BUG: KASAN: stack-out-of-bounds in iov_iter_advance

[ 3715.647977] LustreError: 110715:0:(file.c:246:ll_close_inode_openhandle()) Skipped 14 previous similar messages
[ 3745.888562] Lustre: DEBUG MARKER: == sanity-flr test 61a: mirror extend and migrate preserve timestamps ========================================================== 19:39:55 (1703781595)
[ 3762.757868] ==================================================================
[ 3762.758950] BUG: KASAN: stack-out-of-bounds in iov_iter_advance+0xbf8/0xe00
[ 3762.759766] Read of size 8 at addr ffff8881be6efd30 by task lt-lfs/112002
[ 3762.760551]
[ 3762.760741] CPU: 5 PID: 112002 Comm: lt-lfs Tainted: G W OE --------r - 4.18.0-305.25.1.el8_4.x86_64+debug #1
[ 3762.762017] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-4.module_el8.9.0+3659+9c8643f3 04/01/2014
[ 3762.763072] Call Trace:
[ 3762.763379] dump_stack+0x8e/0xd0
[ 3762.763812] ? iov_iter_advance+0xbf8/0xe00
[ 3762.764314] print_address_description.constprop.5+0x1e/0x230
[ 3762.765053] ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 3762.765628] ? osc_io_lseek_start+0xb90/0xb90 [osc]
[ 3762.766206] ? iov_iter_advance+0xbf8/0xe00
[ 3762.766708] ? iov_iter_advance+0xbf8/0xe00
[ 3762.767199] ? iov_iter_advance+0xbf8/0xe00
[ 3762.767696] __kasan_report.cold.7+0x37/0x86
[ 3762.768198] ? iov_iter_advance+0xbf8/0xe00
[ 3762.768699] kasan_report+0x37/0x50
[ 3762.769115] iov_iter_advance+0xbf8/0xe00
[ 3762.769685] ? cl_sync_io_note+0x1aa/0x560 [obdclass]
[ 3762.770331] ll_direct_IO_impl+0x17f0/0x2ab0 [lustre]
[ 3762.770979] ? ll_write_end+0x12b0/0x12b0 [lustre]
[ 3762.771625] ? file_update_time+0xf4/0x400
[ 3762.772195] generic_file_direct_write+0x1eb/0x410
[ 3762.772769] __generic_file_write_iter+0x271/0x530
[ 3762.773380] ? cl_object_maxbytes+0x13c/0x3d0 [obdclass]
[ 3762.774030] vvp_io_write_start+0xccf/0x2a00 [lustre]
[ 3762.774649] ? lov_lock_init_composite+0x1b1/0x1f0 [lov]
[ 3762.775338] ? vvp_io_write_commit+0xd70/0xd70 [lustre]
[ 3762.776004] ? cl_lock_request+0x148/0x370 [obdclass]
[ 3762.776661] cl_io_start+0x187/0x3a0 [obdclass]
[ 3762.777258] cl_io_loop+0x183/0x490 [obdclass]
[ 3762.777869] ll_file_io_generic+0x937/0x2540 [lustre]
[ 3762.778539] ? lock_release+0x541/0xd70
[ 3762.779127] ? lock_release+0xd40/0xd70
[ 3762.779657] ? ll_io_init+0x1080/0x1080 [lustre]
[ 3762.780272] ? lu_context_refill+0x3f/0x60 [obdclass]
[ 3762.780939] ? cl_env_get+0x537/0x6e0 [obdclass]
[ 3762.781527] ll_file_write_iter+0x140a/0x21a0 [lustre]
[ 3762.782191] ? ll_file_io_generic+0x2540/0x2540 [lustre]
[ 3762.782835] ? up_read+0x1b7/0x75a
[ 3762.783251] ? down_read_killable_nested+0x770/0x770
[ 3762.783888] ? vvp_io_fini+0x4d3/0x1ab0 [lustre]
[ 3762.784480] new_sync_write+0x393/0x550
[ 3762.784929] ? remap_verify_area+0x30/0x30
[ 3762.785459] ? lock_downgrade+0x710/0x710
[ 3762.785997] ? lock_acquire+0x34d/0x8a0
[ 3762.786549] ? lprocfs_counter_add+0x2f5/0x4b0 [obdclass]
[ 3762.787339] ? ktime_get_coarse_real_ts64+0x127/0x1b0
[ 3762.787932] ? trace_hardirqs_on+0x20/0x195
[ 3762.788438] ? __sb_start_write+0x180/0x300
[ 3762.788965] vfs_write+0x157/0x460
[ 3762.789423] ksys_pwrite64+0x11b/0x140
[ 3762.789927] ? __audit_syscall_exit+0x796/0xab0
[ 3762.790571] ? __ia32_sys_pread64+0xf0/0xf0
[ 3762.791167] ? trace_hardirqs_on_thunk+0x1a/0x20
[ 3762.791821] ? trace_hardirqs_on_caller+0x22/0x1a0
[ 3762.792413] ? do_syscall_64+0x22/0x430
[ 3762.792868] do_syscall_64+0xa5/0x430
[ 3762.793310] entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[ 3762.793931] RIP: 0033:0x7fa290b0a278
[ 3762.794433] Code: 89 02 48 c7 c0 ff ff ff ff eb b6 0f 1f 80 00 00 00 00 f3 0f 1e fa 8b 05 d6 d1 20 00 49 89 ca 85 c0 75 17 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 60 c3 0f 1f 80 00 00 00 00 41 55 49 89 cd 41
[ 3762.796988] RSP: 002b:00007ffc84da7908 EFLAGS: 00000246 ORIG_RAX: 0000000000000012
[ 3762.797949] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa290b0a278
[ 3762.798976] RDX: 0000000000000005 RSI: 00007fa28b937000 RDI: 0000000000000004
[ 3762.799931] RBP: 0000000000000000 R08: 00007ffc84df7090 R09: 0000000000328dd6
[ 3762.800891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3762.801789] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc84da79c0
[ 3762.802904]
[ 3762.803161] The buggy address belongs to the page:
[ 3762.803797] page:ffffea0006f9bbc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 3762.804917] flags: 0x17ffffc0000000()
[ 3762.805401] raw: 0017ffffc0000000 0000000000000000 ffffea0006f9bb88 0000000000000000
[ 3762.806427] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 3762.807487] page dumped because: kasan: bad access detected
[ 3762.808175]
[ 3762.808406] addr ffff8881be6efd30 is located in stack of task lt-lfs/112002 at offset 56 in frame:
[ 3762.809618] new_sync_write+0x0/0x550
[ 3762.810076]
[ 3762.810275] this frame has 3 objects:
[ 3762.810734] [32, 48) 'iov'
[ 3762.810736] [96, 136) 'iter'
[ 3762.811123] [192, 240) 'kiocb'
[ 3762.811551]
[ 3762.812192] Memory state around the buggy address:
[ 3762.812879] ffff8881be6efc00: 00 00 f1 f1 f1 f1 01 f2 f2 f2 f2 f2 f2 f2 02 f2
[ 3762.813808] ffff8881be6efc80: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[ 3762.814792] >ffff8881be6efd00: f1 f1 f1 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00
[ 3762.815842] ^
[ 3762.816536] ffff8881be6efd80: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 f2 f2 00
[ 3762.817501] ffff8881be6efe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 3762.818455] ==================================================================
[ 3796.865939] Lustre: DEBUG MARKER: == sanity-flr test 61b: mirror extend and split preserve timestamps ========================================================== 19:40:46 (1703781646)