Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts.
executing program
[   62.907954][ T5073] ==================================================================
[   62.916044][ T5073] BUG: KASAN: use-after-free in io_fallback_tw+0x6d/0x119
[   62.923157][ T5073] Read of size 8 at addr ffff88802b263948 by task syz-executor132/5073
[   62.931385][ T5073] 
[   62.933693][ T5073] CPU: 1 PID: 5073 Comm: syz-executor132 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   62.943589][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   62.953630][ T5073] Call Trace:
[   62.956894][ T5073]  <TASK>
[   62.959811][ T5073]  dump_stack_lvl+0xd1/0x138
[   62.964398][ T5073]  print_report+0x15e/0x45d
[   62.968889][ T5073]  ? __phys_addr+0xc8/0x140
[   62.973384][ T5073]  ? io_fallback_tw+0x6d/0x119
[   62.978139][ T5073]  kasan_report+0xc0/0xf0
[   62.982458][ T5073]  ? io_fallback_tw+0x6d/0x119
[   62.987219][ T5073]  io_fallback_tw+0x6d/0x119
[   62.991831][ T5073]  tctx_task_work.cold+0xf/0x2c
[   62.996671][ T5073]  ? handle_tw_list+0x460/0x460
[   63.001514][ T5073]  ? lock_downgrade+0x6e0/0x6e0
[   63.006352][ T5073]  ? do_raw_spin_lock+0x124/0x2b0
[   63.011380][ T5073]  ? rwlock_bug.part.0+0x90/0x90
[   63.016309][ T5073]  ? _raw_spin_unlock_irq+0x23/0x50
[   63.021503][ T5073]  task_work_run+0x16f/0x270
[   63.026088][ T5073]  ? task_work_cancel+0x30/0x30
[   63.030931][ T5073]  ? do_raw_spin_unlock+0x175/0x230
[   63.036117][ T5073]  do_exit+0xb17/0x2a90
[   63.040288][ T5073]  ? find_held_lock+0x2d/0x110
[   63.045044][ T5073]  ? get_signal+0x8a0/0x24f0
[   63.049619][ T5073]  ? mm_update_next_owner+0x7b0/0x7b0
[   63.055012][ T5073]  do_group_exit+0xd4/0x2a0
[   63.060811][ T5073]  get_signal+0x225f/0x24f0
[   63.065317][ T5073]  ? exit_signals+0x910/0x910
[   63.069989][ T5073]  ? do_futex+0x132/0x360
[   63.074324][ T5073]  ? __ia32_sys_get_robust_list+0x400/0x400
[   63.080221][ T5073]  arch_do_signal_or_restart+0x79/0x5c0
[   63.085767][ T5073]  ? get_sigframe_size+0x10/0x10
[   63.090695][ T5073]  ? __x64_sys_futex+0x1ca/0x4d0
[   63.095629][ T5073]  ? do_futex+0x360/0x360
[   63.099951][ T5073]  exit_to_user_mode_prepare+0x11f/0x240
[   63.105572][ T5073]  syscall_exit_to_user_mode+0x1d/0x50
[   63.111026][ T5073]  do_syscall_64+0x46/0xb0
[   63.115518][ T5073]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.121401][ T5073] RIP: 0033:0x7fa6c8c2bb49
[   63.125799][ T5073] Code: Unable to access opcode bytes at 0x7fa6c8c2bb1f.
