loop0: detected capacity change from 0 to 32768 ... Log Wrap ... Log Wrap ... Log Wrap ... blkno = 0, nblocks = 200 ERROR: (device loop0): dbFree: block to be freed is outside the map ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... BUG at fs/jfs/jfs_dmap.c:3036 assert(bitno < 32) ------------[ cut here ]------------ kernel BUG at fs/jfs/jfs_dmap.c:3036! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3036 Code: e1 fd 90 0f 0b e8 82 8d 7a fe 48 c7 c7 00 7e a4 8b 48 c7 c6 40 7b a4 8b ba dc 0b 00 00 48 c7 c1 e0 85 a4 8b e8 d3 fb e1 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc9000d48f330 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000000 RCX: c00c5cb381221a00 RDX: ffffc9000e15a000 RSI: 0000000000000657 RDI: 0000000000000658 RBP: 00000000ffffffff R08: ffffc9000d48f047 R09: 1ffff92001a91e08 R10: dffffc0000000000 R11: fffff52001a91e09 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020 FS: 00007f3003a0d6c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000032c81000 CR4: 0000000000352ef0 Call Trace: dbAllocNear+0x244/0x3d0 fs/jfs/jfs_dmap.c:1243 dbAlloc+0x933/0xba0 fs/jfs/jfs_dmap.c:832 extBalloc fs/jfs/jfs_extent.c:336 [inline] extAlloc+0x54a/0xfb0 fs/jfs/jfs_extent.c:127 jfs_get_block+0x346/0xab0 fs/jfs/inode.c:254 __block_write_begin_int+0x6b5/0x1900 fs/buffer.c:2145 block_write_begin+0x8a/0x120 fs/buffer.c:2256 jfs_write_begin+0x35/0x80 fs/jfs/inode.c:306 generic_perform_write+0x2c5/0x900 mm/filemap.c:4242 generic_file_write_iter+0x117/0x550 mm/filemap.c:4385 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x5c9/0xb30 fs/read_write.c:686 ksys_pwrite64 fs/read_write.c:793 [inline] __do_sys_pwrite64 fs/read_write.c:801 [inline] __se_sys_pwrite64 fs/read_write.c:798 [inline] __x64_sys_pwrite64+0x193/0x220 fs/read_write.c:798 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3002b8f6c9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3003a0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 RAX: ffffffffffffffda RBX: 00007f3002de5fa0 RCX: 00007f3002b8f6c9 RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000009 RBP: 00007f3002c11f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000 R13: 00007f3002de6038 R14: 00007f3002de5fa0 R15: 00007fff39d4fac8 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3036 Code: e1 fd 90 0f 0b e8 82 8d 7a fe 48 c7 c7 00 7e a4 8b 48 c7 c6 40 7b a4 8b ba dc 0b 00 00 48 c7 c1 e0 85 a4 8b e8 d3 fb e1 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc9000d48f330 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000000 RCX: c00c5cb381221a00 RDX: ffffc9000e15a000 RSI: 0000000000000657 RDI: 0000000000000658 RBP: 00000000ffffffff R08: ffffc9000d48f047 R09: 1ffff92001a91e08 R10: dffffc0000000000 R11: fffff52001a91e09 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020 FS: 00007f3003a0d6c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000032c81000 CR4: 0000000000352ef0