loop0: detected capacity change from 0 to 32768 ... Log Wrap ... Log Wrap ... Log Wrap ... blkno = 0, nblocks = 200 ERROR: (device loop0): dbFree: block to be freed is outside the map ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... BUG at fs/jfs/jfs_dmap.c:3036 assert(bitno < 32) ------------[ cut here ]------------ kernel BUG at fs/jfs/jfs_dmap.c:3036! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3036 Code: d2 fd 90 0f 0b e8 32 fa 6e fe 48 c7 c7 a0 b9 ea 8b 48 c7 c6 e0 b6 ea 8b ba dc 0b 00 00 48 c7 c1 e0 c1 ea 8b e8 63 24 d2 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc900092af068 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000000 RCX: d944ac7529133a00 RDX: ffffc90020802000 RSI: 00000000000008d2 RDI: 00000000000008d3 RBP: 00000000ffffffff R08: ffffc900092aede7 R09: 1ffff92001255dbc R10: dffffc0000000000 R11: fffff52001255dbd R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020 FS: 00007fc38ac2a6c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00002000000000c0 CR3: 0000000038677000 CR4: 0000000000352ef0 Call Trace: dbAllocDmapLev+0x16b/0x3c0 fs/jfs/jfs_dmap.c:1985 dbAllocCtl+0x14a/0x9c0 fs/jfs/jfs_dmap.c:1825 dbAllocAG+0x1e6/0xff0 fs/jfs/jfs_dmap.c:1353 dbAlloc+0x5ab/0xba0 fs/jfs/jfs_dmap.c:877 extBalloc fs/jfs/jfs_extent.c:336 [inline] extAlloc+0x57d/0x1020 fs/jfs/jfs_extent.c:127 jfs_get_block+0x358/0xad0 fs/jfs/inode.c:254 __block_write_begin_int+0x6c6/0x1910 fs/buffer.c:2145 block_write_begin+0x8d/0x120 fs/buffer.c:2256 jfs_write_begin+0x35/0x80 fs/jfs/inode.c:306 generic_perform_write+0x2e2/0x8f0 mm/filemap.c:4314 generic_file_write_iter+0x14a/0x680 mm/filemap.c:4457 do_iter_readv_writev+0x619/0x8c0 fs/read_write.c:-1 vfs_writev+0x33c/0x990 fs/read_write.c:1057 do_pwritev fs/read_write.c:1153 [inline] __do_sys_pwritev2 fs/read_write.c:1211 [inline] __se_sys_pwritev2+0x184/0x2a0 fs/read_write.c:1202 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc389d9aeb9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc38ac2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 RAX: ffffffffffffffda RBX: 00007fc38a015fa0 RCX: 00007fc389d9aeb9 RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000004 RBP: 00007fc389e08c1f R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000e7b R11: 0000000000000246 R12: 0000000000000000 R13: 00007fc38a016038 R14: 00007fc38a015fa0 R15: 00007ffc8a55b298 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3036 Code: d2 fd 90 0f 0b e8 32 fa 6e fe 48 c7 c7 a0 b9 ea 8b 48 c7 c6 e0 b6 ea 8b ba dc 0b 00 00 48 c7 c1 e0 c1 ea 8b e8 63 24 d2 fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc900092af068 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000000 RCX: d944ac7529133a00 RDX: ffffc90020802000 RSI: 00000000000008d2 RDI: 00000000000008d3 RBP: 00000000ffffffff R08: ffffc900092aede7 R09: 1ffff92001255dbc R10: dffffc0000000000 R11: fffff52001255dbd R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020 FS: 00007fc38ac2a6c0(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc389ec0900 CR3: 0000000038677000 CR4: 0000000000352ef0