./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor486641030

<...>
forked to background, child pid 3174
no interfaces have a carrier
[   20.405662][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0
[   20.415308][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.80' (ECDSA) to the list of known hosts.
execve("./syz-executor486641030", ["./syz-executor486641030"], 0x7fff2a2dc180 /* 10 vars */) = 0
brk(NULL)                               = 0x555556374000
brk(0x555556374c40)                     = 0x555556374c40
arch_prctl(ARCH_SET_FS, 0x555556374300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor486641030", 4096) = 27
brk(0x555556395c40)                     = 0x555556395c40
brk(0x555556396000)                     = 0x555556396000
mprotect(0x7f6846b64000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563745d0) = 3604
./strace-static-x86_64: Process 3604 attached
[pid  3604] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3604] setpgid(0, 0)               = 0
[pid  3604] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3604] write(3, "1000", 4)         = 4
[pid  3604] close(3)                    = 0
[pid  3604] creat("./bus", 000)         = 3
[pid  3604] io_setup(514, [0x7f6846aa7000]) = 0
[pid  3604] ioctl(3, FS_IOC_SETFLAGS, [0]) = 0
[pid  3604] io_submit(0x7f6846aa7000, 6227, [{aio_data=0x25, aio_key=933, aio_rw_flags=RWF_DSYNC, aio_lio_opcode=IOCB_CMD_PWRITE, aio_fildes=3, aio_buf="\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., aio_nbytes=90112, aio_offset=0, aio_resfd=0xffffffff}, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ...]) = 1
[pid  3604] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
syzkaller login: [   36.557630][   T26] audit: type=1800 audit(1652112801.694:2): pid=3604 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor486" name="bus" dev="sda1" ino=1138 res=0 errno=0
[pid  3604] pwritev2(4, [{iov_base="\x85\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC) = 3177984
[pid  3604] exit_group(0)               = ?
[pid  3604] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3604, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3605 attached
, child_tidptr=0x5555563745d0) = 3605
[pid  3605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3605] setpgid(0, 0)               = 0
[pid  3605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3605] write(3, "1000", 4)         = 4
[pid  3605] close(3)                    = 0
[pid  3605] creat("./bus", 000)         = 3
[pid  3605] io_setup(514, [0x7f6846aa7000]) = 0
[pid  3605] ioctl(3, FS_IOC_SETFLAGS, [0]) = 0
[pid  3605] io_submit(0x7f6846aa7000, 6227, [{aio_data=0x25, aio_key=933, aio_rw_flags=RWF_DSYNC, aio_lio_opcode=IOCB_CMD_PWRITE, aio_fildes=3, aio_buf="\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., aio_nbytes=90112, aio_offset=0, aio_resfd=0xffffffff}, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ...]) = 1
[pid  3605] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[   36.718677][   T26] audit: type=1800 audit(1652112801.854:3): pid=3605 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor486" name="bus" dev="sda1" ino=1138 res=0 errno=0
[pid  3605] pwritev2(4, [{iov_base="\x85\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC) = 3177984
[pid  3605] exit_group(0)               = ?
[pid  3605] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3605, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563745d0) = 3606
./strace-static-x86_64: Process 3606 attached
[pid  3606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3606] setpgid(0, 0)               = 0
[pid  3606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3606] write(3, "1000", 4)         = 4
[pid  3606] close(3)                    = 0
[pid  3606] creat("./bus", 000)         = 3
[pid  3606] io_setup(514, [0x7f6846aa7000]) = 0
[pid  3606] ioctl(3, FS_IOC_SETFLAGS, [0]) = 0
[pid  3606] io_submit(0x7f6846aa7000, 6227, [{aio_data=0x25, aio_key=933, aio_rw_flags=RWF_DSYNC, aio_lio_opcode=IOCB_CMD_PWRITE, aio_fildes=3, aio_buf="\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., aio_nbytes=90112, aio_offset=0, aio_resfd=0xffffffff}, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ...]) = 1
[pid  3606] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[   36.886445][   T26] audit: type=1800 audit(1652112802.024:4): pid=3606 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor486" name="bus" dev="sda1" ino=1138 res=0 errno=0
[pid  3606] pwritev2(4, [{iov_base="\x85\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=3177984}], 1, 5120, RWF_HIPRI|RWF_DSYNC) = 3177984
[pid  3606] exit_group(0)               = ?
