loop5: rw=2049, want=6434, limit=52
Buffer I/O error on dev loop5, logical block 3216, lost async page write
minix_free_inode: bit 1 already cleared
MINIX-fs: mounting unchecked file system, running fsck is recommended
==================================================================
BUG: KASAN: slab-out-of-bounds in add_chain fs/minix/itree_common.c:14 [inline]
BUG: KASAN: slab-out-of-bounds in get_branch fs/minix/itree_common.c:52 [inline]
BUG: KASAN: slab-out-of-bounds in get_block+0x1047/0x1300 fs/minix/itree_common.c:160
Read of size 2 at addr ffff88804f7e1000 by task syz-executor.0/24044

CPU: 0 PID: 24044 Comm: syz-executor.0 Not tainted 4.19.116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 print_address_description.cold+0x7c/0x212 mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report mm/kasan/report.c:412 [inline]
 kasan_report.cold+0x88/0x2b9 mm/kasan/report.c:396
 add_chain fs/minix/itree_common.c:14 [inline]
 get_branch fs/minix/itree_common.c:52 [inline]
 get_block+0x1047/0x1300 fs/minix/itree_common.c:160
 minix_get_block+0xe5/0x110 fs/minix/inode.c:379
 block_read_full_page+0x28e/0xef0 fs/buffer.c:2248
 do_read_cache_page+0x916/0x1700 mm/filemap.c:2828
 read_mapping_page include/linux/pagemap.h:402 [inline]
 dir_get_page.isra.0+0x62/0xb0 fs/minix/dir.c:70
 minix_find_entry+0x200/0x7b0 fs/minix/dir.c:170
 minix_inode_by_name+0x6d/0x452 fs/minix/dir.c:454
 minix_lookup fs/minix/namei.c:30 [inline]
 minix_lookup+0x103/0x190 fs/minix/namei.c:22
 lookup_open+0x681/0x19b0 fs/namei.c:3214
 do_last fs/namei.c:3327 [inline]
 path_openat+0x13cb/0x4200 fs/namei.c:3537
 do_filp_open+0x1a1/0x280 fs/namei.c:3567
 do_sys_open+0x3c0/0x500 fs/open.c:1085
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c889
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f46b0906c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f46b09076d4 RCX: 000000000045c889
RDX: 0000000000000000 RSI: 0000000000020040 RDI: 0000000020000040
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000773 R14: 000000000050443f R15: 000000000076bf0c

Allocated by task 23965:
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc mm/kasan/kasan.c:553 [inline]
 kasan_kmalloc+0xbf/0xe0 mm/kasan/kasan.c:531
 kmem_cache_alloc+0x127/0x710 mm/slab.c:3559
 kmem_cache_zalloc include/linux/slab.h:699 [inline]
 __alloc_file+0x21/0x330 fs/file_table.c:100
 alloc_empty_file+0x6d/0x170 fs/file_table.c:150
 path_openat+0xf2/0x4200 fs/namei.c:3526
 do_filp_open+0x1a1/0x280 fs/namei.c:3567
 do_sys_open+0x3c0/0x500 fs/open.c:1085
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 18:
 set_track mm/kasan/kasan.c:460 [inline]
 __kasan_slab_free+0xf7/0x140 mm/kasan/kasan.c:521
 __cache_free mm/slab.c:3503 [inline]
 kmem_cache_free+0x7f/0x260 mm/slab.c:3765
 __rcu_reclaim kernel/rcu/rcu.h:236 [inline]
 rcu_do_batch kernel/rcu/tree.c:2584 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline]
 __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline]
 rcu_process_callbacks+0xb2d/0x17f0 kernel/rcu/tree.c:2881
 __do_softirq+0x26c/0x93c kernel/softirq.c:292

The buggy address belongs to the object at ffff88804f7e1080
 which belongs to the cache filp of size 456
The buggy address is located 128 bytes to the left of
 456-byte region [ffff88804f7e1080, ffff88804f7e1248)
The buggy address belongs to the page:
page:ffffea00013df840 count:1 mapcount:0 mapping:ffff88821bc46b00 index:0xffff88804f7e1d00
flags: 0xfffe0000000100(slab)
raw: 00fffe0000000100 ffffea000148f688 ffffea00010a5988 ffff88821bc46b00
raw: ffff88804f7e1d00 ffff88804f7e1080 0000000100000003 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88804f7e0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff88804f7e0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88804f7e1000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                   ^
 ffff88804f7e1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88804f7e1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================