Warning: Permanently added '10.128.1.90' (ECDSA) to the list of known hosts.
syzkaller login: [   43.478077][  T293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   43.479771][  T293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   43.487651][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   43.494056][ T1791] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   43.495692][ T1791] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   43.499114][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
executing program
[   43.688631][ T3962] loop0: detected capacity change from 0 to 32768
[   43.691203][ T3962] =======================================================
[   43.691203][ T3962] WARNING: The mand mount option has been deprecated and
[   43.691203][ T3962]          and is ignored by this kernel. Remove the mand
[   43.691203][ T3962]          option from the mount to silence this warning.
[   43.691203][ T3962] =======================================================
[   43.705211][ T3962] FAULT_INJECTION: forcing a failure.
[   43.705211][ T3962] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   43.708024][ T3962] CPU: 0 PID: 3962 Comm: syz-executor354 Not tainted 5.15.117-syzkaller #0
[   43.710063][ T3962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   43.712240][ T3962] Call trace:
[   43.712928][ T3962]  dump_backtrace+0x0/0x530
[   43.713890][ T3962]  show_stack+0x2c/0x3c
[   43.714695][ T3962]  dump_stack_lvl+0x108/0x170
[   43.715673][ T3962]  dump_stack+0x1c/0x58
[   43.716454][ T3962]  should_fail+0x400/0x5cc
[   43.717565][ T3962]  should_fail_alloc_page+0x74/0xa8
[   43.718757][ T3962]  prepare_alloc_pages+0x160/0x4cc
[   43.719850][ T3962]  __alloc_pages+0x138/0x674
[   43.720828][ T3962]  alloc_pages+0x390/0x634
[   43.721772][ T3962]  __page_cache_alloc+0x78/0x524
[   43.722812][ T3962]  do_read_cache_page+0x1a0/0x950
[   43.724031][ T3962]  read_cache_page+0x68/0x84
[   43.725037][ T3962]  __get_metapage+0x2f0/0x1128
[   43.726061][ T3962]  diMount+0xd8/0x670
[   43.726916][ T3962]  jfs_mount_rw+0x250/0x57c
[   43.727843][ T3962]  jfs_remount+0x328/0x594
[   43.728735][ T3962]  legacy_reconfigure+0xfc/0x114
[   43.729750][ T3962]  reconfigure_super+0x340/0x690
[   43.730828][ T3962]  path_mount+0xc94/0x104c
[   43.731924][ T3962]  __arm64_sys_mount+0x510/0x5e0
[   43.732958][ T3962]  invoke_syscall+0x98/0x2b8
[   43.733887][ T3962]  el0_svc_common+0x138/0x258
[   43.734808][ T3962]  do_el0_svc+0x58/0x14c
[   43.735654][ T3962]  el0_svc+0x7c/0x1f0
[   43.736490][ T3962]  el0t_64_sync_handler+0x84/0xe4
[   43.737719][ T3962]  el0t_64_sync+0x1a0/0x1a4
[   43.738803][ T3962] read_mapping_page failed!
[   43.739797][ T3962] jfs_mount_rw: diMount failed!
[   43.789797][ T3962] ==================================================================
[   43.791381][ T3962] BUG: KASAN: double-free or invalid-free in kfree+0x178/0x410
[   43.792793][ T3962] 
[   43.793189][ T3962] CPU: 1 PID: 3962 Comm: syz-executor354 Not tainted 5.15.117-syzkaller #0
[   43.794880][ T3962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   43.796856][ T3962] Call trace:
[   43.797457][ T3962]  dump_backtrace+0x0/0x530
[   43.798417][ T3962]  show_stack+0x2c/0x3c
[   43.799292][ T3962]  dump_stack_lvl+0x108/0x170
[   43.800252][ T3962]  print_address_description+0x7c/0x3f0
[   43.801404][ T3962]  kasan_report_invalid_free+0x64/0x94
[   43.802587][ T3962]  ____kasan_slab_free+0x134/0x164
[   43.803734][ T3962]  __kasan_slab_free+0x18/0x28
[   43.804729][ T3962]  slab_free_freelist_hook+0x128/0x1ec
[   43.805848][ T3962]  kfree+0x178/0x410
[   43.806545][ T3962]  diUnmount+0xf4/0x10c
[   43.807389][ T3962]  jfs_umount+0x110/0x338
[   43.808280][ T3962]  jfs_put_super+0x90/0x188
[   43.809232][ T3962]  generic_shutdown_super+0x130/0x29c
[   43.810329][ T3962]  kill_block_super+0x70/0xdc
[   43.811284][ T3962]  deactivate_locked_super+0xb8/0x13c
[   43.812426][ T3962]  deactivate_super+0x108/0x128
[   43.813430][ T3962]  cleanup_mnt+0x3c0/0x474
[   43.814317][ T3962]  __cleanup_mnt+0x20/0x30
[   43.815183][ T3962]  task_work_run+0x130/0x1e4
[   43.816086][ T3962]  do_exit+0x688/0x2134
[   43.816880][ T3962]  do_group_exit+0x110/0x268
[   43.817786][ T3962]  __wake_up_parent+0x0/0x60
[   43.818791][ T3962]  invoke_syscall+0x98/0x2b8
[   43.819714][ T3962]  el0_svc_common+0x138/0x258
[   43.820728][ T3962]  do_el0_svc+0x58/0x14c
[   43.821578][ T3962]  el0_svc+0x7c/0x1f0
[   43.822318][ T3962]  el0t_64_sync_handler+0x84/0xe4
