------------[ cut here ]------------
lp >= size || lp < 0
WARNING: fs/jfs/jfs_dmap.c:2962 at dbJoin+0xc33/0xd60, CPU#0: jfsCommit/123
Modules linked in:
CPU: 0 UID: 0 PID: 123 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:dbJoin+0xc33/0xd60
Code: eb 0c e8 50 63 60 fe eb 05 e8 49 63 60 fe 31 c0 48 83 c4 68 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 2e 63 60 fe 90 <0f> 0b 90 eb df 44 89 e9 80 e1 07 38 c1 0f 8c 00 f4 ff ff 4c 89 ef
RSP: 0018:ffffc900030af5b0 EFLAGS: 00010293
RAX: ffffffff8365dd72 RBX: 0000000000000155 RCX: ffff88816990d940
RDX: 0000000000000000 RSI: 0000000000000155 RDI: 0000000000020056
RBP: 0000000000000004 R08: ffffea00046c6d07 R09: 1ffffd40008d8da0
R10: dffffc0000000000 R11: fffff940008d8da1 R12: dffffc0000000000
R13: ffff88811b1b4020 R14: 0000000000020056 R15: 0000000000000004
FS:  0000000000000000(0000) GS:ffff88818dc1c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555588e3aa28 CR3: 000000000e746000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 dbFreeBits+0x4a2/0xd70
 dbFree+0x324/0x650
 txFreeMap+0x9e6/0xde0
 xtTruncate+0xd16/0x2eb0
 jfs_free_zero_link+0x35b/0x4c0
 jfs_evict_inode+0x356/0x430
 evict+0x624/0xb50
 jfs_lazycommit+0x44c/0xac0
 kthread+0x388/0x470
 ret_from_fork+0x514/0xb70
 ret_from_fork_asm+0x1a/0x30
 </TASK>
