Warning: Permanently added '10.128.1.113' (ECDSA) to the list of known hosts.
[ 85.468005][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.489615][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.500945][ T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.509493][ T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.532929][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.540980][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.553486][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 85.567488][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 85.575554][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 85.585102][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.599642][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.611004][ T903] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
executing program
[ 85.632722][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.640816][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.643662][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.650229][ T903] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 85.677544][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.687599][ T5024] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5024 'syz-executor303'
[ 85.705003][ T4558] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 85.715528][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.729398][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.746100][ T5023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.748669][ T4558] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 85.754853][ T5023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[ 85.795777][ T903] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 85.804155][ T5023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.812156][ T5023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[ 85.849552][ T903] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 85.886985][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.903225][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.946329][ T903] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 85.970636][ T5023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
executing program
[ 85.994878][ T5023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.054971][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 86.083353][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
executing program
[ 86.100753][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[ 86.139173][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 86.703678][ T5024] loop2: detected capacity change from 0 to 32768
[ 86.976139][ T5024] read_mapping_page failed!
[ 86.981024][ T5024] jfs_mount_rw: diMount failed!
[ 87.044472][ T5015] ==================================================================
[ 87.052583][ T5015] BUG: KASAN: double-free in __kmem_cache_free+0xaf/0x2d0
[ 87.059842][ T5015] Free of addr ffff88807b940000 by task syz-executor303/5015
[ 87.067243][ T5015]
[ 87.069588][ T5015] CPU: 1 PID: 5015 Comm: syz-executor303 Not tainted 6.4.0-rc1-next-20230508-syzkaller #0
[ 87.079550][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 87.089661][ T5015] Call Trace:
[ 87.093053][ T5015]
[ 87.096099][ T5015] dump_stack_lvl+0xd9/0x150
[ 87.100849][ T5015] print_address_description.constprop.0+0x2c/0x3c0
[ 87.107496][ T5015] ? __kmem_cache_free+0xaf/0x2d0
[ 87.112561][ T5015] kasan_report_invalid_free+0xe8/0x100
[ 87.118151][ T5015] ? __kmem_cache_free+0xaf/0x2d0
[ 87.123217][ T5015] ____kasan_slab_free+0x185/0x1c0
[ 87.128390][ T5015] slab_free_freelist_hook+0x8b/0x1c0
[ 87.133830][ T5015] ? diUnmount+0xf1/0x130
[ 87.138212][ T5015] __kmem_cache_free+0xaf/0x2d0
[ 87.143111][ T5015] diUnmount+0xf1/0x130
[ 87.147315][ T5015] jfs_umount+0x189/0x430
[ 87.151703][ T5015] jfs_put_super+0x85/0x1d0
[ 87.156253][ T5015] ? jfs_quota_off+0x170/0x170
[ 87.161069][ T5015] generic_shutdown_super+0x158/0x480
[ 87.166499][ T5015] kill_block_super+0xa1/0x100
[ 87.171331][ T5015] deactivate_locked_super+0x98/0x160
[ 87.176761][ T5015] deactivate_super+0xb1/0xd0
[ 87.181500][ T5015] cleanup_mnt+0x2ae/0x3d0
[ 87.186058][ T5015] task_work_run+0x16f/0x270
[ 87.190714][ T5015] ? task_work_cancel+0x30/0x30
