Warning: Permanently added '10.128.0.27' (ED25519) to the list of known hosts. executing program [ 37.413618][ T6085] syz-executor941[6085]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 37.441625][ T6085] loop0: detected capacity change from 0 to 4096 [ 37.446507][ T6085] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 37.459050][ T6085] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 37.461788][ T6085] ntfs3: loop0: Failed to load $Extend (-22). [ 37.463337][ T6085] ntfs3: loop0: Failed to initialize $Extend. [ 37.469912][ T6085] ================================================================== [ 37.471992][ T6085] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x354/0x50c [ 37.473907][ T6085] Read of size 48 at addr ffff0000ccb9b6b0 by task syz-executor941/6085 [ 37.476039][ T6085] [ 37.476679][ T6085] CPU: 1 PID: 6085 Comm: syz-executor941 Not tainted 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 37.479193][ T6085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 37.481853][ T6085] Call trace: [ 37.482691][ T6085] dump_backtrace+0x1b8/0x1e4 [ 37.483920][ T6085] show_stack+0x2c/0x44 [ 37.485008][ T6085] dump_stack_lvl+0xd0/0x124 [ 37.486201][ T6085] print_report+0x174/0x514 [ 37.487392][ T6085] kasan_report+0xd8/0x138 [ 37.488565][ T6085] kasan_check_range+0x254/0x294 [ 37.489943][ T6085] __asan_memcpy+0x3c/0x84 [ 37.491069][ T6085] ntfs_listxattr+0x354/0x50c [ 37.492298][ T6085] listxattr+0x108/0x368 [ 37.493436][ T6085] __arm64_sys_listxattr+0x13c/0x21c [ 37.494809][ T6085] invoke_syscall+0x98/0x2b8 [ 37.496034][ T6085] el0_svc_common+0x130/0x23c [ 37.497276][ T6085] do_el0_svc+0x48/0x58 [ 37.498395][ T6085] el0_svc+0x54/0x158 [ 37.499454][ T6085] el0t_64_sync_handler+0x84/0xfc [ 37.500765][ T6085] el0t_64_sync+0x190/0x194 [ 37.501937][ T6085] [ 37.502570][ T6085] Allocated by task 6085: [ 37.503759][ T6085] kasan_set_track+0x4c/0x7c [ 37.504967][ T6085] kasan_save_alloc_info+0x24/0x30 [ 37.506314][ T6085] __kasan_kmalloc+0xac/0xc4 [ 37.507494][ T6085] __kmalloc+0xcc/0x1b8 [ 37.508574][ T6085] ntfs_read_ea+0x3c0/0x808 [ 37.509757][ T6085] ntfs_listxattr+0x14c/0x50c [ 37.510948][ T6085] listxattr+0x108/0x368 [ 37.512020][ T6085] __arm64_sys_listxattr+0x13c/0x21c [ 37.513285][ T6085] invoke_syscall+0x98/0x2b8 [ 37.514367][ T6085] el0_svc_common+0x130/0x23c [ 37.515465][ T6085] do_el0_svc+0x48/0x58 [ 37.516534][ T6085] el0_svc+0x54/0x158 [ 37.517602][ T6085] el0t_64_sync_handler+0x84/0xfc [ 37.518879][ T6085] el0t_64_sync+0x190/0x194 [ 37.520040][ T6085] [ 37.520642][ T6085] The buggy address belongs to the object at ffff0000ccb9b680 [ 37.520642][ T6085] which belongs to the cache kmalloc-64 of size 64 [ 37.524320][ T6085] The buggy address is located 48 bytes inside of [ 37.524320][ T6085] allocated 60-byte region [ffff0000ccb9b680, ffff0000ccb9b6bc) [ 37.528038][ T6085] [ 37.528627][ T6085] The buggy address belongs to the physical page: [ 37.530328][ T6085] page:00000000948951b7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10cb9b [ 37.532982][ T6085] flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 37.534961][ T6085] page_type: 0xffffffff() [ 37.536083][ T6085] raw: 05ffc00000000800 ffff0000c0001640 fffffc00030802c0 dead000000000004 [ 37.538352][ T6085] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 37.540586][ T6085] page dumped because: kasan: bad access detected [ 37.542247][ T6085] [ 37.542844][ T6085] Memory state around the buggy address: [ 37.544315][ T6085] ffff0000ccb9b580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.546374][ T6085] ffff0000ccb9b600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.548457][ T6085] >ffff0000ccb9b680: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 37.550527][ T6085] ^ [ 37.552080][ T6085] ffff0000ccb9b700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.554181][ T6085] ffff0000ccb9b780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 37.556301][ T6085] ================================================================== [ 37.558645][ T6085] Disabling lock debugging due to kernel taint