BUG: unable to handle page fault for address: ffffed101812d396
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7ffcd067 P4D 7ffcd067 PUD 3fff5067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 2 PID: 134 Comm: jfsCommit Not tainted 6.2.0-rc5-syzkaller-00199-g5af6ce704936 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
RIP: 0010:dbJoin+0x170/0x240 fs/jfs/jfs_dmap.c:2787
Code: fe 45 89 f5 48 b9 00 00 00 00 00 fc ff df 41 31 dd 49 63 ed 48 03 6c 24 08 48 03 2c 24 48 89 e8 48 89 ea 48 c1 e8 03 83 e2 07 <0f> b6 04 08 38 d0 7f 08 84 c0 0f 85 b3 00 00 00 0f be 6d 00 44 89
RSP: 0018:ffffc9000272fb28 EFLAGS: 00010202
RAX: 1ffff1101812d396 RBX: 0000000000000002 RCX: dffffc0000000000
RDX: 0000000000000001 RSI: ffffffff82e46c67 RDI: 0000000000000004
RBP: ffff8880c0969cb1 R08: 0000000000000004 R09: 0000000000000002
R10: 0000000074ff5714 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000003 R14: 0000000000000001 R15: ffff888044722010
FS:  0000000000000000(0000) GS:ffff88802c800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed101812d396 CR3: 000000001ad2d000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 dbFreeBits+0x15d/0x8c0 fs/jfs/jfs_dmap.c:2320
 dbFreeDmap+0x61/0x1a0 fs/jfs/jfs_dmap.c:2069
 dbFree+0x254/0x540 fs/jfs/jfs_dmap.c:394
 txFreeMap+0x8f5/0xd70 fs/jfs/jfs_txnmgr.c:2529
 txUpdateMap+0x3cd/0xc50 fs/jfs/jfs_txnmgr.c:2325
 txLazyCommit fs/jfs/jfs_txnmgr.c:2659 [inline]
 jfs_lazycommit+0x5bf/0xaa0 fs/jfs/jfs_txnmgr.c:2727
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
Modules linked in:
CR2: ffffed101812d396
---[ end trace 0000000000000000 ]---
RIP: 0010:dbJoin+0x170/0x240 fs/jfs/jfs_dmap.c:2787
Code: fe 45 89 f5 48 b9 00 00 00 00 00 fc ff df 41 31 dd 49 63 ed 48 03 6c 24 08 48 03 2c 24 48 89 e8 48 89 ea 48 c1 e8 03 83 e2 07 <0f> b6 04 08 38 d0 7f 08 84 c0 0f 85 b3 00 00 00 0f be 6d 00 44 89
RSP: 0018:ffffc9000272fb28 EFLAGS: 00010202
RAX: 1ffff1101812d396 RBX: 0000000000000002 RCX: dffffc0000000000
RDX: 0000000000000001 RSI: ffffffff82e46c67 RDI: 0000000000000004
RBP: ffff8880c0969cb1 R08: 0000000000000004 R09: 0000000000000002
R10: 0000000074ff5714 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000003 R14: 0000000000000001 R15: ffff888044722010
FS:  0000000000000000(0000) GS:ffff88802c800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed101812d396 CR3: 000000001ad2d000 CR4: 0000000000150ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	fe 45 89             	incb   -0x77(%rbp)
   3:	f5                   	cmc
   4:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
   b:	fc ff df
   e:	41 31 dd             	xor    %ebx,%r13d
  11:	49 63 ed             	movslq %r13d,%rbp
  14:	48 03 6c 24 08       	add    0x8(%rsp),%rbp
  19:	48 03 2c 24          	add    (%rsp),%rbp
  1d:	48 89 e8             	mov    %rbp,%rax
  20:	48 89 ea             	mov    %rbp,%rdx
  23:	48 c1 e8 03          	shr    $0x3,%rax
  27:	83 e2 07             	and    $0x7,%edx
* 2a:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax <-- trapping instruction
  2e:	38 d0                	cmp    %dl,%al
  30:	7f 08                	jg     0x3a
  32:	84 c0                	test   %al,%al
  34:	0f 85 b3 00 00 00    	jne    0xed
  3a:	0f be 6d 00          	movsbl 0x0(%rbp),%ebp
  3e:	44                   	rex.R
  3f:	89                   	.byte 0x89