Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 UID: 0 PID: 117 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:metapage_write_folio+0xa7/0xcf0 fs/jfs/jfs_metapage.c:428
Code: fe 48 89 5c 24 18 4c 8d 73 18 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 63 40 d9 fe 4d 8b 36 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 4a 40 d9 fe 49 8b 1e 43 c6 44 3c
RSP: 0018:ffffc900031677c0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffea000450da00 RCX: ffff888102780000
RDX: 0000000000000000 RSI: ffffc90003167920 RDI: ffffea000450da00
RBP: ffffc900031678d0 R08: ffffea000450da37 R09: 1ffffd40008a1b46
R10: dffffc0000000000 R11: fffff940008a1b47 R12: 1ffff9200062cf04
R13: ffffea000450da00 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8882a9928000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555845eda28 CR3: 00000001702a6000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 metapage_write_one+0x2c8/0x520 fs/jfs/jfs_metapage.c:818
 release_metapage+0x5be/0xac0 fs/jfs/jfs_metapage.c:884
 txUnlock+0x524/0xdf0 fs/jfs/jfs_txnmgr.c:948
 txLazyCommit fs/jfs/jfs_txnmgr.c:2683 [inline]
 jfs_lazycommit+0x582/0xaa0 fs/jfs/jfs_txnmgr.c:2734
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:metapage_write_folio+0xa7/0xcf0 fs/jfs/jfs_metapage.c:428
Code: fe 48 89 5c 24 18 4c 8d 73 18 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 63 40 d9 fe 4d 8b 36 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 4a 40 d9 fe 49 8b 1e 43 c6 44 3c
RSP: 0018:ffffc900031677c0 EFLAGS: 00010246

RAX: 0000000000000000 RBX: ffffea000450da00 RCX: ffff888102780000
RDX: 0000000000000000 RSI: ffffc90003167920 RDI: ffffea000450da00
RBP: ffffc900031678d0 R08: ffffea000450da37 R09: 1ffffd40008a1b46
R10: dffffc0000000000 R11: fffff940008a1b47 R12: 1ffff9200062cf04
R13: ffffea000450da00 R14: 0000000000000000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8882a9928000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555845eda28 CR3: 0000000116262000 CR4: 00000000000006f0
----------------
Code disassembly (best guess):
   0:	fe 48 89             	decb   -0x77(%rax)
   3:	5c                   	pop    %rsp
   4:	24 18                	and    $0x18,%al
   6:	4c 8d 73 18          	lea    0x18(%rbx),%r14
   a:	4c 89 f0             	mov    %r14,%rax
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1)
  16:	74 08                	je     0x20
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 63 40 d9 fe       	call   0xfed94083
  20:	4d 8b 36             	mov    (%r14),%r14
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 f7             	mov    %r14,%rdi
  34:	e8 4a 40 d9 fe       	call   0xfed94083
  39:	49 8b 1e             	mov    (%r14),%rbx
  3c:	43                   	rex.XB
  3d:	c6                   	.byte 0xc6
  3e:	44                   	rex.R
  3f:	3c                   	.byte 0x3c
