Warning: Permanently added '10.128.0.73' (ED25519) to the list of known hosts.
executing program
[   37.188981][ T6426] loop0: detected capacity change from 0 to 32768
[   37.194834][ T6426] (syz-executor892,6426,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   37.198229][ T6426] (syz-executor892,6426,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   37.217022][ T6426] (syz-executor892,6426,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[   37.221622][ T6426] JBD2: Ignoring recovery information on journal
[   37.245863][ T6426] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   37.257609][ T6426] ==================================================================
[   37.259416][ T6426] BUG: KASAN: slab-use-after-free in ocfs2_get_next_id+0x244/0x8e4
[   37.261152][ T6426] Read of size 8 at addr ffff0000d935b828 by task syz-executor892/6426
[   37.262817][ T6426] 
[   37.263329][ T6426] CPU: 1 UID: 0 PID: 6426 Comm: syz-executor892 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
[   37.265546][ T6426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   37.267650][ T6426] Call trace:
[   37.268333][ T6426]  show_stack+0x2c/0x3c (C)
[   37.269444][ T6426]  dump_stack_lvl+0xe4/0x150
[   37.270491][ T6426]  print_report+0x198/0x538
[   37.271485][ T6426]  kasan_report+0xd8/0x138
[   37.272487][ T6426]  __asan_report_load8_noabort+0x20/0x2c
[   37.273767][ T6426]  ocfs2_get_next_id+0x244/0x8e4
[   37.274842][ T6426]  dquot_get_next_dqblk+0x7c/0x348
[   37.276012][ T6426]  quota_getnextquota+0x264/0x650
[   37.277123][ T6426]  do_quotactl+0x52c/0x698
[   37.278115][ T6426]  __arm64_sys_quotactl+0x2c0/0xc9c
[   37.279189][ T6426]  invoke_syscall+0x98/0x2b8
[   37.280177][ T6426]  el0_svc_common+0x130/0x23c
[   37.281149][ T6426]  do_el0_svc+0x48/0x58
[   37.282043][ T6426]  el0_svc+0x54/0x168
[   37.282910][ T6426]  el0t_64_sync_handler+0x84/0x108
[   37.283887][ T6426]  el0t_64_sync+0x198/0x19c
[   37.284910][ T6426] 
[   37.285420][ T6426] Allocated by task 6426:
[   37.286296][ T6426]  kasan_save_track+0x40/0x78
[   37.287246][ T6426]  kasan_save_alloc_info+0x40/0x50
[   37.288313][ T6426]  __kasan_kmalloc+0xac/0xc4
[   37.289343][ T6426]  __kmalloc_cache_noprof+0x2cc/0x428
[   37.290521][ T6426]  ocfs2_local_read_info+0x1b8/0x15bc
[   37.291782][ T6426]  dquot_load_quota_sb+0x6e4/0xb24
[   37.292867][ T6426]  dquot_load_quota_inode+0x280/0x4f4
[   37.293971][ T6426]  ocfs2_enable_quotas+0x17c/0x3cc
[   37.295039][ T6426]  ocfs2_fill_super+0x3e30/0x48d0
[   37.296067][ T6426]  mount_bdev+0x1d4/0x2a0
[   37.296993][ T6426]  ocfs2_mount+0x44/0x58
[   37.298014][ T6426]  legacy_get_tree+0xd4/0x16c
[   37.299104][ T6426]  vfs_get_tree+0x90/0x28c
[   37.300147][ T6426]  do_new_mount+0x278/0x900
[   37.301131][ T6426]  path_mount+0x590/0xe04
[   37.302049][ T6426]  __arm64_sys_mount+0x4d4/0x5ac
[   37.302997][ T6426]  invoke_syscall+0x98/0x2b8
[   37.303965][ T6426]  el0_svc_common+0x130/0x23c
[   37.304913][ T6426]  do_el0_svc+0x48/0x58
[   37.305765][ T6426]  el0_svc+0x54/0x168
[   37.306568][ T6426]  el0t_64_sync_handler+0x84/0x108
[   37.307659][ T6426]  el0t_64_sync+0x198/0x19c
[   37.308677][ T6426] 
[   37.309242][ T6426] Freed by task 6426:
[   37.310084][ T6426]  kasan_save_track+0x40/0x78
[   37.311065][ T6426]  kasan_save_free_info+0x54/0x6c
[   37.312092][ T6426]  __kasan_slab_free+0x64/0x8c