[pid  3606] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3606, si_uid=0, si_status=0, si_utime=0, si_stime=7} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563745d0) = 3607
./strace-static-x86_64: Process 3607 attached
[pid  3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3607] setpgid(0, 0)               = 0
[pid  3607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3607] write(3, "1000", 4)         = 4
[pid  3607] close(3)                    = 0
[pid  3607] creat("./bus", 000)         = 3
[pid  3607] io_setup(514, [0x7f6846aa7000]) = 0
[pid  3607] ioctl(3, FS_IOC_SETFLAGS, [0]) = 0
[pid  3607] io_submit(0x7f6846aa7000, 6227, [{aio_data=0x25, aio_key=933, aio_rw_flags=RWF_DSYNC, aio_lio_opcode=IOCB_CMD_PWRITE, aio_fildes=3, aio_buf="\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., aio_nbytes=90112, aio_offset=0, aio_resfd=0xffffffff}, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, ...]) = 1
[pid  3607] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4
[   37.058120][   T26] audit: type=1800 audit(1652112802.194:5): pid=3607 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor486" name="bus" dev="sda1" ino=1138 res=0 errno=0
[   37.131457][ T3607] ==================================================================
[   37.139509][ T3607] BUG: KASAN: use-after-free in bio_poll+0x275/0x3c0
[   37.146195][ T3607] Read of size 4 at addr ffff8880751d92b4 by task syz-executor486/3607
[   37.154416][ T3607] 
[   37.156715][ T3607] CPU: 0 PID: 3607 Comm: syz-executor486 Not tainted 5.18.0-rc6-syzkaller #0
[   37.165460][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.175489][ T3607] Call Trace:
[   37.178750][ T3607]  <TASK>
[   37.181667][ T3607]  dump_stack_lvl+0xcd/0x134
[   37.186243][ T3607]  print_address_description.constprop.0.cold+0xeb/0x495
[   37.193256][ T3607]  ? bio_poll+0x275/0x3c0
[   37.197562][ T3607]  kasan_report.cold+0xf4/0x1c6
[   37.202391][ T3607]  ? bio_poll+0x275/0x3c0
[   37.206696][ T3607]  bio_poll+0x275/0x3c0
[   37.210831][ T3607]  ? __iomap_dio_rw+0x1065/0x1ae0
[   37.215842][ T3607]  __iomap_dio_rw+0x10ee/0x1ae0
[   37.220673][ T3607]  ? iomap_dio_bio_iter+0x14c0/0x14c0
[   37.226022][ T3607]  ? jbd2_journal_stop+0x656/0xf20
[   37.231114][ T3607]  ? kmem_cache_free+0xdd/0x5a0
[   37.235947][ T3607]  ? jbd2_buffer_abort_trigger+0x80/0x80
[   37.241558][ T3607]  ? ext4_fc_destroy_dentry_cache+0x20/0x20
[   37.247428][ T3607]  iomap_dio_rw+0x38/0x90
[   37.251735][ T3607]  ext4_file_write_iter+0xe4d/0x1510
[   37.257011][ T3607]  ? ext4_buffered_write_iter+0x330/0x330
[   37.262919][ T3607]  do_iter_readv_writev+0x3d1/0x640
[   37.268111][ T3607]  ? new_sync_write+0x560/0x560
[   37.272945][ T3607]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   37.279179][ T3607]  ? security_file_permission+0xab/0xd0
[   37.284714][ T3607]  do_iter_write+0x182/0x700
[   37.289303][ T3607]  vfs_writev+0x1aa/0x630
[   37.293625][ T3607]  ? vfs_iter_write+0xa0/0xa0
[   37.298295][ T3607]  ? lock_release+0x720/0x720
[   37.302957][ T3607]  ? rwlock_bug.part.0+0x90/0x90
[   37.307876][ T3607]  ? _raw_spin_lock_irq+0x41/0x50
[   37.312885][ T3607]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   37.319107][ T3607]  ? find_held_lock+0x2d/0x110
[   37.323857][ T3607]  do_pwritev+0x1b6/0x270
[   37.328347][ T3607]  ? do_writev+0x2f0/0x2f0
[   37.332750][ T3607]  ? _raw_spin_unlock_irq+0x1f/0x40
[   37.337956][ T3607]  ? lockdep_hardirqs_on+0x79/0x100
