Warning: Permanently added '10.128.0.237' (ED25519) to the list of known hosts.
executing program
[   33.998402][ T6413] loop0: detected capacity change from 0 to 131072
[   34.005308][ T6413] F2FS-fs (loop0): inline encryption not supported
[   34.006789][ T6413] F2FS-fs (loop0): heap/no_heap options were deprecated
[   34.008300][ T6413] F2FS-fs (loop0): QUOTA feature is enabled, so ignore jquota_fmt
[   34.011103][ T6413] F2FS-fs (loop0): invalid crc value
[   34.016000][ T6413] F2FS-fs (loop0): Found nat_bits in checkpoint
[   34.027795][ T6413] F2FS-fs (loop0): Mounted with checkpoint version = 1b41e954
[   34.034453][ T6413] ==================================================================
[   34.036227][ T6413] BUG: KASAN: slab-out-of-bounds in f2fs_getxattr+0xf5c/0x1064
[   34.037947][ T6413] Read of size 4 at addr ffff0000cd851db8 by task syz-executor179/6413
[   34.039764][ T6413] 
[   34.040254][ T6413] CPU: 1 UID: 0 PID: 6413 Comm: syz-executor179 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
[   34.042383][ T6413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   34.044560][ T6413] Call trace:
[   34.045271][ T6413]  show_stack+0x2c/0x3c (C)
[   34.046266][ T6413]  dump_stack_lvl+0xe4/0x150
[   34.047246][ T6413]  print_report+0x198/0x538
[   34.048217][ T6413]  kasan_report+0xd8/0x138
[   34.049136][ T6413]  __asan_report_load4_noabort+0x20/0x2c
[   34.050287][ T6413]  f2fs_getxattr+0xf5c/0x1064
[   34.051174][ T6413]  f2fs_xattr_generic_get+0x130/0x174
[   34.052242][ T6413]  __vfs_getxattr+0x394/0x3c0
[   34.053197][ T6413]  smk_fetch+0xc8/0x150
[   34.054046][ T6413]  smack_d_instantiate+0x594/0x880
[   34.055065][ T6413]  security_d_instantiate+0x100/0x204
[   34.056403][ T6413]  d_splice_alias+0x70/0x310
[   34.057420][ T6413]  f2fs_lookup+0x4c8/0x948
[   34.058349][ T6413]  path_openat+0xf7c/0x2b14
[   34.059236][ T6413]  do_filp_open+0x1e8/0x404
[   34.060246][ T6413]  do_sys_openat2+0x124/0x1b8
[   34.061263][ T6413]  __arm64_sys_openat+0x1f0/0x240
[   34.062396][ T6413]  invoke_syscall+0x98/0x2b8
[   34.063428][ T6413]  el0_svc_common+0x130/0x23c
[   34.064422][ T6413]  do_el0_svc+0x48/0x58
[   34.065423][ T6413]  el0_svc+0x54/0x168
[   34.066411][ T6413]  el0t_64_sync_handler+0x84/0x108
[   34.067517][ T6413]  el0t_64_sync+0x198/0x19c
[   34.068573][ T6413] 
[   34.069157][ T6413] Allocated by task 6413:
[   34.070065][ T6413]  kasan_save_track+0x40/0x78
[   34.071153][ T6413]  kasan_save_alloc_info+0x40/0x50
[   34.072268][ T6413]  __kasan_kmalloc+0xac/0xc4
[   34.073230][ T6413]  __kmalloc_noprof+0x32c/0x54c
[   34.074300][ T6413]  f2fs_kzalloc+0x124/0x254
[   34.075553][ T6413]  f2fs_getxattr+0xc60/0x1064
[   34.076660][ T6413]  f2fs_xattr_generic_get+0x130/0x174
[   34.077815][ T6413]  __vfs_getxattr+0x394/0x3c0
[   34.078843][ T6413]  smk_fetch+0xc8/0x150
[   34.079715][ T6413]  smack_d_instantiate+0x594/0x880
[   34.080834][ T6413]  security_d_instantiate+0x100/0x204
[   34.081925][ T6413]  d_splice_alias+0x70/0x310
[   34.082951][ T6413]  f2fs_lookup+0x4c8/0x948
[   34.083930][ T6413]  path_openat+0xf7c/0x2b14
[   34.084878][ T6413]  do_filp_open+0x1e8/0x404
[   34.085871][ T6413]  do_sys_openat2+0x124/0x1b8
[   34.086975][ T6413]  __arm64_sys_openat+0x1f0/0x240
[   34.088067][ T6413]  invoke_syscall+0x98/0x2b8
[   34.089017][ T6413]  el0_svc_common+0x130/0x23c
[   34.090051][ T6413]  do_el0_svc+0x48/0x58
[   34.090934][ T6413]  el0_svc+0x54/0x168
[   34.091808][ T6413]  el0t_64_sync_handler+0x84/0x108
[   34.092874][ T6413]  el0t_64_sync+0x198/0x19c
[   34.093926][ T6413] 
[   34.094406][ T6413] The buggy address belongs to the object at ffff0000cd851da0
[   34.094406][ T6413]  which belongs to the cache kmalloc-16 of size 16
[   34.097355][ T6413] The buggy address is located 12 bytes to the right of
[   34.097355][ T6413]  allocated 12-byte region [ffff0000cd851da0, ffff0000cd851dac)
[   34.100647][ T6413] 
[   34.101142][ T6413] The buggy address belongs to the physical page:
[   34.102559][ T6413] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d851
[   34.104481][ T6413] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
[   34.106066][ T6413] page_type: f5(slab)
[   34.106917][ T6413] raw: 05ffc00000000000 ffff0000c0001640 fffffdffc30aa600 dead000000000002
[   34.108665][ T6413] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000
[   34.110356][ T6413] page dumped because: kasan: bad access detected
[   34.111724][ T6413] 
[   34.112192][ T6413] Memory state around the buggy address:
[   34.113355][ T6413]  ffff0000cd851c80: 00 04 fc fc 00 04 fc fc 00 04 fc fc 00 04 fc fc
[   34.115021][ T6413]  ffff0000cd851d00: 00 04 fc fc 00 04 fc fc 00 04 fc fc fa fb fc fc
[   34.116741][ T6413] >ffff0000cd851d80: fa fb fc fc 00 04 fc fc 00 00 fc fc 00 00 fc fc
[   34.118451][ T6413]                                         ^
[   34.119802][ T6413]  ffff0000cd851e00: 00 06 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   34.121519][ T6413]  ffff0000cd851e80: 00 03 fc fc 00 03 fc fc 00 03 fc fc 00 03 fc fc
[   34.123214][ T6413] ==================================================================
[   34.125385][ T6413] Disabling lock debugging due to kernel taint