[   15.938094][ T5643] 8021q: adding VLAN 0 to HW filter on device bond0
[   15.941136][ T5643] eql: remember to turn off Van-Jacobson compression on your slave devices
[   15.992846][   T39] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   15.996622][ T2059] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.521917][ T5973] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5973 'syz-executor248'
[   33.526189][ T5973] loop0: detected capacity change from 0 to 64
[   33.575113][ T5973] hfs: unable to locate alternate MDB
[   33.576308][ T5973] hfs: continuing without an alternate MDB
[   33.581374][ T5973] ==================================================================
[   33.583165][ T5973] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x310/0x454
[   33.585030][ T5973] Write of size 256 at addr ffff0000cb525900 by task syz-executor248/5973
[   33.586948][ T5973] 
[   33.587510][ T5973] CPU: 1 PID: 5973 Comm: syz-executor248 Not tainted 6.4.0-rc3-syzkaller-geb0f1697d729 #0
[   33.589777][ T5973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   33.592135][ T5973] Call trace:
[   33.592866][ T5973]  dump_backtrace+0x1b8/0x1e4
[   33.593939][ T5973]  show_stack+0x2c/0x44
[   33.594885][ T5973]  dump_stack_lvl+0xd0/0x124
[   33.595993][ T5973]  print_report+0x174/0x514
[   33.597034][ T5973]  kasan_report+0xd4/0x130
[   33.598031][ T5973]  kasan_check_range+0x264/0x2a4
[   33.599228][ T5973]  __asan_memcpy+0x54/0x84
[   33.600280][ T5973]  hfs_bnode_read_key+0x310/0x454
[   33.601402][ T5973]  hfs_brec_insert+0x508/0x97c
[   33.602624][ T5973]  hfs_cat_create+0x4f0/0x844
[   33.603769][ T5973]  hfs_create+0x70/0xe4
[   33.604732][ T5973]  path_openat+0xf80/0x27f8
[   33.605807][ T5973]  do_filp_open+0x1bc/0x3cc
[   33.606879][ T5973]  do_sys_openat2+0x128/0x3d8
[   33.607934][ T5973]  __arm64_sys_openat+0x1f0/0x240
[   33.609080][ T5973]  invoke_syscall+0x98/0x2c0
[   33.610028][ T5973]  el0_svc_common+0x138/0x258
[   33.611153][ T5973]  do_el0_svc+0x64/0x198
[   33.612139][ T5973]  el0_svc+0x4c/0x15c
[   33.613116][ T5973]  el0t_64_sync_handler+0x84/0xf0
[   33.614270][ T5973]  el0t_64_sync+0x190/0x194
[   33.615349][ T5973] 
[   33.615879][ T5973] Allocated by task 5973:
[   33.616837][ T5973]  kasan_set_track+0x4c/0x7c
[   33.617905][ T5973]  kasan_save_alloc_info+0x24/0x30
[   33.619201][ T5973]  __kasan_kmalloc+0xac/0xc4
[   33.620284][ T5973]  __kmalloc+0xcc/0x1b8
[   33.621283][ T5973]  hfs_find_init+0x88/0x1c8
[   33.622305][ T5973]  hfs_cat_create+0x168/0x844
[   33.623512][ T5973]  hfs_create+0x70/0xe4
[   33.624516][ T5973]  path_openat+0xf80/0x27f8
[   33.625543][ T5973]  do_filp_open+0x1bc/0x3cc
[   33.626614][ T5973]  do_sys_openat2+0x128/0x3d8
[   33.627679][ T5973]  __arm64_sys_openat+0x1f0/0x240
[   33.628828][ T5973]  invoke_syscall+0x98/0x2c0
[   33.629964][ T5973]  el0_svc_common+0x138/0x258
[   33.631141][ T5973]  do_el0_svc+0x64/0x198
[   33.632067][ T5973]  el0_svc+0x4c/0x15c
[   33.633066][ T5973]  el0t_64_sync_handler+0x84/0xf0
[   33.634306][ T5973]  el0t_64_sync+0x190/0x194
[   33.635336][ T5973] 
[   33.635885][ T5973] Last potentially related work creation:
[   33.637260][ T5973]  kasan_save_stack+0x40/0x6c
[   33.638334][ T5973]  __kasan_record_aux_stack+0xcc/0xe8
[   33.639631][ T5973]  kasan_record_aux_stack_noalloc+0x14/0x20
[   33.641088][ T5973]  kvfree_call_rcu+0xa8/0x688
[   33.642158][ T5973]  kernfs_unlink_open_file+0x398/0x448
[   33.643577][ T5973]  kernfs_fop_release+0x130/0x198
[   33.644742][ T5973]  __fput+0x30c/0x7bc
[   33.645691][ T5973]  ____fput+0x20/0x30
[   33.646531][ T5973]  task_work_run+0x230/0x2e0
[   33.647590][ T5973]  do_notify_resume+0x2180/0x3c90
[   33.648803][ T5973]  el0_svc+0x90/0x15c
[   33.649796][ T5973]  el0t_64_sync_handler+0x84/0xf0
[   33.650993][ T5973]  el0t_64_sync+0x190/0x194
[   33.652084][ T5973] 
[   33.652653][ T5973] The buggy address belongs to the object at ffff0000cb525900
[   33.652653][ T5973]  which belongs to the cache kmalloc-128 of size 128
[   33.655939][ T5973] The buggy address is located 0 bytes inside of
[   33.655939][ T5973]  allocated 78-byte region [ffff0000cb525900, ffff0000cb52594e)
[   33.659388][ T5973] 
[   33.659912][ T5973] The buggy address belongs to the physical page:
[   33.661525][ T5973] page:00000000d14ce93e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b525
[   33.663816][ T5973] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   33.665741][ T5973] page_type: 0xffffffff()
[   33.666750][ T5973] raw: 05ffc00000000200 ffff0000c0002300 fffffc00032d7d40 dead000000000004
[   33.668699][ T5973] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   33.670696][ T5973] page dumped because: kasan: bad access detected
[   33.672264][ T5973] 
[   33.672854][ T5973] Memory state around the buggy address:
[   33.674287][ T5973]  ffff0000cb525800: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc
[   33.676222][ T5973]  ffff0000cb525880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.678023][ T5973] >ffff0000cb525900: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc
[   33.679936][ T5973]                                               ^
[   33.681430][ T5973]  ffff0000cb525980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.683296][ T5973]  ffff0000cb525a00: 00 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.685214][ T5973] ==================================================================
[   33.687338][ T5973] Disabling lock debugging due to kernel taint