Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
CPU: 0 UID: 0 PID: 121 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:dbUpdatePMap+0x41/0xeb0 fs/jfs/jfs_dmap.c:443
Code: c5 49 89 cd 48 89 54 24 38 89 74 24 4c 48 89 fb 49 be 00 00 00 00 00 fc ff df e8 0a a2 74 fe 48 83 c3 28 49 89 dc 49 c1 ec 03 <43> 80 3c 34 00 74 08 48 89 df e8 60 ab da fe 41 be 98 07 00 00 4c
RSP: 0018:ffffc9000398faf8 EFLAGS: 00010206
RAX: ffffffff834fb126 RBX: 0000000000000028 RCX: ffff88801df6bc80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900031e17d0 R08: ffffc900031e17d0 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff940002e92f7 R12: 0000000000000005
R13: 0000000000000001 R14: dffffc0000000000 R15: ffffc900035024a8
FS:  0000000000000000(0000) GS:ffff888126340000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3b84cfd400 CR3: 0000000038534000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 txAllocPMap+0x1a1/0x6b0 fs/jfs/jfs_txnmgr.c:2435
 txUpdateMap+0x2a2/0x9c0 fs/jfs/jfs_txnmgr.c:2309
 txLazyCommit fs/jfs/jfs_txnmgr.c:2665 [inline]
 jfs_lazycommit+0x3ef/0xa10 fs/jfs/jfs_txnmgr.c:2734
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:dbUpdatePMap+0x41/0xeb0 fs/jfs/jfs_dmap.c:443
Code: c5 49 89 cd 48 89 54 24 38 89 74 24 4c 48 89 fb 49 be 00 00 00 00 00 fc ff df e8 0a a2 74 fe 48 83 c3 28 49 89 dc 49 c1 ec 03 <43> 80 3c 34 00 74 08 48 89 df e8 60 ab da fe 41 be 98 07 00 00 4c
RSP: 0018:ffffc9000398faf8 EFLAGS: 00010206
RAX: ffffffff834fb126 RBX: 0000000000000028 RCX: ffff88801df6bc80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900031e17d0 R08: ffffc900031e17d0 R09: 0000000000000000
R10: dffffc0000000000 R11: fffff940002e92f7 R12: 0000000000000005
R13: 0000000000000001 R14: dffffc0000000000 R15: ffffc900035024a8
FS:  0000000000000000(0000) GS:ffff888126340000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3b84cfd400 CR3: 0000000038534000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	49 89 cd             	mov    %rcx,%r13
   3:	48 89 54 24 38       	mov    %rdx,0x38(%rsp)
   8:	89 74 24 4c          	mov    %esi,0x4c(%rsp)
   c:	48 89 fb             	mov    %rdi,%rbx
   f:	49 be 00 00 00 00 00 	movabs $0xdffffc0000000000,%r14
  16:	fc ff df
  19:	e8 0a a2 74 fe       	call   0xfe74a228
  1e:	48 83 c3 28          	add    $0x28,%rbx
  22:	49 89 dc             	mov    %rbx,%r12
  25:	49 c1 ec 03          	shr    $0x3,%r12
* 29:	43 80 3c 34 00       	cmpb   $0x0,(%r12,%r14,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	48 89 df             	mov    %rbx,%rdi
  33:	e8 60 ab da fe       	call   0xfedaab98
  38:	41 be 98 07 00 00    	mov    $0x798,%r14d
  3e:	4c                   	rex.WR