Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.549354][ T3968] loop0: detected capacity change from 0 to 4096 [ 38.554093][ T3968] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 38.580923][ T3968] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 38.582885][ T3968] ================================================================== [ 38.584677][ T3968] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x290/0x434 [ 38.586313][ T3968] Read of size 48 at addr ffff0000d3ec4b30 by task syz-executor329/3968 [ 38.588134][ T3968] [ 38.588590][ T3968] CPU: 0 PID: 3968 Comm: syz-executor329 Not tainted 5.15.117-syzkaller #0 [ 38.590509][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 38.592689][ T3968] Call trace: [ 38.593419][ T3968] dump_backtrace+0x0/0x530 [ 38.594392][ T3968] show_stack+0x2c/0x3c [ 38.595333][ T3968] dump_stack_lvl+0x108/0x170 [ 38.596395][ T3968] print_address_description+0x7c/0x3f0 [ 38.597640][ T3968] kasan_report+0x174/0x1e4 [ 38.598617][ T3968] kasan_check_range+0x274/0x2b4 [ 38.599679][ T3968] memcpy+0x90/0xe8 [ 38.600535][ T3968] ntfs_listxattr+0x290/0x434 [ 38.601488][ T3968] listxattr+0x29c/0x3e4 [ 38.602365][ T3968] __arm64_sys_listxattr+0x13c/0x21c [ 38.603496][ T3968] invoke_syscall+0x98/0x2b8 [ 38.604482][ T3968] el0_svc_common+0x138/0x258 [ 38.605540][ T3968] do_el0_svc+0x58/0x14c [ 38.606413][ T3968] el0_svc+0x7c/0x1f0 [ 38.607236][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 38.608389][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 38.609461][ T3968] [ 38.609958][ T3968] Allocated by task 3968: [ 38.610921][ T3968] ____kasan_kmalloc+0xbc/0xfc [ 38.612000][ T3968] __kasan_kmalloc+0x10/0x1c [ 38.612969][ T3968] __kmalloc+0x29c/0x4c8 [ 38.613837][ T3968] ntfs_read_ea+0x39c/0x6d8 [ 38.614773][ T3968] ntfs_listxattr+0x148/0x434 [ 38.615788][ T3968] listxattr+0x29c/0x3e4 [ 38.616711][ T3968] __arm64_sys_listxattr+0x13c/0x21c [ 38.617831][ T3968] invoke_syscall+0x98/0x2b8 [ 38.618774][ T3968] el0_svc_common+0x138/0x258 [ 38.619759][ T3968] do_el0_svc+0x58/0x14c [ 38.620658][ T3968] el0_svc+0x7c/0x1f0 [ 38.621455][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 38.622566][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 38.623636][ T3968] [ 38.624212][ T3968] The buggy address belongs to the object at ffff0000d3ec4b00 [ 38.624212][ T3968] which belongs to the cache kmalloc-128 of size 128 [ 38.627236][ T3968] The buggy address is located 48 bytes inside of [ 38.627236][ T3968] 128-byte region [ffff0000d3ec4b00, ffff0000d3ec4b80) [ 38.630036][ T3968] The buggy address belongs to the page: [ 38.631232][ T3968] page:00000000d7b8fed8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113ec4 [ 38.633359][ T3968] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 38.635004][ T3968] raw: 05ffc00000000200 dead000000000100 dead000000000122 ffff0000c0002300 [ 38.636802][ T3968] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 38.638672][ T3968] page dumped because: kasan: bad access detected [ 38.640028][ T3968] [ 38.640598][ T3968] Memory state around the buggy address: [ 38.641859][ T3968] ffff0000d3ec4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.643481][ T3968] ffff0000d3ec4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.645172][ T3968] >ffff0000d3ec4b00: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 38.646859][ T3968] ^ [ 38.648141][ T3968] ffff0000d3ec4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.649859][ T3968] ffff0000d3ec4c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.651557][ T3968] ================================================================== [ 38.653294][ T3968] Disabling lock debugging due to kernel taint