Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts.
executing program
[   38.430049][ T6411] loop0: detected capacity change from 0 to 32768
[   38.436384][ T6411] (syz-executor321,6411,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   38.440266][ T6411] (syz-executor321,6411,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   38.461784][ T6411] (syz-executor321,6411,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[   38.466541][ T6411] JBD2: Ignoring recovery information on journal
[   38.489072][ T6411] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   38.501018][ T6411] ==================================================================
[   38.502723][ T6411] BUG: KASAN: slab-use-after-free in ocfs2_get_next_id+0x244/0x8e4
[   38.504429][ T6411] Read of size 8 at addr ffff0000c26e0828 by task syz-executor321/6411
[   38.506130][ T6411] 
[   38.506615][ T6411] CPU: 1 UID: 0 PID: 6411 Comm: syz-executor321 Not tainted 6.13.0-rc3-syzkaller-g573067a5a685 #0
[   38.508824][ T6411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   38.511086][ T6411] Call trace:
[   38.511719][ T6411]  show_stack+0x2c/0x3c (C)
[   38.512673][ T6411]  dump_stack_lvl+0xe4/0x150
[   38.513754][ T6411]  print_report+0x198/0x538
[   38.514762][ T6411]  kasan_report+0xd8/0x138
[   38.515760][ T6411]  __asan_report_load8_noabort+0x20/0x2c
[   38.517104][ T6411]  ocfs2_get_next_id+0x244/0x8e4
[   38.518155][ T6411]  dquot_get_next_dqblk+0x7c/0x348
[   38.519310][ T6411]  quota_getnextquota+0x264/0x650
[   38.520397][ T6411]  do_quotactl+0x52c/0x698
[   38.521413][ T6411]  __arm64_sys_quotactl+0x2c0/0xc9c
[   38.522486][ T6411]  invoke_syscall+0x98/0x2b8
[   38.523432][ T6411]  el0_svc_common+0x130/0x23c
[   38.524536][ T6411]  do_el0_svc+0x48/0x58
[   38.525437][ T6411]  el0_svc+0x54/0x168
[   38.526376][ T6411]  el0t_64_sync_handler+0x84/0x108
[   38.527587][ T6411]  el0t_64_sync+0x198/0x19c
[   38.528551][ T6411] 
[   38.529049][ T6411] Allocated by task 6411:
[   38.529925][ T6411]  kasan_save_track+0x40/0x78
[   38.530899][ T6411]  kasan_save_alloc_info+0x40/0x50
[   38.531936][ T6411]  __kasan_kmalloc+0xac/0xc4
[   38.532980][ T6411]  __kmalloc_cache_noprof+0x2cc/0x428
[   38.534136][ T6411]  ocfs2_local_read_info+0x1b8/0x15bc
[   38.535275][ T6411]  dquot_load_quota_sb+0x6e4/0xb24
[   38.536380][ T6411]  dquot_load_quota_inode+0x280/0x4f4
[   38.537504][ T6411]  ocfs2_enable_quotas+0x17c/0x3cc
[   38.538641][ T6411]  ocfs2_fill_super+0x3e30/0x48d0
[   38.539719][ T6411]  mount_bdev+0x1d4/0x2a0
[   38.540623][ T6411]  ocfs2_mount+0x44/0x58
[   38.541715][ T6411]  legacy_get_tree+0xd4/0x16c
[   38.542595][ T6411]  vfs_get_tree+0x90/0x28c
[   38.543511][ T6411]  do_new_mount+0x278/0x900
[   38.544528][ T6411]  path_mount+0x590/0xe04
[   38.545500][ T6411]  __arm64_sys_mount+0x4d4/0x5ac
[   38.546541][ T6411]  invoke_syscall+0x98/0x2b8
[   38.547568][ T6411]  el0_svc_common+0x130/0x23c
[   38.548581][ T6411]  do_el0_svc+0x48/0x58
[   38.549557][ T6411]  el0_svc+0x54/0x168
[   38.550432][ T6411]  el0t_64_sync_handler+0x84/0x108
[   38.551484][ T6411]  el0t_64_sync+0x198/0x19c
[   38.552580][ T6411] 
[   38.553078][ T6411] Freed by task 6411:
[   38.553951][ T6411]  kasan_save_track+0x40/0x78
[   38.554910][ T6411]  kasan_save_free_info+0x54/0x6c
[   38.555920][ T6411]  __kasan_slab_free+0x64/0x8c