[   37.343161][ T3607]  __x64_sys_pwritev2+0xeb/0x150
[   37.348101][ T3607]  do_syscall_64+0x35/0xb0
[   37.352517][ T3607]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   37.358392][ T3607] RIP: 0033:0x7f6846af7e69
[   37.362786][ T3607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   37.382378][ T3607] RSP: 002b:00007fffe8df3bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   37.390775][ T3607] RAX: ffffffffffffffda RBX: 0000000000008ff2 RCX: 00007f6846af7e69
[   37.398733][ T3607] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000004
[   37.406696][ T3607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003
[   37.414649][ T3607] R10: 0000000000001400 R11: 0000000000000246 R12: 00007fffe8df3bdc
[   37.422602][ T3607] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[   37.430561][ T3607]  </TASK>
[   37.433560][ T3607] 
[   37.435865][ T3607] The buggy address belongs to the physical page:
[   37.442246][ T3607] page:ffffea0001d47640 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x751d9
[   37.452382][ T3607] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   37.459492][ T3607] raw: 00fff00000000000 ffffea0001e3d2c8 ffffea00008b7a48 0000000000000000
[   37.468072][ T3607] raw: 0000000000000000 00000000000c0000 00000000ffffffff 0000000000000000
[   37.476635][ T3607] page dumped because: kasan: bad access detected
[   37.483022][ T3607] page_owner tracks the page as freed
[   37.488361][ T3607] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x92880(GFP_NOWAIT|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC), pid 3605, tgid 3605 (syz-executor486), ts 36797088171, free_ts 37121806576
[   37.509175][ T3607]  get_page_from_freelist+0xba2/0x3e00
[   37.514620][ T3607]  __alloc_pages+0x1b2/0x500
[   37.519187][ T3607]  alloc_pages+0x1aa/0x310
[   37.523583][ T3607]  allocate_slab+0x26c/0x3c0
[   37.528154][ T3607]  ___slab_alloc+0x8df/0xf20
[   37.532732][ T3607]  __slab_alloc.constprop.0+0x4d/0xa0
[   37.538081][ T3607]  kmem_cache_alloc+0x360/0x3b0
[   37.542907][ T3607]  mempool_alloc+0x146/0x350
[   37.547479][ T3607]  bio_alloc_bioset+0x31d/0x4e0
[   37.552334][ T3607]  iomap_dio_bio_iter+0x9bc/0x14c0
[   37.557425][ T3607]  __iomap_dio_rw+0x84a/0x1ae0
[   37.562170][ T3607]  iomap_dio_rw+0x38/0x90
[   37.566481][ T3607]  ext4_file_write_iter+0xe4d/0x1510
[   37.571753][ T3607]  do_iter_readv_writev+0x3d1/0x640
[   37.576936][ T3607]  do_iter_write+0x182/0x700
[   37.581503][ T3607]  vfs_writev+0x1aa/0x630
[   37.585816][ T3607] page last free stack trace:
[   37.590466][ T3607]  free_pcp_prepare+0x549/0xd20
[   37.595310][ T3607]  free_unref_page+0x19/0x6a0
[   37.599978][ T3607]  rcu_core+0x7b1/0x1880
[   37.604198][ T3607]  __do_softirq+0x29b/0x9c2
[   37.608682][ T3607] 
[   37.610984][ T3607] Memory state around the buggy address:
[   37.616591][ T3607]  ffff8880751d9180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.624626][ T3607]  ffff8880751d9200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.632666][ T3607] >ffff8880751d9280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.640707][ T3607]                                      ^
[   37.646410][ T3607]  ffff8880751d9300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.654455][ T3607]  ffff8880751d9380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   37.662508][ T3607] ==================================================================
[   37.670767][ T3607] Kernel panic - not syncing: panic_on_warn set ...
