syzbot

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]
CPU: 0 UID: 0 PID: 96 Comm: kworker/0:1H Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: gfs2-glock/syz:syz glock_work_func
RIP: 0010:__gfs2_trans_begin+0x3a6/0x890 fs/gfs2/trans.c:73
Code: 09 00 00 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 bb 1b 25 fe 41 bf 8c 00 00 00 4d 03 7d 00 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 03 04 00 00 45 8b 3f 89 df 44 89 fe e8
RSP: 0018:ffffc900025e76c0 EFLAGS: 00010207
RAX: 0000000000000011 RBX: 0000000000000004 RCX: ffff88801e361e00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffffc900025e7878
RBP: ffffc900025e77b0 R08: ffff8880580780af R09: 1ffff1100b00f015
R10: dffffc0000000000 R11: ffffed100b00f016 R12: dffffc0000000000
R13: ffff888058078998 R14: ffffc900025e7800 R15: 000000000000008c
FS:  0000000000000000(0000) GS:ffff888125a05000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f97a2c23f98 CR3: 000000003368e000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 gfs2_ail_empty_gl+0x12b/0x2f0 fs/gfs2/glops.c:130
 inode_go_sync+0x462/0x5d0 fs/gfs2/glops.c:336
 do_xmote+0x322/0x1060 fs/gfs2/glock.c:704
 glock_work_func+0x2a8/0x580 fs/gfs2/glock.c:1080
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__gfs2_trans_begin+0x3a6/0x890 fs/gfs2/trans.c:73
Code: 09 00 00 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 bb 1b 25 fe 41 bf 8c 00 00 00 4d 03 7d 00 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 03 04 00 00 45 8b 3f 89 df 44 89 fe e8
RSP: 0018:ffffc900025e76c0 EFLAGS: 00010207
RAX: 0000000000000011 RBX: 0000000000000004 RCX: ffff88801e361e00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffffc900025e7878
RBP: ffffc900025e77b0 R08: ffff8880580780af R09: 1ffff1100b00f015
R10: dffffc0000000000 R11: ffffed100b00f016 R12: dffffc0000000000
R13: ffff888058078998 R14: ffffc900025e7800 R15: 000000000000008c
FS:  0000000000000000(0000) GS:ffff888125a05000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f97a2c23f98 CR3: 000000007c81c000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	09 00                	or     %eax,(%rax)
   2:	00 4c 89 e8          	add    %cl,-0x18(%rcx,%rcx,4)
   6:	48 c1 e8 03          	shr    $0x3,%rax
   a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
   f:	74 08                	je     0x19
  11:	4c 89 ef             	mov    %r13,%rdi
  14:	e8 bb 1b 25 fe       	call   0xfe251bd4
  19:	41 bf 8c 00 00 00    	mov    $0x8c,%r15d
  1f:	4d 03 7d 00          	add    0x0(%r13),%r15
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 85 03 04 00 00    	jne    0x43a
  37:	45 8b 3f             	mov    (%r15),%r15d
  3a:	89 df                	mov    %ebx,%edi
  3c:	44 89 fe             	mov    %r15d,%esi
  3f:	e8                   	.byte 0xe8