Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts. executing program [ 46.836899][ T4018] loop0: detected capacity change from 0 to 32768 [ 46.914966][ T4018] (syz-executor221,4018,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 46.918561][ T4018] (syz-executor221,4018,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 46.928993][ T4018] (syz-executor221,4018,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 46.934682][ T4018] JBD2: Ignoring recovery information on journal [ 46.977059][ T4018] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 46.992257][ T4018] ================================================================== [ 46.994043][ T4018] BUG: KASAN: use-after-free in ocfs2_get_next_id+0x22c/0x8ac [ 46.995585][ T4018] Read of size 8 at addr ffff0000da812028 by task syz-executor221/4018 [ 46.997673][ T4018] [ 46.998204][ T4018] CPU: 1 PID: 4018 Comm: syz-executor221 Not tainted 5.15.176-syzkaller #0 [ 46.999864][ T4018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 47.002018][ T4018] Call trace: [ 47.002649][ T4018] dump_backtrace+0x0/0x530 [ 47.003675][ T4018] show_stack+0x2c/0x3c [ 47.004493][ T4018] dump_stack_lvl+0x108/0x170 [ 47.005474][ T4018] print_address_description+0x7c/0x3f0 [ 47.006647][ T4018] kasan_report+0x174/0x1e4 [ 47.007512][ T4018] __asan_report_load8_noabort+0x44/0x50 [ 47.008640][ T4018] ocfs2_get_next_id+0x22c/0x8ac [ 47.009711][ T4018] dquot_get_next_dqblk+0x7c/0x348 [ 47.010766][ T4018] quota_getnextquota+0x264/0x674 [ 47.011870][ T4018] do_quotactl+0x52c/0x698 [ 47.012898][ T4018] __arm64_sys_quotactl+0x2d8/0x7a4 [ 47.014057][ T4018] invoke_syscall+0x98/0x2b8 [ 47.015117][ T4018] el0_svc_common+0x138/0x258 [ 47.016082][ T4018] do_el0_svc+0x58/0x14c [ 47.016954][ T4018] el0_svc+0x7c/0x1f0 [ 47.017947][ T4018] el0t_64_sync_handler+0x84/0xe4 [ 47.018929][ T4018] el0t_64_sync+0x1a0/0x1a4 [ 47.019931][ T4018] [ 47.020417][ T4018] Allocated by task 4018: [ 47.021427][ T4018] ____kasan_kmalloc+0xbc/0xfc [ 47.022419][ T4018] __kasan_kmalloc+0x10/0x1c [ 47.023427][ T4018] kmem_cache_alloc_trace+0x27c/0x47c [ 47.024542][ T4018] ocfs2_local_read_info+0x1b8/0x15bc [ 47.025641][ T4018] dquot_load_quota_sb+0x6f0/0xb1c [ 47.026706][ T4018] dquot_load_quota_inode+0x280/0x4f4 [ 47.027817][ T4018] ocfs2_enable_quotas+0x1d4/0x3cc [ 47.028821][ T4018] ocfs2_fill_super+0x37bc/0x4abc [ 47.029816][ T4018] mount_bdev+0x274/0x370 [ 47.030896][ T4018] ocfs2_mount+0x44/0x58 [ 47.031750][ T4018] legacy_get_tree+0xd4/0x16c [ 47.032742][ T4018] vfs_get_tree+0x90/0x274 [ 47.033823][ T4018] do_new_mount+0x278/0x8fc [ 47.034744][ T4018] path_mount+0x594/0x101c [ 47.035626][ T4018] __arm64_sys_mount+0x510/0x5e0 [ 47.036641][ T4018] invoke_syscall+0x98/0x2b8 [ 47.037642][ T4018] el0_svc_common+0x138/0x258 [ 47.038555][ T4018] do_el0_svc+0x58/0x14c [ 47.039429][ T4018] el0_svc+0x7c/0x1f0 [ 47.040280][ T4018] el0t_64_sync_handler+0x84/0xe4 [ 47.041391][ T4018] el0t_64_sync+0x1a0/0x1a4 [ 47.042268][ T4018] [ 47.042703][ T4018] Freed by task 4018: [ 47.043528][ T4018] kasan_set_track+0x4c/0x84 [ 47.044461][ T4018] kasan_set_free_info+0x28/0x4c [ 47.045420][ T4018] ____kasan_slab_free+0x118/0x164 [ 47.046464][ T4018] __kasan_slab_free+0x18/0x28 [ 47.047569][ T4018] slab_free_freelist_hook+0x128/0x1ec [ 47.048676][ T4018] kfree+0x178/0x410 [ 47.049542][ T4018] ocfs2_local_free_info+0x720/0x8a4 [ 47.050668][ T4018] dquot_disable+0xefc/0x1800 [ 47.051586][ T4018] ocfs2_susp_quotas+0x1f0/0x2d4 [ 47.052603][ T4018] ocfs2_remount+0x464/0x9cc [ 47.053614][ T4018] legacy_reconfigure+0xfc/0x114 [ 47.054659][ T4018] reconfigure_super+0x1d0/0x6ec [ 47.055711][ T4018] path_mount+0xbec/0x101c [ 47.056703][ T4018] __arm64_sys_mount+0x510/0x5e0 [ 47.057809][ T4018] invoke_syscall+0x98/0x2b8 [ 47.058843][ T4018] el0_svc_common+0x138/0x258 [ 47.059783][ T4018] do_el0_svc+0x58/0x14c [ 47.060643][ T4018] el0_svc+0x7c/0x1f0 [ 47.061558][ T4018] el0t_64_sync_handler+0x84/0xe4 [ 47.062756][ T4018] el0t_64_sync+0x1a0/0x1a4 [ 47.063834][ T4018] [ 47.064312][ T4018] The buggy address belongs to the object at ffff0000da812000 [ 47.064312][ T4018] which belongs to the cache kmalloc-1k of size 1024 [ 47.067280][ T4018] The buggy address is located 40 bytes inside of [ 47.067280][ T4018] 1024-byte region [ffff0000da812000, ffff0000da812400) [ 47.069905][ T4018] The buggy address belongs to the page: [ 47.071010][ T4018] page:00000000f3d2e6f3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11a810 [ 47.073046][ T4018] head:00000000f3d2e6f3 order:3 compound_mapcount:0 compound_pincount:0 [ 47.074743][ T4018] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 47.076502][ T4018] raw: 05ffc00000010200 fffffc0003426e00 0000000200000002 ffff0000c0002780 [ 47.078195][ T4018] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 47.080038][ T4018] page dumped because: kasan: bad access detected [ 47.081452][ T4018] [ 47.081954][ T4018] Memory state around the buggy address: [ 47.083114][ T4018] ffff0000da811f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.084727][ T4018] ffff0000da811f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.086347][ T4018] >ffff0000da812000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.088039][ T4018] ^ [ 47.089127][ T4018] ffff0000da812080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.090844][ T4018] ffff0000da812100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.092427][ T4018] ================================================================== [ 47.094005][ T4018] Disabling lock debugging due to kernel taint