[   37.677337][ T3607] CPU: 0 PID: 3607 Comm: syz-executor486 Not tainted 5.18.0-rc6-syzkaller #0
[   37.686077][ T3607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.696110][ T3607] Call Trace:
[   37.699371][ T3607]  <TASK>
[   37.702277][ T3607]  dump_stack_lvl+0xcd/0x134
[   37.706856][ T3607]  panic+0x2d7/0x636
[   37.710735][ T3607]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   37.716697][ T3607]  ? preempt_schedule_common+0x59/0xc0
[   37.722164][ T3607]  ? bio_poll+0x275/0x3c0
[   37.726474][ T3607]  ? preempt_schedule_thunk+0x16/0x18
[   37.731837][ T3607]  ? bio_poll+0x275/0x3c0
[   37.736145][ T3607]  end_report.part.0+0x3f/0x7c
[   37.740892][ T3607]  kasan_report.cold+0x93/0x1c6
[   37.745729][ T3607]  ? bio_poll+0x275/0x3c0
[   37.750041][ T3607]  bio_poll+0x275/0x3c0
[   37.754176][ T3607]  ? __iomap_dio_rw+0x1065/0x1ae0
[   37.759180][ T3607]  __iomap_dio_rw+0x10ee/0x1ae0
[   37.764015][ T3607]  ? iomap_dio_bio_iter+0x14c0/0x14c0
[   37.769369][ T3607]  ? jbd2_journal_stop+0x656/0xf20
[   37.774462][ T3607]  ? kmem_cache_free+0xdd/0x5a0
[   37.779302][ T3607]  ? jbd2_buffer_abort_trigger+0x80/0x80
[   37.784921][ T3607]  ? ext4_fc_destroy_dentry_cache+0x20/0x20
[   37.790799][ T3607]  iomap_dio_rw+0x38/0x90
[   37.795115][ T3607]  ext4_file_write_iter+0xe4d/0x1510
[   37.800386][ T3607]  ? ext4_buffered_write_iter+0x330/0x330
[   37.806089][ T3607]  do_iter_readv_writev+0x3d1/0x640
[   37.811269][ T3607]  ? new_sync_write+0x560/0x560
[   37.816100][ T3607]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   37.822320][ T3607]  ? security_file_permission+0xab/0xd0
[   37.827853][ T3607]  do_iter_write+0x182/0x700
[   37.832425][ T3607]  vfs_writev+0x1aa/0x630
[   37.836733][ T3607]  ? vfs_iter_write+0xa0/0xa0
[   37.841386][ T3607]  ? lock_release+0x720/0x720
[   37.846045][ T3607]  ? rwlock_bug.part.0+0x90/0x90
[   37.850966][ T3607]  ? _raw_spin_lock_irq+0x41/0x50
[   37.855972][ T3607]  ? __sanitizer_cov_trace_const_cmp1+0x22/0x80
[   37.862193][ T3607]  ? find_held_lock+0x2d/0x110
[   37.866943][ T3607]  do_pwritev+0x1b6/0x270
[   37.871252][ T3607]  ? do_writev+0x2f0/0x2f0
[   37.875646][ T3607]  ? _raw_spin_unlock_irq+0x1f/0x40
[   37.880828][ T3607]  ? lockdep_hardirqs_on+0x79/0x100
[   37.886007][ T3607]  __x64_sys_pwritev2+0xeb/0x150
[   37.890927][ T3607]  do_syscall_64+0x35/0xb0
[   37.895328][ T3607]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   37.901208][ T3607] RIP: 0033:0x7f6846af7e69
[   37.905605][ T3607] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   37.925201][ T3607] RSP: 002b:00007fffe8df3bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[   37.933611][ T3607] RAX: ffffffffffffffda RBX: 0000000000008ff2 RCX: 00007f6846af7e69
[   37.941570][ T3607] RDX: 0000000000000001 RSI: 0000000020000240 RDI: 0000000000000004
[   37.949525][ T3607] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003
[   37.957487][ T3607] R10: 0000000000001400 R11: 0000000000000246 R12: 00007fffe8df3bdc
[   37.965444][ T3607] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
[   37.973408][ T3607]  </TASK>
[   37.977465][ T3607] Kernel Offset: disabled
[   37.981866][ T3607] Rebooting in 86400 seconds..