Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts.
executing program
[   81.423106][ T5065] ==================================================================
[   81.431233][ T5065] BUG: KASAN: slab-use-after-free in __se_sys_io_cancel+0x2c7/0x2d0
[   81.439272][ T5065] Read of size 4 at addr ffff88801e796020 by task syz-executor168/5065
[   81.447534][ T5065] 
[   81.449876][ T5065] CPU: 0 PID: 5065 Comm: syz-executor168 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   81.460309][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   81.470377][ T5065] Call Trace:
[   81.473660][ T5065]  <TASK>
[   81.476593][ T5065]  dump_stack_lvl+0x1e7/0x2e0
[   81.481319][ T5065]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.486548][ T5065]  ? __pfx__printk+0x10/0x10
[   81.491162][ T5065]  ? _printk+0xd5/0x120
[   81.495329][ T5065]  ? __virt_addr_valid+0x183/0x520
[   81.500470][ T5065]  ? __virt_addr_valid+0x183/0x520
[   81.505607][ T5065]  print_report+0x167/0x540
[   81.510147][ T5065]  ? __virt_addr_valid+0x183/0x520
[   81.515269][ T5065]  ? __virt_addr_valid+0x183/0x520
[   81.520389][ T5065]  ? __virt_addr_valid+0x44e/0x520
[   81.525523][ T5065]  ? __phys_addr+0xba/0x170
[   81.530050][ T5065]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   81.535344][ T5065]  kasan_report+0x142/0x180
[   81.539872][ T5065]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   81.545075][ T5065]  __se_sys_io_cancel+0x2c7/0x2d0
[   81.550143][ T5065]  do_syscall_64+0xf9/0x240
[   81.554664][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   81.560578][ T5065] RIP: 0033:0x7f00e17a64b9
[   81.565003][ T5065] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   81.584709][ T5065] RSP: 002b:00007ffc92fa5908 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   81.593123][ T5065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f00e17a64b9
[   81.601101][ T5065] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 00007f00e176b000
[   81.609085][ T5065] RBP: 00007ffc92fa5958 R08: 000055555672b0c0 R09: 000055555672b0c0
[   81.617070][ T5065] R10: 000055555672b0c0 R11: 0000000000000246 R12: 00007f00e18242e0
[   81.625048][ T5065] R13: 0000000000000004 R14: 00007ffc92fa5950 R15: 0000000000000003
[   81.633064][ T5065]  </TASK>
[   81.636093][ T5065] 
[   81.638412][ T5065] Allocated by task 5065:
[   81.642728][ T5065]  kasan_save_track+0x3f/0x80
[   81.647409][ T5065]  __kasan_slab_alloc+0x66/0x80
[   81.652261][ T5065]  kmem_cache_alloc+0x16f/0x340
[   81.657108][ T5065]  io_submit_one+0x154/0x18b0
[   81.661783][ T5065]  __se_sys_io_submit+0x17f/0x300
[   81.666842][ T5065]  do_syscall_64+0xf9/0x240
[   81.671359][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   81.677261][ T5065] 
[   81.679581][ T5065] Freed by task 929:
[   81.683486][ T5065]  kasan_save_track+0x3f/0x80
[   81.688184][ T5065]  kasan_save_free_info+0x40/0x50
[   81.693226][ T5065]  poison_slab_object+0xa6/0xe0
[   81.698085][ T5065]  __kasan_slab_free+0x37/0x60
[   81.702850][ T5065]  kmem_cache_free+0x102/0x2a0
[   81.707622][ T5065]  aio_poll_complete_work+0x467/0x670
[   81.712997][ T5065]  process_scheduled_works+0x913/0x1420
[   81.718557][ T5065]  worker_thread+0xa5f/0x1000
[   81.723252][ T5065]  kthread+0x2ef/0x390
[   81.727318][ T5065]  ret_from_fork+0x4b/0x80
[   81.731819][ T5065]  ret_from_fork_asm+0x1b/0x30
[   81.736584][ T5065] 
[   81.738905][ T5065] Last potentially related work creation:
[   81.744695][ T5065]  kasan_save_stack+0x3f/0x60
[   81.749372][ T5065]  __kasan_record_aux_stack+0xac/0xc0
[   81.754740][ T5065]  insert_work+0x3e/0x330
[   81.759073][ T5065]  __queue_work+0xbf4/0x1000
[   81.763663][ T5065]  queue_work_on+0x14f/0x250
[   81.768260][ T5065]  aio_poll_cancel+0xbb/0x130
[   81.772956][ T5065]  __se_sys_io_cancel+0x126/0x2d0
[   81.777979][ T5065]  do_syscall_64+0xf9/0x240
[   81.782490][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   81.788383][ T5065] 
[   81.790696][ T5065] The buggy address belongs to the object at ffff88801e796000
[   81.790696][ T5065]  which belongs to the cache aio_kiocb of size 216
[   81.804564][ T5065] The buggy address is located 32 bytes inside of
[   81.804564][ T5065]  freed 216-byte region [ffff88801e796000, ffff88801e7960d8)
[   81.818264][ T5065] 
[   81.820583][ T5065] The buggy address belongs to the physical page:
[   81.827078][ T5065] page:ffffea000079e580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e796
[   81.837220][ T5065] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   81.844759][ T5065] page_type: 0xffffffff()
[   81.849089][ T5065] raw: 00fff00000000800 ffff888018fca140 dead000000000122 0000000000000000