[ 87.195614][ T5015] ? __x64_sys_umount+0x118/0x190
[ 87.200698][ T5015] exit_to_user_mode_prepare+0x210/0x240
[ 87.206388][ T5015] syscall_exit_to_user_mode+0x1d/0x50
[ 87.211897][ T5015] do_syscall_64+0x46/0xb0
[ 87.216384][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 87.223209][ T5015] RIP: 0033:0x7fb616b808f7
[ 87.227660][ T5015] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 87.247402][ T5015] RSP: 002b:00007ffd679dacd8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 87.255948][ T5015] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb616b808f7
[ 87.263957][ T5015] RDX: 00007ffd679dad99 RSI: 000000000000000a RDI: 00007ffd679dad90
[ 87.272145][ T5015] RBP: 00007ffd679dad90 R08: 00000000ffffffff R09: 00007ffd679dab70
[ 87.280169][ T5015] R10: 0000555555d8e753 R11: 0000000000000206 R12: 00007ffd679dbe50
[ 87.288183][ T5015] R13: 0000555555d8e6f0 R14: 00007ffd679dad00 R15: 00007ffd679dbe70
[ 87.296204][ T5015]
[ 87.299339][ T5015]
[ 87.301692][ T5015] Allocated by task 12:
[ 87.305873][ T5015] kasan_save_stack+0x22/0x40
[ 87.310594][ T5015] kasan_set_track+0x25/0x30
[ 87.315245][ T5015] __kasan_kmalloc+0xa2/0xb0
[ 87.319876][ T5015] __kmalloc+0x5e/0x190
[ 87.324077][ T5015] ieee802_11_parse_elems_full+0x106/0x1340
[ 87.324536][ T5031] loop0: detected capacity change from 0 to 32768
[ 87.329997][ T5015] ieee802_11_parse_elems_crc.constprop.0+0x99/0xd0
[ 87.330033][ T5015] ieee80211_bss_info_update+0x410/0xb50
[ 87.330062][ T5015] ieee80211_ibss_rx_queued_mgmt+0x18c4/0x2d50
[ 87.354973][ T5015] ieee80211_iface_work+0xa4d/0xd70
[ 87.360316][ T5015] process_one_work+0x99a/0x15e0
[ 87.365316][ T5015] worker_thread+0x67d/0x10c0
[ 87.368581][ T5035] loop3: detected capacity change from 0 to 32768
[ 87.370026][ T5015] kthread+0x344/0x440
[ 87.370071][ T5015] ret_from_fork+0x1f/0x30
[ 87.385028][ T5015]
[ 87.387379][ T5015] Freed by task 12:
[ 87.391236][ T5015] kasan_save_stack+0x22/0x40
[ 87.396051][ T5015] kasan_set_track+0x25/0x30
[ 87.400686][ T5015] kasan_save_free_info+0x2e/0x40
[ 87.405762][ T5015] ____kasan_slab_free+0x160/0x1c0
[ 87.410915][ T5015] slab_free_freelist_hook+0x8b/0x1c0
[ 87.416380][ T5015] __kmem_cache_free+0xaf/0x2d0
[ 87.421263][ T5015] ieee80211_bss_info_update+0x4a2/0xb50
[ 87.426926][ T5015] ieee80211_ibss_rx_queued_mgmt+0x18c4/0x2d50
[ 87.433113][ T5015] ieee80211_iface_work+0xa4d/0xd70
[ 87.438346][ T5015] process_one_work+0x99a/0x15e0
[ 87.443324][ T5015] worker_thread+0x67d/0x10c0
[ 87.448045][ T5015] kthread+0x344/0x440
[ 87.452136][ T5015] ret_from_fork+0x1f/0x30
[ 87.456585][ T5015]
[ 87.458918][ T5015] The buggy address belongs to the object at ffff88807b940000
[ 87.458918][ T5015] which belongs to the cache kmalloc-1k of size 1024
[ 87.472985][ T5015] The buggy address is located 0 bytes inside of
[ 87.472985][ T5015] 1024-byte region [ffff88807b940000, ffff88807b940400)
[ 87.486189][ T5015]
[ 87.488520][ T5015] The buggy address belongs to the physical page:
[ 87.495034][ T5015] page:ffffea0001ee5000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b940
[ 87.505227][ T5015] head:ffffea0001ee5000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 87.514181][ T5015] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 87.522177][ T5015] page_type: 0xffffffff()
[ 87.526526][ T5015] raw: 00fff00000010200 ffff888012441dc0 dead000000000122 0000000000000000
[ 87.535131][ T5015] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 87.543734][ T5015] page dumped because: kasan: bad access detected
[ 87.550159][ T5015] page_owner tracks the page as allocated
[ 87.555877][ T5015] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 12, tgid 12 (kworker/u4:1), ts 86997032844, free_ts 86980996478
[ 87.574927][ T5015] post_alloc_hook+0x2db/0x350
[ 87.579717][ T5015] get_page_from_freelist+0xf7c/0x2aa0
[ 87.585210][ T5015] __alloc_pages+0x1cb/0x4a0
[ 87.589832][ T5015] alloc_pages+0x1aa/0x270
[ 87.594278][ T5015] allocate_slab+0x28e/0x380
[ 87.598911][ T5015] ___slab_alloc+0xa91/0x1400
[ 87.603611][ T5015] __slab_alloc.constprop.0+0x56/0xa0
[ 87.609002][ T5015] __kmem_cache_alloc_node+0x136/0x320
[ 87.614479][ T5015] __kmalloc+0x4e/0x190
[ 87.618661][ T5015] ieee802_11_parse_elems_full+0x106/0x1340
[ 87.624605][ T5015] ieee802_11_parse_elems_crc.constprop.0+0x99/0xd0
