loop0: detected capacity change from 0 to 32768 ... Log Wrap ... Log Wrap ... Log Wrap ... blkno = 0, nblocks = 40 ERROR: (device loop0): dbFree: block to be freed is outside the map ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... BUG at fs/jfs/jfs_dmap.c:3123 assert(bitno < 32) ------------[ cut here ]------------ kernel BUG at fs/jfs/jfs_dmap.c:3123! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3123 Code: c7 fd 90 0f 0b e8 e2 38 65 fe 48 c7 c7 20 cf 0b 8c 48 c7 c6 60 cc 0b 8c ba 33 0c 00 00 48 c7 c1 60 d7 0b 8c e8 73 12 c7 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc9000da17330 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000000 RCX: 9606c61ed2ba1500 RDX: ffffc9000f7d1000 RSI: 0000000000000768 RDI: 0000000000000769 RBP: 00000000ffffffff R08: ffffc9000da170a7 R09: 1ffff92001b42e14 R10: dffffc0000000000 R11: fffff52001b42e15 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020 FS: 00007efcfaa656c0(0000) GS:ffff88808c87f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000002000 CR3: 0000000012501000 CR4: 0000000000352ef0 Call Trace: dbAllocNear+0x244/0x3d0 fs/jfs/jfs_dmap.c:1330 dbAlloc+0x936/0xba0 fs/jfs/jfs_dmap.c:919 extBalloc fs/jfs/jfs_extent.c:336 [inline] extAlloc+0x57d/0x1020 fs/jfs/jfs_extent.c:127 jfs_get_block+0x358/0xad0 fs/jfs/inode.c:254 __block_write_begin_int+0x6c6/0x1910 fs/buffer.c:2042 block_write_begin+0x8d/0x120 fs/buffer.c:2153 jfs_write_begin+0x35/0x80 fs/jfs/inode.c:306 generic_perform_write+0x2e2/0x8f0 mm/filemap.c:4325 generic_file_write_iter+0x14a/0x680 mm/filemap.c:4468 new_sync_write fs/read_write.c:595 [inline] vfs_write+0x61d/0xb90 fs/read_write.c:688 ksys_write+0x150/0x270 fs/read_write.c:740 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7efcf9b9ce59 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007efcfaa64fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007efcf9e15fa0 RCX: 00007efcf9b9ce59 RDX: 0000000000001006 RSI: 0000200000001440 RDI: 000000000000000a RBP: 00007efcf9c32d6f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007efcf9e16038 R14: 00007efcf9e15fa0 R15: 00007ffe3a6aa698 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3123 Code: c7 fd 90 0f 0b e8 e2 38 65 fe 48 c7 c7 20 cf 0b 8c 48 c7 c6 60 cc 0b 8c ba 33 0c 00 00 48 c7 c1 60 d7 0b 8c e8 73 12 c7 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc9000da17330 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000000 RCX: 9606c61ed2ba1500 RDX: ffffc9000f7d1000 RSI: 0000000000000768 RDI: 0000000000000769 RBP: 00000000ffffffff R08: ffffc9000da170a7 R09: 1ffff92001b42e14 R10: dffffc0000000000 R11: fffff52001b42e15 R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020 FS: 00007efcfaa656c0(0000) GS:ffff88808c87f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000200000002000 CR3: 0000000012501000 CR4: 0000000000352ef0