Warning: Permanently added '10.128.1.150' (ED25519) to the list of known hosts.
executing program
[   33.259661][ T6413] loop0: detected capacity change from 0 to 131072
[   33.265178][ T6413] F2FS-fs (loop0): inline encryption not supported
[   33.266563][ T6413] F2FS-fs (loop0): heap/no_heap options were deprecated
[   33.268163][ T6413] F2FS-fs (loop0): QUOTA feature is enabled, so ignore jquota_fmt
[   33.271389][ T6413] F2FS-fs (loop0): invalid crc value
[   33.277846][ T6413] F2FS-fs (loop0): Found nat_bits in checkpoint
[   33.289856][ T6413] F2FS-fs (loop0): Mounted with checkpoint version = 1b41e954
[   33.293278][ T6413] ==================================================================
[   33.294927][ T6413] BUG: KASAN: slab-out-of-bounds in f2fs_getxattr+0xf5c/0x1064
[   33.296437][ T6413] Read of size 4 at addr ffff0000c2652478 by task syz-executor148/6413
[   33.298114][ T6413] 
[   33.298571][ T6413] CPU: 1 UID: 0 PID: 6413 Comm: syz-executor148 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
[   33.300699][ T6413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   33.302748][ T6413] Call trace:
[   33.303410][ T6413]  show_stack+0x2c/0x3c (C)
[   33.304332][ T6413]  dump_stack_lvl+0xe4/0x150
[   33.305286][ T6413]  print_report+0x198/0x538
[   33.306227][ T6413]  kasan_report+0xd8/0x138
[   33.307163][ T6413]  __asan_report_load4_noabort+0x20/0x2c
[   33.308308][ T6413]  f2fs_getxattr+0xf5c/0x1064
[   33.309280][ T6413]  f2fs_xattr_generic_get+0x130/0x174
[   33.310461][ T6413]  __vfs_getxattr+0x394/0x3c0
[   33.311421][ T6413]  smk_fetch+0xc8/0x150
[   33.312296][ T6413]  smack_d_instantiate+0x594/0x880
[   33.313337][ T6413]  security_d_instantiate+0x100/0x204
[   33.314465][ T6413]  d_splice_alias+0x70/0x310
[   33.315423][ T6413]  f2fs_lookup+0x4c8/0x948
[   33.316388][ T6413]  path_openat+0xf7c/0x2b14
[   33.317326][ T6413]  do_filp_open+0x1e8/0x404
[   33.318254][ T6413]  do_sys_openat2+0x124/0x1b8
[   33.319231][ T6413]  __arm64_sys_openat+0x1f0/0x240
[   33.320229][ T6413]  invoke_syscall+0x98/0x2b8
[   33.321160][ T6413]  el0_svc_common+0x130/0x23c
[   33.322141][ T6413]  do_el0_svc+0x48/0x58
[   33.323034][ T6413]  el0_svc+0x54/0x168
[   33.323886][ T6413]  el0t_64_sync_handler+0x84/0x108
[   33.324927][ T6413]  el0t_64_sync+0x198/0x19c
[   33.325889][ T6413] 
[   33.326372][ T6413] Allocated by task 6413:
[   33.327261][ T6413]  kasan_save_track+0x40/0x78
[   33.328251][ T6413]  kasan_save_alloc_info+0x40/0x50
[   33.329332][ T6413]  __kasan_kmalloc+0xac/0xc4
[   33.330308][ T6413]  __kmalloc_noprof+0x32c/0x54c
[   33.331342][ T6413]  f2fs_kzalloc+0x124/0x254
[   33.332357][ T6413]  f2fs_getxattr+0xc60/0x1064
[   33.333407][ T6413]  f2fs_xattr_generic_get+0x130/0x174
[   33.334481][ T6413]  __vfs_getxattr+0x394/0x3c0
[   33.335408][ T6413]  smk_fetch+0xc8/0x150
[   33.336263][ T6413]  smack_d_instantiate+0x594/0x880
[   33.337300][ T6413]  security_d_instantiate+0x100/0x204
[   33.338422][ T6413]  d_splice_alias+0x70/0x310
[   33.339380][ T6413]  f2fs_lookup+0x4c8/0x948
[   33.340317][ T6413]  path_openat+0xf7c/0x2b14
[   33.341252][ T6413]  do_filp_open+0x1e8/0x404
[   33.342158][ T6413]  do_sys_openat2+0x124/0x1b8
[   33.343097][ T6413]  __arm64_sys_openat+0x1f0/0x240
[   33.344115][ T6413]  invoke_syscall+0x98/0x2b8
[   33.345055][ T6413]  el0_svc_common+0x130/0x23c
[   33.345999][ T6413]  do_el0_svc+0x48/0x58
[   33.346885][ T6413]  el0_svc+0x54/0x168
[   33.347718][ T6413]  el0t_64_sync_handler+0x84/0x108
[   33.348759][ T6413]  el0t_64_sync+0x198/0x19c
[   33.349693][ T6413] 
[   33.350246][ T6413] The buggy address belongs to the object at ffff0000c2652460
[   33.350246][ T6413]  which belongs to the cache kmalloc-16 of size 16
[   33.353155][ T6413] The buggy address is located 12 bytes to the right of
[   33.353155][ T6413]  allocated 12-byte region [ffff0000c2652460, ffff0000c265246c)
[   33.356226][ T6413] 
[   33.356684][ T6413] The buggy address belongs to the physical page:
[   33.357986][ T6413] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102652
[   33.359762][ T6413] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff)
[   33.361242][ T6413] page_type: f5(slab)
[   33.362078][ T6413] raw: 05ffc00000000000 ffff0000c0001640 dead000000000100 dead000000000122
[   33.363867][ T6413] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000
[   33.365538][ T6413] page dumped because: kasan: bad access detected
[   33.366917][ T6413] 
[   33.367387][ T6413] Memory state around the buggy address:
[   33.368633][ T6413]  ffff0000c2652300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   33.370361][ T6413]  ffff0000c2652380: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   33.372029][ T6413] >ffff0000c2652400: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc
[   33.373755][ T6413]                                                                 ^
[   33.375329][ T6413]  ffff0000c2652480: 00 04 fc fc 00 04 fc fc 00 06 fc fc 00 04 fc fc
[   33.376980][ T6413]  ffff0000c2652500: 00 04 fc fc 00 04 fc fc 00 06 fc fc 00 06 fc fc
[   33.378633][ T6413] ==================================================================
[   33.380610][ T6413] Disabling lock debugging due to kernel taint