Warning: Permanently added '10.128.0.180' (ED25519) to the list of known hosts. executing program [ 37.518661][ T6419] loop0: detected capacity change from 0 to 131072 [ 37.525982][ T6419] F2FS-fs (loop0): invalid crc value [ 37.531107][ T6419] F2FS-fs (loop0): Found nat_bits in checkpoint [ 37.542487][ T6419] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=49000000, run fsck to fix. [ 37.548627][ T6419] F2FS-fs (loop0): Bad quota inode 1:1224736768 [ 37.550227][ T6419] F2FS-fs (loop0): Failed to enable quota tracking (type=1, err=-22). Please run fsck to fix. [ 37.552352][ T6419] F2FS-fs (loop0): Cannot turn on quotas: error -22 [ 37.555548][ T6419] F2FS-fs (loop0): Mounted with checkpoint version = 1b41e954 [ 37.561567][ T6419] ------------[ cut here ]------------ [ 37.562806][ T6419] UBSAN: array-index-out-of-bounds in fs/f2fs/f2fs.h:3292:19 [ 37.564347][ T6419] index 18446744073709500059 is out of range for type '__le32[923]' (aka 'unsigned int[923]') [ 37.566304][ T6419] CPU: 0 UID: 0 PID: 6419 Comm: syz-executor223 Not tainted 6.13.0-rc2-syzkaller-g2e7aff49b5da #0 [ 37.568389][ T6419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 37.570438][ T6419] Call trace: [ 37.571159][ T6419] show_stack+0x2c/0x3c (C) [ 37.572126][ T6419] dump_stack_lvl+0xe4/0x150 [ 37.573141][ T6419] dump_stack+0x1c/0x28 [ 37.574164][ T6419] __ubsan_handle_out_of_bounds+0xf8/0x148 [ 37.575403][ T6419] inline_xattr_addr+0x524/0x530 [ 37.576441][ T6419] f2fs_getxattr+0x5b4/0x1064 [ 37.577392][ T6419] f2fs_xattr_generic_get+0x130/0x174 [ 37.578458][ T6419] __vfs_getxattr+0x394/0x3c0 [ 37.579380][ T6419] smk_fetch+0xc8/0x150 [ 37.580191][ T6419] smack_d_instantiate+0x594/0x880 [ 37.581276][ T6419] security_d_instantiate+0x100/0x204 [ 37.582378][ T6419] d_splice_alias+0x70/0x310 [ 37.583430][ T6419] f2fs_lookup+0x4c8/0x948 [ 37.584331][ T6419] lookup_one_qstr_excl+0x108/0x230 [ 37.585408][ T6419] filename_create+0x230/0x468 [ 37.586466][ T6419] do_mkdirat+0xac/0x574 [ 37.587378][ T6419] __arm64_sys_mkdirat+0x8c/0xa4 [ 37.588444][ T6419] invoke_syscall+0x98/0x2b8 [ 37.589357][ T6419] el0_svc_common+0x130/0x23c [ 37.590309][ T6419] do_el0_svc+0x48/0x58 [ 37.591225][ T6419] el0_svc+0x54/0x168 [ 37.592051][ T6419] el0t_64_sync_handler+0x84/0x108 [ 37.593092][ T6419] el0t_64_sync+0x198/0x19c [ 37.594222][ T6419] ---[ end trace ]--- [ 37.595065][ T6419] ================================================================== [ 37.596683][ T6419] BUG: KASAN: slab-out-of-bounds in f2fs_getxattr+0x5c8/0x1064 [ 37.598214][ T6419] Read of size 209920 at addr ffff0000d5e5fbd4 by task syz-executor223/6419 [ 37.600023][ T6419] [ 37.600501][ T6419] CPU: 0 UID: 0 PID: 6419 Comm: syz-executor223 Not tainted 6.13.0-rc2-syzkaller-g2e7aff49b5da #0 [ 37.602773][ T6419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 37.604896][ T6419] Call trace: [ 37.605606][ T6419] show_stack+0x2c/0x3c (C) [ 37.606537][ T6419] dump_stack_lvl+0xe4/0x150 [ 37.607478][ T6419] print_report+0x198/0x538 [ 37.608429][ T6419] kasan_report+0xd8/0x138 [ 37.609402][ T6419] kasan_check_range+0x268/0x2a8 [ 37.610440][ T6419] __asan_memcpy+0x3c/0x84 [ 37.611399][ T6419] f2fs_getxattr+0x5c8/0x1064 [ 37.612480][ T6419] f2fs_xattr_generic_get+0x130/0x174 [ 37.613609][ T6419] __vfs_getxattr+0x394/0x3c0 [ 37.614620][ T6419] smk_fetch+0xc8/0x150 [ 37.615537][ T6419] smack_d_instantiate+0x594/0x880 [ 37.616552][ T6419] security_d_instantiate+0x100/0x204 [ 37.617658][ T6419] d_splice_alias+0x70/0x310 [ 37.618603][ T6419] f2fs_lookup+0x4c8/0x948 [ 37.619532][ T6419] lookup_one_qstr_excl+0x108/0x230 [ 37.620636][ T6419] filename_create+0x230/0x468 [ 37.621582][ T6419] do_mkdirat+0xac/0x574 [ 37.622566][ T6419] __arm64_sys_mkdirat+0x8c/0xa4 [ 37.623654][ T6419] invoke_syscall+0x98/0x2b8 [ 37.624598][ T6419] el0_svc_common+0x130/0x23c [ 37.625589][ T6419] do_el0_svc+0x48/0x58 [ 37.626414][ T6419] el0_svc+0x54/0x168 [ 37.627195][ T6419] el0t_64_sync_handler+0x84/0x108 [ 37.628242][ T6419] el0t_64_sync+0x198/0x19c [ 37.629218][ T6419] [ 37.629749][ T6419] Allocated by task 6330: [ 37.630709][ T6419] kasan_save_track+0x40/0x78 [ 37.631762][ T6419] kasan_save_alloc_info+0x40/0x50 [ 37.632816][ T6419] __kasan_kmalloc+0xac/0xc4 [ 37.633735][ T6419] __kmalloc_noprof+0x32c/0x54c [ 37.634839][ T6419] tomoyo_realpath_from_path+0xc8/0x4cc [ 37.636090][ T6419] tomoyo_path_perm+0x218/0x588 [ 37.637050][ T6419] tomoyo_inode_getattr+0x28/0x38 [ 37.638115][ T6419] security_inode_getattr+0x118/0x320 [ 37.639267][ T6419] vfs_fstatat+0xa0/0x15c [ 37.640147][ T6419] __arm64_sys_newfstatat+0x10c/0x190 [ 37.641175][ T6419] invoke_syscall+0x98/0x2b8 [ 37.642060][ T6419] el0_svc_common+0x130/0x23c [ 37.643024][ T6419] do_el0_svc+0x48/0x58 [ 37.643889][ T6419] el0_svc+0x54/0x168 [ 37.644826][ T6419] el0t_64_sync_handler+0x84/0x108 [ 37.645835][ T6419] el0t_64_sync+0x198/0x19c [ 37.646769][ T6419] [ 37.647237][ T6419] Freed by task 6330: [ 37.648051][ T6419] kasan_save_track+0x40/0x78 [ 37.648984][ T6419] kasan_save_free_info+0x54/0x6c [ 37.650006][ T6419] __kasan_slab_free+0x64/0x8c [ 37.651050][ T6419] kfree+0x180/0x478 [ 37.651805][ T6419] tomoyo_realpath_from_path+0x484/0x4cc [ 37.652908][ T6419] tomoyo_path_perm+0x218/0x588 [ 37.653804][ T6419] tomoyo_inode_getattr+0x28/0x38 [ 37.654883][ T6419] security_inode_getattr+0x118/0x320 [ 37.655958][ T6419] vfs_fstatat+0xa0/0x15c [ 37.656859][ T6419] __arm64_sys_newfstatat+0x10c/0x190 [ 37.658088][ T6419] invoke_syscall+0x98/0x2b8 [ 37.659069][ T6419] el0_svc_common+0x130/0x23c [ 37.660111][ T6419] do_el0_svc+0x48/0x58 [ 37.660892][ T6419] el0_svc+0x54/0x168 [ 37.661680][ T6419] el0t_64_sync_handler+0x84/0x108 [ 37.662702][ T6419] el0t_64_sync+0x198/0x19c [ 37.663613][ T6419] [ 37.664045][ T6419] The buggy address belongs to the object at ffff0000d5e5e000 [ 37.664045][ T6419] which belongs to the cache kmalloc-4k of size 4096 [ 37.666925][ T6419] The buggy address is located 3028 bytes to the right of [ 37.666925][ T6419] allocated 4096-byte region [ffff0000d5e5e000, ffff0000d5e5f000) [ 37.669914][ T6419] [ 37.670341][ T6419] The buggy address belongs to the physical page: [ 37.671640][ T6419] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115e58 [ 37.673591][ T6419] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 37.675429][ T6419] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 37.677045][ T6419] page_type: f5(slab) [ 37.677949][ T6419] raw: 05ffc00000000040 ffff0000c0002140 fffffdffc3585e00 dead000000000002 [ 37.679717][ T6419] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 37.681476][ T6419] head: 05ffc00000000040 ffff0000c0002140 fffffdffc3585e00 dead000000000002 [ 37.683418][ T6419] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 37.685189][ T6419] head: 05ffc00000000003 fffffdffc3579601 ffffffffffffffff 0000000000000000 [ 37.687067][ T6419] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 37.688956][ T6419] page dumped because: kasan: bad access detected [ 37.690233][ T6419] [ 37.690798][ T6419] Memory state around the buggy address: [ 37.691996][ T6419] ffff0000d5e5fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.693682][ T6419] ffff0000d5e5fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.695342][ T6419] >ffff0000d5e5fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.696979][ T6419] ^ [ 37.698305][ T6419] ffff0000d5e5fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.700031][ T6419] ffff0000d5e5fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.701656][ T6419] ================================================================== [ 37.703648][ T6419] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program