program:
syz_mount_image$jfs(&(0x7f0000005dc0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f00000002c0)=ANY=[@ANYBLOB="00bf70ea5770e15f5a02d88edfdfbc9e0e526cf293c7a6a37f88fa56f360bbaf405a8c5a11a4"], 0x1, 0x5db5, openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x200, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x4, 0x4, 0x15, 0x17, "9e959f16b6787b08aa26e66c4056a51695284854c382cc6bcfeef4fb0efcc1d8a6078ed98e203fd5f0643902dda5e51e92bbd4ce85450d00", "f625c1076e4c36c800def96015e7007e904d865c2fdc458ee68d347f41be5a08", [0xf22, 0x7]})
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x105042, 0x1ff)
(async)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x200, 0x0) (async)
syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) (async)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x4, 0x4, 0x15, 0x17, "9e959f16b6787b08aa26e66c4056a51695284854c382cc6bcfeef4fb0efcc1d8a6078ed98e203fd5f0643902dda5e51e92bbd4ce85450d00", "f625c1076e4c36c800def96015e7007e904d865c2fdc458ee68d347f41be5a08", [0xf22, 0x7]}) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x105042, 0x1ff) (async)
[ 88.619775][ T5098] Bluetooth: hci0: command tx timeout
[ 90.270484][ T5113] loop0: detected capacity change from 0 to 32768
[ 90.349688][ T5113] loop0: detected capacity change from 32768 to 32767
[ 90.366234][ T102] ------------[ cut here ]------------
[ 90.368502][ T102] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2902:18
[ 90.386745][ T102] index -3 is out of range for type 's8[1365]' (aka 'signed char[1365]')
[ 90.390426][ T24] audit: type=1800 audit(1725570822.012:2): pid=5113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=7 res=0 errno=0
[ 90.408893][ T102] CPU: 0 UID: 0 PID: 102 Comm: jfsCommit Not tainted 6.11.0-rc6-syzkaller-00075-gad618736883b #0
[ 90.412826][ T102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 90.416832][ T102] Call Trace:
[ 90.418016][ T102]
[ 90.419142][ T102] dump_stack_lvl+0x241/0x360
[ 90.420938][ T102] ? __pfx_dump_stack_lvl+0x10/0x10
[ 90.422816][ T102] ? __pfx__printk+0x10/0x10
[ 90.424415][ T102] __ubsan_handle_out_of_bounds+0x121/0x150
[ 90.426434][ T102] dbAdjTree+0x377/0x520
[ 90.427640][ T102] dbJoin+0x255/0x310
[ 90.428752][ T102] dbFreeBits+0x4db/0xd90
[ 90.430084][ T102] dbFree+0x35b/0x680
[ 90.431361][ T102] txFreeMap+0x798/0xd50
[ 90.432552][ T102] txUpdateMap+0x342/0xb10
[ 90.434252][ T102] ? __pfx_txUpdateMap+0x10/0x10
[ 90.436203][ T102] jfs_lazycommit+0x49a/0xb80
[ 90.438099][ T102] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 90.440527][ T102] ? lockdep_hardirqs_on+0x99/0x150
[ 90.442734][ T102] ? __pfx_jfs_lazycommit+0x10/0x10
[ 90.444547][ T102] ? __pfx_default_wake_function+0x10/0x10
[ 90.446790][ T102] ? __kthread_parkme+0x169/0x1d0
[ 90.448659][ T102] ? __pfx_jfs_lazycommit+0x10/0x10
[ 90.450519][ T102] kthread+0x2f0/0x390
[ 90.451922][ T102] ? __pfx_jfs_lazycommit+0x10/0x10
[ 90.453879][ T102] ? __pfx_kthread+0x10/0x10
[ 90.455613][ T102] ret_from_fork+0x4b/0x80
[ 90.457223][ T102] ? __pfx_kthread+0x10/0x10
[ 90.458912][ T102] ret_from_fork_asm+0x1a/0x30
[ 90.460678][ T102]
[ 90.466263][ T24] audit: type=1804 audit(1725570822.012:3): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/file0/file1" dev="loop0" ino=7 res=1 errno=0