Warning: Permanently added '10.128.1.48' (ED25519) to the list of known hosts.
executing program
[   71.469049][ T5066] ==================================================================
[   71.477201][ T5066] BUG: KASAN: slab-use-after-free in __se_sys_io_cancel+0x2c7/0x2d0
[   71.485208][ T5066] Read of size 4 at addr ffff88802003f020 by task syz-executor404/5066
[   71.493442][ T5066] 
[   71.495765][ T5066] CPU: 0 PID: 5066 Comm: syz-executor404 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   71.506197][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   71.516254][ T5066] Call Trace:
[   71.519537][ T5066]  <TASK>
[   71.522464][ T5066]  dump_stack_lvl+0x1e7/0x2e0
[   71.527166][ T5066]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.532371][ T5066]  ? __pfx__printk+0x10/0x10
[   71.536967][ T5066]  ? _printk+0xd5/0x120
[   71.541132][ T5066]  ? __virt_addr_valid+0x183/0x520
[   71.546253][ T5066]  ? __virt_addr_valid+0x183/0x520
[   71.551377][ T5066]  print_report+0x167/0x540
[   71.555893][ T5066]  ? __virt_addr_valid+0x183/0x520
[   71.561011][ T5066]  ? __virt_addr_valid+0x183/0x520
[   71.566140][ T5066]  ? __virt_addr_valid+0x44e/0x520
[   71.571259][ T5066]  ? __phys_addr+0xba/0x170
[   71.575856][ T5066]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   71.581056][ T5066]  kasan_report+0x142/0x180
[   71.585567][ T5066]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   71.590765][ T5066]  __se_sys_io_cancel+0x2c7/0x2d0
[   71.595791][ T5066]  do_syscall_64+0xf9/0x240
[   71.600390][ T5066]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   71.606316][ T5066] RIP: 0033:0x7fe408759539
[   71.610748][ T5066] Code: d8 5b c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   71.630554][ T5066] RSP: 002b:00007ffc49f74d48 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   71.638998][ T5066] RAX: ffffffffffffffda RBX: 00007ffc49f74d50 RCX: 00007fe408759539
[   71.647014][ T5066] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00007fe40871f000
[   71.654995][ T5066] RBP: 00007fe4087cd5f0 R08: 6c616b7a79732f2e R09: 6c616b7a79732f2e
[   71.662970][ T5066] R10: 6c616b7a79732f2e R11: 0000000000000246 R12: 0000000000000001
[   71.670945][ T5066] R13: 00007ffc49f74f28 R14: 0000000000000001 R15: 0000000000000001
[   71.678924][ T5066]  </TASK>
[   71.681955][ T5066] 
[   71.684272][ T5066] Allocated by task 5066:
[   71.688629][ T5066]  kasan_save_track+0x3f/0x80
[   71.693313][ T5066]  __kasan_slab_alloc+0x66/0x80
[   71.698167][ T5066]  kmem_cache_alloc+0x16f/0x340
[   71.703821][ T5066]  io_submit_one+0x154/0x18b0
[   71.708496][ T5066]  __se_sys_io_submit+0x17f/0x300
[   71.713520][ T5066]  do_syscall_64+0xf9/0x240
[   71.718030][ T5066]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   71.723931][ T5066] 
[   71.726425][ T5066] Freed by task 4537:
[   71.730397][ T5066]  kasan_save_track+0x3f/0x80
[   71.735075][ T5066]  kasan_save_free_info+0x40/0x50
[   71.740100][ T5066]  poison_slab_object+0xa6/0xe0
[   71.744952][ T5066]  __kasan_slab_free+0x37/0x60
[   71.749717][ T5066]  kmem_cache_free+0x102/0x2a0
[   71.754477][ T5066]  aio_poll_complete_work+0x467/0x670
[   71.759850][ T5066]  process_scheduled_works+0x913/0x1420
[   71.765402][ T5066]  worker_thread+0xa5f/0x1000
[   71.770083][ T5066]  kthread+0x2ef/0x390
[   71.774148][ T5066]  ret_from_fork+0x4b/0x80
[   71.778573][ T5066]  ret_from_fork_asm+0x1b/0x30
[   71.783343][ T5066] 
[   71.785687][ T5066] Last potentially related work creation:
[   71.791398][ T5066]  kasan_save_stack+0x3f/0x60
[   71.796076][ T5066]  __kasan_record_aux_stack+0xac/0xc0
[   71.801535][ T5066]  insert_work+0x3e/0x330
[   71.805870][ T5066]  __queue_work+0xbf4/0x1000
[   71.810543][ T5066]  queue_work_on+0x14f/0x250
[   71.815174][ T5066]  aio_poll_cancel+0xbb/0x130
[   71.819851][ T5066]  __se_sys_io_cancel+0x126/0x2d0
[   71.824963][ T5066]  do_syscall_64+0xf9/0x240
[   71.829556][ T5066]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   71.835484][ T5066] 
[   71.837802][ T5066] The buggy address belongs to the object at ffff88802003f000
[   71.837802][ T5066]  which belongs to the cache aio_kiocb of size 216
[   71.851676][ T5066] The buggy address is located 32 bytes inside of
[   71.851676][ T5066]  freed 216-byte region [ffff88802003f000, ffff88802003f0d8)
[   71.865468][ T5066] 
[   71.867794][ T5066] The buggy address belongs to the physical page:
[   71.874204][ T5066] page:ffffea0000800fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2003f
[   71.884433][ T5066] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   71.892061][ T5066] page_type: 0xffffffff()
