Warning: Permanently added '10.128.0.144' (ED25519) to the list of known hosts.
executing program
[   69.524124][ T5065] ==================================================================
[   69.532321][ T5065] BUG: KASAN: slab-use-after-free in __se_sys_io_cancel+0x2c7/0x2d0
[   69.540319][ T5065] Read of size 4 at addr ffff88801f857020 by task syz-executor142/5065
[   69.548550][ T5065] 
[   69.550873][ T5065] CPU: 0 PID: 5065 Comm: syz-executor142 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   69.561282][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   69.571349][ T5065] Call Trace:
[   69.574671][ T5065]  <TASK>
[   69.577603][ T5065]  dump_stack_lvl+0x1e7/0x2e0
[   69.582312][ T5065]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.587527][ T5065]  ? __pfx__printk+0x10/0x10
[   69.592129][ T5065]  ? _printk+0xd5/0x120
[   69.596299][ T5065]  ? __virt_addr_valid+0x183/0x520
[   69.601421][ T5065]  ? __virt_addr_valid+0x183/0x520
[   69.606546][ T5065]  print_report+0x167/0x540
[   69.611062][ T5065]  ? __virt_addr_valid+0x183/0x520
[   69.616184][ T5065]  ? __virt_addr_valid+0x183/0x520
[   69.621301][ T5065]  ? __virt_addr_valid+0x44e/0x520
[   69.626512][ T5065]  ? __phys_addr+0xba/0x170
[   69.631029][ T5065]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   69.636230][ T5065]  kasan_report+0x142/0x180
[   69.640922][ T5065]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   69.646128][ T5065]  __se_sys_io_cancel+0x2c7/0x2d0
[   69.651157][ T5065]  do_syscall_64+0xf9/0x240
[   69.655674][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   69.661587][ T5065] RIP: 0033:0x7f1c0c3bd3e9
[   69.666003][ T5065] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   69.685610][ T5065] RSP: 002b:00007ffe5ffcdc98 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   69.694028][ T5065] RAX: ffffffffffffffda RBX: 00007ffe5ffcde68 RCX: 00007f1c0c3bd3e9
[   69.702003][ T5065] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 00007f1c0c349000
[   69.709983][ T5065] RBP: 00007f1c0c430610 R08: 00007ffe5ffcde68 R09: 00007ffe5ffcde68
[   69.717963][ T5065] R10: 00007ffe5ffcde68 R11: 0000000000000246 R12: 0000000000000001
[   69.725931][ T5065] R13: 00007ffe5ffcde58 R14: 0000000000000001 R15: 0000000000000001
[   69.733910][ T5065]  </TASK>
[   69.736934][ T5065] 
[   69.739255][ T5065] Allocated by task 5065:
[   69.743574][ T5065]  kasan_save_track+0x3f/0x80
[   69.748258][ T5065]  __kasan_slab_alloc+0x66/0x80
[   69.753114][ T5065]  kmem_cache_alloc+0x16f/0x340
[   69.757967][ T5065]  io_submit_one+0x154/0x18b0
[   69.762647][ T5065]  __se_sys_io_submit+0x17f/0x300
[   69.767667][ T5065]  do_syscall_64+0xf9/0x240
[   69.772179][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   69.778099][ T5065] 
[   69.780420][ T5065] Freed by task 4812:
[   69.784403][ T5065]  kasan_save_track+0x3f/0x80
[   69.789083][ T5065]  kasan_save_free_info+0x40/0x50
[   69.794107][ T5065]  poison_slab_object+0xa6/0xe0
[   69.798962][ T5065]  __kasan_slab_free+0x37/0x60
[   69.803731][ T5065]  kmem_cache_free+0x102/0x2a0
[   69.808514][ T5065]  aio_poll_complete_work+0x467/0x670
[   69.813889][ T5065]  process_scheduled_works+0x913/0x1420
[   69.819443][ T5065]  worker_thread+0xa5f/0x1000
[   69.824126][ T5065]  kthread+0x2ef/0x390
[   69.828197][ T5065]  ret_from_fork+0x4b/0x80
[   69.832617][ T5065]  ret_from_fork_asm+0x1b/0x30
[   69.837406][ T5065] 
[   69.839727][ T5065] Last potentially related work creation:
[   69.845435][ T5065]  kasan_save_stack+0x3f/0x60
[   69.850118][ T5065]  __kasan_record_aux_stack+0xac/0xc0
[   69.855490][ T5065]  insert_work+0x3e/0x330
[   69.859839][ T5065]  __queue_work+0xbf4/0x1000
[   69.864515][ T5065]  queue_work_on+0x14f/0x250
[   69.869106][ T5065]  aio_poll_cancel+0xbb/0x130
[   69.873785][ T5065]  __se_sys_io_cancel+0x126/0x2d0
[   69.878809][ T5065]  do_syscall_64+0xf9/0x240
[   69.883326][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   69.889231][ T5065] 
[   69.891555][ T5065] The buggy address belongs to the object at ffff88801f857000
[   69.891555][ T5065]  which belongs to the cache aio_kiocb of size 216
[   69.905431][ T5065] The buggy address is located 32 bytes inside of
[   69.905431][ T5065]  freed 216-byte region [ffff88801f857000, ffff88801f8570d8)
[   69.919138][ T5065] 
[   69.921458][ T5065] The buggy address belongs to the physical page:
[   69.927871][ T5065] page:ffffea00007e15c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f857
[   69.938023][ T5065] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[   69.945561][ T5065] page_type: 0xffffffff()
