... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... BUG at fs/jfs/jfs_dmap.c:3036 assert(bitno < 32) ------------[ cut here ]------------ kernel BUG at fs/jfs/jfs_dmap.c:3036! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3036 Code: ca fd 90 0f 0b e8 32 ce 68 fe 48 c7 c7 60 37 0b 8c 48 c7 c6 a0 34 0b 8c ba dc 0b 00 00 48 c7 c1 a0 3f 0b 8c e8 d3 da ca fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc9000e24ee70 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000000 RCX: 4d548a101ffc4600 RDX: ffffc9000f7b1000 RSI: 000000000000305f RDI: 0000000000003060 RBP: 00000000ffffffff R08: ffffc9000e24ebe7 R09: 1ffff92001c49d7c R10: dffffc0000000000 R11: fffff52001c49d7d R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020 FS: 00007fb0e4adb6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000420e6000 CR4: 0000000000352ef0 Call Trace: dbAllocNear+0x244/0x3d0 fs/jfs/jfs_dmap.c:1243 dbAlloc+0x936/0xba0 fs/jfs/jfs_dmap.c:832 extBalloc fs/jfs/jfs_extent.c:336 [inline] extAlloc+0x57d/0x1020 fs/jfs/jfs_extent.c:127 jfs_get_block+0x358/0xad0 fs/jfs/inode.c:254 __block_write_begin_int+0x6c6/0x1910 fs/buffer.c:2142 block_write_begin+0x8d/0x120 fs/buffer.c:2253 jfs_write_begin+0x35/0x80 fs/jfs/inode.c:306 generic_perform_write+0x2e2/0x8f0 mm/filemap.c:4319 __generic_file_write_iter+0x1ae/0x230 mm/filemap.c:4433 generic_file_write_iter+0x14a/0x680 mm/filemap.c:4462 iter_file_splice_write+0x9a1/0x10f0 fs/splice.c:736 do_splice_from fs/splice.c:936 [inline] direct_splice_actor+0x101/0x160 fs/splice.c:1159 splice_direct_to_actor+0x53a/0xc70 fs/splice.c:1103 do_splice_direct_actor fs/splice.c:1202 [inline] do_splice_direct+0x195/0x290 fs/splice.c:1228 do_sendfile+0x535/0x7d0 fs/read_write.c:1372 __do_sys_sendfile64 fs/read_write.c:1433 [inline] __se_sys_sendfile64+0x144/0x1a0 fs/read_write.c:1419 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb0e3b9c799 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb0e4adafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 00007fb0e3e16090 RCX: 00007fb0e3b9c799 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 RBP: 00007fb0e3c32c99 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000800000020 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fb0e3e16128 R14: 00007fb0e3e16090 R15: 00007fff365c0cd8 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:dbFindBits+0x19e/0x1a0 fs/jfs/jfs_dmap.c:3036 Code: ca fd 90 0f 0b e8 32 ce 68 fe 48 c7 c7 60 37 0b 8c 48 c7 c6 a0 34 0b 8c ba dc 0b 00 00 48 c7 c1 a0 3f 0b 8c e8 d3 da ca fd 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 RSP: 0018:ffffc9000e24ee70 EFLAGS: 00010246 RAX: 0000000000000030 RBX: 0000000000000000 RCX: 4d548a101ffc4600 RDX: ffffc9000f7b1000 RSI: 000000000000305f RDI: 0000000000003060 RBP: 00000000ffffffff R08: ffffc9000e24ebe7 R09: 1ffff92001c49d7c R10: dffffc0000000000 R11: fffff52001c49d7d R12: 0000000000000001 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000020 FS: 00007fb0e4adb6c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb0e4afaf68 CR3: 00000000420e6000 CR4: 0000000000352ef0