Warning: Permanently added '10.128.0.144' (ED25519) to the list of known hosts. executing program [ 30.751416][ T6095] loop0: detected capacity change from 0 to 4096 [ 30.756566][ T6095] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 30.768004][ T6095] ntfs3: loop0: Failed to initialize $Extend/$Reparse. [ 30.774394][ T6095] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 30.777415][ T6095] ================================================================== [ 30.779373][ T6095] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x354/0x50c [ 30.781145][ T6095] Read of size 48 at addr ffff0000d0125c30 by task syz-executor346/6095 [ 30.783100][ T6095] [ 30.783615][ T6095] CPU: 1 PID: 6095 Comm: syz-executor346 Not tainted 6.7.0-rc6-syzkaller-gaafe7ad77b91 #0 [ 30.785978][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 30.788395][ T6095] Call trace: [ 30.789301][ T6095] dump_backtrace+0x1b8/0x1e4 [ 30.790473][ T6095] show_stack+0x2c/0x3c [ 30.791353][ T6095] dump_stack_lvl+0xd0/0x124 [ 30.792495][ T6095] print_report+0x174/0x514 [ 30.793665][ T6095] kasan_report+0xd8/0x138 [ 30.794745][ T6095] kasan_check_range+0x254/0x294 [ 30.795960][ T6095] __asan_memcpy+0x3c/0x84 [ 30.797045][ T6095] ntfs_listxattr+0x354/0x50c [ 30.798226][ T6095] listxattr+0x108/0x368 [ 30.799268][ T6095] __arm64_sys_llistxattr+0x13c/0x21c [ 30.800487][ T6095] invoke_syscall+0x98/0x2b8 [ 30.801524][ T6095] el0_svc_common+0x130/0x23c [ 30.802586][ T6095] do_el0_svc+0x48/0x58 [ 30.803631][ T6095] el0_svc+0x54/0x158 [ 30.804561][ T6095] el0t_64_sync_handler+0x84/0xfc [ 30.805760][ T6095] el0t_64_sync+0x190/0x194 [ 30.806790][ T6095] [ 30.807358][ T6095] Allocated by task 6095: [ 30.808356][ T6095] kasan_set_track+0x4c/0x7c [ 30.809350][ T6095] kasan_save_alloc_info+0x24/0x30 [ 30.810641][ T6095] __kasan_kmalloc+0xac/0xc4 [ 30.811667][ T6095] __kmalloc+0xcc/0x1b8 [ 30.812763][ T6095] ntfs_read_ea+0x3c0/0x808 [ 30.813839][ T6095] ntfs_listxattr+0x14c/0x50c [ 30.814969][ T6095] listxattr+0x108/0x368 [ 30.815998][ T6095] __arm64_sys_llistxattr+0x13c/0x21c [ 30.817217][ T6095] invoke_syscall+0x98/0x2b8 [ 30.818284][ T6095] el0_svc_common+0x130/0x23c [ 30.819525][ T6095] do_el0_svc+0x48/0x58 [ 30.820572][ T6095] el0_svc+0x54/0x158 [ 30.821516][ T6095] el0t_64_sync_handler+0x84/0xfc [ 30.822796][ T6095] el0t_64_sync+0x190/0x194 [ 30.823884][ T6095] [ 30.824478][ T6095] The buggy address belongs to the object at ffff0000d0125c00 [ 30.824478][ T6095] which belongs to the cache kmalloc-64 of size 64 [ 30.827830][ T6095] The buggy address is located 48 bytes inside of [ 30.827830][ T6095] allocated 60-byte region [ffff0000d0125c00, ffff0000d0125c3c) [ 30.831032][ T6095] [ 30.831586][ T6095] The buggy address belongs to the physical page: [ 30.833055][ T6095] page:000000003d4f3554 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110125 [ 30.835559][ T6095] ksm flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 30.837421][ T6095] page_type: 0xffffffff() [ 30.838421][ T6095] raw: 05ffc00000000800 ffff0000c0001640 fffffc0003376b40 dead000000000003 [ 30.840600][ T6095] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 30.842645][ T6095] page dumped because: kasan: bad access detected [ 30.844235][ T6095] [ 30.844861][ T6095] Memory state around the buggy address: [ 30.846173][ T6095] ffff0000d0125b00: 00 00 00 00 00 00 02 fc fc fc fc fc fc fc fc fc [ 30.848104][ T6095] ffff0000d0125b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.850025][ T6095] >ffff0000d0125c00: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 30.852072][ T6095] ^ [ 30.853365][ T6095] ffff0000d0125c80: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc [ 30.855356][ T6095] ffff0000d0125d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 30.857148][ T6095] ================================================================== [ 30.859300][ T6095] Disabling lock debugging due to kernel taint