[   15.538983][ T3892] 8021q: adding VLAN 0 to HW filter on device bond0
[   15.542439][ T3892] eql: remember to turn off Van-Jacobson compression on your slave devices
[   15.583006][  T303] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   15.585708][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.134' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   35.854583][ T4216] loop0: detected capacity change from 0 to 64
[   35.881261][ T4216] hfs: unable to locate alternate MDB
[   35.882634][ T4216] hfs: continuing without an alternate MDB
[   35.887782][ T4216] ==================================================================
[   35.889690][ T4216] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x310/0x454
[   35.891605][ T4216] Write of size 256 at addr ffff0000c4d43300 by task syz-executor324/4216
[   35.893635][ T4216] 
[   35.894223][ T4216] CPU: 0 PID: 4216 Comm: syz-executor324 Not tainted 6.1.31-syzkaller #0
[   35.896240][ T4216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   35.898663][ T4216] Call trace:
[   35.899439][ T4216]  dump_backtrace+0x1c8/0x1f4
[   35.900511][ T4216]  show_stack+0x2c/0x3c
[   35.901546][ T4216]  dump_stack_lvl+0x108/0x170
[   35.902745][ T4216]  print_report+0x174/0x4c0
[   35.903923][ T4216]  kasan_report+0xd4/0x130
[   35.905050][ T4216]  kasan_check_range+0x264/0x2a4
[   35.906253][ T4216]  memcpy+0x60/0x90
[   35.907176][ T4216]  hfs_bnode_read_key+0x310/0x454
[   35.908463][ T4216]  hfs_brec_insert+0x508/0x97c
[   35.909696][ T4216]  hfs_cat_create+0x4f0/0x844
[   35.910919][ T4216]  hfs_create+0x70/0xe4
[   35.911983][ T4216]  path_openat+0xeac/0x2548
[   35.913091][ T4216]  do_filp_open+0x1bc/0x3cc
[   35.914214][ T4216]  do_sys_openat2+0x128/0x3d8
[   35.915410][ T4216]  __arm64_sys_openat+0x1f0/0x240
[   35.916695][ T4216]  invoke_syscall+0x98/0x2c0
[   35.917805][ T4216]  el0_svc_common+0x138/0x258
[   35.919029][ T4216]  do_el0_svc+0x64/0x218
[   35.920106][ T4216]  el0_svc+0x58/0x168
[   35.921098][ T4216]  el0t_64_sync_handler+0x84/0xf0
[   35.922330][ T4216]  el0t_64_sync+0x18c/0x190
[   35.923449][ T4216] 
[   35.924001][ T4216] Allocated by task 4216:
[   35.925102][ T4216]  kasan_set_track+0x4c/0x80
[   35.926247][ T4216]  kasan_save_alloc_info+0x24/0x30
[   35.927477][ T4216]  __kasan_kmalloc+0xac/0xc4
[   35.928589][ T4216]  __kmalloc+0xd8/0x1c4
[   35.929643][ T4216]  hfs_find_init+0x88/0x1c8
[   35.930749][ T4216]  hfs_cat_create+0x168/0x844
[   35.931961][ T4216]  hfs_create+0x70/0xe4
[   35.932955][ T4216]  path_openat+0xeac/0x2548
[   35.934120][ T4216]  do_filp_open+0x1bc/0x3cc
[   35.935271][ T4216]  do_sys_openat2+0x128/0x3d8
[   35.936473][ T4216]  __arm64_sys_openat+0x1f0/0x240
[   35.937673][ T4216]  invoke_syscall+0x98/0x2c0
[   35.938857][ T4216]  el0_svc_common+0x138/0x258
[   35.939985][ T4216]  do_el0_svc+0x64/0x218
[   35.941115][ T4216]  el0_svc+0x58/0x168
[   35.942157][ T4216]  el0t_64_sync_handler+0x84/0xf0
[   35.943445][ T4216]  el0t_64_sync+0x18c/0x190
[   35.944571][ T4216] 
[   35.945148][ T4216] The buggy address belongs to the object at ffff0000c4d43300
[   35.945148][ T4216]  which belongs to the cache kmalloc-128 of size 128
[   35.948686][ T4216] The buggy address is located 0 bytes inside of
[   35.948686][ T4216]  128-byte region [ffff0000c4d43300, ffff0000c4d43380)
[   35.952068][ T4216] 
[   35.952707][ T4216] The buggy address belongs to the physical page:
[   35.954242][ T4216] page:000000008da5510c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104d43
[   35.956727][ T4216] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   35.958670][ T4216] raw: 05ffc00000000200 fffffc00033ca600 dead000000000004 ffff0000c0002300
[   35.960842][ T4216] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   35.963031][ T4216] page dumped because: kasan: bad access detected
[   35.964674][ T4216] 
[   35.965255][ T4216] Memory state around the buggy address:
[   35.966768][ T4216]  ffff0000c4d43200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   35.968839][ T4216]  ffff0000c4d43280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.970807][ T4216] >ffff0000c4d43300: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[   35.972768][ T4216]                                               ^
[   35.974242][ T4216]  ffff0000c4d43380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.976292][ T4216]  ffff0000c4d43400: 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.978278][ T4216] ==================================================================
[   35.980682][ T4216] Disabling lock debugging due to kernel taint