[   81.857692][ T5065] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   81.866268][ T5065] page dumped because: kasan: bad access detected
[   81.872673][ T5065] page_owner tracks the page as allocated
[   81.878376][ T5065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5065, tgid 5065 (syz-executor168), ts 81421677675, free_ts 81375936212
[   81.897031][ T5065]  post_alloc_hook+0x1ea/0x210
[   81.901805][ T5065]  get_page_from_freelist+0x33ea/0x3580
[   81.907347][ T5065]  __alloc_pages+0x255/0x680
[   81.911960][ T5065]  alloc_slab_page+0x5f/0x160
[   81.916637][ T5065]  new_slab+0x84/0x2f0
[   81.920709][ T5065]  ___slab_alloc+0xd17/0x13e0
[   81.925383][ T5065]  kmem_cache_alloc+0x24d/0x340
[   81.930230][ T5065]  io_submit_one+0x154/0x18b0
[   81.934923][ T5065]  __se_sys_io_submit+0x17f/0x300
[   81.940050][ T5065]  do_syscall_64+0xf9/0x240
[   81.944574][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   81.950484][ T5065] page last free pid 5065 tgid 5065 stack trace:
[   81.956801][ T5065]  free_unref_page_prepare+0x968/0xa90
[   81.962256][ T5065]  free_unref_page_list+0x5a3/0x850
[   81.967457][ T5065]  release_pages+0x2744/0x2a80
[   81.972229][ T5065]  tlb_flush_mmu+0x34c/0x4e0
[   81.976829][ T5065]  tlb_finish_mmu+0xd4/0x200
[   81.981418][ T5065]  exit_mmap+0x4b6/0xd40
[   81.985661][ T5065]  __mmput+0x115/0x3c0
[   81.989737][ T5065]  exec_mmap+0x69c/0x730
[   81.993983][ T5065]  begin_new_exec+0x119a/0x1ce0
[   81.998835][ T5065]  load_elf_binary+0x961/0x2590
[   82.003697][ T5065]  bprm_execve+0xaf7/0x1790
[   82.008199][ T5065]  do_execveat_common+0x552/0x6f0
[   82.013232][ T5065]  __x64_sys_execve+0x92/0xb0
[   82.017904][ T5065]  do_syscall_64+0xf9/0x240
[   82.022405][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   82.028298][ T5065] 
[   82.030627][ T5065] Memory state around the buggy address:
[   82.036248][ T5065]  ffff88801e795f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.044307][ T5065]  ffff88801e795f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.052359][ T5065] >ffff88801e796000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   82.060404][ T5065]                                ^
[   82.065501][ T5065]  ffff88801e796080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   82.073641][ T5065]  ffff88801e796100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   82.081694][ T5065] ==================================================================
[   82.105252][ T5065] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   82.112485][ T5065] CPU: 0 PID: 5065 Comm: syz-executor168 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   82.122900][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   82.133046][ T5065] Call Trace:
[   82.136334][ T5065]  <TASK>
[   82.139272][ T5065]  dump_stack_lvl+0x1e7/0x2e0
[   82.143966][ T5065]  ? __pfx_dump_stack_lvl+0x10/0x10
[   82.149182][ T5065]  ? __pfx__printk+0x10/0x10
[   82.153797][ T5065]  ? vscnprintf+0x5d/0x90
[   82.158135][ T5065]  panic+0x349/0x860
[   82.162050][ T5065]  ? check_panic_on_warn+0x21/0xb0
[   82.167170][ T5065]  ? __pfx_panic+0x10/0x10
[   82.171615][ T5065]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   82.177633][ T5065]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   82.183979][ T5065]  ? print_report+0x4ff/0x540
[   82.188949][ T5065]  check_panic_on_warn+0x86/0xb0
[   82.193908][ T5065]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   82.199120][ T5065]  end_report+0x6e/0x140
[   82.203381][ T5065]  kasan_report+0x153/0x180
[   82.207902][ T5065]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   82.213122][ T5065]  __se_sys_io_cancel+0x2c7/0x2d0
[   82.218246][ T5065]  do_syscall_64+0xf9/0x240
[   82.222767][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   82.228682][ T5065] RIP: 0033:0x7f00e17a64b9
[   82.233117][ T5065] Code: 48 83 c4 28 c3 e8 e7 18 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   82.252728][ T5065] RSP: 002b:00007ffc92fa5908 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   82.261156][ T5065] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f00e17a64b9
[   82.269156][ T5065] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 00007f00e176b000
[   82.277135][ T5065] RBP: 00007ffc92fa5958 R08: 000055555672b0c0 R09: 000055555672b0c0
[   82.285108][ T5065] R10: 000055555672b0c0 R11: 0000000000000246 R12: 00007f00e18242e0
[   82.293083][ T5065] R13: 0000000000000004 R14: 00007ffc92fa5950 R15: 0000000000000003
[   82.301064][ T5065]  </TASK>
[   82.304390][ T5065] Kernel Offset: disabled
[   82.308709][ T5065] Rebooting in 86400 seconds..