------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2780:24
index 1621 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 0 UID: 0 PID: 98 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 ubsan_epilogue+0x14/0x48 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xd0/0xfc lib/ubsan.c:455
 dbJoin+0x24c/0x2a4 fs/jfs/jfs_dmap.c:2780
 dbFreeBits+0x438/0xbb8 fs/jfs/jfs_dmap.c:2340
 dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]
 dbFree+0x2d4/0x5b0 fs/jfs/jfs_dmap.c:398
 txFreeMap+0x640/0xb44 fs/jfs/jfs_txnmgr.c:2534
 txUpdateMap+0x298/0x8d0 fs/jfs/jfs_txnmgr.c:-1
 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
 jfs_lazycommit+0x394/0x94c fs/jfs/jfs_txnmgr.c:2733
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
---[ end trace ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 98 at fs/jfs/jfs_dmap.c:2875 dbAdjTree+0x3a8/0x414 fs/jfs/jfs_dmap.c:2875
Modules linked in:
CPU: 0 UID: 0 PID: 98 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : dbAdjTree+0x3a8/0x414 fs/jfs/jfs_dmap.c:2875
lr : dbAdjTree+0x3a8/0x414 fs/jfs/jfs_dmap.c:2875
sp : ffff80009b997960
x29: ffff80009b997970 x28: 0000000000000011 x27: 1fffe0001aa5e402
x26: dfff800000000000 x25: ffff0000d52f2010 x24: 0000000000000656
x23: ffff0000d52f2018 x22: 0000000000000155 x21: 0000000000000001
x20: 0000000000000004 x19: dfff800000000000 x18: 1fffe00033797688
x17: ffff80008f7de000 x16: ffff80008b0155d8 x15: ffff70001261124c
x14: 1ffff0001261124c x13: 0000000000000004 x12: ffffffffffffffff
x11: ffff70001261124c x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c49a5b80 x7 : ffff800080490a90 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000004 x1 : 0000000000000155 x0 : 0000000000000656
Call trace:
 dbAdjTree+0x3a8/0x414 fs/jfs/jfs_dmap.c:2875 (P)
 dbJoin+0x1ec/0x2a4 fs/jfs/jfs_dmap.c:2843
 dbFreeBits+0x438/0xbb8 fs/jfs/jfs_dmap.c:2340
 dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]
 dbFree+0x2d4/0x5b0 fs/jfs/jfs_dmap.c:398
 txFreeMap+0x640/0xb44 fs/jfs/jfs_txnmgr.c:2534
 txUpdateMap+0x298/0x8d0 fs/jfs/jfs_txnmgr.c:-1
 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
 jfs_lazycommit+0x394/0x94c fs/jfs/jfs_txnmgr.c:2733
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
irq event stamp: 86
hardirqs last  enabled at (85): [<ffff800080490b24>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1531 [inline]
hardirqs last  enabled at (85): [<ffff800080490b24>] finish_lock_switch+0xb0/0x1c0 kernel/sched/core.c:5105
hardirqs last disabled at (86): [<ffff80008b00e86c>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:434
softirqs last  enabled at (0): [<ffff8000803b7494>] copy_process+0x1134/0x31ec kernel/fork.c:2119
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---