Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts.
executing program
[   70.592157][ T5062] ==================================================================
[   70.600243][ T5062] BUG: KASAN: slab-use-after-free in __se_sys_io_cancel+0x2c7/0x2d0
[   70.608233][ T5062] Read of size 4 at addr ffff88807af78020 by task syz-executor347/5062
[   70.616470][ T5062] 
[   70.618784][ T5062] CPU: 0 PID: 5062 Comm: syz-executor347 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   70.629182][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   70.639232][ T5062] Call Trace:
[   70.642508][ T5062]  <TASK>
[   70.645441][ T5062]  dump_stack_lvl+0x1e7/0x2e0
[   70.650146][ T5062]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.655375][ T5062]  ? __pfx__printk+0x10/0x10
[   70.659999][ T5062]  ? srso_return_thunk+0x5/0x5f
[   70.664857][ T5062]  ? _printk+0xd5/0x120
[   70.669031][ T5062]  ? __virt_addr_valid+0x183/0x520
[   70.674162][ T5062]  ? srso_return_thunk+0x5/0x5f
[   70.679021][ T5062]  print_report+0x167/0x540
[   70.683540][ T5062]  ? __virt_addr_valid+0x183/0x520
[   70.688662][ T5062]  ? srso_return_thunk+0x5/0x5f
[   70.693516][ T5062]  ? __virt_addr_valid+0x44e/0x520
[   70.698635][ T5062]  ? srso_return_thunk+0x5/0x5f
[   70.703489][ T5062]  ? __phys_addr+0xba/0x170
[   70.708004][ T5062]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   70.713206][ T5062]  kasan_report+0x142/0x180
[   70.717743][ T5062]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   70.722957][ T5062]  __se_sys_io_cancel+0x2c7/0x2d0
[   70.727997][ T5062]  do_syscall_64+0xfb/0x240
[   70.732519][ T5062]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   70.738432][ T5062] RIP: 0033:0x7fe04989e3e9
[   70.742852][ T5062] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   70.762460][ T5062] RSP: 002b:00007fffe77becc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   70.770879][ T5062] RAX: ffffffffffffffda RBX: 00007fffe77bee98 RCX: 00007fe04989e3e9
[   70.778856][ T5062] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 00007fe049864000
[   70.786825][ T5062] RBP: 00007fe049911610 R08: 00007fffe77bee98 R09: 00007fffe77bee98
[   70.794798][ T5062] R10: 00007fffe77bee98 R11: 0000000000000246 R12: 0000000000000001
[   70.802768][ T5062] R13: 00007fffe77bee88 R14: 0000000000000001 R15: 0000000000000001
[   70.810746][ T5062]  </TASK>
[   70.813763][ T5062] 
[   70.816078][ T5062] Allocated by task 5062:
[   70.820395][ T5062]  kasan_save_track+0x3f/0x80
[   70.825083][ T5062]  __kasan_slab_alloc+0x66/0x80
[   70.829953][ T5062]  kmem_cache_alloc+0x16f/0x340
[   70.834811][ T5062]  io_submit_one+0x154/0x18b0
[   70.839492][ T5062]  __se_sys_io_submit+0x17f/0x300
[   70.844517][ T5062]  do_syscall_64+0xfb/0x240
[   70.849118][ T5062]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   70.855026][ T5062] 
[   70.857341][ T5062] Freed by task 9:
[   70.861054][ T5062]  kasan_save_track+0x3f/0x80
[   70.865742][ T5062]  kasan_save_free_info+0x40/0x50
[   70.870772][ T5062]  poison_slab_object+0xa6/0xe0
[   70.875635][ T5062]  __kasan_slab_free+0x37/0x60
[   70.880409][ T5062]  kmem_cache_free+0x102/0x2a0
[   70.885181][ T5062]  aio_poll_complete_work+0x467/0x670
[   70.890560][ T5062]  process_scheduled_works+0x915/0x1420
[   70.896120][ T5062]  worker_thread+0xa5f/0x1000
[   70.900809][ T5062]  kthread+0x2f1/0x390
[   70.904878][ T5062]  ret_from_fork+0x4d/0x80
[   70.909303][ T5062]  ret_from_fork_asm+0x1b/0x30
[   70.914077][ T5062] 
[   70.916392][ T5062] Last potentially related work creation:
[   70.922094][ T5062]  kasan_save_stack+0x3f/0x60
[   70.926778][ T5062]  __kasan_record_aux_stack+0xac/0xc0
[   70.932155][ T5062]  insert_work+0x3e/0x330
[   70.936493][ T5062]  __queue_work+0xbf4/0x1000
[   70.941085][ T5062]  queue_work_on+0x14f/0x250
[   70.946022][ T5062]  aio_poll_cancel+0xbb/0x130
[   70.950703][ T5062]  __se_sys_io_cancel+0x128/0x2d0
[   70.955728][ T5062]  do_syscall_64+0xfb/0x240
[   70.960243][ T5062]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   70.966150][ T5062] 
[   70.968470][ T5062] The buggy address belongs to the object at ffff88807af78000
[   70.968470][ T5062]  which belongs to the cache aio_kiocb of size 216
[   70.982364][ T5062] The buggy address is located 32 bytes inside of
[   70.982364][ T5062]  freed 216-byte region [ffff88807af78000, ffff88807af780d8)
[   70.996082][ T5062] 
[   70.998402][ T5062] The buggy address belongs to the physical page:
[   71.004807][ T5062] page:ffffea0001ebde00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7af78
[   71.014956][ T5062] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   71.022497][ T5062] page_type: 0xffffffff()
[   71.026824][ T5062] raw: 00fff00000000800 ffff888018bfe780 dead000000000122 0000000000000000
