syzbot

BUG at fs/jfs/jfs_dmap.c:2983 assert(n < 4)
------------[ cut here ]------------
kernel BUG at fs/jfs/jfs_dmap.c:2983!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 6072 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:dbFindLeaf+0x51d/0x520 fs/jfs/jfs_dmap.c:2983
Code: e9 4c ff ff ff e8 e3 e3 81 fe 48 c7 c7 60 ed 24 8b 48 c7 c6 a0 ea 24 8b ba a7 0b 00 00 48 c7 c1 40 f8 24 8b e8 b4 88 e9 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57
RSP: 0018:ffffc900040b6f38 EFLAGS: 00010246
RAX: 000000000000002b RBX: 00000000ffffffff RCX: 49be1bf05625d500
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed1017104923 R12: 0000000000000007
R13: 0000000000000060 R14: 000000000000005d R15: 0000000000000155
FS:  0000555557ade500(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f81aeceea90 CR3: 0000000042a48000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 dbAllocDmapLev+0x60/0x3c0 fs/jfs/jfs_dmap.c:1969
 dbAlloc+0x991/0xba0 fs/jfs/jfs_dmap.c:844
 extBalloc fs/jfs/jfs_extent.c:336 [inline]
 extAlloc+0x54a/0xfb0 fs/jfs/jfs_extent.c:127
 jfs_get_block+0x346/0xab0 fs/jfs/inode.c:254
 get_more_blocks fs/direct-io.c:648 [inline]
 do_direct_IO fs/direct-io.c:936 [inline]
 __blockdev_direct_IO+0x157c/0x31f0 fs/direct-io.c:1243
 blockdev_direct_IO include/linux/fs.h:3075 [inline]
 jfs_direct_IO+0x11b/0x220 fs/jfs/inode.c:339
 generic_file_direct_write+0x1dc/0x3e0 mm/filemap.c:4248
 __generic_file_write_iter+0x120/0x240 mm/filemap.c:4417
 generic_file_write_iter+0x118/0x550 mm/filemap.c:4457
 do_iter_readv_writev+0x635/0x8d0 fs/read_write.c:-1
 vfs_writev+0x323/0x970 fs/read_write.c:1057
 do_pwritev fs/read_write.c:1153 [inline]
 __do_sys_pwritev2 fs/read_write.c:1211 [inline]
 __se_sys_pwritev2+0x17c/0x2a0 fs/read_write.c:1202
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1ad00ef749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe55f2f9d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
RAX: ffffffffffffffda RBX: 00007f1ad0345fa0 RCX: 00007f1ad00ef749
RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004
RBP: 00007f1ad0173f91 R08: 0000000000000000 R09: 0000000000000003
R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1ad0345fa0 R14: 00007f1ad0345fa0 R15: 0000000000000006
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dbFindLeaf+0x51d/0x520 fs/jfs/jfs_dmap.c:2983
Code: e9 4c ff ff ff e8 e3 e3 81 fe 48 c7 c7 60 ed 24 8b 48 c7 c6 a0 ea 24 8b ba a7 0b 00 00 48 c7 c1 40 f8 24 8b e8 b4 88 e9 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57
RSP: 0018:ffffc900040b6f38 EFLAGS: 00010246
RAX: 000000000000002b RBX: 00000000ffffffff RCX: 49be1bf05625d500
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed1017104923 R12: 0000000000000007
R13: 0000000000000060 R14: 000000000000005d R15: 0000000000000155
FS:  0000555557ade500(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f81aeceea90 CR3: 0000000042a48000 CR4: 00000000003526f0