ci2 starts bisection 2023-04-17 08:03:28.110445934 +0000 UTC m=+440.062514180 bisecting fixing commit since 8020ae3c051d1c9ec7b7a872e226f9720547649b building syzkaller on 7939252e4ddf50bbb9912069a40d32f6c83c4f8e ensuring issue is reproducible on original commit 8020ae3c051d1c9ec7b7a872e226f9720547649b testing commit 8020ae3c051d1c9ec7b7a872e226f9720547649b gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3d24033d7469d7963369f1462d1221e34174630c102e97341a100bbfe2157d13 run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00071e0a0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002c280a0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #2: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002c281e0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #3: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002c28320] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #4: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002c28410] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #5: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc00071e280] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #6: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002222230] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #7: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002222550] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #8: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002222780] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #9: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc0006284b0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #10: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc000628550] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #11: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002c28780] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #12: crashed: KASAN: use-after-free Read in ntfs_readpage run #13: crashed: KASAN: out-of-bounds Read in ntfs_readpage run #14: crashed: KASAN: use-after-free Read in ntfs_readpage run #15: crashed: KASAN: use-after-free Read in ntfs_readpage run #16: crashed: KASAN: use-after-free Read in ntfs_readpage run #17: crashed: KASAN: use-after-free Read in ntfs_readpage run #18: crashed: KASAN: use-after-free Read in ntfs_readpage run #19: crashed: KASAN: use-after-free Read in ntfs_readpage testing current HEAD 4fdad925aa1a320c2f32bf956ed29100c7fdc464 testing commit 4fdad925aa1a320c2f32bf956ed29100c7fdc464 gcc compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2796ea2d9f5555ae0c044b9b83f86a05485ba827746db1dc19e3a5becf41d345 run #0: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc002c29b30] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #1: boot failed: create image operation failed: &{Code:QUOTA_EXCEEDED ErrorDetails:[0xc001b777c0] Location: Message:Quota 'T2A_CPUS' exceeded. Limit: 64.0 in region us-central1. ForceSendFields:[] NullFields:[]}. run #2: crashed: KASAN: use-after-free Read in ntfs_readpage run #3: crashed: KASAN: use-after-free Read in ntfs_readpage run #4: crashed: KASAN: use-after-free Read in ntfs_readpage run #5: crashed: KASAN: use-after-free Read in ntfs_readpage run #6: crashed: KASAN: use-after-free Read in ntfs_readpage run #7: crashed: KASAN: use-after-free Read in ntfs_readpage run #8: crashed: KASAN: use-after-free Read in ntfs_readpage run #9: crashed: KASAN: use-after-free Read in ntfs_readpage revisions tested: 2, total time: 53m27.774169675s (build: 45m24.165087518s, test: 6m15.537638057s) the crash still happens on HEAD commit msg: Linux 5.15.107 crash: KASAN: use-after-free Read in ntfs_readpage loop0: detected capacity change from 0 to 190 ================================================================== BUG: KASAN: use-after-free in ntfs_readpage+0x520/0x1630 fs/ntfs/aops.c:488 Read of size 1 at addr ffff0000e159817f by task syz-executor.0/4683 CPU: 1 PID: 4683 Comm: syz-executor.0 Not tainted 5.15.107-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call trace: dump_backtrace+0x0/0x45c arch/arm64/kernel/stacktrace.c:152 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:216 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x90/0xc8 lib/dump_stack.c:106 print_address_description+0x7c/0x3f0 mm/kasan/report.c:248 __kasan_report mm/kasan/report.c:434 [inline] kasan_report+0x174/0x1e4 mm/kasan/report.c:451 kasan_check_range+0x274/0x2b4 mm/kasan/generic.c:189 memcpy+0x90/0xe8 mm/kasan/shadow.c:65 ntfs_readpage+0x520/0x1630 fs/ntfs/aops.c:488 do_read_cache_page+0x43c/0x688 read_cache_page+0x40/0x74 mm/filemap.c:3565 read_mapping_page include/linux/pagemap.h:515 [inline] ntfs_map_page fs/ntfs/aops.h:75 [inline] load_and_init_attrdef fs/ntfs/super.c:1609 [inline] load_system_files+0x1854/0x3958 fs/ntfs/super.c:1817 ntfs_fill_super+0x1058/0x2164 fs/ntfs/super.c:2894 mount_bdev+0x22c/0x2ec fs/super.c:1378 ntfs_mount+0x18/0x24 fs/ntfs/super.c:3051 legacy_get_tree+0xd0/0x158 fs/fs_context.c:610 vfs_get_tree+0x88/0x224 fs/super.c:1508 do_new_mount+0x1a4/0x6fc fs/namespace.c:2994 path_mount+0x4c8/0xb94 fs/namespace.c:3324 do_mount fs/namespace.c:3337 [inline] __do_sys_mount fs/namespace.c:3545 [inline] __se_sys_mount fs/namespace.c:3522 [inline] __arm64_sys_mount+0x3e0/0x48c fs/namespace.c:3522 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x7c/0x250 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x160/0x1e4 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x4c/0xf0 arch/arm64/kernel/syscall.c:181 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584 The buggy address belongs to the page: page:00000000216d5659 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x121598 flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) raw: 05ffc00000000000 fffffc0003856ec8 fffffc0003872cc8 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000e1598000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff0000e1598080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff0000e1598100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff0000e1598180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff0000e1598200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== ntfs: volume version 3.1.