Warning: Permanently added '10.128.0.90' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 36.780731][ T4217] loop0: detected capacity change from 0 to 4096 [ 36.784926][ T4217] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 36.807345][ T4217] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 36.809244][ T4217] ================================================================== [ 36.810979][ T4217] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x290/0x434 [ 36.812579][ T4217] Read of size 48 at addr ffff0000db68be30 by task syz-executor144/4217 [ 36.814270][ T4217] [ 36.814674][ T4217] CPU: 1 PID: 4217 Comm: syz-executor144 Not tainted 6.1.34-syzkaller #0 [ 36.816541][ T4217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 36.818790][ T4217] Call trace: [ 36.819495][ T4217] dump_backtrace+0x1c8/0x1f4 [ 36.820501][ T4217] show_stack+0x2c/0x3c [ 36.821379][ T4217] dump_stack_lvl+0x108/0x170 [ 36.822541][ T4217] print_report+0x174/0x4c0 [ 36.823610][ T4217] kasan_report+0xd4/0x130 [ 36.824477][ T4217] kasan_check_range+0x264/0x2a4 [ 36.825474][ T4217] memcpy+0x48/0x90 [ 36.826259][ T4217] ntfs_listxattr+0x290/0x434 [ 36.827259][ T4217] listxattr+0x29c/0x3cc [ 36.828246][ T4217] __arm64_sys_listxattr+0x13c/0x21c [ 36.829506][ T4217] invoke_syscall+0x98/0x2c0 [ 36.830396][ T4217] el0_svc_common+0x138/0x258 [ 36.831413][ T4217] do_el0_svc+0x64/0x218 [ 36.832283][ T4217] el0_svc+0x58/0x168 [ 36.833182][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 36.834345][ T4217] el0t_64_sync+0x18c/0x190 [ 36.835204][ T4217] [ 36.835719][ T4217] Allocated by task 4217: [ 36.836609][ T4217] kasan_set_track+0x4c/0x80 [ 36.837651][ T4217] kasan_save_alloc_info+0x24/0x30 [ 36.838825][ T4217] __kasan_kmalloc+0xac/0xc4 [ 36.839842][ T4217] __kmalloc+0xd8/0x1c4 [ 36.840798][ T4217] ntfs_read_ea+0x39c/0x6d8 [ 36.841729][ T4217] ntfs_listxattr+0x148/0x434 [ 36.842818][ T4217] listxattr+0x29c/0x3cc [ 36.843655][ T4217] __arm64_sys_listxattr+0x13c/0x21c [ 36.844873][ T4217] invoke_syscall+0x98/0x2c0 [ 36.845881][ T4217] el0_svc_common+0x138/0x258 [ 36.846847][ T4217] do_el0_svc+0x64/0x218 [ 36.847733][ T4217] el0_svc+0x58/0x168 [ 36.848597][ T4217] el0t_64_sync_handler+0x84/0xf0 [ 36.849618][ T4217] el0t_64_sync+0x18c/0x190 [ 36.850690][ T4217] [ 36.851242][ T4217] The buggy address belongs to the object at ffff0000db68be00 [ 36.851242][ T4217] which belongs to the cache kmalloc-128 of size 128 [ 36.854393][ T4217] The buggy address is located 48 bytes inside of [ 36.854393][ T4217] 128-byte region [ffff0000db68be00, ffff0000db68be80) [ 36.857388][ T4217] [ 36.857888][ T4217] The buggy address belongs to the physical page: [ 36.859258][ T4217] page:0000000064170fd7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b68b [ 36.861504][ T4217] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 36.863035][ T4217] raw: 05ffc00000000200 0000000000000000 dead000000000001 ffff0000c0002300 [ 36.864896][ T4217] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 36.867003][ T4217] page dumped because: kasan: bad access detected [ 36.868454][ T4217] [ 36.868923][ T4217] Memory state around the buggy address: [ 36.870219][ T4217] ffff0000db68bd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.871937][ T4217] ffff0000db68bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.873736][ T4217] >ffff0000db68be00: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 36.875537][ T4217] ^ [ 36.876816][ T4217] ffff0000db68be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.878485][ T4217] ffff0000db68bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.880129][ T4217] ================================================================== [ 36.882025][ T4217] Disabling lock debugging due to kernel taint