Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp4979954rdb;
        Sat, 30 Dec 2023 00:14:57 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGTKK0Mf7YTDqi6LcIbqFQWpm5QOyVfhAWATxAb8+U3cGeEc7AspadanrZUf9hgpyuhguo8
X-Received: by 2002:a17:906:a1c2:b0:a26:874f:4847 with SMTP id bx2-20020a170906a1c200b00a26874f4847mr5052392ejb.65.1703924097824;
        Sat, 30 Dec 2023 00:14:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1703924097; cv=none;
        d=google.com; s=arc-20160816;
        b=DGw6MWDfO+NvioE3KhGhcsyQyRWqS2pQ3Z2El+jEbg9jRkkpu0PUTPLqjpvjXFg8Qf
         lWgtcEPFijx8TYibOESxw8dPg/xJufPJTaRuhz64G6XRs5Oz4KWGj8OQdTfclSuL2t5Y
         K+kn1LWRxQVjg4MzCkrySxVQYEBZBliUL8UFo0DYuHKRTlIgqHfvwdezCbeZPieIC57n
         GjKt0RM0Im53UmNOjvN2cD7nzA7oUxsFkuV7aTjCHSir3l7h0aNkltnTEHhwHILnwDzr
         KFIQZ1UugqTnKkS297XHo/uecmMmQPYfdSdiWiDasjgHZrzTSMc5Xw8JJ4aDOtNQZ8bO
         m1JA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:date
         :subject:cc:to:from:message-id:dkim-signature;
        bh=2YLUQ5JD8cIPsfY4zmD1aNRnT9NT5rVQVNTPSdRnL/s=;
        fh=jx2Q9ouE5BULNQMDDTkxFOF1Okbk4ohRB5xg9kxBJ1c=;
        b=k9gIQpR16UmETKRhEgv3lODMKLzuw5cr1q7s5nFycZEOEmzbH1O/hG3B/K7HGwuVOl
         iI3sivcIvlbaiWL7UG+ZSw0eAQC2NIVo4ia3/YfMjMvGJF9zO3Yth6b72f2f/oK0ivVj
         Oe8qncZhxB7KFtRvlWuIRTaBVXZBoS/OU2JK452f6ZkbprVfWrmfRRecsZstnxM+cA2S
         +yVb36ObEYiSSfavXvHbOQ3D5QRBubKFGXUlf+x7WGQALW4DDKYZnVUnWwP7l3pAWDzk
         +4OJkg9V9rNOGc7zXwxxrBdfeQCVf2OjNxzpvBwycDhNPxao1FqGRIZwT1C+1UCHzL2q
         Fj5g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=wDwkEXg5;
       spf=pass (google.com: domain of linux-kernel+bounces-13362-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13362-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Return-Path: <linux-kernel+bounces-13362-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id n3-20020a1709061d0300b00a1dcc169cf8si8195491ejh.929.2023.12.30.00.14.57
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 30 Dec 2023 00:14:57 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-13362-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@qq.com header.s=s201512 header.b=wDwkEXg5;
       spf=pass (google.com: domain of linux-kernel+bounces-13362-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-13362-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=qq.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 93C611F21339
	for <linux.lists.archive@gmail.com>; Sat, 30 Dec 2023 08:14:57 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 372831FCF;
	Sat, 30 Dec 2023 08:14:51 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=qq.com header.i=@qq.com header.b="wDwkEXg5"
X-Original-To: linux-kernel@vger.kernel.org
Received: from out162-62-57-252.mail.qq.com (out162-62-57-252.mail.qq.com [162.62.57.252])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C48E063A1
