syzbot

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]
CPU: 0 UID: 0 PID: 5825 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: events gfs2_withdraw_func
RIP: 0010:gfs2_log_is_empty+0x73/0xd0 fs/gfs2/log.c:430
Code: f0 09 00 00 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 cd f9 28 fe 41 be 8c 00 00 00 4c 03 33 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 34 41 8b 1e 89 ef 89 de e8 c8 51 c3 fd 39
RSP: 0018:ffffc9000407f8d8 EFLAGS: 00010207
RAX: 0000000000000011 RBX: ffff88806848c9f0 RCX: ffffffff83fcf3b0
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88806848cd70
RBP: 0000000000001000 R08: ffff88806848cd73 R09: 1ffff1100d0919ae
R10: dffffc0000000000 R11: ffffed100d0919af R12: 1ffff9200080ff24
R13: 1ffff1100d091800 R14: 000000000000008c R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125d08000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff340164000 CR3: 000000007a948000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 do_withdraw+0x15f/0x320 fs/gfs2/util.c:139
 gfs2_withdraw_func+0x2f3/0x430 fs/gfs2/util.c:-1
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:gfs2_log_is_empty+0x73/0xd0 fs/gfs2/log.c:430
Code: f0 09 00 00 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 cd f9 28 fe 41 be 8c 00 00 00 4c 03 33 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 34 41 8b 1e 89 ef 89 de e8 c8 51 c3 fd 39
RSP: 0018:ffffc9000407f8d8 EFLAGS: 00010207
RAX: 0000000000000011 RBX: ffff88806848c9f0 RCX: ffffffff83fcf3b0
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88806848cd70
RBP: 0000000000001000 R08: ffff88806848cd73 R09: 1ffff1100d0919ae
R10: dffffc0000000000 R11: ffffed100d0919af R12: 1ffff9200080ff24
R13: 1ffff1100d091800 R14: 000000000000008c R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888125d08000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff340164000 CR3: 0000000029b98000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	f0 09 00             	lock or %eax,(%rax)
   3:	00 48 89             	add    %cl,-0x77(%rax)
   6:	d8 48 c1             	fmuls  -0x3f(%rax)
   9:	e8 03 42 80 3c       	call   0x3c804211
   e:	38 00                	cmp    %al,(%rax)
  10:	74 08                	je     0x1a
  12:	48 89 df             	mov    %rbx,%rdi
  15:	e8 cd f9 28 fe       	call   0xfe28f9e7
  1a:	41 be 8c 00 00 00    	mov    $0x8c,%r14d
  20:	4c 03 33             	add    (%rbx),%r14
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	75 34                	jne    0x67
  33:	41 8b 1e             	mov    (%r14),%ebx
  36:	89 ef                	mov    %ebp,%edi
  38:	89 de                	mov    %ebx,%esi
  3a:	e8 c8 51 c3 fd       	call   0xfdc35207
  3f:	39                   	.byte 0x39