[ 15.395692][ T5646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 15.405988][ T5646] eql: remember to turn off Van-Jacobson compression on your slave devices [ 15.457745][ T27] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 15.460593][ T5556] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.159' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.688572][ T5976] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5976 'syz-executor667' [ 35.717976][ T5976] loop0: detected capacity change from 0 to 4096 [ 35.722427][ T5976] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 35.734170][ T5976] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 35.744964][ T5976] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 35.747567][ T5976] ================================================================== [ 35.749249][ T5976] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x2b8/0x464 [ 35.750845][ T5976] Read of size 48 at addr ffff0000d663f330 by task syz-executor667/5976 [ 35.752533][ T5976] [ 35.753025][ T5976] CPU: 0 PID: 5976 Comm: syz-executor667 Not tainted 6.4.0-rc5-syzkaller-g177239177378 #0 [ 35.755118][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 35.757266][ T5976] Call trace: [ 35.757970][ T5976] dump_backtrace+0x1b8/0x1e4 [ 35.759028][ T5976] show_stack+0x2c/0x44 [ 35.759906][ T5976] dump_stack_lvl+0xd0/0x124 [ 35.760875][ T5976] print_report+0x174/0x514 [ 35.761820][ T5976] kasan_report+0xd4/0x130 [ 35.762746][ T5976] kasan_check_range+0x264/0x2a4 [ 35.763750][ T5976] __asan_memcpy+0x3c/0x84 [ 35.764676][ T5976] ntfs_listxattr+0x2b8/0x464 [ 35.765682][ T5976] listxattr+0x108/0x368 [ 35.766589][ T5976] __arm64_sys_listxattr+0x13c/0x21c [ 35.767724][ T5976] invoke_syscall+0x98/0x2c0 [ 35.768701][ T5976] el0_svc_common+0x138/0x244 [ 35.769786][ T5976] do_el0_svc+0x64/0x198 [ 35.770742][ T5976] el0_svc+0x4c/0x160 [ 35.771593][ T5976] el0t_64_sync_handler+0x84/0xfc [ 35.772687][ T5976] el0t_64_sync+0x190/0x194 [ 35.773664][ T5976] [ 35.774152][ T5976] Allocated by task 5976: [ 35.775050][ T5976] kasan_set_track+0x4c/0x7c [ 35.776020][ T5976] kasan_save_alloc_info+0x24/0x30 [ 35.777146][ T5976] __kasan_kmalloc+0xac/0xc4 [ 35.778116][ T5976] __kmalloc+0xcc/0x1b8 [ 35.778996][ T5976] ntfs_read_ea+0x3c0/0x818 [ 35.779980][ T5976] ntfs_listxattr+0x148/0x464 [ 35.781057][ T5976] listxattr+0x108/0x368 [ 35.781974][ T5976] __arm64_sys_listxattr+0x13c/0x21c [ 35.783126][ T5976] invoke_syscall+0x98/0x2c0 [ 35.784090][ T5976] el0_svc_common+0x138/0x244 [ 35.785115][ T5976] do_el0_svc+0x64/0x198 [ 35.786029][ T5976] el0_svc+0x4c/0x160 [ 35.786872][ T5976] el0t_64_sync_handler+0x84/0xfc [ 35.787911][ T5976] el0t_64_sync+0x190/0x194 [ 35.788849][ T5976] [ 35.789329][ T5976] The buggy address belongs to the object at ffff0000d663f300 [ 35.789329][ T5976] which belongs to the cache kmalloc-128 of size 128 [ 35.792332][ T5976] The buggy address is located 48 bytes inside of [ 35.792332][ T5976] allocated 60-byte region [ffff0000d663f300, ffff0000d663f33c) [ 35.795224][ T5976] [ 35.795686][ T5976] The buggy address belongs to the physical page: [ 35.797064][ T5976] page:000000006dc3497f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11663f [ 35.799235][ T5976] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 35.800827][ T5976] page_type: 0xffffffff() [ 35.801783][ T5976] raw: 05ffc00000000200 ffff0000c0002300 fffffc00032b7400 dead000000000002 [ 35.803524][ T5976] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 35.805447][ T5976] page dumped because: kasan: bad access detected [ 35.806820][ T5976] [ 35.807306][ T5976] Memory state around the buggy address: [ 35.808537][ T5976] ffff0000d663f200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 35.810289][ T5976] ffff0000d663f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.812053][ T5976] >ffff0000d663f300: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 35.813796][ T5976] ^ [ 35.815048][ T5976] ffff0000d663f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.816798][ T5976] ffff0000d663f400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.818511][ T5976] ================================================================== [ 35.820508][ T5976] Disabling lock debugging due to kernel taint