Index: llvm/lib/Analysis/LazyValueInfo.cpp
===================================================================
--- llvm/lib/Analysis/LazyValueInfo.cpp
+++ llvm/lib/Analysis/LazyValueInfo.cpp
@@ -658,7 +658,7 @@
                            Val->getType()->getPointerAddressSpace()))
     return false;
 
-  Val = getUnderlyingObject(Val);
+  Val = Val->stripInBoundsOffsets();
   return TheCache.isNonNullAtEndOfBlock(Val, BB, [](BasicBlock *BB) {
     NonNullPointerSet NonNullPointers;
     for (Instruction &I : *BB)
Index: llvm/test/Analysis/ValueTracking/unknown-nonnull-gep-out-of-bounds.ll
===================================================================
--- /dev/null
+++ llvm/test/Analysis/ValueTracking/unknown-nonnull-gep-out-of-bounds.ll
@@ -0,0 +1,32 @@
+; RUN: opt -jump-threading -S %s -o - | FileCheck %s
+
+target datalayout = "e-m:e-p270:32:32-p271:32:32-p272:64:64-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-unknown-linux-gnu"
+
+@.str = private unnamed_addr constant [5 x i8] c"fail\00", align 1
+@.str.1 = private unnamed_addr constant [5 x i8] c"pass\00", align 1
+
+define dso_local i32 @f(i64 %i) local_unnamed_addr {
+entry:
+  %a = alloca i64, align 8
+  store i64 0, i64* %a, align 8
+  %p = getelementptr i64, i64* %a, i64 %i
+  %c = icmp eq i64* %p, null
+  ; `%a` is non-null at the end of the block, because we store through it.
+  ; However, `%p` is derived from `%a` via a GEP that is not `inbounds`, therefore we cannot judge `%p` is non-null as well
+  ; and must retain the `icmp` instruction.
+  ; CHECK: %c = icmp eq i64* %p, null
+  br i1 %c, label %if.else, label %if.then
+if.then:
+  %call0 = call i32 @puts(i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([5 x i8], [5 x i8]* @.str, i64 0, i64 0))
+  br label %if.end
+
+if.else:
+  %call1 = call i32 @puts(i8* noundef nonnull dereferenceable(1) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.1, i64 0, i64 0))
+  br label %if.end
+
+if.end:
+  ret i32 0
+}
+
+declare dso_local i32 @puts(i8*) local_unnamed_addr