[   63.132812][ T5073] RSP: 002b:00007fa6c8bdd308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   63.141215][ T5073] RAX: fffffffffffffe00 RBX: 00007fa6c8cb3428 RCX: 00007fa6c8c2bb49
[   63.149172][ T5073] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa6c8cb3428
[   63.157126][ T5073] RBP: 00007fa6c8cb3420 R08: 0000000000000000 R09: 0000000000000000
[   63.165081][ T5073] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa6c8c81074
[   63.173038][ T5073] R13: 0000000000000000 R14: 00007fa6c8bdd400 R15: 0000000000022000
[   63.180999][ T5073]  </TASK>
[   63.184010][ T5073] 
[   63.186315][ T5073] Allocated by task 5073:
[   63.190623][ T5073]  kasan_save_stack+0x22/0x40
[   63.195293][ T5073]  kasan_set_track+0x25/0x30
[   63.199870][ T5073]  __kasan_slab_alloc+0x7f/0x90
[   63.204704][ T5073]  kmem_cache_alloc_bulk+0x3aa/0x730
[   63.209972][ T5073]  __io_alloc_req_refill+0xcc/0x40b
[   63.215158][ T5073]  io_submit_sqes.cold+0x7c/0xc2
[   63.220083][ T5073]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   63.225617][ T5073]  do_syscall_64+0x39/0xb0
[   63.230018][ T5073]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.235901][ T5073] 
[   63.238209][ T5073] Freed by task 51:
[   63.241992][ T5073]  kasan_save_stack+0x22/0x40
[   63.246655][ T5073]  kasan_set_track+0x25/0x30
[   63.251229][ T5073]  kasan_save_free_info+0x2e/0x40
[   63.256243][ T5073]  ____kasan_slab_free+0x160/0x1c0
[   63.261339][ T5073]  slab_free_freelist_hook+0x8b/0x1c0
[   63.266695][ T5073]  kmem_cache_free+0xec/0x4e0
[   63.271356][ T5073]  io_req_caches_free+0x1a9/0x1e6
[   63.276369][ T5073]  io_ring_exit_work+0x2e7/0xc80
[   63.281292][ T5073]  process_one_work+0x9bf/0x1750
[   63.286216][ T5073]  worker_thread+0x669/0x1090
[   63.290884][ T5073]  kthread+0x2e8/0x3a0
[   63.294938][ T5073]  ret_from_fork+0x1f/0x30
[   63.299344][ T5073] 
[   63.301680][ T5073] The buggy address belongs to the object at ffff88802b2638c0
[   63.301680][ T5073]  which belongs to the cache io_kiocb of size 216
[   63.315458][ T5073] The buggy address is located 136 bytes inside of
[   63.315458][ T5073]  216-byte region [ffff88802b2638c0, ffff88802b263998)
[   63.328715][ T5073] 
[   63.331020][ T5073] The buggy address belongs to the physical page:
[   63.337411][ T5073] page:ffffea0000ac98c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b263
[   63.347542][ T5073] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   63.355075][ T5073] raw: 00fff00000000200 ffff88801c501000 dead000000000122 0000000000000000
[   63.363642][ T5073] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   63.372201][ T5073] page dumped because: kasan: bad access detected
[   63.378592][ T5073] page_owner tracks the page as allocated
[   63.384284][ T5073] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5073, tgid 5072 (syz-executor132), ts 62791878440, free_ts 62764649977
[   63.402849][ T5073]  get_page_from_freelist+0x11bb/0x2d50
[   63.408390][ T5073]  __alloc_pages+0x1cb/0x5c0
[   63.412970][ T5073]  alloc_pages+0x1aa/0x270
[   63.417371][ T5073]  allocate_slab+0x25f/0x350
[   63.421944][ T5073]  ___slab_alloc+0xa91/0x1400
[   63.426605][ T5073]  kmem_cache_alloc_bulk+0x23d/0x730
[   63.431875][ T5073]  __io_alloc_req_refill+0xcc/0x40b
[   63.437068][ T5073]  io_submit_sqes.cold+0x7c/0xc2
[   63.441993][ T5073]  __do_sys_io_uring_enter+0x9e4/0x2c10
[   63.447528][ T5073]  do_syscall_64+0x39/0xb0
[   63.451931][ T5073]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.457819][ T5073] page last free stack trace:
[   63.462473][ T5073]  free_pcp_prepare+0x4d0/0x910
[   63.467314][ T5073]  free_unref_page+0x1d/0x490
[   63.471993][ T5073]  __unfreeze_partials+0x17c/0x1a0
[   63.477090][ T5073]  qlist_free_all+0x6a/0x170
[   63.481699][ T5073]  kasan_quarantine_reduce+0x192/0x220
[   63.487149][ T5073]  __kasan_slab_alloc+0x63/0x90
[   63.491984][ T5073]  kmem_cache_alloc+0x175/0x320
[   63.496818][ T5073]  vm_area_dup+0x7d/0x380
[   63.501134][ T5073]  __split_vma+0xae/0x5e0
[   63.505449][ T5073]  do_mas_align_munmap+0x7da/0x12a0
