BTRFS info (device loop0): max_inline set to 4096
=====================================================
BUG: KMSAN: use-after-free in iov_iter_alignment_iovec+0x19e/0x470 lib/iov_iter.c:891
 iov_iter_alignment_iovec+0x19e/0x470 lib/iov_iter.c:891
 iov_iter_alignment+0x174/0x2d0 lib/iov_iter.c:936
 check_direct_IO fs/btrfs/direct-io.c:786 [inline]
 check_direct_read fs/btrfs/direct-io.c:996 [inline]
 btrfs_direct_read+0x204/0xa20 fs/btrfs/direct-io.c:1025
 btrfs_file_read_iter+0xce/0x310 fs/btrfs/file.c:3810
 io_iter_do_read io_uring/rw.c:828 [inline]
 __io_read+0xbe9/0x24a0 io_uring/rw.c:944
 io_read+0x3e/0x100 io_uring/rw.c:1023
 __io_issue_sqe+0x2b8/0x790 io_uring/io_uring.c:1773
 io_issue_sqe+0xae/0x19b0 io_uring/io_uring.c:1796
 io_queue_sqe io_uring/io_uring.c:2025 [inline]
 io_submit_sqe io_uring/io_uring.c:2285 [inline]
 io_submit_sqes+0x1252/0x3030 io_uring/io_uring.c:2398
 __do_sys_io_uring_enter io_uring/io_uring.c:3465 [inline]
 __se_sys_io_uring_enter+0x3b7/0x4c40 io_uring/io_uring.c:3399
 __x64_sys_io_uring_enter+0x114/0x1a0 io_uring/io_uring.c:3399
 x64_sys_call+0x3a78/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Uninit was created at:
 slab_free_hook mm/slub.c:2348 [inline]
 slab_free mm/slub.c:4695 [inline]
 kfree+0x252/0xec0 mm/slub.c:4894
 free_fib_info_rcu+0x51d/0x5c0 net/ipv4/fib_semantics.c:236
 rcu_do_batch kernel/rcu/tree.c:2605 [inline]
 rcu_core+0xa65/0x2240 kernel/rcu/tree.c:2861
 rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2878
 handle_softirqs+0x166/0x6e0 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0x66/0x180 kernel/softirq.c:680
 irq_exit_rcu+0x12/0x20 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x84/0x90 arch/x86/kernel/apic/apic.c:1050
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702

CPU: 1 UID: 0 PID: 6597 Comm: syz.0.16 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
=====================================================