[   38.556989][ T6411]  kfree+0x180/0x478
[   38.557880][ T6411]  ocfs2_local_free_info+0x724/0x890
[   38.559009][ T6411]  dquot_disable+0xef0/0x1814
[   38.560198][ T6411]  ocfs2_susp_quotas+0x190/0x2d4
[   38.561667][ T6411]  ocfs2_remount+0x464/0x9cc
[   38.563441][ T6411]  legacy_reconfigure+0xfc/0x114
[   38.564964][ T6411]  reconfigure_super+0x1d0/0x6e8
[   38.565981][ T6411]  path_mount+0xc0c/0xe04
[   38.566996][ T6411]  __arm64_sys_mount+0x4d4/0x5ac
[   38.568065][ T6411]  invoke_syscall+0x98/0x2b8
[   38.569090][ T6411]  el0_svc_common+0x130/0x23c
[   38.570178][ T6411]  do_el0_svc+0x48/0x58
[   38.571127][ T6411]  el0_svc+0x54/0x168
[   38.572321][ T6411]  el0t_64_sync_handler+0x84/0x108
[   38.573857][ T6411]  el0t_64_sync+0x198/0x19c
[   38.575165][ T6411] 
[   38.575871][ T6411] The buggy address belongs to the object at ffff0000c26e0800
[   38.575871][ T6411]  which belongs to the cache kmalloc-1k of size 1024
[   38.578919][ T6411] The buggy address is located 40 bytes inside of
[   38.578919][ T6411]  freed 1024-byte region [ffff0000c26e0800, ffff0000c26e0c00)
[   38.582178][ T6411] 
[   38.582673][ T6411] The buggy address belongs to the physical page:
[   38.583975][ T6411] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026e0
[   38.585850][ T6411] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   38.587555][ T6411] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
[   38.589328][ T6411] page_type: f5(slab)
[   38.590223][ T6411] raw: 05ffc00000000040 ffff0000c0001dc0 dead000000000122 0000000000000000
[   38.592191][ T6411] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   38.594086][ T6411] head: 05ffc00000000040 ffff0000c0001dc0 dead000000000122 0000000000000000
[   38.596001][ T6411] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   38.597740][ T6411] head: 05ffc00000000003 fffffdffc309b801 ffffffffffffffff 0000000000000000
[   38.599501][ T6411] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   38.601268][ T6411] page dumped because: kasan: bad access detected
[   38.602610][ T6411] 
[   38.603060][ T6411] Memory state around the buggy address:
[   38.604241][ T6411]  ffff0000c26e0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   38.605838][ T6411]  ffff0000c26e0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   38.607583][ T6411] >ffff0000c26e0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.609259][ T6411]                                   ^
[   38.610415][ T6411]  ffff0000c26e0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.612049][ T6411]  ffff0000c26e0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.613681][ T6411] ==================================================================
[   38.615491][ T6411] Disabling lock debugging due to kernel taint
[   38.617479][ T6411] (syz-executor321,6411,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC.
[   38.620546][ T6411] (syz-executor321,6411,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae
[   38.623317][ T6411] (syz-executor321,6411,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5
[   38.625170][ T6411] (syz-executor321,6411,1):ocfs2_quota_read:201 ERROR: status = -5
[   38.626764][ T6411] Quota error (device loop0): find_next_id: Can't read quota tree block 5
[   38.628569][ T6411] (syz-executor321,6411,1):ocfs2_get_next_id:916 ERROR: status = -5