1965979 pages RAM
0 pages HighMem/MovableOnly
339049 pages reserved
0 pages cma reserved
==================================================================
BUG: KASAN: use-after-free in add_chain fs/minix/itree_common.c:14 [inline]
BUG: KASAN: use-after-free in get_branch fs/minix/itree_common.c:52 [inline]
BUG: KASAN: use-after-free in get_block+0xe7c/0x10f0 fs/minix/itree_common.c:160
Read of size 2 at addr ffff8881bcbb3356 by task syz-executor.5/25048

CPU: 1 PID: 25048 Comm: syz-executor.5 Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x13e/0x194 lib/dump_stack.c:58
 print_address_description.cold+0x7c/0x1e2 mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0xa9/0x2ae mm/kasan/report.c:393
 add_chain fs/minix/itree_common.c:14 [inline]
 get_branch fs/minix/itree_common.c:52 [inline]
 get_block+0xe7c/0x10f0 fs/minix/itree_common.c:160
 minix_get_block+0xd6/0x100 fs/minix/inode.c:379
 block_read_full_page+0x243/0x920 fs/buffer.c:2305
 do_read_cache_page+0x6f3/0x12a0 mm/filemap.c:2713
 read_mapping_page include/linux/pagemap.h:398 [inline]
 dir_get_page.isra.0+0x60/0xa0 fs/minix/dir.c:70
 minix_find_entry+0x1f5/0x6f0 fs/minix/dir.c:170
 minix_inode_by_name+0x5b/0x3b0 fs/minix/dir.c:454
 minix_lookup fs/minix/namei.c:30 [inline]
 minix_lookup+0xf0/0x180 fs/minix/namei.c:22
 lookup_open+0x5d1/0x1750 fs/namei.c:3220
 do_last fs/namei.c:3334 [inline]
 path_openat+0xfc1/0x3c50 fs/namei.c:3569
 do_filp_open+0x18e/0x250 fs/namei.c:3603
 do_sys_open+0x29d/0x3f0 fs/open.c:1081
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c889
RSP: 002b:00007f9cb9c5dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f9cb9c5e6d4 RCX: 000000000045c889
RDX: 0000000000000000 RSI: 0000000000030040 RDI: 0000000020000040
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000771 R14: 00000000005043df R15: 000000000076bf0c

The buggy address belongs to the page:
page:ffffea0006f2ecc0 count:0 mapcount:0 mapping:          (null) index:0x1
flags: 0x57ffe0000000000()
raw: 057ffe0000000000 0000000000000000 0000000000000001 00000000ffffffff
raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8881bcbb3200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff8881bcbb3280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff8881bcbb3300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                 ^
 ffff8881bcbb3380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff8881bcbb3400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================