	for <linux-kernel@vger.kernel.org>; Sat, 30 Dec 2023 08:14:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=qq.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=qq.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
	t=1703924078; bh=2YLUQ5JD8cIPsfY4zmD1aNRnT9NT5rVQVNTPSdRnL/s=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=wDwkEXg52W/BCFqRTlMSaRE+vR7Eh0F3bXppQR07d4TWqsQevqUYpuq6SVJ1kdOPH
	 Ww+mzEmgojOCO4BjySLm5cCXL4vXWH9eu3Dhr8V4m5xu858RtpPFaI3+AUwup2eLUx
	 vheR3vhQb3akoSKVX6aAiO912Bo9ky605r8SOtl0=
Received: from pek-lxu-l1.wrs.com ([111.198.225.215])
	by newxmesmtplogicsvrsza7-0.qq.com (NewEsmtp) with SMTP
	id 22299EF1; Sat, 30 Dec 2023 16:08:34 +0800
X-QQ-mid: xmsmtpt1703923714tpr0fri95
Message-ID: <tencent_50A825E08D9F92025DEF5DE4992C4FB00D07@qq.com>
X-QQ-XMAILINFO: MFdGPHhuqhNoZ241g0V/0SAmWgmDYbVEvp6npzLS7qLl2SaWOzHEOaewm0L1Zp
	 rRk0vTz4yxKzJGYEW8NJBNyyEZ0WQjR9kJE33eVRdvSX3NpCujZ6VXgQXpgLT+JmHq1I7tqPaWaG
	 c96H+4RXJ6gd5ePix0jxziAihGqyTkI40ce5PfPZXw9b+xk2fUjTF1z5rS/9uB8L8wXMSvqpMdRa
	 szN5gYAwxNZuW7ZHfEvU5kCtvtcT8l/d36JqHPbBT6cMnov2LAHYMf66oRFQB/auKQdXOzxS9mfa
	 iwrWmsO2d5lP4XPlmjXU87G8FeTsZtzmKjC3Q6CAV/NPvudRjbdtbBOvLigfIAaxJ5MI1hCWZxjn
	 ZL+4F1vSdopGGOqKZUUMV65bFElxz97kNG7Vh71UPCp2jbKr4/z2s0mRWHJagtMYNskoWuKJ6nsf
	 XtAAoYAf4QvOHhpt9BIVBnceDJAEDORC+RpKWMFkuTDYZI0XNH3cdt6h+tSui/kzUTUHQXc68HVn
	 jdUgfwkUmouI2zkSzzDYse4zMbUtlvXob+bPevhzEu7/ujnXxOFI5m+trttx2oUsp0fYSHp7bZcE
	 jkh8TSshASks8ECCvRkYZT4M9y5TM7uC+Xfx41K1ukganlwfgZcEyJkuTgeLUDlySbbVbJVEUvYi
	 MPKydQ3yNcC0kB4ZuN3ZoonD6hqtHPy6j3R/FZwGBdi39OgM8D4EbpIw+45z86u1yEznk/9OnqxS
	 Y/LNIKz/aJWXf+Q4rT1XKDfm0FhIfgmrEpCbofdpUGzUuUW88WT9GErRuNxVi0Z8WBtbTNRjSeOU
	 bWaAOO3/CyGIGbafgERVEPG9qaRO4vN3e5P08vEbC2E/LmkkWtHy92q2yMx4T2c9P/gJhaorHQc8
	 UELWhw3kPhE4Nlvi7ibQIjJ4BrA9jUGBp4r85yUvnXUEs829FdDaEwyOR7fRxKLTyDveeNeiUt+X
	 J51o5scD8=
X-QQ-XMRINFO: Nq+8W0+stu50PRdwbJxPCL0=
From: Edward Adam Davis <eadavis@qq.com>
To: syzbot+65e940cfb8f99a97aca7@syzkaller.appspotmail.com
Cc: linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [ntfs3?] KASAN: slab-out-of-bounds Read in ntfs_listxattr (2)
Date: Sat, 30 Dec 2023 16:08:35 +0800
X-OQ-MSGID: <20231230080834.2216261-2-eadavis@qq.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <00000000000038cf2f060d7170a9@google.com>
References: <00000000000038cf2f060d7170a9@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

please test slab-out-of-bounds Read in ntfs_listxattr

#syz test git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git aafe7ad77b91

diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c
index 4274b6f31cfa..3b97508a7bf2 100644
--- a/fs/ntfs3/xattr.c
+++ b/fs/ntfs3/xattr.c
@@ -219,6 +219,9 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer,
 		if (!ea->name_len)
 			break;
 
+		if (ea->name_len > ea_size)
+			break;
+
 		if (buffer) {
 			/* Check if we can use field ea->name */
 			if (off + ea_size > size)