syzbot

loop1: detected capacity change from 0 to 32768
read_mapping_page failed!
diRead: diIAGRead returned -5
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 1 UID: 0 PID: 6149 Comm: syz.1.94 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x7f8/0xed0 fs/jfs/jfs_logmgr.c:1572
Code: f0 b6 fe 4d 8d 77 f0 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 16 1c e1 fe 4d 8b 26 49 83 c4 30 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 e7 e8 fa 1b e1 fe 49 8b 3c 24 e8 71 f0 b6
RSP: 0018:ffffc90003dff980 EFLAGS: 00010206
RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff88802bf68000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003dffac0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc90003dff768 R11: fffff520007bff1a R12: 0000000000000030
R13: ffff888027a76a18 R14: ffff888028272828 R15: ffff888028272838
FS:  00005555708ff500(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9b20735000 CR3: 000000003194e000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 jfs_umount+0x178/0x3c0 fs/jfs/jfs_umount.c:58
 jfs_fill_super+0x9c5/0xd80 fs/jfs/super.c:567
 get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1691
 vfs_get_tree+0x92/0x2a0 fs/super.c:1751
 fc_mount fs/namespace.c:1199 [inline]
 do_new_mount_fc fs/namespace.c:3636 [inline]
 do_new_mount+0x302/0xa10 fs/namespace.c:3712
 do_mount fs/namespace.c:4035 [inline]
 __do_sys_mount fs/namespace.c:4224 [inline]
 __se_sys_mount+0x313/0x410 fs/namespace.c:4201
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feea8100eea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd9aa7eaf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffd9aa7eb80 RCX: 00007feea8100eea
RDX: 0000200000000000 RSI: 0000200000000180 RDI: 00007ffd9aa7eb40
RBP: 0000200000000000 R08: 00007ffd9aa7eb80 R09: 0000000001000002
R10: 0000000001000002 R11: 0000000000000246 R12: 0000200000000180
R13: 00007ffd9aa7eb40 R14: 00000000000060b6 R15: 0000200000000540
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:write_special_inodes fs/jfs/jfs_logmgr.c:208 [inline]
RIP: 0010:jfs_flush_journal+0x7f8/0xed0 fs/jfs/jfs_logmgr.c:1572
Code: f0 b6 fe 4d 8d 77 f0 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 16 1c e1 fe 4d 8b 26 49 83 c4 30 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 e7 e8 fa 1b e1 fe 49 8b 3c 24 e8 71 f0 b6
RSP: 0018:ffffc90003dff980 EFLAGS: 00010206
RAX: 0000000000000006 RBX: dffffc0000000000 RCX: ffff88802bf68000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003dffac0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc90003dff768 R11: fffff520007bff1a R12: 0000000000000030
R13: ffff888027a76a18 R14: ffff888028272828 R15: ffff888028272838
FS:  00005555708ff500(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9b20735000 CR3: 000000003194e000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	f0 b6 fe             	lock mov $0xfe,%dh
   3:	4d 8d 77 f0          	lea    -0x10(%r15),%r14
   7:	4c 89 f0             	mov    %r14,%rax
   a:	48 c1 e8 03          	shr    $0x3,%rax
   e:	80 3c 18 00          	cmpb   $0x0,(%rax,%rbx,1)
  12:	74 08                	je     0x1c
  14:	4c 89 f7             	mov    %r14,%rdi
  17:	e8 16 1c e1 fe       	call   0xfee11c32
  1c:	4d 8b 26             	mov    (%r14),%r12
  1f:	49 83 c4 30          	add    $0x30,%r12
  23:	4c 89 e0             	mov    %r12,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 18 00          	cmpb   $0x0,(%rax,%rbx,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 e7             	mov    %r12,%rdi
  33:	e8 fa 1b e1 fe       	call   0xfee11c32
  38:	49 8b 3c 24          	mov    (%r12),%rdi
  3c:	e8                   	.byte 0xe8
  3d:	71 f0                	jno    0x2f
  3f:	b6                   	.byte 0xb6