Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in [  435.580316][ T9447] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 1 UID: 0 PID: 9447 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x81d/0xef0 fs/jfs/jfs_logmgr.c:1572
Code: 3e ab fe 4d 8d 77 f0 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 71 d5 d6 fe 4d 8b 26 49 83 c4 30 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 e7 e8 55 d5 d6 fe 49 8b 3c 24 e8 7c 3e ab
RSP: 0000:ffffc900051879a0 EFLAGS: 00010206
RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff888020fb3c80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90005187ad0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc90005187788 R11: fffff52000a30f1e R12: 0000000000000030
R13: ffff888064e69a18 R14: ffff88803c86d828 R15: ffff88803c86d838
FS:  0000000000000000(0000) GS:ffff888126440000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fde3449e000 CR3: 0000000035f3e000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 jfs_umount+0x178/0x3c0 fs/jfs/jfs_umount.c:58
 jfs_put_super+0x8c/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x13d/0x2d0 fs/super.c:646
 kill_block_super+0x44/0x90 fs/super.c:1725
 deactivate_locked_super+0xbc/0x130 fs/super.c:476
 cleanup_mnt+0x437/0x4d0 fs/namespace.c:1312
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x69b/0x2320 kernel/exit.c:971
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
 x64_sys_call+0x221a/0x2240 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f575cd8c799
Code: Unable to access opcode bytes at 0x7f575cd8c76f.
RSP: 002b:00007fffacef8cc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f575ce21fb5 RCX: 00007f575cd8c799
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000002 R08: 0000000000000000 R09: 00007f575ce21f90
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffacef9f80
R13: 00007f575ce21f90 R14: 00005555702204e8 R15: 00007fffacefb050
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x81d/0xef0 fs/jfs/jfs_logmgr.c:1572
Code: 3e ab fe 4d 8d 77 f0 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 71 d5 d6 fe 4d 8b 26 49 83 c4 30 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 e7 e8 55 d5 d6 fe 49 8b 3c 24 e8 7c 3e ab
RSP: 0000:ffffc900051879a0 EFLAGS: 00010206
RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff888020fb3c80
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90005187ad0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc90005187788 R11: fffff52000a30f1e R12: 0000000000000030
R13: ffff888064e69a18 R14: ffff88803c86d828 R15: ffff88803c86d838
FS:  0000000000000000(0000) GS:ffff888126440000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fde3449e000 CR3: 0000000038c74000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	3e ab                	ds stos %eax,%es:(%rdi)
   2:	fe 4d 8d             	decb   -0x73(%rbp)
   5:	77 f0                	ja     0xfffffff7
   7:	4c 89 f0             	mov    %r14,%rax
   a:	48 c1 e8 03          	shr    $0x3,%rax
   e:	80 3c 18 00          	cmpb   $0x0,(%rax,%rbx,1)
  12:	74 08                	je     0x1c
  14:	4c 89 f7             	mov    %r14,%rdi
  17:	e8 71 d5 d6 fe       	call   0xfed6d58d
  1c:	4d 8b 26             	mov    (%r14),%r12
  1f:	49 83 c4 30          	add    $0x30,%r12
  23:	4c 89 e0             	mov    %r12,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 18 00          	cmpb   $0x0,(%rax,%rbx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 e7             	mov    %r12,%rdi
  33:	e8 55 d5 d6 fe       	call   0xfed6d58d
  38:	49 8b 3c 24          	mov    (%r12),%rdi
  3c:	e8                   	.byte 0xe8
  3d:	7c 3e                	jl     0x7d
  3f:	ab                   	stos   %eax,%es:(%rdi)