loop5: rw=2049, want=6434, limit=52 Buffer I/O error on dev loop5, logical block 3216, lost async page write minix_free_inode: bit 1 already cleared MINIX-fs: mounting unchecked file system, running fsck is recommended ================================================================== BUG: KASAN: slab-out-of-bounds in add_chain fs/minix/itree_common.c:14 [inline] BUG: KASAN: slab-out-of-bounds in get_branch fs/minix/itree_common.c:52 [inline] BUG: KASAN: slab-out-of-bounds in get_block+0x1047/0x1300 fs/minix/itree_common.c:160 Read of size 2 at addr ffff88804f7e1000 by task syz-executor.0/24044 CPU: 0 PID: 24044 Comm: syz-executor.0 Not tainted 4.19.116-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 print_address_description.cold+0x7c/0x212 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report mm/kasan/report.c:412 [inline] kasan_report.cold+0x88/0x2b9 mm/kasan/report.c:396 add_chain fs/minix/itree_common.c:14 [inline] get_branch fs/minix/itree_common.c:52 [inline] get_block+0x1047/0x1300 fs/minix/itree_common.c:160 minix_get_block+0xe5/0x110 fs/minix/inode.c:379 block_read_full_page+0x28e/0xef0 fs/buffer.c:2248 do_read_cache_page+0x916/0x1700 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] dir_get_page.isra.0+0x62/0xb0 fs/minix/dir.c:70 minix_find_entry+0x200/0x7b0 fs/minix/dir.c:170 minix_inode_by_name+0x6d/0x452 fs/minix/dir.c:454 minix_lookup fs/minix/namei.c:30 [inline] minix_lookup+0x103/0x190 fs/minix/namei.c:22 lookup_open+0x681/0x19b0 fs/namei.c:3214 do_last fs/namei.c:3327 [inline] path_openat+0x13cb/0x4200 fs/namei.c:3537 do_filp_open+0x1a1/0x280 fs/namei.c:3567 do_sys_open+0x3c0/0x500 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c889 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f46b0906c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 00007f46b09076d4 RCX: 000000000045c889 RDX: 0000000000000000 RSI: 0000000000020040 RDI: 0000000020000040 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000773 R14: 000000000050443f R15: 000000000076bf0c Allocated by task 23965: set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc mm/kasan/kasan.c:553 [inline] kasan_kmalloc+0xbf/0xe0 mm/kasan/kasan.c:531 kmem_cache_alloc+0x127/0x710 mm/slab.c:3559 kmem_cache_zalloc include/linux/slab.h:699 [inline] __alloc_file+0x21/0x330 fs/file_table.c:100 alloc_empty_file+0x6d/0x170 fs/file_table.c:150 path_openat+0xf2/0x4200 fs/namei.c:3526 do_filp_open+0x1a1/0x280 fs/namei.c:3567 do_sys_open+0x3c0/0x500 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 18: set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0xf7/0x140 mm/kasan/kasan.c:521 __cache_free mm/slab.c:3503 [inline] kmem_cache_free+0x7f/0x260 mm/slab.c:3765 __rcu_reclaim kernel/rcu/rcu.h:236 [inline] rcu_do_batch kernel/rcu/tree.c:2584 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2897 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2864 [inline] rcu_process_callbacks+0xb2d/0x17f0 kernel/rcu/tree.c:2881 __do_softirq+0x26c/0x93c kernel/softirq.c:292 The buggy address belongs to the object at ffff88804f7e1080 which belongs to the cache filp of size 456 The buggy address is located 128 bytes to the left of 456-byte region [ffff88804f7e1080, ffff88804f7e1248) The buggy address belongs to the page: page:ffffea00013df840 count:1 mapcount:0 mapping:ffff88821bc46b00 index:0xffff88804f7e1d00 flags: 0xfffe0000000100(slab) raw: 00fffe0000000100 ffffea000148f688 ffffea00010a5988 ffff88821bc46b00 raw: ffff88804f7e1d00 ffff88804f7e1080 0000000100000003 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88804f7e0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88804f7e0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88804f7e1000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff88804f7e1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88804f7e1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================