loop0: detected capacity change from 0 to 32768 ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... BUG at fs/jfs/jfs_dmap.c:3036 assert(bitno < 32) ------------[ cut here ]------------ kernel BUG at fs/jfs/jfs_dmap.c:3036! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3036 Code: e2 fd 90 0f 0b e8 82 8d 7a fe 48 c7 c7 c0 7d a4 8b 48 c7 c6 00 7b a4 8b ba dc 0b 00 00 48 c7 c1 a0 85 a4 8b e8 13 09 e2 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc9000d426e48 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000004 RCX: 6d71d4c96e4c0800 RDX: ffffc9000df0a000 RSI: 00000000000d9253 RDI: 00000000000d9254 RBP: 00000000ffffffff R08: ffffc9000d426b67 R09: 1ffff92001a84d6c R10: dffffc0000000000 R11: fffff52001a84d6d R12: 0000000000000010 R13: 0000000000000000 R14: 0000000000000010 R15: 0000000000000020 FS: 00007ff4ae6f56c0(0000) GS:ffff88808d732000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000001780 CR3: 0000000041398000 CR4: 0000000000352ef0 Call Trace: dbAllocDmapLev+0x16b/0x3c0 fs/jfs/jfs_dmap.c:1985 dbAllocCtl+0x14a/0x9c0 fs/jfs/jfs_dmap.c:1825 dbAllocAG+0x1e6/0xff0 fs/jfs/jfs_dmap.c:1353 dbAlloc+0x5a8/0xba0 fs/jfs/jfs_dmap.c:877 extBalloc fs/jfs/jfs_extent.c:336 [inline] extAlloc+0x54a/0xfb0 fs/jfs/jfs_extent.c:127 jfs_get_block+0x346/0xab0 fs/jfs/inode.c:254 get_more_blocks fs/direct-io.c:648 [inline] do_direct_IO fs/direct-io.c:936 [inline] __blockdev_direct_IO+0x16ff/0x3490 fs/direct-io.c:1243 blockdev_direct_IO include/linux/fs.h:3509 [inline] jfs_direct_IO+0x119/0x220 fs/jfs/inode.c:339 generic_file_direct_write+0x1db/0x3e0 mm/filemap.c:4176 __generic_file_write_iter+0x11d/0x230 mm/filemap.c:4345 generic_file_write_iter+0x117/0x550 mm/filemap.c:4385 do_iter_readv_writev+0x623/0x8c0 fs/read_write.c:-1 vfs_writev+0x31a/0x960 fs/read_write.c:1057 do_pwritev fs/read_write.c:1153 [inline] __do_sys_pwritev2 fs/read_write.c:1211 [inline] __se_sys_pwritev2+0x179/0x290 fs/read_write.c:1202 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff4ad78f6c9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff4ae6f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 RAX: ffffffffffffffda RBX: 00007ff4ad9e5fa0 RCX: 00007ff4ad78f6c9 RDX: 0000000000000001 RSI: 0000200000000240 RDI: 000000000000000a RBP: 00007ff4ad811f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000007800 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ff4ad9e6038 R14: 00007ff4ad9e5fa0 R15: 00007ffd512de668 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3036 Code: e2 fd 90 0f 0b e8 82 8d 7a fe 48 c7 c7 c0 7d a4 8b 48 c7 c6 00 7b a4 8b ba dc 0b 00 00 48 c7 c1 a0 85 a4 8b e8 13 09 e2 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc9000d426e48 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000004 RCX: 6d71d4c96e4c0800 RDX: ffffc9000df0a000 RSI: 00000000000d9253 RDI: 00000000000d9254 RBP: 00000000ffffffff R08: ffffc9000d426b67 R09: 1ffff92001a84d6c R10: dffffc0000000000 R11: fffff52001a84d6d R12: 0000000000000010 R13: 0000000000000000 R14: 0000000000000010 R15: 0000000000000020 FS: 00007ff4ae6f56c0(0000) GS:ffff88808d732000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff4ae6d4990 CR3: 0000000041398000 CR4: 0000000000352ef0