[   69.949893][ T5065] raw: 00fff00000000800 ffff88801a6a9500 dead000000000122 0000000000000000
[   69.958563][ T5065] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   69.967135][ T5065] page dumped because: kasan: bad access detected
[   69.973548][ T5065] page_owner tracks the page as allocated
[   69.979256][ T5065] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 5065, tgid 5065 (syz-executor142), ts 69523425470, free_ts 63195641417
[   69.997838][ T5065]  post_alloc_hook+0x1ea/0x210
[   70.002620][ T5065]  get_page_from_freelist+0x33ea/0x3580
[   70.008257][ T5065]  __alloc_pages+0x255/0x680
[   70.012850][ T5065]  alloc_slab_page+0x5f/0x160
[   70.017539][ T5065]  new_slab+0x84/0x2f0
[   70.021698][ T5065]  ___slab_alloc+0xd17/0x13e0
[   70.026376][ T5065]  kmem_cache_alloc+0x24d/0x340
[   70.031226][ T5065]  io_submit_one+0x154/0x18b0
[   70.035905][ T5065]  __se_sys_io_submit+0x17f/0x300
[   70.040928][ T5065]  do_syscall_64+0xf9/0x240
[   70.045443][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   70.051343][ T5065] page last free pid 4504 tgid 4504 stack trace:
[   70.057661][ T5065]  free_unref_page_prepare+0x968/0xa90
[   70.063302][ T5065]  free_unref_page+0x37/0x3f0
[   70.067981][ T5065]  __slab_free+0x349/0x410
[   70.072402][ T5065]  qlist_free_all+0x5e/0xc0
[   70.076909][ T5065]  kasan_quarantine_reduce+0x14f/0x170
[   70.082371][ T5065]  __kasan_slab_alloc+0x23/0x80
[   70.087228][ T5065]  kmem_cache_alloc+0x16f/0x340
[   70.092081][ T5065]  getname_flags+0xbc/0x4f0
[   70.096583][ T5065]  do_sys_openat2+0xd2/0x1d0
[   70.101172][ T5065]  __x64_sys_openat+0x247/0x2a0
[   70.106024][ T5065]  do_syscall_64+0xf9/0x240
[   70.110537][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   70.116441][ T5065] 
[   70.118807][ T5065] Memory state around the buggy address:
[   70.124432][ T5065]  ffff88801f856f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.132490][ T5065]  ffff88801f856f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.140548][ T5065] >ffff88801f857000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.148961][ T5065]                                ^
[   70.154068][ T5065]  ffff88801f857080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[   70.162126][ T5065]  ffff88801f857100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   70.170195][ T5065] ==================================================================
[   70.178583][ T5065] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   70.185806][ T5065] CPU: 1 PID: 5065 Comm: syz-executor142 Not tainted 6.8.0-rc6-syzkaller-00238-g5ad3cb0ed525 #0
[   70.196246][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   70.206309][ T5065] Call Trace:
[   70.209591][ T5065]  <TASK>
[   70.212527][ T5065]  dump_stack_lvl+0x1e7/0x2e0
[   70.217220][ T5065]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.222430][ T5065]  ? __pfx__printk+0x10/0x10
[   70.227067][ T5065]  ? vscnprintf+0x5d/0x90
[   70.231418][ T5065]  panic+0x349/0x860
[   70.235347][ T5065]  ? check_panic_on_warn+0x21/0xb0
[   70.240478][ T5065]  ? __pfx_panic+0x10/0x10
[   70.244913][ T5065]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   70.250913][ T5065]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   70.257253][ T5065]  ? print_report+0x4ff/0x540
[   70.262038][ T5065]  check_panic_on_warn+0x86/0xb0
[   70.266991][ T5065]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   70.272197][ T5065]  end_report+0x6e/0x140
[   70.276452][ T5065]  kasan_report+0x153/0x180
[   70.280975][ T5065]  ? __se_sys_io_cancel+0x2c7/0x2d0
[   70.286181][ T5065]  __se_sys_io_cancel+0x2c7/0x2d0
[   70.291215][ T5065]  do_syscall_64+0xf9/0x240
[   70.295751][ T5065]  entry_SYSCALL_64_after_hwframe+0x6f/0x77
[   70.301677][ T5065] RIP: 0033:0x7f1c0c3bd3e9
[   70.306102][ T5065] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   70.325724][ T5065] RSP: 002b:00007ffe5ffcdc98 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[   70.334388][ T5065] RAX: ffffffffffffffda RBX: 00007ffe5ffcde68 RCX: 00007f1c0c3bd3e9
[   70.342373][ T5065] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 00007f1c0c349000
[   70.350345][ T5065] RBP: 00007f1c0c430610 R08: 00007ffe5ffcde68 R09: 00007ffe5ffcde68
[   70.358338][ T5065] R10: 00007ffe5ffcde68 R11: 0000000000000246 R12: 0000000000000001
[   70.366405][ T5065] R13: 00007ffe5ffcde58 R14: 0000000000000001 R15: 0000000000000001
[   70.374395][ T5065]  </TASK>
[   70.377676][ T5065] Kernel Offset: disabled
[   70.381999][ T5065] Rebooting in 86400 seconds..