[   43.823419][ T3962]  el0t_64_sync+0x1a0/0x1a4
[   43.824407][ T3962] 
[   43.824842][ T3962] Allocated by task 3962:
[   43.825645][ T3962]  ____kasan_kmalloc+0xbc/0xfc
[   43.826640][ T3962]  __kasan_kmalloc+0x10/0x1c
[   43.827653][ T3962]  kmem_cache_alloc_trace+0x27c/0x47c
[   43.828859][ T3962]  kobject_uevent_env+0x26c/0x898
[   43.829842][ T3962]  kobject_uevent+0x2c/0x3c
[   43.830826][ T3962]  __kobject_del+0xd8/0x2d4
[   43.831855][ T3962]  kobject_put+0x2dc/0x438
[   43.832817][ T3962]  net_rx_queue_update_kobjects+0x3b4/0x42c
[   43.834003][ T3962]  netdev_unregister_kobject+0xf0/0x204
[   43.835192][ T3962]  unregister_netdevice_many+0x12c8/0x189c
[   43.836436][ T3962]  unregister_netdevice_queue+0x2d0/0x31c
[   43.837620][ T3962]  __tun_detach+0xb74/0x12b0
[   43.838468][ T3962]  tun_chr_close+0x118/0x20c
[   43.839352][ T3962]  __fput+0x30c/0x7f0
[   43.840205][ T3962]  ____fput+0x20/0x30
[   43.840999][ T3962]  task_work_run+0x130/0x1e4
[   43.841964][ T3962]  do_exit+0x688/0x2134
[   43.842875][ T3962]  do_group_exit+0x110/0x268
[   43.843827][ T3962]  __wake_up_parent+0x0/0x60
[   43.844723][ T3962]  invoke_syscall+0x98/0x2b8
[   43.845696][ T3962]  el0_svc_common+0x138/0x258
[   43.846716][ T3962]  do_el0_svc+0x58/0x14c
[   43.847553][ T3962]  el0_svc+0x7c/0x1f0
[   43.848379][ T3962]  el0t_64_sync_handler+0x84/0xe4
[   43.849489][ T3962]  el0t_64_sync+0x1a0/0x1a4
[   43.850423][ T3962] 
[   43.850911][ T3962] Freed by task 3962:
[   43.851691][ T3962]  kasan_set_track+0x4c/0x84
[   43.852673][ T3962]  kasan_set_free_info+0x28/0x4c
[   43.853726][ T3962]  ____kasan_slab_free+0x118/0x164
[   43.854721][ T3962]  __kasan_slab_free+0x18/0x28
[   43.855716][ T3962]  slab_free_freelist_hook+0x128/0x1ec
[   43.856859][ T3962]  kfree+0x178/0x410
[   43.857701][ T3962]  kobject_uevent_env+0x354/0x898
[   43.858764][ T3962]  kobject_uevent+0x2c/0x3c
[   43.859640][ T3962]  __kobject_del+0xd8/0x2d4
[   43.860558][ T3962]  kobject_put+0x2dc/0x438
[   43.861464][ T3962]  net_rx_queue_update_kobjects+0x3b4/0x42c
[   43.862646][ T3962]  netdev_unregister_kobject+0xf0/0x204
[   43.863817][ T3962]  unregister_netdevice_many+0x12c8/0x189c
[   43.865032][ T3962]  unregister_netdevice_queue+0x2d0/0x31c
[   43.866215][ T3962]  __tun_detach+0xb74/0x12b0
[   43.867188][ T3962]  tun_chr_close+0x118/0x20c
[   43.868259][ T3962]  __fput+0x30c/0x7f0
[   43.869105][ T3962]  ____fput+0x20/0x30
[   43.869880][ T3962]  task_work_run+0x130/0x1e4
[   43.870796][ T3962]  do_exit+0x688/0x2134
[   43.871594][ T3962]  do_group_exit+0x110/0x268
[   43.872500][ T3962]  __wake_up_parent+0x0/0x60
[   43.873459][ T3962]  invoke_syscall+0x98/0x2b8
[   43.874379][ T3962]  el0_svc_common+0x138/0x258
[   43.875403][ T3962]  do_el0_svc+0x58/0x14c
[   43.876244][ T3962]  el0_svc+0x7c/0x1f0
[   43.877038][ T3962]  el0t_64_sync_handler+0x84/0xe4
[   43.878046][ T3962]  el0t_64_sync+0x1a0/0x1a4
[   43.878914][ T3962] 
[   43.879377][ T3962] The buggy address belongs to the object at ffff0000c76a0000
[   43.879377][ T3962]  which belongs to the cache kmalloc-4k of size 4096
[   43.882357][ T3962] The buggy address is located 0 bytes inside of
[   43.882357][ T3962]  4096-byte region [ffff0000c76a0000, ffff0000c76a1000)
[   43.885058][ T3962] The buggy address belongs to the page:
[   43.886102][ T3962] page:000000005cf71b91 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076a0
[   43.888110][ T3962] head:000000005cf71b91 order:3 compound_mapcount:0 compound_pincount:0
[   43.889844][ T3962] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   43.891426][ T3962] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002a80
[   43.893228][ T3962] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   43.894873][ T3962] page dumped because: kasan: bad access detected
[   43.896258][ T3962] 
[   43.896746][ T3962] Memory state around the buggy address:
[   43.897925][ T3962]  ffff0000c769ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.899623][ T3962]  ffff0000c769ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.901342][ T3962] >ffff0000c76a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.902947][ T3962]                    ^
[   43.903799][ T3962]  ffff0000c76a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.905431][ T3962]  ffff0000c76a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.907050][ T3962] ==================================================================
[   43.908656][ T3962] Disabling lock debugging due to kernel taint