Unable to handle kernel paging request at virtual address dfff800000000008
KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000008] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6758 Comm: syz.0.47 Not tainted 6.12.0-syzkaller-g7b1d1d4cfac0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : generic_test_bit include/asm-generic/bitops/generic-non-atomic.h:128 [inline]
pc : txBeginAnon+0xac/0x154 fs/jfs/jfs_txnmgr.c:465
lr : spin_lock include/linux/spinlock.h:351 [inline]
lr : txBeginAnon+0x78/0x154 fs/jfs/jfs_txnmgr.c:458
sp : ffff8000a2556b80
x29: ffff8000a2556b80 x28: ffff800097493328 x27: ffff800097493000
x26: ffff800097493000 x25: 0000000000000008 x24: 0000000000000150
x23: dfff800000000000 x22: 0000000000000008 x21: 0000000000000000
x20: 0000000000000040 x19: ffff80008fe07960 x18: 1fffe0001a7b74a6
x17: ffff80008f81d000 x16: ffff80008036ec34 x15: ffff7000144aad58
x14: 1ffff000144aad58 x13: 0000000000000004 x12: ffffffffffffffff
x11: ffff7000144aad58 x10: 1ffff000144aad58 x9 : 48d42b4273816100
x8 : 48d42b4273816100 x7 : ffff800081b46164 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008036ed5c
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000001
Call trace:
 txBeginAnon+0xac/0x154 (P)
 spin_lock include/linux/spinlock.h:351 [inline] (L)
 txBeginAnon+0x78/0x154 fs/jfs/jfs_txnmgr.c:458 (L)
 extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78
 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248
 get_more_blocks fs/direct-io.c:648 [inline]
 do_direct_IO fs/direct-io.c:936 [inline]
 __blockdev_direct_IO+0x14b4/0x3940 fs/direct-io.c:1243
 blockdev_direct_IO include/linux/fs.h:3280 [inline]
 jfs_direct_IO+0xf0/0x1d4 fs/jfs/inode.c:331
 generic_file_direct_write+0x15c/0x30c mm/filemap.c:3977
 __generic_file_write_iter+0x110/0x204 mm/filemap.c:4141
 generic_file_write_iter+0xb8/0x2b4 mm/filemap.c:4181
 iter_file_splice_write+0x898/0xfdc fs/splice.c:743
 do_splice_from fs/splice.c:941 [inline]
 direct_splice_actor+0xec/0x1d8 fs/splice.c:1164
 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0x1e4/0x304 fs/splice.c:1233
 do_sendfile+0x46c/0xbd0 fs/read_write.c:1388
 __do_sys_sendfile64 fs/read_write.c:1455 [inline]
 __se_sys_sendfile64 fs/read_write.c:1441 [inline]
 __arm64_sys_sendfile64+0x148/0x3a4 fs/read_write.c:1441
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: aa1803e0 97ffff65 aa1303e0 958f8035 (38776b28) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	aa1803e0 	mov	x0, x24
   4:	97ffff65 	bl	0xfffffffffffffd98
   8:	aa1303e0 	mov	x0, x19
   c:	958f8035 	bl	0x63e00e0
* 10:	38776b28 	ldrb	w8, [x25, x23] <-- trapping instruction