loop14: rw=0, sector=8, nr_sectors = 8 limit=0
lbmIODone: I/O error in JFS log
*** Log Format Error ! ***
lmLogInit: exit(-22)
lmLogOpen: exit(-22)
ERROR: (device loop2): txBegin: read-only filesystem
ERROR: (device loop2): remounting filesystem as read-only
jfs_dirty_inode called on read-only volume
Is remount racy?
jfs_dirty_inode called on read-only volume
Is remount racy?
jfs_dirty_inode called on read-only volume
Is remount racy?
BUG: kernel NULL pointer dereference, address: 0000000000000608
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 11ea78067 P4D 11ea78067 PUD 0 
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 4778 Comm: syz.2.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:JFS_SBI fs/jfs/jfs_incore.h:217 [inline]
RIP: 0010:txEnd+0x65/0x280 fs/jfs/jfs_txnmgr.c:507
Code: 01 00 00 e8 dd ce 9e ff 48 c7 c7 78 59 a6 83 e8 51 ae 3b 01 49 8d 7e 30 be 03 00 00 00 31 d2 31 c9 e8 ef 39 90 ff 49 8b 46 20 <48> 8b 80 08 06 00 00 48 8b 58 30 45 0f b7 66 02 44 89 e6 81 e6 00
RSP: 0018:ffffc90001b2bac0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff835ee9dd RDI: 00000000ffffffff
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffc90001b2ba58
R10: 0000000000000005 R11: 205d383737345420 R12: ffff888114dd2fa0
R13: fffffffffffffd30 R14: ffffc90001299000 R15: 0000000000000000
FS:  00007f772c69f6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000608 CR3: 000000011e603000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 jfs_truncate_nolock+0xf9/0x1c0 fs/jfs/inode.c:406
 jfs_truncate+0x5d/0x80 fs/jfs/inode.c:418
 jfs_setattr+0x2aa/0x320 fs/jfs/file.c:122
 notify_change+0x5b6/0x610 fs/attr.c:499
 do_truncate+0x136/0x170 fs/open.c:66
 handle_truncate fs/namei.c:3299 [inline]
 do_open fs/namei.c:3644 [inline]
 path_openat+0x1418/0x1710 fs/namei.c:3797
 do_filp_open+0xcd/0x1b0 fs/namei.c:3824
 do_sys_openat2+0xad/0x110 fs/open.c:1421
 do_sys_open fs/open.c:1436 [inline]
 __do_sys_openat fs/open.c:1452 [inline]
 __se_sys_openat fs/open.c:1447 [inline]
 __x64_sys_openat+0xcf/0xf0 fs/open.c:1447
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f772c82efc9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f772c69f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f772ca85fa0 RCX: 00007f772c82efc9
RDX: 0000000000181242 RSI: 0000200000000180 RDI: ffffffffffffff9c
RBP: 00007f772c8b1f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000148 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f772ca86038 R14: 00007f772ca85fa0 R15: 00007fff13668a38
 </TASK>
Modules linked in:
CR2: 0000000000000608
---[ end trace 0000000000000000 ]---
RIP: 0010:JFS_SBI fs/jfs/jfs_incore.h:217 [inline]
RIP: 0010:txEnd+0x65/0x280 fs/jfs/jfs_txnmgr.c:507
Code: 01 00 00 e8 dd ce 9e ff 48 c7 c7 78 59 a6 83 e8 51 ae 3b 01 49 8d 7e 30 be 03 00 00 00 31 d2 31 c9 e8 ef 39 90 ff 49 8b 46 20 <48> 8b 80 08 06 00 00 48 8b 58 30 45 0f b7 66 02 44 89 e6 81 e6 00
RSP: 0018:ffffc90001b2bac0 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff835ee9dd RDI: 00000000ffffffff
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffc90001b2ba58
R10: 0000000000000005 R11: 205d383737345420 R12: ffff888114dd2fa0
R13: fffffffffffffd30 R14: ffffc90001299000 R15: 0000000000000000
FS:  00007f772c69f6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000608 CR3: 000000011e603000 CR4: 00000000003506f0
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	e8 dd ce 9e ff       	call   0xff9ecee4
   7:	48 c7 c7 78 59 a6 83 	mov    $0xffffffff83a65978,%rdi
   e:	e8 51 ae 3b 01       	call   0x13bae64
  13:	49 8d 7e 30          	lea    0x30(%r14),%rdi
  17:	be 03 00 00 00       	mov    $0x3,%esi
  1c:	31 d2                	xor    %edx,%edx
  1e:	31 c9                	xor    %ecx,%ecx
  20:	e8 ef 39 90 ff       	call   0xff903a14
  25:	49 8b 46 20          	mov    0x20(%r14),%rax
* 29:	48 8b 80 08 06 00 00 	mov    0x608(%rax),%rax <-- trapping instruction
  30:	48 8b 58 30          	mov    0x30(%rax),%rbx
  34:	45 0f b7 66 02       	movzwl 0x2(%r14),%r12d
  39:	44 89 e6             	mov    %r12d,%esi
  3c:	81                   	.byte 0x81
  3d:	e6 00                	out    %al,$0x0