------------[ cut here ]------------ lp >= size || lp < 0 WARNING: fs/jfs/jfs_dmap.c:2962 at dbAdjTree+0x2fa/0x3f0 fs/jfs/jfs_dmap.c:2962, CPU#1: jfsCommit/118 Modules linked in: CPU: 1 UID: 0 PID: 118 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 RIP: 0010:dbAdjTree+0x2fa/0x3f0 fs/jfs/jfs_dmap.c:2962 Code: 00 00 0f 82 8c fe ff ff 48 89 d6 48 c7 c7 20 72 e5 8e 48 89 14 24 e8 65 1b 8d fd 48 8b 14 24 e9 70 fe ff ff e8 77 1b 5f fe 90 <0f> 0b 90 e8 6e 1b 5f fe 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f RSP: 0018:ffffc90002d0f568 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000155 RCX: ffffffff83aa2009 RDX: ffff88801e7b0000 RSI: ffffffff83aa2289 RDI: ffff88801e7b0000 RBP: ffff88807a5ee010 R08: 0000000000000004 R09: 0000000000000155 R10: 0000000000020056 R11: 0000000000000000 R12: 0000000000020056 R13: 0000000000000004 R14: ffff88807a5ee010 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff888124419000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3816418000 CR3: 0000000077548000 CR4: 0000000000350ef0 Call Trace: dbJoin+0x24b/0x2b0 fs/jfs/jfs_dmap.c:2930 dbFreeBits+0x170/0x8d0 fs/jfs/jfs_dmap.c:2427 dbFreeDmap+0x62/0x1c0 fs/jfs/jfs_dmap.c:2176 dbFree+0x266/0x550 fs/jfs/jfs_dmap.c:485 txFreeMap+0x2d3/0xe10 fs/jfs/jfs_txnmgr.c:2517 xtTruncate+0x24fe/0x2e20 fs/jfs/jfs_xtree.c:2481 jfs_free_zero_link+0x262/0x4c0 fs/jfs/namei.c:760 jfs_evict_inode+0x40a/0x4a0 fs/jfs/inode.c:159 evict+0x3c2/0xad0 fs/inode.c:828 iput_final fs/inode.c:2022 [inline] iput.part.0+0x989/0x1050 fs/inode.c:2071 iput+0x35/0x40 fs/inode.c:2037 txUpdateMap+0x8bc/0xb00 fs/jfs/jfs_txnmgr.c:2369 txLazyCommit fs/jfs/jfs_txnmgr.c:2666 [inline] jfs_lazycommit+0x5be/0xab0 fs/jfs/jfs_txnmgr.c:2735 kthread+0x370/0x450 kernel/kthread.c:436 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245