---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
This looks like minix isn't verifying the image it has been passed
sufficiently. Specifically, the reproducer might encode an invalid block
size but it's hard to make sense of all the raw addresses in the
reproducer. isofs has
/* RDE: convert log zone size to bit shift */
switch (sbi->s_log_zone_size) {
case 512: sbi->s_log_zone_size = 9; break;
case 1024: sbi->s_log_zone_size = 10; break;
case 2048: sbi->s_log_zone_size = 11; break;
default:
goto out_bad_zone_size;
}
minix has nothing so I'd expect it to be possible to pass
50000000000000000
as log zone size and minix would just use it causing the issue in
minix_statfs() you're seeing.
While that could be fixed I wonder if we shouldn't just mark minixfs as
broken. But I seriously have no clue who is using this fs for what.