Warning: Permanently added '[localhost]:51248' (ED25519) to the list of known hosts.
executing program
[   77.957627][ T5305] loop0: detected capacity change from 0 to 32768
[   77.966887][ T5305] =======================================================
[   77.966887][ T5305] WARNING: The mand mount option has been deprecated and
[   77.966887][ T5305]          and is ignored by this kernel. Remove the mand
[   77.966887][ T5305]          option from the mount to silence this warning.
[   77.966887][ T5305] =======================================================
[   78.249677][   T30] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   78.249677][   T30] 
[   78.255294][   T30] ERROR: (device loop0): remounting filesystem as read-only
[   78.259475][   T30] kworker/u4:2: attempt to access beyond end of device
[   78.259475][   T30] loop0: rw=1, sector=2621792, nr_sectors = 16 limit=32768
[   78.265352][   T30] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   78.265352][   T30] 
[   78.271405][  T105] blkno = 5002c, nblocks = 1
[   78.273271][  T105] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   78.273271][  T105] 
[   78.277258][  T105] blkno = 5002d, nblocks = 1
[   78.280844][  T105] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   78.280844][  T105] 
[   78.289726][   T30] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   78.289726][   T30] 
[   78.293553][   T30] kworker/u4:2: attempt to access beyond end of device
[   78.293553][   T30] loop0: rw=2049, sector=2621808, nr_sectors = 8 limit=32768
[   78.300419][   T30] ERROR: (device loop0): dbAlloc: the hint is outside the map
[   78.300419][   T30] 
[   78.304380][   T30] kworker/u4:2: attempt to access beyond end of device
[   78.304380][   T30] loop0: rw=2049, sector=2621816, nr_sectors = 8 limit=32768
[   78.311263][   T30] Buffer I/O error on dev loop0, logical block 327727, lost async page write
[   78.317427][  T105] blkno = 5002e, nblocks = 1
[   78.319364][  T105] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   78.319364][  T105] 
[   78.323245][  T105] blkno = 5002f, nblocks = 1
[   78.327246][  T105] ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
[   78.327246][  T105] 
[   78.346152][  T105] ==================================================================
[   78.349376][  T105] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x7e0/0xb80
[   78.352963][  T105] Read of size 4 at addr ffff88804025c494 by task jfsCommit/105
[   78.357453][  T105] 
[   78.358690][  T105] CPU: 0 UID: 0 PID: 105 Comm: jfsCommit Not tainted 6.14.0-rc4-syzkaller #0
[   78.358709][  T105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.358715][  T105] Call Trace:
[   78.358721][  T105]  <TASK>
[   78.358726][  T105]  dump_stack_lvl+0x241/0x360
[   78.358740][  T105]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.358747][  T105]  ? __pfx__printk+0x10/0x10
[   78.358755][  T105]  ? _printk+0xd5/0x120
[   78.358763][  T105]  ? __virt_addr_valid+0x183/0x530
[   78.358773][  T105]  ? __virt_addr_valid+0x183/0x530
[   78.358782][  T105]  print_report+0x16e/0x5b0
[   78.358795][  T105]  ? __virt_addr_valid+0x183/0x530
[   78.358803][  T105]  ? __virt_addr_valid+0x183/0x530
[   78.358812][  T105]  ? __virt_addr_valid+0x45f/0x530
[   78.358821][  T105]  ? __phys_addr+0xba/0x170
[   78.358838][  T105]  ? jfs_lazycommit+0x7e0/0xb80
[   78.358928][  T105]  kasan_report+0x143/0x180
[   78.358943][  T105]  ? _raw_spin_lock_irqsave+0xe1/0x120
[   78.359020][  T105]  ? jfs_lazycommit+0x7e0/0xb80
[   78.359032][  T105]  jfs_lazycommit+0x7e0/0xb80
[   78.359040][  T105]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   78.359047][  T105]  ? lockdep_hardirqs_on+0x99/0x150
[   78.359055][  T105]  ? __pfx_jfs_lazycommit+0x10/0x10
[   78.359064][  T105]  ? __pfx_default_wake_function+0x10/0x10
[   78.359076][  T105]  ? __kthread_parkme+0x169/0x1d0
[   78.359085][  T105]  ? __pfx_jfs_lazycommit+0x10/0x10
[   78.359093][  T105]  kthread+0x7a9/0x920
[   78.359102][  T105]  ? __pfx_kthread+0x10/0x10
[   78.359114][  T105]  ? __pfx_jfs_lazycommit+0x10/0x10
[   78.359122][  T105]  ? __pfx_kthread+0x10/0x10
