[   31.944157][ T4226]  kasan_save_alloc_info+0x24/0x30
[   31.945465][ T4226]  __kasan_kmalloc+0xac/0xc4
[   31.946648][ T4226]  __kmalloc+0xd8/0x1c4
[   31.947736][ T4226]  hfsplus_find_init+0x84/0x1bc
[   31.948966][ T4226]  hfsplus_readdir+0x1c8/0xf28
[   31.950196][ T4226]  iterate_dir+0x1f4/0x4e4
[   31.951328][ T4226]  __arm64_sys_getdents64+0x1c4/0x4a0
[   31.952712][ T4226]  invoke_syscall+0x98/0x2c0
[   31.953903][ T4226]  el0_svc_common+0x138/0x258
[   31.955110][ T4226]  do_el0_svc+0x64/0x218
[   31.956226][ T4226]  el0_svc+0x58/0x168
[   31.957259][ T4226]  el0t_64_sync_handler+0x84/0xf0
[   31.958565][ T4226]  el0t_64_sync+0x18c/0x190
[   31.959769][ T4226] 
[   31.960343][ T4226] Last potentially related work creation:
[   31.961790][ T4226]  kasan_save_stack+0x40/0x70
[   31.962973][ T4226]  __kasan_record_aux_stack+0xcc/0xe8
[   31.964378][ T4226]  kasan_record_aux_stack_noalloc+0x14/0x20
[   31.965942][ T4226]  call_rcu+0xfc/0xa40
[   31.966978][ T4226]  netlink_release+0x11d0/0x16e0
[   31.968246][ T4226]  sock_close+0xb8/0x1fc
[   31.969346][ T4226]  __fput+0x30c/0x7bc
[   31.970354][ T4226]  ____fput+0x20/0x30
[   31.971350][ T4226]  task_work_run+0x240/0x2f0
[   31.972541][ T4226]  do_notify_resume+0x2148/0x3474
[   31.973820][ T4226]  el0_svc+0x9c/0x168
[   31.974927][ T4226]  el0t_64_sync_handler+0x84/0xf0
[   31.976213][ T4226]  el0t_64_sync+0x18c/0x190
[   31.977347][ T4226] 
[   31.977937][ T4226] The buggy address belongs to the object at ffff0000ca12c000
[   31.977937][ T4226]  which belongs to the cache kmalloc-2k of size 2048
[   31.981510][ T4226] The buggy address is located 1036 bytes inside of
[   31.981510][ T4226]  2048-byte region [ffff0000ca12c000, ffff0000ca12c800)
[   31.985084][ T4226] 
[   31.985658][ T4226] The buggy address belongs to the physical page:
[   31.987281][ T4226] page:00000000e6ae60c1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a128
[   31.989881][ T4226] head:00000000e6ae60c1 order:3 compound_mapcount:0 compound_pincount:0
[   31.992054][ T4226] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   31.994111][ T4226] raw: 05ffc00000010200 fffffc00030cd600 dead000000000002 ffff0000c0002900
[   31.996290][ T4226] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   31.998477][ T4226] page dumped because: kasan: bad access detected
[   32.000119][ T4226] 
[   32.000733][ T4226] Memory state around the buggy address:
[   32.002175][ T4226]  ffff0000ca12c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.004213][ T4226]  ffff0000ca12c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.006257][ T4226] >ffff0000ca12c400: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.008294][ T4226]                       ^
[   32.009393][ T4226]  ffff0000ca12c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.011510][ T4226]  ffff0000ca12c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.013589][ T4226] ============================================================