bisecting fixing commit since 54b4fa6d39551639cb10664f6ac78b01993a1d7e
building syzkaller on a34e2c332411388ed2b3f6f1a3acdc062feceb79
testing commit 54b4fa6d39551639cb10664f6ac78b01993a1d7e with gcc (GCC) 8.1.0
kernel signature: d83ab3ac592dd6590e1478d2433df10a74819c9164f19448127b9e8009589423
run #0: crashed: KASAN: out-of-bounds Read in get_block
run #1: crashed: KASAN: use-after-free Read in get_block
run #2: crashed: KASAN: use-after-free Read in get_block
run #3: crashed: KASAN: out-of-bounds Read in get_block
run #4: crashed: KASAN: use-after-free Read in get_block
run #5: crashed: KASAN: use-after-free Read in get_block
run #6: crashed: KASAN: use-after-free Read in get_block
run #7: crashed: KASAN: use-after-free Read in get_block
run #8: crashed: KASAN: use-after-free Read in get_block
run #9: crashed: KASAN: use-after-free Read in get_block
testing current HEAD 765675379b6253b6901563e649a2f87d28ada3ff
testing commit 765675379b6253b6901563e649a2f87d28ada3ff with gcc (GCC) 8.1.0
kernel signature: 8605fe7e7c34605452c82a2388fe93f55b0a323593823b2e54e151a29e6b015e
run #0: crashed: KASAN: use-after-free Read in get_block
run #1: crashed: KASAN: use-after-free Read in get_block
run #2: crashed: KASAN: use-after-free Read in get_block
run #3: crashed: KASAN: use-after-free Read in get_block
run #4: crashed: KASAN: use-after-free Read in get_block
run #5: crashed: KASAN: use-after-free Read in get_block
run #6: crashed: KASAN: out-of-bounds Read in get_block
run #7: crashed: KASAN: use-after-free Read in get_block
run #8: crashed: KASAN: out-of-bounds Read in get_block
run #9: crashed: KASAN: use-after-free Read in get_block
revisions tested: 2, total time: 28m18.865987701s (build: 18m36.696789917s, test: 8m40.853782783s)
the crash still happens on HEAD
commit msg: Linux 4.19.119
crash: KASAN: use-after-free Read in get_block
MINIX-fs: mounting unchecked file system, running fsck is recommended
MINIX-fs: mounting unchecked file system, running fsck is recommended
MINIX-fs: mounting unchecked file system, running fsck is recommended
==================================================================
BUG: KASAN: use-after-free in add_chain fs/minix/itree_common.c:14 [inline]
BUG: KASAN: use-after-free in get_branch fs/minix/itree_common.c:52 [inline]
BUG: KASAN: use-after-free in get_block+0xebc/0x1120 fs/minix/itree_common.c:160
Read of size 2 at addr ffff8880727c8432 by task syz-executor.3/7911

CPU: 1 PID: 7911 Comm: syz-executor.3 Not tainted 4.19.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x123/0x177 lib/dump_stack.c:118
 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
 __asan_report_load2_noabort+0x14/0x20 mm/kasan/report.c:431
 add_chain fs/minix/itree_common.c:14 [inline]
 get_branch fs/minix/itree_common.c:52 [inline]
 get_block+0xebc/0x1120 fs/minix/itree_common.c:160
 V1_minix_get_block+0x9/0x10 fs/minix/itree_v1.c:56
 minix_get_block+0xa7/0x110 fs/minix/inode.c:379
 block_read_full_page+0x254/0xe30 fs/buffer.c:2259
 minix_readpage+0x13/0x20 fs/minix/inode.c:391
 do_read_cache_page+0x668/0xfa0 mm/filemap.c:2828
 read_cache_page+0x4b/0x80 mm/filemap.c:2916
 read_mapping_page include/linux/pagemap.h:402 [inline]
 dir_get_page.isra.11+0x5e/0xc0 fs/minix/dir.c:70
 minix_find_entry+0x1e6/0x680 fs/minix/dir.c:170
 minix_inode_by_name+0x62/0x3f0 fs/minix/dir.c:454
 minix_lookup+0xe5/0x170 fs/minix/namei.c:30
 lookup_open+0x5cf/0x1d30 fs/namei.c:3214
 do_last fs/namei.c:3327 [inline]
 path_openat+0xf40/0x3c60 fs/namei.c:3537
 do_filp_open+0x177/0x250 fs/namei.c:3567
 do_sys_open+0x1dd/0x350 fs/open.c:1085
 __do_sys_open fs/open.c:1103 [inline]
 __se_sys_open fs/open.c:1098 [inline]
 __x64_sys_open+0x79/0xb0 fs/open.c:1098
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8cef188c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f8cef1896d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 0000000000020040 RDI: 0000000020000040
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000771 R14: 000000000050435f R15: 000000000076bf0c

The buggy address belongs to the page:
page:ffffea0001c9f200 count:2 mapcount:0 mapping:ffff888073605738 index:0x6d5e6
flags: 0xfffe000000102c(referenced|uptodate|lru|private)
raw: 00fffe000000102c ffffea0001c891c8 ffffea0001c9f248 ffff888073605738
raw: 000000000006d5e6 ffff8880744072a0 00000002ffffffff ffff8880a9f82c00
page dumped because: kasan: bad access detected
page->mem_cgroup:ffff8880a9f82c00

Memory state around the buggy address:
 ffff8880727c8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880727c8380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8880727c8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                     ^
 ffff8880727c8480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880727c8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================