------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2780:24
index 1621 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 0 UID: 0 PID: 99 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 ubsan_epilogue+0x14/0x48 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xd0/0xfc lib/ubsan.c:455
 dbJoin+0x24c/0x2a4 fs/jfs/jfs_dmap.c:2780
 dbFreeBits+0x438/0xbb8 fs/jfs/jfs_dmap.c:2340
 dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]
 dbFree+0x2d4/0x5b0 fs/jfs/jfs_dmap.c:398
 txFreeMap+0x640/0xb44 fs/jfs/jfs_txnmgr.c:2535
 txUpdateMap+0x298/0x8d0 fs/jfs/jfs_txnmgr.c:-1
 txLazyCommit fs/jfs/jfs_txnmgr.c:2665 [inline]
 jfs_lazycommit+0x394/0x94c fs/jfs/jfs_txnmgr.c:2734
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
---[ end trace ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 99 at fs/jfs/jfs_dmap.c:2875 dbAdjTree+0x3a8/0x414 fs/jfs/jfs_dmap.c:2875
Modules linked in:
CPU: 0 UID: 0 PID: 99 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : dbAdjTree+0x3a8/0x414 fs/jfs/jfs_dmap.c:2875
lr : dbAdjTree+0x3a8/0x414 fs/jfs/jfs_dmap.c:2875
sp : ffff800099e57960
x29: ffff800099e57970 x28: 0000000000000011 x27: 1fffe0001b9d9602
x26: dfff800000000000 x25: ffff0000dcecb010 x24: 0000000000000656
x23: ffff0000dcecb018 x22: 0000000000000155 x21: 0000000000000001
x20: 0000000000000004 x19: dfff800000000000 x18: 1fffe000337d4a90
x17: ffff80008f5ae000 x16: ffff800082defcc0 x15: ffff7000125d3460
x14: 1ffff000125d3460 x13: 0000000000000004 x12: ffffffffffffffff
x11: ffff7000125d3460 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c4cb5c40 x7 : ffff8000804936c4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000004 x1 : 0000000000000155 x0 : 0000000000000656
Call trace:
 dbAdjTree+0x3a8/0x414 fs/jfs/jfs_dmap.c:2875 (P)
 dbJoin+0x1ec/0x2a4 fs/jfs/jfs_dmap.c:2843
 dbFreeBits+0x438/0xbb8 fs/jfs/jfs_dmap.c:2340
 dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]
 dbFree+0x2d4/0x5b0 fs/jfs/jfs_dmap.c:398
 txFreeMap+0x640/0xb44 fs/jfs/jfs_txnmgr.c:2535
 txUpdateMap+0x298/0x8d0 fs/jfs/jfs_txnmgr.c:-1
 txLazyCommit fs/jfs/jfs_txnmgr.c:2665 [inline]
 jfs_lazycommit+0x394/0x94c fs/jfs/jfs_txnmgr.c:2734
 kthread+0x5fc/0x75c kernel/kthread.c:463
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:844
irq event stamp: 80
hardirqs last  enabled at (79): [<ffff800080493758>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1559 [inline]
hardirqs last  enabled at (79): [<ffff800080493758>] finish_lock_switch+0xb0/0x1c0 kernel/sched/core.c:5073
hardirqs last disabled at (80): [<ffff80008adf9c6c>] el1_brk64+0x20/0x54 arch/arm64/kernel/entry-common.c:412
softirqs last  enabled at (0): [<ffff8000803b804c>] copy_process+0x1134/0x31e4 kernel/fork.c:2127
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---