[   63.510631][ T5073]  do_mas_munmap+0x26e/0x2c0
[   63.515206][ T5073]  mmap_region+0x21d/0x1e50
[   63.519696][ T5073]  do_mmap+0x831/0xf60
[   63.523749][ T5073]  vm_mmap_pgoff+0x1af/0x280
[   63.528330][ T5073]  ksys_mmap_pgoff+0x41f/0x5a0
[   63.533079][ T5073]  do_syscall_64+0x39/0xb0
[   63.537484][ T5073] 
[   63.539794][ T5073] Memory state around the buggy address:
[   63.545408][ T5073]  ffff88802b263800: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   63.553451][ T5073]  ffff88802b263880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   63.561494][ T5073] >ffff88802b263900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   63.569534][ T5073]                                               ^
[   63.575930][ T5073]  ffff88802b263980: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.583976][ T5073]  ffff88802b263a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   63.592017][ T5073] ==================================================================
[   63.600410][ T5073] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   63.607612][ T5073] CPU: 0 PID: 5073 Comm: syz-executor132 Not tainted 6.2.0-rc3-next-20230112-syzkaller #0
[   63.617489][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   63.627532][ T5073] Call Trace:
[   63.630798][ T5073]  <TASK>
[   63.633726][ T5073]  dump_stack_lvl+0xd1/0x138
[   63.638311][ T5073]  panic+0x2cc/0x626
[   63.642201][ T5073]  ? panic_print_sys_info.part.0+0x112/0x112
[   63.648174][ T5073]  ? preempt_schedule_thunk+0x1a/0x20
[   63.653551][ T5073]  ? preempt_schedule_common+0x59/0xc0
[   63.659028][ T5073]  check_panic_on_warn.cold+0x19/0x35
[   63.664425][ T5073]  end_report.part.0+0x36/0x73
[   63.669194][ T5073]  ? io_fallback_tw+0x6d/0x119
[   63.673968][ T5073]  kasan_report.cold+0xa/0xf
[   63.678566][ T5073]  ? io_fallback_tw+0x6d/0x119
[   63.683341][ T5073]  io_fallback_tw+0x6d/0x119
[   63.687945][ T5073]  tctx_task_work.cold+0xf/0x2c
[   63.692808][ T5073]  ? handle_tw_list+0x460/0x460
[   63.697671][ T5073]  ? lock_downgrade+0x6e0/0x6e0
[   63.702533][ T5073]  ? do_raw_spin_lock+0x124/0x2b0
[   63.707573][ T5073]  ? rwlock_bug.part.0+0x90/0x90
[   63.712518][ T5073]  ? _raw_spin_unlock_irq+0x23/0x50
[   63.717737][ T5073]  task_work_run+0x16f/0x270
[   63.722348][ T5073]  ? task_work_cancel+0x30/0x30
[   63.727215][ T5073]  ? do_raw_spin_unlock+0x175/0x230
[   63.732426][ T5073]  do_exit+0xb17/0x2a90
[   63.736601][ T5073]  ? find_held_lock+0x2d/0x110
[   63.741387][ T5073]  ? get_signal+0x8a0/0x24f0
[   63.745988][ T5073]  ? mm_update_next_owner+0x7b0/0x7b0
[   63.751388][ T5073]  do_group_exit+0xd4/0x2a0
[   63.755915][ T5073]  get_signal+0x225f/0x24f0
[   63.760427][ T5073]  ? exit_signals+0x910/0x910
[   63.765108][ T5073]  ? do_futex+0x132/0x360
[   63.769454][ T5073]  ? __ia32_sys_get_robust_list+0x400/0x400
[   63.775362][ T5073]  arch_do_signal_or_restart+0x79/0x5c0
[   63.780920][ T5073]  ? get_sigframe_size+0x10/0x10
[   63.785865][ T5073]  ? __x64_sys_futex+0x1ca/0x4d0
[   63.790816][ T5073]  ? do_futex+0x360/0x360
[   63.795164][ T5073]  exit_to_user_mode_prepare+0x11f/0x240
[   63.800812][ T5073]  syscall_exit_to_user_mode+0x1d/0x50
[   63.806289][ T5073]  do_syscall_64+0x46/0xb0
[   63.810749][ T5073]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.816670][ T5073] RIP: 0033:0x7fa6c8c2bb49
[   63.821092][ T5073] Code: Unable to access opcode bytes at 0x7fa6c8c2bb1f.
[   63.828122][ T5073] RSP: 002b:00007fa6c8bdd308 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   63.836545][ T5073] RAX: fffffffffffffe00 RBX: 00007fa6c8cb3428 RCX: 00007fa6c8c2bb49
[   63.844524][ T5073] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa6c8cb3428
[   63.852500][ T5073] RBP: 00007fa6c8cb3420 R08: 0000000000000000 R09: 0000000000000000
[   63.860475][ T5073] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa6c8c81074
[   63.868448][ T5073] R13: 0000000000000000 R14: 00007fa6c8bdd400 R15: 0000000000022000
[   63.876431][ T5073]  </TASK>
[   63.879594][ T5073] Kernel Offset: disabled
[   63.883921][ T5073] Rebooting in 86400 seconds..