[   71.896384][ T5066] raw: 00fff00000000800 ffff888018fc1140 dead000000000122 0000000000000000
[   71.905075][ T5066] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   71.913654][ T5066] page dumped because: kasan: bad access detected
[   71.920061][ T5066] page_owner tracks the page as allocated
[   71.925763][ T5066] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5066, tgid 5066 (syz-executor404), ts 71468405408, free_ts 71458582831
[   71.944356][ T5066]  post_alloc_hook+0x1ea/0x210
[   71.949126][ T5066]  get_page_from_freelist+0x33ea/0x3580
[   71.954678][ T5066]  __alloc_pages+0x255/0x680
[   71.959354][ T5066]  alloc_slab_page+0x5f/0x160
[   71.964061][ T5066]  new_slab+0x84/0x2f0
[   71.968128][ T5066]  ___slab_alloc+0xd17/0x13e0
[   71.972809][ T5066]  kmem_cache_alloc+0x24d/0x340
[   71.977659][ T5066]  io_submit_one+0x154/0x18b0
[   71.982339][ T5066]  __se_sys_io_submit+0x17f/0x300
[   71.987395][ T5066]  do_syscall_64+0xf9/0x240
[   71.992080][ T5066]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   71.997982][ T5066] page last free pid 5066 tgid 5066 stack trace:
[   72.004302][ T5066]  free_unref_page_prepare+0x968/0xa90
[   72.009762][ T5066]  free_unref_page_list+0x5a3/0x850
[   72.014959][ T5066]  release_pages+0x2744/0x2a80
[   72.019728][ T5066]  tlb_flush_mmu+0x34c/0x4e0
[   72.024325][ T5066]  tlb_finish_mmu+0xd4/0x200
[   72.028920][ T5066]  exit_mmap+0x4b6/0xd40
[   72.033162][ T5066]  __mmput+0x115/0x3c0
[   72.037234][ T5066]  exec_mmap+0x69c/0x730
[   72.041480][ T5066]  begin_new_exec+0x119a/0x1ce0
[   72.046336][ T5066]  load_elf_binary+0x961/0x2590
[   72.051184][ T5066]  bprm_execve+0xaf7/0x1790
[   72.055688][ T5066]  do_execveat_common+0x552/0x6f0
[   72.060718][ T5066]  __x64_sys_execve+0x92/0xb0
[   72.065398][ T5066]  do_syscall_64+0xf9/0x240
[   72.069998][ T5066]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   72.075901][ T5066] 
[   72.078237][ T5066] Memory state around the buggy address:
[   72.083861][ T5066]  ffff88802003ef00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.091920][ T5066]  ffff88802003ef80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   72.099976][ T5066] >ffff88802003f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.108030][ T5066]                                ^
[   72.113132][ T5066]  ffff88802003f080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   72.121194][ T5066]  ffff88802003f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.129248][ T5066] ==================================================================
[   72.139941][ T5066] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   72.147179][ T5066] CPU: 0 PID: 5066 Comm: syz-executor404 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   72.157612][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   72.167667][ T5066] Call Trace:
[   72.170946][ T5066]  <TASK>
[   72.173874][ T5066]  dump_stack_lvl+0x1e7/0x2e0
[   72.178568][ T5066]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.183771][ T5066]  ? __pfx__printk+0x10/0x10
[   72.188393][ T5066]  ? vscnprintf+0x5d/0x90
[   72.192725][ T5066]  panic+0x349/0x860
[   72.196715][ T5066]  ? check_panic_on_warn+0x21/0xb0
[   72.201837][ T5066]  ? __pfx_panic+0x10/0x10
[   72.206258][ T5066]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   72.212245][ T5066]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.218576][ T5066]  ? print_report+0x4ff/0x540
[   72.223263][ T5066]  check_panic_on_warn+0x86/0xb0
[   72.228205][ T5066]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   72.233406][ T5066]  end_report+0x6e/0x140
[   72.237656][ T5066]  kasan_report+0x153/0x180
[   72.242178][ T5066]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   72.247403][ T5066]  __se_sys_io_cancel+0x2c7/0x2d0
[   72.252439][ T5066]  do_syscall_64+0xf9/0x240
[   72.256992][ T5066]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   72.262999][ T5066] RIP: 0033:0x7fe408759539
[   72.267428][ T5066] Code: d8 5b c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.287161][ T5066] RSP: 002b:00007ffc49f74d48 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   72.295593][ T5066] RAX: ffffffffffffffda RBX: 00007ffc49f74d50 RCX: 00007fe408759539
[   72.303623][ T5066] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00007fe40871f000
[   72.311601][ T5066] RBP: 00007fe4087cd5f0 R08: 6c616b7a79732f2e R09: 6c616b7a79732f2e
[   72.319594][ T5066] R10: 6c616b7a79732f2e R11: 0000000000000246 R12: 0000000000000001
[   72.328094][ T5066] R13: 00007ffc49f74f28 R14: 0000000000000001 R15: 0000000000000001
[   72.336079][ T5066]  </TASK>
[   72.339312][ T5066] Kernel Offset: disabled
[   72.343642][ T5066] Rebooting in 86400 seconds..