[ 18.284750][ T3637] 8021q: adding VLAN 0 to HW filter on device bond0 [ 18.291489][ T3637] eql: remember to turn off Van-Jacobson compression on your slave devices [ 18.334874][ T411] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 18.338038][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.69' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.656770][ T3961] loop0: detected capacity change from 0 to 4096 [ 42.661839][ T3961] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 42.681303][ T3961] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 42.683240][ T3961] ================================================================== [ 42.684948][ T3961] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x290/0x434 [ 42.686632][ T3961] Read of size 48 at addr ffff0000cecddb30 by task syz-executor423/3961 [ 42.688301][ T3961] [ 42.688772][ T3961] CPU: 0 PID: 3961 Comm: syz-executor423 Not tainted 5.15.110-syzkaller #0 [ 42.690435][ T3961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 42.692660][ T3961] Call trace: [ 42.693310][ T3961] dump_backtrace+0x0/0x530 [ 42.694295][ T3961] show_stack+0x2c/0x3c [ 42.695208][ T3961] dump_stack_lvl+0x108/0x170 [ 42.696214][ T3961] print_address_description+0x7c/0x3f0 [ 42.697356][ T3961] kasan_report+0x174/0x1e4 [ 42.698327][ T3961] kasan_check_range+0x274/0x2b4 [ 42.699340][ T3961] memcpy+0x90/0xe8 [ 42.700228][ T3961] ntfs_listxattr+0x290/0x434 [ 42.701251][ T3961] listxattr+0x29c/0x3e4 [ 42.702131][ T3961] __arm64_sys_listxattr+0x13c/0x21c [ 42.703295][ T3961] invoke_syscall+0x98/0x2b8 [ 42.704292][ T3961] el0_svc_common+0x138/0x258 [ 42.705280][ T3961] do_el0_svc+0x58/0x14c [ 42.706169][ T3961] el0_svc+0x7c/0x1f0 [ 42.707037][ T3961] el0t_64_sync_handler+0x84/0xe4 [ 42.708156][ T3961] el0t_64_sync+0x1a0/0x1a4 [ 42.709094][ T3961] [ 42.709573][ T3961] Allocated by task 3961: [ 42.710510][ T3961] ____kasan_kmalloc+0xbc/0xfc [ 42.711485][ T3961] __kasan_kmalloc+0x10/0x1c [ 42.712435][ T3961] __kmalloc+0x29c/0x4c8 [ 42.713358][ T3961] ntfs_read_ea+0x39c/0x6d8 [ 42.714401][ T3961] ntfs_listxattr+0x148/0x434 [ 42.715530][ T3961] listxattr+0x29c/0x3e4 [ 42.716405][ T3961] __arm64_sys_listxattr+0x13c/0x21c [ 42.717464][ T3961] invoke_syscall+0x98/0x2b8 [ 42.718469][ T3961] el0_svc_common+0x138/0x258 [ 42.719405][ T3961] do_el0_svc+0x58/0x14c [ 42.720333][ T3961] el0_svc+0x7c/0x1f0 [ 42.721215][ T3961] el0t_64_sync_handler+0x84/0xe4 [ 42.722223][ T3961] el0t_64_sync+0x1a0/0x1a4 [ 42.723152][ T3961] [ 42.723638][ T3961] The buggy address belongs to the object at ffff0000cecddb00 [ 42.723638][ T3961] which belongs to the cache kmalloc-128 of size 128 [ 42.726611][ T3961] The buggy address is located 48 bytes inside of [ 42.726611][ T3961] 128-byte region [ffff0000cecddb00, ffff0000cecddb80) [ 42.729463][ T3961] The buggy address belongs to the page: [ 42.730691][ T3961] page:0000000062491911 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ecdd [ 42.732884][ T3961] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 42.734483][ T3961] raw: 05ffc00000000200 dead000000000100 dead000000000122 ffff0000c0002300 [ 42.736245][ T3961] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 42.738057][ T3961] page dumped because: kasan: bad access detected [ 42.739413][ T3961] [ 42.739850][ T3961] Memory state around the buggy address: [ 42.741020][ T3961] ffff0000cecdda00: 00 00 00 00 00 00 00 00 00 07 fc fc fc fc fc fc [ 42.742697][ T3961] ffff0000cecdda80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.744464][ T3961] >ffff0000cecddb00: 00 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc [ 42.746194][ T3961] ^ [ 42.747414][ T3961] ffff0000cecddb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.749140][ T3961] ffff0000cecddc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 42.750785][ T3961] ================================================================== [ 42.752503][ T3961] Disabling lock debugging due to kernel taint