Warning: Permanently added '10.128.1.164' (ED25519) to the list of known hosts.
executing program
[   96.590292][   T28] audit: type=1400 audit(1709393584.879:86): avc:  denied  { execmem } for  pid=5056 comm="syz-executor146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   96.611281][   T28] audit: type=1400 audit(1709393584.919:87): avc:  denied  { create } for  pid=5056 comm="syz-executor146" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   96.617077][ T5056] ==================================================================
[   96.640839][ T5056] BUG: KASAN: slab-use-after-free in __x64_sys_io_cancel+0x40d/0x4a0
[   96.648929][ T5056] Read of size 4 at addr ffff888024589020 by task syz-executor146/5056
[   96.657171][ T5056] 
[   96.659495][ T5056] CPU: 1 PID: 5056 Comm: syz-executor146 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   96.669914][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   96.679975][ T5056] Call Trace:
[   96.683265][ T5056]  <TASK>
[   96.686204][ T5056]  dump_stack_lvl+0xd9/0x1b0
[   96.690831][ T5056]  print_report+0xc4/0x620
[   96.695260][ T5056]  ? __virt_addr_valid+0x5e/0x580
[   96.700295][ T5056]  ? __phys_addr+0xc6/0x150
[   96.704805][ T5056]  kasan_report+0xda/0x110
[   96.709234][ T5056]  ? __x64_sys_io_cancel+0x40d/0x4a0
[   96.714540][ T5056]  ? __x64_sys_io_cancel+0x40d/0x4a0
[   96.719835][ T5056]  __x64_sys_io_cancel+0x40d/0x4a0
[   96.724956][ T5056]  do_syscall_64+0xd5/0x270
[   96.729483][ T5056]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   96.735400][ T5056] RIP: 0033:0x7f3f75ddb569
[   96.739819][ T5056] Code: 48 83 c4 28 c3 e8 17 1a 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   96.759470][ T5056] RSP: 002b:00007ffc7d7db558 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   96.768070][ T5056] RAX: ffffffffffffffda RBX: 00007ffc7d7db700 RCX: 00007f3f75ddb569
[   96.776088][ T5056] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00007f3f75d99000
[   96.784071][ T5056] RBP: 00007f3f75e1d1e7 R08: 00007f3f75e1d1e7 R09: 00007f3f75e1d1e7
[   96.792050][ T5056] R10: 00007f3f75e1d1e7 R11: 0000000000000246 R12: 00007ffc7d7db700
[   96.800032][ T5056] R13: 00007f3f75e1d200 R14: 0000000000000001 R15: 0000000000000001
[   96.808021][ T5056]  </TASK>
[   96.811042][ T5056] 
[   96.813366][ T5056] Allocated by task 5056:
[   96.817691][ T5056]  kasan_save_stack+0x33/0x60
[   96.822376][ T5056]  kasan_save_track+0x14/0x30
[   96.827060][ T5056]  __kasan_slab_alloc+0x89/0x90
[   96.831945][ T5056]  kmem_cache_alloc+0x136/0x320
[   96.836805][ T5056]  io_submit_one+0x123/0x1df0
[   96.841489][ T5056]  __x64_sys_io_submit+0x1c3/0x360
[   96.846608][ T5056]  do_syscall_64+0xd5/0x270
[   96.851123][ T5056]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   96.857041][ T5056] 
[   96.859368][ T5056] Freed by task 27:
[   96.863170][ T5056]  kasan_save_stack+0x33/0x60
[   96.867855][ T5056]  kasan_save_track+0x14/0x30
[   96.872538][ T5056]  kasan_save_free_info+0x3b/0x60
[   96.877581][ T5056]  __kasan_slab_free+0x11d/0x1a0
[   96.882528][ T5056]  kmem_cache_free+0x129/0x360
[   96.887301][ T5056]  aio_poll_complete_work+0x6b8/0xb70
[   96.892677][ T5056]  process_one_work+0x889/0x15e0
[   96.897638][ T5056]  worker_thread+0x8b9/0x12a0
[   96.902355][ T5056]  kthread+0x2c6/0x3b0
[   96.906433][ T5056]  ret_from_fork+0x45/0x80
[   96.910867][ T5056]  ret_from_fork_asm+0x1b/0x30
[   96.915650][ T5056] 
[   96.917975][ T5056] Last potentially related work creation:
[   96.923699][ T5056]  kasan_save_stack+0x33/0x60
[   96.928385][ T5056]  __kasan_record_aux_stack+0xba/0xd0
[   96.933771][ T5056]  insert_work+0x38/0x230
[   96.938117][ T5056]  __queue_work+0x62e/0x11d0
[   96.942712][ T5056]  queue_work_on+0xf4/0x120
[   96.947218][ T5056]  aio_poll_cancel+0x1c2/0x230
[   96.951986][ T5056]  __x64_sys_io_cancel+0x1c2/0x4a0
[   96.957106][ T5056]  do_syscall_64+0xd5/0x270
[   96.961622][ T5056]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   96.967537][ T5056] 
[   96.969859][ T5056] The buggy address belongs to the object at ffff888024589000
[   96.969859][ T5056]  which belongs to the cache aio_kiocb of size 216
[   96.983743][ T5056] The buggy address is located 32 bytes inside of
[   96.983743][ T5056]  freed 216-byte region [ffff888024589000, ffff8880245890d8)
[   96.997458][ T5056] 
[   96.999784][ T5056] The buggy address belongs to the physical page:
[   97.006191][ T5056] page:ffffea0000916240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24589
[   97.016347][ T5056] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   97.023894][ T5056] page_type: 0xffffffff()
