syzbot

audit: type=1800 audit(1676242833.804:93): pid=10262 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="loop0" ino=7 res=0
audit: type=1800 audit(1676242833.914:94): pid=10267 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=7 res=0
BUG at fs/jfs/jfs_logmgr.c:2326 assert(bp->l_flag & lbmRELEASE)
------------[ cut here ]------------
kernel BUG at fs/jfs/jfs_logmgr.c:2326!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 10412 Comm: loop1 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
RIP: 0010:lbmIODone.cold+0x24/0x5b fs/jfs/jfs_logmgr.c:2326
Code: f9 e8 cb ff ff ff e8 47 9c 69 f9 48 c7 c1 80 11 9b 88 ba 16 09 00 00 48 c7 c6 00 11 9b 88 48 c7 c7 40 11 9b 88 e8 93 cd fa ff <0f> 0b e8 21 9c 69 f9 48 c7 c1 c0 11 9b 88 ba 17 09 00 00 48 c7 c6
RSP: 0018:ffff888093887ac0 EFLAGS: 00010086
RAX: 000000000000003f RBX: ffff8880b450ea00 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed1012710f4a
RBP: 0000000000000020 R08: 000000000000003f R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000286
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056028d3c5e38 CR3: 000000009c694000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 bio_endio+0x488/0x830 block/bio.c:1780
 req_bio_endio block/blk-core.c:278 [inline]
 blk_update_request+0x30f/0xaf0 block/blk-core.c:3112
 blk_mq_end_request+0x4a/0x340 block/blk-mq.c:544
 lo_complete_rq+0x201/0x2d0 drivers/block/loop.c:487
 __blk_mq_complete_request block/blk-mq.c:583 [inline]
 blk_mq_complete_request+0x472/0x660 block/blk-mq.c:620
 loop_handle_cmd drivers/block/loop.c:1931 [inline]
 loop_queue_work+0x274/0x20c0 drivers/block/loop.c:1940
 kthread_worker_fn+0x292/0x730 kernel/kthread.c:700
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Modules linked in:
---[ end trace 7b9b7b2fcb281d3d ]---
RIP: 0010:lbmIODone.cold+0x24/0x5b fs/jfs/jfs_logmgr.c:2326
Code: f9 e8 cb ff ff ff e8 47 9c 69 f9 48 c7 c1 80 11 9b 88 ba 16 09 00 00 48 c7 c6 00 11 9b 88 48 c7 c7 40 11 9b 88 e8 93 cd fa ff <0f> 0b e8 21 9c 69 f9 48 c7 c1 c0 11 9b 88 ba 17 09 00 00 48 c7 c6
RSP: 0018:ffff888093887ac0 EFLAGS: 00010086
RAX: 000000000000003f RBX: ffff8880b450ea00 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff814dff01 RDI: ffffed1012710f4a
RBP: 0000000000000020 R08: 000000000000003f R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000286
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056028d3c5e38 CR3: 000000009c694000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400