Warning: Permanently added '10.128.1.6' (ED25519) to the list of known hosts.
executing program
[   38.305444][ T6410] loop0: detected capacity change from 0 to 131072
[   38.313611][ T6410] F2FS-fs (loop0): inline encryption not supported
[   38.315092][ T6410] F2FS-fs (loop0): heap/no_heap options were deprecated
[   38.316739][ T6410] F2FS-fs (loop0): QUOTA feature is enabled, so ignore jquota_fmt
[   38.330479][ T6410] F2FS-fs (loop0): invalid crc value
[   38.335688][ T6410] F2FS-fs (loop0): Found nat_bits in checkpoint
[   38.349217][ T6410] F2FS-fs (loop0): Mounted with checkpoint version = 1b41e954
[   38.352696][ T6410] ==================================================================
[   38.354529][ T6410] BUG: KASAN: slab-out-of-bounds in f2fs_getxattr+0xf5c/0x1064
[   38.356177][ T6410] Read of size 4 at addr ffff0000cc09b278 by task syz-executor773/6410
[   38.357908][ T6410] 
[   38.358398][ T6410] CPU: 0 UID: 0 PID: 6410 Comm: syz-executor773 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
[   38.360706][ T6410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   38.362713][ T6410] Call trace:
[   38.363409][ T6410]  show_stack+0x2c/0x3c (C)
[   38.364384][ T6410]  dump_stack_lvl+0xe4/0x150
[   38.365432][ T6410]  print_report+0x198/0x538
[   38.366402][ T6410]  kasan_report+0xd8/0x138
[   38.367391][ T6410]  __asan_report_load4_noabort+0x20/0x2c
[   38.368530][ T6410]  f2fs_getxattr+0xf5c/0x1064
[   38.369441][ T6410]  f2fs_xattr_generic_get+0x130/0x174
[   38.370539][ T6410]  __vfs_getxattr+0x394/0x3c0
[   38.371474][ T6410]  smk_fetch+0xc8/0x150
[   38.372417][ T6410]  smack_d_instantiate+0x594/0x880
[   38.373445][ T6410]  security_d_instantiate+0x100/0x204
[   38.374704][ T6410]  d_splice_alias+0x70/0x310
[   38.375797][ T6410]  f2fs_lookup+0x4c8/0x948
[   38.376772][ T6410]  path_openat+0xf7c/0x2b14
[   38.377685][ T6410]  do_filp_open+0x1e8/0x404
[   38.378663][ T6410]  do_sys_openat2+0x124/0x1b8
[   38.379765][ T6410]  __arm64_sys_openat+0x1f0/0x240
[   38.380933][ T6410]  invoke_syscall+0x98/0x2b8
[   38.381830][ T6410]  el0_svc_common+0x130/0x23c
[   38.382791][ T6410]  do_el0_svc+0x48/0x58
[   38.383713][ T6410]  el0_svc+0x54/0x168
[   38.384546][ T6410]  el0t_64_sync_handler+0x84/0x108
[   38.385618][ T6410]  el0t_64_sync+0x198/0x19c
[   38.386667][ T6410] 
[   38.387102][ T6410] Allocated by task 6410:
[   38.388066][ T6410]  kasan_save_track+0x40/0x78
[   38.389090][ T6410]  kasan_save_alloc_info+0x40/0x50
[   38.390143][ T6410]  __kasan_kmalloc+0xac/0xc4
[   38.391123][ T6410]  __kmalloc_noprof+0x32c/0x54c
[   38.392183][ T6410]  f2fs_kzalloc+0x124/0x254
[   38.393140][ T6410]  f2fs_getxattr+0xc60/0x1064
[   38.394083][ T6410]  f2fs_xattr_generic_get+0x130/0x174
[   38.395165][ T6410]  __vfs_getxattr+0x394/0x3c0
[   38.396085][ T6410]  smk_fetch+0xc8/0x150
[   38.397011][ T6410]  smack_d_instantiate+0x594/0x880
[   38.398159][ T6410]  security_d_instantiate+0x100/0x204
[   38.399336][ T6410]  d_splice_alias+0x70/0x310
[   38.400353][ T6410]  f2fs_lookup+0x4c8/0x948
[   38.401360][ T6410]  path_openat+0xf7c/0x2b14
[   38.402272][ T6410]  do_filp_open+0x1e8/0x404
[   38.403147][ T6410]  do_sys_openat2+0x124/0x1b8
[   38.404180][ T6410]  __arm64_sys_openat+0x1f0/0x240
[   38.405254][ T6410]  invoke_syscall+0x98/0x2b8
[   38.406245][ T6410]  el0_svc_common+0x130/0x23c
[   38.407246][ T6410]  do_el0_svc+0x48/0x58
[   38.408118][ T6410]  el0_svc+0x54/0x168
[   38.408907][ T6410]  el0t_64_sync_handler+0x84/0x108
[   38.409996][ T6410]  el0t_64_sync+0x198/0x19c
[   38.410948][ T6410] 
[   38.411466][ T6410] The buggy address belongs to the object at ffff0000cc09b260
[   38.411466][ T6410]  which belongs to the cache kmalloc-16 of size 16
[   38.414309][ T6410] The buggy address is located 12 bytes to the right of
[   38.414309][ T6410]  allocated 12-byte region [ffff0000cc09b260, ffff0000cc09b26c)
[   38.417479][ T6410] 
[   38.417971][ T6410] The buggy address belongs to the physical page:
[   38.419250][ T6410] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c09b
[   38.421047][ T6410] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
[   38.422584][ T6410] page_type: f5(slab)
[   38.423366][ T6410] raw: 05ffc00000000000 ffff0000c0001640 dead000000000100 dead000000000122
[   38.425268][ T6410] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000
[   38.427135][ T6410] page dumped because: kasan: bad access detected
[   38.428474][ T6410] 
[   38.428933][ T6410] Memory state around the buggy address:
[   38.430102][ T6410]  ffff0000cc09b100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   38.431948][ T6410]  ffff0000cc09b180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   38.433727][ T6410] >ffff0000cc09b200: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc
[   38.435451][ T6410]                                                                 ^
[   38.437167][ T6410]  ffff0000cc09b280: 00 06 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   38.438874][ T6410]  ffff0000cc09b300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   38.440634][ T6410] ==================================================================
[   38.442592][ T6410] Disabling lock debugging due to kernel taint