[   78.359130][  T105]  ? __pfx_kthread+0x10/0x10
[   78.359143][  T105]  ? __pfx_kthread+0x10/0x10
[   78.359155][  T105]  ? _raw_spin_unlock_irq+0x23/0x50
[   78.359165][  T105]  ? lockdep_hardirqs_on+0x99/0x150
[   78.359176][  T105]  ? __pfx_kthread+0x10/0x10
[   78.359189][  T105]  ret_from_fork+0x4b/0x80
[   78.359203][  T105]  ? __pfx_kthread+0x10/0x10
[   78.359272][  T105]  ret_from_fork_asm+0x1a/0x30
[   78.359293][  T105]  </TASK>
[   78.359297][  T105] 
[   78.444637][  T105] Allocated by task 5305:
[   78.446328][  T105]  kasan_save_track+0x3f/0x80
[   78.448142][  T105]  __kasan_kmalloc+0x98/0xb0
[   78.449887][  T105]  __kmalloc_cache_noprof+0x243/0x390
[   78.451997][  T105]  jfs_fill_super+0xc2/0xd90
[   78.453811][  T105]  get_tree_bdev_flags+0x48c/0x5c0
[   78.455960][  T105]  vfs_get_tree+0x90/0x2b0
[   78.457641][  T105]  do_new_mount+0x2be/0xb40
[   78.459446][  T105]  __se_sys_mount+0x2d6/0x3c0
[   78.461244][  T105]  do_syscall_64+0xf3/0x230
[   78.463143][  T105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.465508][  T105] 
[   78.466552][  T105] Freed by task 5304:
[   78.468029][  T105]  kasan_save_track+0x3f/0x80
[   78.469999][  T105]  kasan_save_free_info+0x40/0x50
[   78.472042][  T105]  __kasan_slab_free+0x59/0x70
[   78.474052][  T105]  kfree+0x196/0x430
[   78.475509][  T105]  generic_shutdown_super+0x139/0x2d0
[   78.477629][  T105]  kill_block_super+0x44/0x90
[   78.479575][  T105]  deactivate_locked_super+0xc4/0x130
[   78.482417][  T105]  cleanup_mnt+0x41f/0x4b0
[   78.484792][  T105]  task_work_run+0x24f/0x310
[   78.486678][  T105]  syscall_exit_to_user_mode+0x13f/0x340
[   78.488638][  T105]  do_syscall_64+0x100/0x230
[   78.490309][  T105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.492471][  T105] 
[   78.493344][  T105] The buggy address belongs to the object at ffff88804025c400
[   78.493344][  T105]  which belongs to the cache kmalloc-256 of size 256
[   78.498151][  T105] The buggy address is located 148 bytes inside of
[   78.498151][  T105]  freed 256-byte region [ffff88804025c400, ffff88804025c500)
[   78.502729][  T105] 
[   78.503634][  T105] The buggy address belongs to the physical page:
[   78.506375][  T105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4025c
[   78.510502][  T105] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   78.513338][  T105] page_type: f5(slab)
[   78.514999][  T105] raw: 04fff00000000000 ffff88801b041b40 ffffea000101ab00 dead000000000004
[   78.518164][  T105] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   78.521417][  T105] page dumped because: kasan: bad access detected
[   78.524039][  T105] page_owner tracks the page as allocated
[   78.526678][  T105] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 25194780265, free_ts 25179118289
[   78.534437][  T105]  post_alloc_hook+0x1f4/0x240
[   78.536368][  T105]  get_page_from_freelist+0x365c/0x37a0
[   78.538347][  T105]  __alloc_frozen_pages_noprof+0x292/0x710
[   78.540653][  T105]  alloc_pages_mpol+0x311/0x660
[   78.542526][  T105]  allocate_slab+0x8f/0x3a0
[   78.544707][  T105]  ___slab_alloc+0xc27/0x14a0
[   78.547026][  T105]  __slab_alloc+0x58/0xa0
[   78.549102][  T105]  __kmalloc_node_track_caller_noprof+0x2e9/0x4c0
[   78.551691][  T105]  krealloc_noprof+0x10f/0x300
[   78.553660][  T105]  add_sysfs_param+0xca/0x820
[   78.555944][  T105]  kernel_add_sysfs_param+0xb4/0x130
[   78.557878][  T105]  param_sysfs_builtin+0x1d7/0x290
[   78.559949][  T105]  param_sysfs_builtin_init+0x31/0x40
[   78.562333][  T105]  do_one_initcall+0x248/0x930
[   78.564450][  T105]  do_initcall_level+0x157/0x210
[   78.566741][  T105]  do_initcalls+0x71/0xd0
[   78.568303][  T105] page last free pid 9 tgid 9 stack trace:
[   78.570454][  T105]  free_frozen_pages+0xe0d/0x10e0
[   78.572723][  T105]  vfree+0x1c3/0x360
[   78.574267][  T105]  delayed_vfree_work+0x56/0x80
[   78.576197][  T105]  process_scheduled_works+0xabe/0x18e0
[   78.578775][  T105]  worker_thread+0x870/0xd30
[   78.581428][  T105]  kthread+0x7a9/0x920
[   78.583486][  T105]  ret_from_fork+0x4b/0x80
[   78.585233][  T105]  ret_from_fork_asm+0x1a/0x30
[   78.587081][  T105] 
