Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts.
executing program
[ 61.294146][ T4164] loop0: detected capacity change from 0 to 32768
[ 61.398347][ T4164] (syz-executor123,4164,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 61.414417][ T4164] (syz-executor123,4164,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 61.434976][ T4164] (syz-executor123,4164,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[ 61.451320][ T4164] JBD2: Ignoring recovery information on journal
[ 61.479801][ T4164] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[ 61.514672][ T4164] ==================================================================
[ 61.522837][ T4164] BUG: KASAN: use-after-free in ocfs2_lock_global_qf+0xb4/0x2a0
[ 61.530489][ T4164] Read of size 8 at addr ffff888074857028 by task syz-executor123/4164
[ 61.538818][ T4164]
[ 61.541144][ T4164] CPU: 0 PID: 4164 Comm: syz-executor123 Not tainted 5.15.176-syzkaller #0
[ 61.549740][ T4164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 61.559793][ T4164] Call Trace:
[ 61.563257][ T4164]
[ 61.566210][ T4164] dump_stack_lvl+0x1e3/0x2d0
[ 61.570891][ T4164] ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 61.576536][ T4164] ? _printk+0xd1/0x120
[ 61.580715][ T4164] ? __wake_up_klogd+0xcc/0x100
[ 61.585559][ T4164] ? panic+0x860/0x860
[ 61.589625][ T4164] ? _raw_spin_lock_irqsave+0xdd/0x120
[ 61.595082][ T4164] print_address_description+0x63/0x3b0
[ 61.600619][ T4164] ? ocfs2_lock_global_qf+0xb4/0x2a0
[ 61.605916][ T4164] kasan_report+0x16b/0x1c0
[ 61.610411][ T4164] ? ocfs2_lock_global_qf+0xb4/0x2a0
[ 61.615694][ T4164] ocfs2_lock_global_qf+0xb4/0x2a0
[ 61.620889][ T4164] ? lock_buffer+0x80/0x80
[ 61.625307][ T4164] ocfs2_get_next_id+0x21c/0x710
[ 61.630266][ T4164] ? ocfs2_write_info+0x3a0/0x3a0
[ 61.635283][ T4164] ? from_kgid+0x1a3/0x730
[ 61.639712][ T4164] ? make_kgid+0x6f0/0x6f0
[ 61.644123][ T4164] dquot_get_next_dqblk+0x6e/0x3a0
[ 61.649241][ T4164] quota_getnextquota+0x2bc/0x6b0
[ 61.654262][ T4164] ? quota_getquota+0x6d0/0x6d0
[ 61.659104][ T4164] ? read_lock_is_recursive+0x10/0x10
[ 61.664478][ T4164] ? bpf_lsm_capable+0x5/0x10
[ 61.669148][ T4164] ? security_capable+0x86/0xb0
[ 61.673995][ T4164] ? bpf_lsm_quotactl+0x5/0x10
[ 61.678952][ T4164] ? security_quotactl+0x86/0xb0
[ 61.683889][ T4164] ? do_quotactl+0x508/0x6c0
[ 61.688504][ T4164] __se_sys_quotactl+0x2b1/0x770
[ 61.693456][ T4164] ? __lock_acquire+0x1ff0/0x1ff0
[ 61.698569][ T4164] ? __x64_sys_quotactl+0xa0/0xa0
[ 61.703682][ T4164] ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 61.709661][ T4164] ? print_irqtrace_events+0x210/0x210
[ 61.715114][ T4164] ? vtime_user_exit+0x2d1/0x400
[ 61.720047][ T4164] ? syscall_enter_from_user_mode+0x2e/0x240
[ 61.726020][ T4164] ? lockdep_hardirqs_on+0x94/0x130
[ 61.731212][ T4164] ? syscall_enter_from_user_mode+0x2e/0x240
[ 61.737195][ T4164] do_syscall_64+0x3b/0xb0
[ 61.741605][ T4164] ? clear_bhb_loop+0x15/0x70
[ 61.746276][ T4164] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.752249][ T4164] RIP: 0033:0x7f8071deeb99
[ 61.756652][ T4164] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.776246][ T4164] RSP: 002b:00007fff762c53a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[ 61.784670][ T4164] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8071deeb99
[ 61.792630][ T4164] RDX: 000000000000ee01 RSI: 00000000200080c0 RDI: ffffffff80000901
[ 61.800622][ T4164] RBP: 00007f8071e665f0 R08: 0000000020000c40 R09: 0000555585b794c0
[ 61.808775][ T4164] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff762c53d0
[ 61.816742][ T4164] R13: 00007fff762c55f8 R14: 431bde82d7b634db R15: 00007f8071e3703b
[ 61.824718][ T4164]
[ 61.827727][ T4164]
[ 61.830058][ T4164] Allocated by task 4164:
[ 61.834387][ T4164] ____kasan_kmalloc+0xba/0xf0
[ 61.839248][ T4164] kmem_cache_alloc_trace+0x143/0x290