[   71.035411][ T5062] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   71.043992][ T5062] page dumped because: kasan: bad access detected
[   71.050405][ T5062] page_owner tracks the page as allocated
[   71.056116][ T5062] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5062, tgid 5062 (syz-executor347), ts 70591448632, free_ts 70584634709
[   71.074697][ T5062]  post_alloc_hook+0x1ea/0x210
[   71.079463][ T5062]  get_page_from_freelist+0x33ea/0x3580
[   71.085017][ T5062]  __alloc_pages+0x255/0x680
[   71.089613][ T5062]  alloc_slab_page+0x5f/0x160
[   71.094299][ T5062]  new_slab+0x84/0x2f0
[   71.098373][ T5062]  ___slab_alloc+0xd17/0x13e0
[   71.103105][ T5062]  kmem_cache_alloc+0x24d/0x340
[   71.107961][ T5062]  io_submit_one+0x154/0x18b0
[   71.112642][ T5062]  __se_sys_io_submit+0x17f/0x300
[   71.117664][ T5062]  do_syscall_64+0xfb/0x240
[   71.122178][ T5062]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   71.128086][ T5062] page last free pid 5062 tgid 5062 stack trace:
[   71.134835][ T5062]  free_unref_page_prepare+0x968/0xa90
[   71.140295][ T5062]  free_unref_page_list+0x5a3/0x850
[   71.145494][ T5062]  release_pages+0x2744/0x2a80
[   71.150267][ T5062]  tlb_flush_mmu+0x34c/0x4e0
[   71.154869][ T5062]  tlb_finish_mmu+0xd4/0x200
[   71.159469][ T5062]  exit_mmap+0x4b6/0xd40
[   71.163717][ T5062]  __mmput+0x115/0x3c0
[   71.167800][ T5062]  exec_mmap+0x69c/0x730
[   71.172057][ T5062]  begin_new_exec+0x119a/0x1ce0
[   71.177179][ T5062]  load_elf_binary+0x961/0x2590
[   71.182036][ T5062]  bprm_execve+0xaf9/0x1790
[   71.186547][ T5062]  do_execveat_common+0x552/0x6f0
[   71.191581][ T5062]  __x64_sys_execve+0x92/0xb0
[   71.196265][ T5062]  do_syscall_64+0xfb/0x240
[   71.200778][ T5062]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   71.206684][ T5062] 
[   71.209001][ T5062] Memory state around the buggy address:
[   71.214621][ T5062]  ffff88807af77f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.222677][ T5062]  ffff88807af77f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   71.230731][ T5062] >ffff88807af78000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.238785][ T5062]                                ^
[   71.243889][ T5062]  ffff88807af78080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   71.251952][ T5062]  ffff88807af78100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.260005][ T5062] ==================================================================
[   71.271285][ T5062] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   71.278500][ T5062] CPU: 1 PID: 5062 Comm: syz-executor347 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   71.288918][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   71.298966][ T5062] Call Trace:
[   71.302236][ T5062]  <TASK>
[   71.305158][ T5062]  dump_stack_lvl+0x1e7/0x2e0
[   71.309846][ T5062]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.315050][ T5062]  ? __pfx__printk+0x10/0x10
[   71.319643][ T5062]  ? srso_return_thunk+0x5/0x5f
[   71.324485][ T5062]  ? vscnprintf+0x5d/0x90
[   71.328809][ T5062]  panic+0x349/0x860
[   71.332703][ T5062]  ? check_panic_on_warn+0x21/0xb0
[   71.337822][ T5062]  ? __pfx_panic+0x10/0x10
[   71.342234][ T5062]  ? srso_return_thunk+0x5/0x5f
[   71.347082][ T5062]  ? srso_return_thunk+0x5/0x5f
[   71.351925][ T5062]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   71.357905][ T5062]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   71.364249][ T5062]  ? print_report+0x4ff/0x540
[   71.368933][ T5062]  check_panic_on_warn+0x86/0xb0
[   71.373875][ T5062]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   71.379062][ T5062]  end_report+0x6e/0x140
[   71.383314][ T5062]  kasan_report+0x153/0x180
[   71.387820][ T5062]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   71.393024][ T5062]  __se_sys_io_cancel+0x2c7/0x2d0
[   71.398046][ T5062]  do_syscall_64+0xfb/0x240
[   71.402550][ T5062]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   71.408449][ T5062] RIP: 0033:0x7fe04989e3e9
[   71.412852][ T5062] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   71.432448][ T5062] RSP: 002b:00007fffe77becc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   71.440854][ T5062] RAX: ffffffffffffffda RBX: 00007fffe77bee98 RCX: 00007fe04989e3e9
[   71.448818][ T5062] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 00007fe049864000
[   71.456780][ T5062] RBP: 00007fe049911610 R08: 00007fffe77bee98 R09: 00007fffe77bee98
[   71.464741][ T5062] R10: 00007fffe77bee98 R11: 0000000000000246 R12: 0000000000000001
[   71.472700][ T5062] R13: 00007fffe77bee88 R14: 0000000000000001 R15: 0000000000000001
[   71.480668][ T5062]  </TASK>
[   71.483794][ T5062] Kernel Offset: disabled
[   71.488107][ T5062] Rebooting in 86400 seconds..