[   97.028231][ T5056] raw: 00fff00000000800 ffff88801875c000 dead000000000122 0000000000000000
[   97.036826][ T5056] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   97.045408][ T5056] page dumped because: kasan: bad access detected
[   97.051820][ T5056] page_owner tracks the page as allocated
[   97.057539][ T5056] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5056, tgid 5056 (syz-executor146), ts 96614413238, free_ts 90421687170
[   97.076139][ T5056]  post_alloc_hook+0x2d4/0x350
[   97.080937][ T5056]  get_page_from_freelist+0xa28/0x3780
[   97.086417][ T5056]  __alloc_pages+0x22f/0x2440
[   97.091112][ T5056]  new_slab+0xcc/0x3a0
[   97.095184][ T5056]  ___slab_alloc+0x4af/0x19a0
[   97.099870][ T5056]  __slab_alloc.constprop.0+0x56/0xb0
[   97.105249][ T5056]  kmem_cache_alloc+0x2ed/0x320
[   97.110111][ T5056]  io_submit_one+0x123/0x1df0
[   97.114791][ T5056]  __x64_sys_io_submit+0x1c3/0x360
[   97.119908][ T5056]  do_syscall_64+0xd5/0x270
[   97.124420][ T5056]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   97.130338][ T5056] page last free pid 5053 tgid 5053 stack trace:
[   97.136686][ T5056]  free_unref_page_prepare+0x527/0xb10
[   97.142190][ T5056]  free_unref_page+0x33/0x3c0
[   97.146908][ T5056]  __put_partials+0x14c/0x170
[   97.151614][ T5056]  qlist_free_all+0x4e/0x140
[   97.156213][ T5056]  kasan_quarantine_reduce+0x192/0x1e0
[   97.161684][ T5056]  __kasan_slab_alloc+0x69/0x90
[   97.166545][ T5056]  __kmalloc+0x1bd/0x440
[   97.170798][ T5056]  tomoyo_realpath_from_path+0xb9/0x720
[   97.176355][ T5056]  tomoyo_path_perm+0x273/0x450
[   97.181224][ T5056]  security_inode_getattr+0xf4/0x160
[   97.186517][ T5056]  vfs_fstat+0x53/0xd0
[   97.190596][ T5056]  vfs_fstatat+0x134/0x150
[   97.195020][ T5056]  __do_sys_newfstatat+0x98/0x120
[   97.200074][ T5056]  do_syscall_64+0xd5/0x270
[   97.204602][ T5056]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   97.210528][ T5056] 
[   97.212853][ T5056] Memory state around the buggy address:
[   97.218494][ T5056]  ffff888024588f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   97.226561][ T5056]  ffff888024588f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   97.234627][ T5056] >ffff888024589000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   97.242691][ T5056]                                ^
[   97.247802][ T5056]  ffff888024589080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   97.255864][ T5056]  ffff888024589100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   97.263961][ T5056] ==================================================================
[   97.272634][ T5056] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   97.279880][ T5056] CPU: 1 PID: 5056 Comm: syz-executor146 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   97.290310][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   97.300380][ T5056] Call Trace:
[   97.303672][ T5056]  <TASK>
[   97.306615][ T5056]  dump_stack_lvl+0xd9/0x1b0
[   97.311248][ T5056]  panic+0x6ee/0x7a0
[   97.315176][ T5056]  ? __pfx_panic+0x10/0x10
[   97.319625][ T5056]  ? preempt_schedule_thunk+0x1a/0x30
[   97.325019][ T5056]  ? preempt_schedule_common+0x45/0xd0
[   97.330532][ T5056]  ? check_panic_on_warn+0x1f/0xb0
[   97.335680][ T5056]  check_panic_on_warn+0xab/0xb0
[   97.340652][ T5056]  end_report+0x108/0x150
[   97.345008][ T5056]  kasan_report+0xea/0x110
[   97.349453][ T5056]  ? __x64_sys_io_cancel+0x40d/0x4a0
[   97.354766][ T5056]  ? __x64_sys_io_cancel+0x40d/0x4a0
[   97.360081][ T5056]  __x64_sys_io_cancel+0x40d/0x4a0
[   97.365212][ T5056]  do_syscall_64+0xd5/0x270
[   97.369751][ T5056]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   97.375686][ T5056] RIP: 0033:0x7f3f75ddb569
[   97.380116][ T5056] Code: 48 83 c4 28 c3 e8 17 1a 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   97.399745][ T5056] RSP: 002b:00007ffc7d7db558 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   97.408177][ T5056] RAX: ffffffffffffffda RBX: 00007ffc7d7db700 RCX: 00007f3f75ddb569
[   97.416163][ T5056] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00007f3f75d99000
[   97.424151][ T5056] RBP: 00007f3f75e1d1e7 R08: 00007f3f75e1d1e7 R09: 00007f3f75e1d1e7
[   97.432139][ T5056] R10: 00007f3f75e1d1e7 R11: 0000000000000246 R12: 00007ffc7d7db700
[   97.440122][ T5056] R13: 00007f3f75e1d200 R14: 0000000000000001 R15: 0000000000000001
[   97.448112][ T5056]  </TASK>
[   97.451229][ T5056] Kernel Offset: disabled
[   97.455554][ T5056] Rebooting in 86400 seconds..