[ 87.631218][ T5015] ieee80211_bss_info_update+0x410/0xb50
[ 87.636878][ T5015] ieee80211_ibss_rx_queued_mgmt+0x18c4/0x2d50
[ 87.643099][ T5015] ieee80211_iface_work+0xa4d/0xd70
[ 87.648417][ T5015] process_one_work+0x99a/0x15e0
[ 87.653407][ T5015] worker_thread+0x67d/0x10c0
[ 87.658125][ T5015] page last free stack trace:
[ 87.662812][ T5015] free_unref_page_prepare+0x4dd/0xb90
[ 87.668300][ T5015] free_unref_page+0x33/0x370
[ 87.672999][ T5015] diMount+0x78c/0x830
[ 87.677096][ T5015] jfs_mount_rw+0x239/0x6d0
[ 87.681625][ T5015] jfs_remount+0x520/0x660
[ 87.686063][ T5015] legacy_reconfigure+0x119/0x180
[ 87.691224][ T5015] reconfigure_super+0x40c/0xa30
[ 87.696200][ T5015] __do_sys_fsconfig+0xa5e/0xc50
[ 87.701156][ T5015] do_syscall_64+0x39/0xb0
[ 87.705609][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 87.711533][ T5015]
[ 87.713976][ T5015] Memory state around the buggy address:
[ 87.719618][ T5015] ffff88807b93ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.727692][ T5015] ffff88807b93ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.735766][ T5015] >ffff88807b940000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.743834][ T5015] ^
[ 87.747913][ T5015] ffff88807b940080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.756160][ T5015] ffff88807b940100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.764228][ T5015] ==================================================================
[ 87.892225][ T5026] loop1: detected capacity change from 0 to 32768
[ 87.902258][ T5029] loop4: detected capacity change from 0 to 32768
[ 87.940871][ T5015] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.948129][ T5015] CPU: 1 PID: 5015 Comm: syz-executor303 Not tainted 6.4.0-rc1-next-20230508-syzkaller #0
[ 87.958064][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 87.968153][ T5015] Call Trace:
[ 87.971459][ T5015]
[ 87.974419][ T5015] dump_stack_lvl+0xd9/0x150
[ 87.979072][ T5015] panic+0x686/0x730
[ 87.983026][ T5015] ? panic_smp_self_stop+0xa0/0xa0
[ 87.988290][ T5015] ? preempt_schedule_thunk+0x1a/0x20
[ 87.993726][ T5015] ? __kmem_cache_free+0xaf/0x2d0
[ 87.998809][ T5015] ? preempt_schedule_common+0x45/0xb0
[ 88.004343][ T5015] ? __kmem_cache_free+0xaf/0x2d0
[ 88.009410][ T5015] check_panic_on_warn+0xb1/0xc0
[ 88.014410][ T5015] end_report+0xe9/0x120
[ 88.018698][ T5015] kasan_report_invalid_free+0xd2/0x100
[ 88.024292][ T5015] ? __kmem_cache_free+0xaf/0x2d0
[ 88.029362][ T5015] ____kasan_slab_free+0x185/0x1c0
[ 88.034523][ T5015] slab_free_freelist_hook+0x8b/0x1c0
[ 88.039963][ T5015] ? diUnmount+0xf1/0x130
[ 88.044345][ T5015] __kmem_cache_free+0xaf/0x2d0
[ 88.049247][ T5015] diUnmount+0xf1/0x130
[ 88.053623][ T5015] jfs_umount+0x189/0x430
[ 88.058096][ T5015] jfs_put_super+0x85/0x1d0
[ 88.062646][ T5015] ? jfs_quota_off+0x170/0x170
[ 88.067535][ T5015] generic_shutdown_super+0x158/0x480
[ 88.072970][ T5015] kill_block_super+0xa1/0x100
[ 88.077790][ T5015] deactivate_locked_super+0x98/0x160
[ 88.083236][ T5015] deactivate_super+0xb1/0xd0
[ 88.087969][ T5015] cleanup_mnt+0x2ae/0x3d0
[ 88.092434][ T5015] task_work_run+0x16f/0x270
[ 88.097076][ T5015] ? task_work_cancel+0x30/0x30
[ 88.099412][ T5033] loop5: detected capacity change from 0 to 32768
[ 88.108392][ T5015] ? __x64_sys_umount+0x118/0x190
[ 88.113576][ T5015] exit_to_user_mode_prepare+0x210/0x240
[ 88.119266][ T5015] syscall_exit_to_user_mode+0x1d/0x50
[ 88.124769][ T5015] do_syscall_64+0x46/0xb0
[ 88.129242][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 88.135186][ T5015] RIP: 0033:0x7fb616b808f7
[ 88.139633][ T5015] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 88.159455][ T5015] RSP: 002b:00007ffd679dacd8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 88.167910][ T5015] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb616b808f7
[ 88.175918][ T5015] RDX: 00007ffd679dad99 RSI: 000000000000000a RDI: 00007ffd679dad90
[ 88.183969][ T5015] RBP: 00007ffd679dad90 R08: 00000000ffffffff R09: 00007ffd679dab70
[ 88.191975][ T5015] R10: 0000555555d8e753 R11: 0000000000000206 R12: 00007ffd679dbe50
[ 88.199983][ T5015] R13: 0000555555d8e6f0 R14: 00007ffd679dad00 R15: 00007ffd679dbe70
[ 88.208006][ T5015]
[ 88.211365][ T5015] Kernel Offset: disabled
[ 88.215705][ T5015] Rebooting in 86400 seconds..