[   37.313122][ T6426]  kfree+0x180/0x478
[   37.314002][ T6426]  ocfs2_local_free_info+0x724/0x890
[   37.315110][ T6426]  dquot_disable+0xef0/0x1814
[   37.316233][ T6426]  ocfs2_susp_quotas+0x190/0x2d4
[   37.317305][ T6426]  ocfs2_remount+0x464/0x9cc
[   37.318308][ T6426]  legacy_reconfigure+0xfc/0x114
[   37.319349][ T6426]  reconfigure_super+0x1d0/0x6e8
[   37.320407][ T6426]  path_mount+0xc0c/0xe04
[   37.321363][ T6426]  __arm64_sys_mount+0x4d4/0x5ac
[   37.322365][ T6426]  invoke_syscall+0x98/0x2b8
[   37.323510][ T6426]  el0_svc_common+0x130/0x23c
[   37.324534][ T6426]  do_el0_svc+0x48/0x58
[   37.325544][ T6426]  el0_svc+0x54/0x168
[   37.326481][ T6426]  el0t_64_sync_handler+0x84/0x108
[   37.327564][ T6426]  el0t_64_sync+0x198/0x19c
[   37.328591][ T6426] 
[   37.329035][ T6426] The buggy address belongs to the object at ffff0000d935b800
[   37.329035][ T6426]  which belongs to the cache kmalloc-1k of size 1024
[   37.332292][ T6426] The buggy address is located 40 bytes inside of
[   37.332292][ T6426]  freed 1024-byte region [ffff0000d935b800, ffff0000d935bc00)
[   37.335375][ T6426] 
[   37.335932][ T6426] The buggy address belongs to the physical page:
[   37.337422][ T6426] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119358
[   37.339472][ T6426] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   37.341319][ T6426] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
[   37.342796][ T6426] page_type: f5(slab)
[   37.343651][ T6426] raw: 05ffc00000000040 ffff0000c0001dc0 dead000000000122 0000000000000000
[   37.345649][ T6426] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   37.347579][ T6426] head: 05ffc00000000040 ffff0000c0001dc0 dead000000000122 0000000000000000
[   37.349518][ T6426] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   37.351396][ T6426] head: 05ffc00000000003 fffffdffc364d601 ffffffffffffffff 0000000000000000
[   37.353145][ T6426] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   37.354941][ T6426] page dumped because: kasan: bad access detected
[   37.356327][ T6426] 
[   37.356804][ T6426] Memory state around the buggy address:
[   37.358115][ T6426]  ffff0000d935b700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.359820][ T6426]  ffff0000d935b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.361629][ T6426] >ffff0000d935b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.363666][ T6426]                                   ^
[   37.364885][ T6426]  ffff0000d935b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.366677][ T6426]  ffff0000d935b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   37.368442][ T6426] ==================================================================
[   37.370304][ T6426] Disabling lock debugging due to kernel taint
[   37.372216][ T6426] (syz-executor892,6426,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC.
[   37.375133][ T6426] (syz-executor892,6426,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae
[   37.377973][ T6426] (syz-executor892,6426,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5
[   37.379871][ T6426] (syz-executor892,6426,1):ocfs2_quota_read:201 ERROR: status = -5
[   37.381466][ T6426] Quota error (device loop0): find_next_id: Can't read quota tree block 5
[   37.383427][ T6426] (syz-executor892,6426,1):ocfs2_get_next_id:916 ERROR: status = -5