[   15.395692][ T5646] 8021q: adding VLAN 0 to HW filter on device bond0
[   15.405988][ T5646] eql: remember to turn off Van-Jacobson compression on your slave devices
[   15.457745][   T27] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   15.460593][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.159' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   35.688572][ T5976] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5976 'syz-executor667'
[   35.717976][ T5976] loop0: detected capacity change from 0 to 4096
[   35.722427][ T5976] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[   35.734170][ T5976] ntfs3: loop0: Failed to initialize $Extend/$Reparse.
[   35.744964][ T5976] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[   35.747567][ T5976] ==================================================================
[   35.749249][ T5976] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x2b8/0x464
[   35.750845][ T5976] Read of size 48 at addr ffff0000d663f330 by task syz-executor667/5976
[   35.752533][ T5976] 
[   35.753025][ T5976] CPU: 0 PID: 5976 Comm: syz-executor667 Not tainted 6.4.0-rc5-syzkaller-g177239177378 #0
[   35.755118][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   35.757266][ T5976] Call trace:
[   35.757970][ T5976]  dump_backtrace+0x1b8/0x1e4
[   35.759028][ T5976]  show_stack+0x2c/0x44
[   35.759906][ T5976]  dump_stack_lvl+0xd0/0x124
[   35.760875][ T5976]  print_report+0x174/0x514
[   35.761820][ T5976]  kasan_report+0xd4/0x130
[   35.762746][ T5976]  kasan_check_range+0x264/0x2a4
[   35.763750][ T5976]  __asan_memcpy+0x3c/0x84
[   35.764676][ T5976]  ntfs_listxattr+0x2b8/0x464
[   35.765682][ T5976]  listxattr+0x108/0x368
[   35.766589][ T5976]  __arm64_sys_listxattr+0x13c/0x21c
[   35.767724][ T5976]  invoke_syscall+0x98/0x2c0
[   35.768701][ T5976]  el0_svc_common+0x138/0x244
[   35.769786][ T5976]  do_el0_svc+0x64/0x198
[   35.770742][ T5976]  el0_svc+0x4c/0x160
[   35.771593][ T5976]  el0t_64_sync_handler+0x84/0xfc
[   35.772687][ T5976]  el0t_64_sync+0x190/0x194
[   35.773664][ T5976] 
[   35.774152][ T5976] Allocated by task 5976:
[   35.775050][ T5976]  kasan_set_track+0x4c/0x7c
[   35.776020][ T5976]  kasan_save_alloc_info+0x24/0x30
[   35.777146][ T5976]  __kasan_kmalloc+0xac/0xc4
[   35.778116][ T5976]  __kmalloc+0xcc/0x1b8
[   35.778996][ T5976]  ntfs_read_ea+0x3c0/0x818
[   35.779980][ T5976]  ntfs_listxattr+0x148/0x464
[   35.781057][ T5976]  listxattr+0x108/0x368
[   35.781974][ T5976]  __arm64_sys_listxattr+0x13c/0x21c
[   35.783126][ T5976]  invoke_syscall+0x98/0x2c0
[   35.784090][ T5976]  el0_svc_common+0x138/0x244
[   35.785115][ T5976]  do_el0_svc+0x64/0x198
[   35.786029][ T5976]  el0_svc+0x4c/0x160
[   35.786872][ T5976]  el0t_64_sync_handler+0x84/0xfc
[   35.787911][ T5976]  el0t_64_sync+0x190/0x194
[   35.788849][ T5976] 
[   35.789329][ T5976] The buggy address belongs to the object at ffff0000d663f300
[   35.789329][ T5976]  which belongs to the cache kmalloc-128 of size 128
[   35.792332][ T5976] The buggy address is located 48 bytes inside of
[   35.792332][ T5976]  allocated 60-byte region [ffff0000d663f300, ffff0000d663f33c)
[   35.795224][ T5976] 
[   35.795686][ T5976] The buggy address belongs to the physical page:
[   35.797064][ T5976] page:000000006dc3497f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11663f
[   35.799235][ T5976] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff)
[   35.800827][ T5976] page_type: 0xffffffff()
[   35.801783][ T5976] raw: 05ffc00000000200 ffff0000c0002300 fffffc00032b7400 dead000000000002
[   35.803524][ T5976] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   35.805447][ T5976] page dumped because: kasan: bad access detected
[   35.806820][ T5976] 
[   35.807306][ T5976] Memory state around the buggy address:
[   35.808537][ T5976]  ffff0000d663f200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   35.810289][ T5976]  ffff0000d663f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.812053][ T5976] >ffff0000d663f300: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc
[   35.813796][ T5976]                                         ^
[   35.815048][ T5976]  ffff0000d663f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.816798][ T5976]  ffff0000d663f400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.818511][ T5976] ==================================================================
[   35.820508][ T5976] Disabling lock debugging due to kernel taint