Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]
CPU: 0 UID: 0 PID: 96 Comm: kworker/0:1H Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: gfs2-glock/syz:syz glock_work_func
RIP: 0010:__gfs2_trans_begin+0x3a6/0x890 fs/gfs2/trans.c:73
Code: 09 00 00 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 bb 1b 25 fe 41 bf 8c 00 00 00 4d 03 7d 00 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 03 04 00 00 45 8b 3f 89 df 44 89 fe e8
RSP: 0018:ffffc900025e76c0 EFLAGS: 00010207
RAX: 0000000000000011 RBX: 0000000000000004 RCX: ffff88801e361e00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffffc900025e7878
RBP: ffffc900025e77b0 R08: ffff8880580780af R09: 1ffff1100b00f015
R10: dffffc0000000000 R11: ffffed100b00f016 R12: dffffc0000000000
R13: ffff888058078998 R14: ffffc900025e7800 R15: 000000000000008c
FS: 0000000000000000(0000) GS:ffff888125a05000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f97a2c23f98 CR3: 000000003368e000 CR4: 00000000003526f0
Call Trace:
<TASK>
gfs2_ail_empty_gl+0x12b/0x2f0 fs/gfs2/glops.c:130
inode_go_sync+0x462/0x5d0 fs/gfs2/glops.c:336
do_xmote+0x322/0x1060 fs/gfs2/glock.c:704
glock_work_func+0x2a8/0x580 fs/gfs2/glock.c:1080
process_one_work kernel/workqueue.c:3236 [inline]
process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
kthread+0x70e/0x8a0 kernel/kthread.c:463
ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__gfs2_trans_begin+0x3a6/0x890 fs/gfs2/trans.c:73
Code: 09 00 00 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 bb 1b 25 fe 41 bf 8c 00 00 00 4d 03 7d 00 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 03 04 00 00 45 8b 3f 89 df 44 89 fe e8
RSP: 0018:ffffc900025e76c0 EFLAGS: 00010207
RAX: 0000000000000011 RBX: 0000000000000004 RCX: ffff88801e361e00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffffc900025e7878
RBP: ffffc900025e77b0 R08: ffff8880580780af R09: 1ffff1100b00f015
R10: dffffc0000000000 R11: ffffed100b00f016 R12: dffffc0000000000
R13: ffff888058078998 R14: ffffc900025e7800 R15: 000000000000008c
FS: 0000000000000000(0000) GS:ffff888125a05000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f97a2c23f98 CR3: 000000007c81c000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
0: 09 00 or %eax,(%rax)
2: 00 4c 89 e8 add %cl,-0x18(%rcx,%rcx,4)
6: 48 c1 e8 03 shr $0x3,%rax
a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1)
f: 74 08 je 0x19
11: 4c 89 ef mov %r13,%rdi
14: e8 bb 1b 25 fe call 0xfe251bd4
19: 41 bf 8c 00 00 00 mov $0x8c,%r15d
1f: 4d 03 7d 00 add 0x0(%r13),%r15
23: 4c 89 f8 mov %r15,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax <-- trapping instruction
2f: 84 c0 test %al,%al
31: 0f 85 03 04 00 00 jne 0x43a
37: 45 8b 3f mov (%r15),%r15d
3a: 89 df mov %ebx,%edi
3c: 44 89 fe mov %r15d,%esi
3f: e8 .byte 0xe8