Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts.
executing program
[   34.838180][ T6412] loop0: detected capacity change from 0 to 131072
[   34.845378][ T6412] F2FS-fs (loop0): inline encryption not supported
[   34.846849][ T6412] F2FS-fs (loop0): heap/no_heap options were deprecated
[   34.848287][ T6412] F2FS-fs (loop0): QUOTA feature is enabled, so ignore jquota_fmt
[   34.850700][ T6412] F2FS-fs (loop0): invalid crc value
[   34.855122][ T6412] F2FS-fs (loop0): Found nat_bits in checkpoint
[   34.869842][ T6412] F2FS-fs (loop0): Mounted with checkpoint version = 1b41e954
[   34.874461][ T6412] ==================================================================
[   34.876089][ T6412] BUG: KASAN: slab-out-of-bounds in f2fs_getxattr+0xf5c/0x1064
[   34.877585][ T6412] Read of size 4 at addr ffff0000c54ed598 by task syz-executor290/6412
[   34.879322][ T6412] 
[   34.879795][ T6412] CPU: 0 UID: 0 PID: 6412 Comm: syz-executor290 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
[   34.882005][ T6412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   34.883991][ T6412] Call trace:
[   34.884639][ T6412]  show_stack+0x2c/0x3c (C)
[   34.885543][ T6412]  dump_stack_lvl+0xe4/0x150
[   34.886469][ T6412]  print_report+0x198/0x538
[   34.887415][ T6412]  kasan_report+0xd8/0x138
[   34.888333][ T6412]  __asan_report_load4_noabort+0x20/0x2c
[   34.889580][ T6412]  f2fs_getxattr+0xf5c/0x1064
[   34.890583][ T6412]  f2fs_xattr_generic_get+0x130/0x174
[   34.891702][ T6412]  __vfs_getxattr+0x394/0x3c0
[   34.892653][ T6412]  smk_fetch+0xc8/0x150
[   34.893491][ T6412]  smack_d_instantiate+0x594/0x880
[   34.894519][ T6412]  security_d_instantiate+0x100/0x204
[   34.895580][ T6412]  d_splice_alias+0x70/0x310
[   34.896503][ T6412]  f2fs_lookup+0x4c8/0x948
[   34.897372][ T6412]  path_openat+0xf7c/0x2b14
[   34.898388][ T6412]  do_filp_open+0x1e8/0x404
[   34.899309][ T6412]  do_sys_openat2+0x124/0x1b8
[   34.900274][ T6412]  __arm64_sys_openat+0x1f0/0x240
[   34.901293][ T6412]  invoke_syscall+0x98/0x2b8
[   34.902424][ T6412]  el0_svc_common+0x130/0x23c
[   34.903449][ T6412]  do_el0_svc+0x48/0x58
[   34.904317][ T6412]  el0_svc+0x54/0x168
[   34.905167][ T6412]  el0t_64_sync_handler+0x84/0x108
[   34.906246][ T6412]  el0t_64_sync+0x198/0x19c
[   34.907219][ T6412] 
[   34.907889][ T6412] Allocated by task 6412:
[   34.908833][ T6412]  kasan_save_track+0x40/0x78
[   34.909975][ T6412]  kasan_save_alloc_info+0x40/0x50
[   34.911055][ T6412]  __kasan_kmalloc+0xac/0xc4
[   34.912197][ T6412]  __kmalloc_noprof+0x32c/0x54c
[   34.913136][ T6412]  f2fs_kzalloc+0x124/0x254
[   34.914206][ T6412]  f2fs_getxattr+0xc60/0x1064
[   34.915214][ T6412]  f2fs_xattr_generic_get+0x130/0x174
[   34.916378][ T6412]  __vfs_getxattr+0x394/0x3c0
[   34.917356][ T6412]  smk_fetch+0xc8/0x150
[   34.918240][ T6412]  smack_d_instantiate+0x594/0x880
[   34.919348][ T6412]  security_d_instantiate+0x100/0x204
[   34.920487][ T6412]  d_splice_alias+0x70/0x310
[   34.921450][ T6412]  f2fs_lookup+0x4c8/0x948
[   34.922430][ T6412]  path_openat+0xf7c/0x2b14
[   34.923362][ T6412]  do_filp_open+0x1e8/0x404
[   34.924286][ T6412]  do_sys_openat2+0x124/0x1b8
[   34.925246][ T6412]  __arm64_sys_openat+0x1f0/0x240
[   34.926344][ T6412]  invoke_syscall+0x98/0x2b8
[   34.927349][ T6412]  el0_svc_common+0x130/0x23c
[   34.928374][ T6412]  do_el0_svc+0x48/0x58
[   34.929240][ T6412]  el0_svc+0x54/0x168
[   34.930061][ T6412]  el0t_64_sync_handler+0x84/0x108
[   34.931168][ T6412]  el0t_64_sync+0x198/0x19c
[   34.932285][ T6412] 
[   34.932798][ T6412] The buggy address belongs to the object at ffff0000c54ed580
[   34.932798][ T6412]  which belongs to the cache kmalloc-16 of size 16
[   34.935761][ T6412] The buggy address is located 12 bytes to the right of
[   34.935761][ T6412]  allocated 12-byte region [ffff0000c54ed580, ffff0000c54ed58c)
[   34.938782][ T6412] 
[   34.939268][ T6412] The buggy address belongs to the physical page:
[   34.940700][ T6412] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1054ed
[   34.942691][ T6412] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
[   34.944211][ T6412] page_type: f5(slab)
[   34.945061][ T6412] raw: 05ffc00000000000 ffff0000c0001640 fffffdffc3197600 dead000000000002
[   34.946832][ T6412] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000
[   34.948590][ T6412] page dumped because: kasan: bad access detected
[   34.949983][ T6412] 
[   34.950507][ T6412] Memory state around the buggy address:
[   34.951768][ T6412]  ffff0000c54ed480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   34.953509][ T6412]  ffff0000c54ed500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   34.955330][ T6412] >ffff0000c54ed580: 00 04 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
[   34.957164][ T6412]                             ^
[   34.958211][ T6412]  ffff0000c54ed600: 00 00 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[   34.959834][ T6412]  ffff0000c54ed680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   34.961515][ T6412] ==================================================================
[   34.963827][ T6412] Disabling lock debugging due to kernel taint