[ 61.844608][ T4164] ocfs2_local_read_info+0x1ea/0x19e0
[ 61.849973][ T4164] dquot_load_quota_sb+0x754/0xb90
[ 61.855094][ T4164] dquot_load_quota_inode+0x318/0x600
[ 61.860465][ T4164] ocfs2_enable_quotas+0x221/0x440
[ 61.865591][ T4164] ocfs2_fill_super+0x4423/0x5890
[ 61.870604][ T4164] mount_bdev+0x2c9/0x3f0
[ 61.874926][ T4164] legacy_get_tree+0xeb/0x180
[ 61.879590][ T4164] vfs_get_tree+0x88/0x270
[ 61.883989][ T4164] do_new_mount+0x2ba/0xb40
[ 61.888509][ T4164] __se_sys_mount+0x2d5/0x3c0
[ 61.893187][ T4164] do_syscall_64+0x3b/0xb0
[ 61.897632][ T4164] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.903522][ T4164]
[ 61.905843][ T4164] Freed by task 4164:
[ 61.909811][ T4164] kasan_set_track+0x4b/0x80
[ 61.914388][ T4164] kasan_set_free_info+0x1f/0x40
[ 61.919314][ T4164] ____kasan_slab_free+0xd8/0x120
[ 61.924352][ T4164] slab_free_freelist_hook+0xdd/0x160
[ 61.929722][ T4164] kfree+0xf1/0x270
[ 61.933526][ T4164] ocfs2_local_free_info+0x813/0x990
[ 61.938817][ T4164] dquot_disable+0x1111/0x1c60
[ 61.943573][ T4164] ocfs2_susp_quotas+0x247/0x340
[ 61.948622][ T4164] ocfs2_remount+0x56e/0xc30
[ 61.953213][ T4164] reconfigure_super+0x43a/0x870
[ 61.958174][ T4164] path_mount+0xceb/0x10a0
[ 61.962609][ T4164] __se_sys_mount+0x2d5/0x3c0
[ 61.967709][ T4164] do_syscall_64+0x3b/0xb0
[ 61.972123][ T4164] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 61.978009][ T4164]
[ 61.980499][ T4164] The buggy address belongs to the object at ffff888074857000
[ 61.980499][ T4164] which belongs to the cache kmalloc-1k of size 1024
[ 61.994540][ T4164] The buggy address is located 40 bytes inside of
[ 61.994540][ T4164] 1024-byte region [ffff888074857000, ffff888074857400)
[ 62.007820][ T4164] The buggy address belongs to the page:
[ 62.013448][ T4164] page:ffffea0001d21400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74850
[ 62.023598][ T4164] head:ffffea0001d21400 order:3 compound_mapcount:0 compound_pincount:0
[ 62.032028][ T4164] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 62.040009][ T4164] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888017441dc0
[ 62.048584][ T4164] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 62.057330][ T4164] page dumped because: kasan: bad access detected
[ 62.063814][ T4164] page_owner tracks the page as allocated
[ 62.069528][ T4164] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4158, ts 55385421807, free_ts 55322446254
[ 62.088624][ T4164] get_page_from_freelist+0x3b78/0x3d40
[ 62.094192][ T4164] __alloc_pages+0x272/0x700
[ 62.098772][ T4164] new_slab+0xbb/0x4b0
[ 62.102843][ T4164] ___slab_alloc+0x6f6/0xe10
[ 62.107423][ T4164] __kmalloc_node_track_caller+0x1f6/0x390
[ 62.113223][ T4164] __alloc_skb+0x12c/0x590
[ 62.117625][ T4164] sk_stream_alloc_skb+0x1fc/0xac0
[ 62.122726][ T4164] tcp_sendmsg_locked+0xd34/0x3a90
[ 62.127831][ T4164] tcp_sendmsg+0x2c/0x40
[ 62.132096][ T4164] sock_write_iter+0x39b/0x530
[ 62.136848][ T4164] vfs_write+0xacd/0xe50
[ 62.141077][ T4164] ksys_write+0x1a2/0x2c0
[ 62.145415][ T4164] do_syscall_64+0x3b/0xb0
[ 62.149827][ T4164] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.155711][ T4164] page last free stack trace:
[ 62.160365][ T4164] free_unref_page_prepare+0xc34/0xcf0
[ 62.165811][ T4164] free_unref_page+0x95/0x2d0
[ 62.170474][ T4164] skb_release_data+0x411/0x8a0
[ 62.175397][ T4164] __kfree_skb+0x4c/0x60
[ 62.179628][ T4164] tcp_recvmsg_locked+0x1629/0x29b0
[ 62.184820][ T4164] tcp_recvmsg+0x24e/0x7f0
[ 62.189228][ T4164] inet_recvmsg+0x157/0x280
[ 62.193723][ T4164] sock_read_iter+0x353/0x480
[ 62.198387][ T4164] vfs_read+0xa93/0xe10
[ 62.202527][ T4164] ksys_read+0x1a2/0x2c0
[ 62.206759][ T4164] do_syscall_64+0x3b/0xb0
[ 62.211174][ T4164] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.217080][ T4164]
[ 62.219398][ T4164] Memory state around the buggy address:
[ 62.225016][ T4164] ffff888074856f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.233082][ T4164] ffff888074856f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 62.241161][ T4164] >ffff888074857000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.249230][ T4164] ^
[ 62.254593][ T4164] ffff888074857080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.262652][ T4164] ffff888074857100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.270721][ T4164] ==================================================================
[ 62.278775][ T4164] Disabling lock debugging due to kernel taint
[ 62.285613][ T4164] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 62.292838][ T4164] CPU: 1 PID: 4164 Comm: syz-executor123 Tainted: G B 5.15.176-syzkaller #0
[ 62.302811][ T4164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 62.312872][ T4164] Call Trace:
[ 62.316143][ T4164]
[ 62.319066][ T4164] dump_stack_lvl+0x1e3/0x2d0
[ 62.323733][ T4164] ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 62.329350][ T4164] ? panic+0x860/0x860
[ 62.333490][ T4164] ? rcu_is_watching+0x11/0xa0
[ 62.338378][ T4164] ? preempt_schedule_common+0xa6/0xd0
[ 62.343859][ T4164] panic+0x318/0x860
[ 62.347769][ T4164] ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[ 62.353935][ T4164] ? check_panic_on_warn+0x1d/0xa0
[ 62.359061][ T4164] ? fb_is_primary_device+0xd0/0xd0
[ 62.364249][ T4164] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 62.370219][ T4164] ? _raw_spin_unlock+0x40/0x40
[ 62.375059][ T4164] check_panic_on_warn+0x7e/0xa0
[ 62.379995][ T4164] ? ocfs2_lock_global_qf+0xb4/0x2a0
[ 62.385289][ T4164] end_report+0x6d/0xf0
[ 62.389455][ T4164] kasan_report+0x18e/0x1c0
[ 62.393952][ T4164] ? ocfs2_lock_global_qf+0xb4/0x2a0
[ 62.399244][ T4164] ocfs2_lock_global_qf+0xb4/0x2a0
[ 62.404356][ T4164] ? lock_buffer+0x80/0x80
[ 62.408780][ T4164] ocfs2_get_next_id+0x21c/0x710
[ 62.413846][ T4164] ? ocfs2_write_info+0x3a0/0x3a0
[ 62.418888][ T4164] ? from_kgid+0x1a3/0x730
[ 62.423321][ T4164] ? make_kgid+0x6f0/0x6f0
[ 62.427727][ T4164] dquot_get_next_dqblk+0x6e/0x3a0
[ 62.432827][ T4164] quota_getnextquota+0x2bc/0x6b0
[ 62.437861][ T4164] ? quota_getquota+0x6d0/0x6d0
[ 62.442716][ T4164] ? read_lock_is_recursive+0x10/0x10
[ 62.448078][ T4164] ? bpf_lsm_capable+0x5/0x10
[ 62.452753][ T4164] ? security_capable+0x86/0xb0
[ 62.457590][ T4164] ? bpf_lsm_quotactl+0x5/0x10
[ 62.462369][ T4164] ? security_quotactl+0x86/0xb0
[ 62.467296][ T4164] ? do_quotactl+0x508/0x6c0
[ 62.471876][ T4164] __se_sys_quotactl+0x2b1/0x770
[ 62.476826][ T4164] ? __lock_acquire+0x1ff0/0x1ff0
[ 62.481860][ T4164] ? __x64_sys_quotactl+0xa0/0xa0
[ 62.486870][ T4164] ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 62.492837][ T4164] ? print_irqtrace_events+0x210/0x210
[ 62.498281][ T4164] ? vtime_user_exit+0x2d1/0x400
[ 62.503210][ T4164] ? syscall_enter_from_user_mode+0x2e/0x240
[ 62.509179][ T4164] ? lockdep_hardirqs_on+0x94/0x130
[ 62.514365][ T4164] ? syscall_enter_from_user_mode+0x2e/0x240
[ 62.520383][ T4164] do_syscall_64+0x3b/0xb0
[ 62.524784][ T4164] ? clear_bhb_loop+0x15/0x70
[ 62.529451][ T4164] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 62.535336][ T4164] RIP: 0033:0x7f8071deeb99
[ 62.539740][ T4164] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.559678][ T4164] RSP: 002b:00007fff762c53a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000b3
[ 62.568078][ T4164] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8071deeb99
[ 62.576058][ T4164] RDX: 000000000000ee01 RSI: 00000000200080c0 RDI: ffffffff80000901
[ 62.584057][ T4164] RBP: 00007f8071e665f0 R08: 0000000020000c40 R09: 0000555585b794c0
[ 62.592055][ T4164] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff762c53d0
[ 62.600021][ T4164] R13: 00007fff762c55f8 R14: 431bde82d7b634db R15: 00007f8071e3703b
[ 62.608009][ T4164]
[ 62.611140][ T4164] Kernel Offset: disabled
[ 62.615476][ T4164] Rebooting in 86400 seconds..