... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... ... Log Wrap ... Log Wrap ... Log Wrap ... general protection fault, probably for non-canonical address 0xdffffc0000000104: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000820-0x0000000000000827] CPU: 1 PID: 7991 Comm: syz-executor.2 Not tainted 6.1.90-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:diIAGRead fs/jfs/jfs_imap.c:2662 [inline] RIP: 0010:diRead+0x152/0xad0 fs/jfs/jfs_imap.c:316 Code: 8b 6d 80 48 89 6c 24 20 4c 8d b5 98 fc ff ff 4c 89 f7 be 01 00 00 00 e8 6c c4 65 fe 49 8d 9d 20 08 00 00 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 2f 10 de fe 4c 8b 3b 49 8d 6f 28 RSP: 0018:ffffc90010377660 EFLAGS: 00010202 RAX: 0000000000000104 RBX: 0000000000000820 RCX: 0000000000000001 RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001 RBP: ffff888056e344f0 R08: dffffc0000000000 R09: ffffed100adc6833 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000004 R13: 0000000000000000 R14: ffff888056e34188 R15: dffffc0000000000 FS: 00007f28fde8e6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b3332e000 CR3: 000000002387f000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: jfs_iget+0x88/0x3b0 fs/jfs/inode.c:35 jfs_lookup+0x222/0x400 fs/jfs/namei.c:1467 lookup_open fs/namei.c:3462 [inline] open_last_lookups fs/namei.c:3552 [inline] path_openat+0x10fb/0x2e60 fs/namei.c:3782 do_filp_open+0x230/0x480 fs/namei.c:3812 do_sys_openat2+0x13b/0x500 fs/open.c:1318 do_sys_open fs/open.c:1334 [inline] __do_sys_openat fs/open.c:1350 [inline] __se_sys_openat fs/open.c:1345 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1345 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f28fd07dd69 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f28fde8e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007f28fd1abf80 RCX: 00007f28fd07dd69 RDX: 0000000000000000 RSI: 00000000200002c0 RDI: ffffffffffffff9c RBP: 00007f28fd0ca49e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f28fd1abf80 R15: 00007ffe0db45de8 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:diIAGRead fs/jfs/jfs_imap.c:2662 [inline] RIP: 0010:diRead+0x152/0xad0 fs/jfs/jfs_imap.c:316 Code: 8b 6d 80 48 89 6c 24 20 4c 8d b5 98 fc ff ff 4c 89 f7 be 01 00 00 00 e8 6c c4 65 fe 49 8d 9d 20 08 00 00 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 2f 10 de fe 4c 8b 3b 49 8d 6f 28 RSP: 0018:ffffc90010377660 EFLAGS: 00010202 RAX: 0000000000000104 RBX: 0000000000000820 RCX: 0000000000000001 RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001 RBP: ffff888056e344f0 R08: dffffc0000000000 R09: ffffed100adc6833 R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000004 R13: 0000000000000000 R14: ffff888056e34188 R15: dffffc0000000000 FS: 00007f28fde8e6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8bd51b5c98 CR3: 000000002387f000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 8b 6d 80 mov -0x80(%rbp),%ebp 3: 48 89 6c 24 20 mov %rbp,0x20(%rsp) 8: 4c 8d b5 98 fc ff ff lea -0x368(%rbp),%r14 f: 4c 89 f7 mov %r14,%rdi 12: be 01 00 00 00 mov $0x1,%esi 17: e8 6c c4 65 fe call 0xfe65c488 1c: 49 8d 9d 20 08 00 00 lea 0x820(%r13),%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 48 89 df mov %rbx,%rdi 34: e8 2f 10 de fe call 0xfede1068 39: 4c 8b 3b mov (%rbx),%r15 3c: 49 8d 6f 28 lea 0x28(%r15),%rbp