[   78.588135][  T105] Memory state around the buggy address:
[   78.590473][  T105]  ffff88804025c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.593493][  T105]  ffff88804025c400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.596675][  T105] >ffff88804025c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.599783][  T105]                          ^
[   78.601894][  T105]  ffff88804025c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.605084][  T105]  ffff88804025c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   78.608513][  T105] ==================================================================
[   78.611390][  T105] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   78.614182][  T105] CPU: 0 UID: 0 PID: 105 Comm: jfsCommit Not tainted 6.14.0-rc4-syzkaller #0
[   78.617672][  T105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.622392][  T105] Call Trace:
[   78.624237][  T105]  <TASK>
[   78.625502][  T105]  dump_stack_lvl+0x241/0x360
[   78.627256][  T105]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.629052][  T105]  ? __pfx__printk+0x10/0x10
[   78.630834][  T105]  ? rcu_is_watching+0x15/0xb0
[   78.632622][  T105]  ? lock_release+0xbf/0xa30
[   78.634390][  T105]  ? vscnprintf+0x5d/0x90
[   78.636012][  T105]  panic+0x349/0x880
[   78.637473][  T105]  ? check_panic_on_warn+0x21/0xb0
[   78.639632][  T105]  ? __pfx_panic+0x10/0x10
[   78.641424][  T105]  ? do_raw_spin_unlock+0x58/0x8b0
[   78.643605][  T105]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   78.646043][  T105]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   78.648781][  T105]  ? print_report+0x519/0x5b0
[   78.650663][  T105]  check_panic_on_warn+0x86/0xb0
[   78.652614][  T105]  ? jfs_lazycommit+0x7e0/0xb80
[   78.654559][  T105]  end_report+0x77/0x160
[   78.656215][  T105]  kasan_report+0x154/0x180
[   78.657870][  T105]  ? _raw_spin_lock_irqsave+0xe1/0x120
[   78.660012][  T105]  ? jfs_lazycommit+0x7e0/0xb80
[   78.661805][  T105]  jfs_lazycommit+0x7e0/0xb80
[   78.663840][  T105]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[   78.667292][  T105]  ? lockdep_hardirqs_on+0x99/0x150
[   78.670183][  T105]  ? __pfx_jfs_lazycommit+0x10/0x10
[   78.672717][  T105]  ? __pfx_default_wake_function+0x10/0x10
[   78.675026][  T105]  ? __kthread_parkme+0x169/0x1d0
[   78.677016][  T105]  ? __pfx_jfs_lazycommit+0x10/0x10
[   78.679105][  T105]  kthread+0x7a9/0x920
[   78.680730][  T105]  ? __pfx_kthread+0x10/0x10
[   78.682441][  T105]  ? __pfx_jfs_lazycommit+0x10/0x10
[   78.684346][  T105]  ? __pfx_kthread+0x10/0x10
[   78.686095][  T105]  ? __pfx_kthread+0x10/0x10
[   78.687877][  T105]  ? __pfx_kthread+0x10/0x10
[   78.689726][  T105]  ? _raw_spin_unlock_irq+0x23/0x50
[   78.691962][  T105]  ? lockdep_hardirqs_on+0x99/0x150
[   78.694012][  T105]  ? __pfx_kthread+0x10/0x10
[   78.695741][  T105]  ret_from_fork+0x4b/0x80
[   78.697605][  T105]  ? __pfx_kthread+0x10/0x10
[   78.699387][  T105]  ret_from_fork_asm+0x1a/0x30
[   78.701187][  T105]  </TASK>
[   78.702710][  T105] Kernel Offset: disabled
[   78.704729][  T105] Rebooting in 86400 seconds..

VM DIAGNOSIS:
21:28:48  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000034 RBX=ffffffff9a9960a0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc900018f74f0
R8 =ffffffff8583d4cb R9 =1ffff11003e73046 R10=dffffc0000000000 R11=ffffffff8583d480
R12=dffffc0000000000 R13=0000000000000034 R14=0000000000000034 R15=00000000000003f8
RIP=ffffffff8583d4fe RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055557506b738 CR3=0000000035aca000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000040000021 Opmask01=0000000000000001 Opmask02=00000000fff7ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a60ce07b 00000000cec3662e
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 24b48a877c0e48e9
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 08923995c956484f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f006a64615f6572 6f63735f6d6f6f2f 666c65732f636f72 702f003030303100
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a004f41445f4057 4a46565f484a4a0a 434940560a464a57 550a001515151400
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000