gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2072 (magic number)
  function = gfs2_meta_indirect_buffer, file = fs/gfs2/meta_io.c, line = 488
gfs2: fsid=syz:syz.0: about to withdraw this file system
Unable to handle kernel paging request at virtual address dfff80000000000e
Mem abort info:
  ESR = 0x96000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
Data abort info:
  ISV = 0, ISS = 0x00000004
  CM = 0, WnR = 0
[dfff80000000000e] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 29463 Comm: syz-executor.1 Not tainted 5.11.0-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 10000005 (nzcV daif -PAN -UAO -TCO BTYPE=--)
pc : signal_our_withdraw fs/gfs2/util.c:97 [inline]
pc : gfs2_withdraw+0x2c4/0xbd0 fs/gfs2/util.c:294
lr : gfs2_withdraw+0x220/0xbd0 fs/gfs2/util.c:291
sp : ffff00003147ef00
x29: ffff00003147ef00 x28: ffff000036f24000 
x27: 1fffe00006de4858 x26: ffff000036f242c4 
x25: 0000000000000004 x24: 0000000000000000 
x23: ffff000036f240a8 x22: ffff800016f4cda0 
x21: 1fffe00006de4869 x20: ffff000036f24348 
x19: ffff000036f24340 x18: ffff00006a275b48 
x17: 0000000000000000 x16: 0000000000000003 
x15: 00000000f1f1f1f1 x14: 1fffe0000628fd12 
x13: 0000000000000000 x12: ffff60000d450a7f 
x11: 1fffe0000d450a7e x10: ffff60000d450a7e 
x9 : dfff800000000000 x8 : ffff00006a2853f7 
x7 : 0000000000000001 x6 : 00009ffff2baf582 
x5 : ffff00006a2853f0 x4 : 1fffe00002894339 
x3 : 0000000000000000 x2 : 000000000000000e 
x1 : dfff800000000000 x0 : 0000000000000070 
Call trace:
 signal_our_withdraw fs/gfs2/util.c:97 [inline]
 gfs2_withdraw+0x2c4/0xbd0 fs/gfs2/util.c:294
 gfs2_meta_check_ii+0x64/0xa4 fs/gfs2/util.c:450
 gfs2_metatype_check_i fs/gfs2/util.h:126 [inline]
 gfs2_meta_indirect_buffer+0x2f0/0x370 fs/gfs2/meta_io.c:488
 gfs2_meta_inode_buffer fs/gfs2/meta_io.h:70 [inline]
 gfs2_inode_refresh+0x98/0xbf0 fs/gfs2/glops.c:478
 inode_go_lock+0x18c/0x4f0 fs/gfs2/glops.c:508
 do_promote+0x290/0x560 fs/gfs2/glock.c:395
 finish_xmote+0x2dc/0xbe0 fs/gfs2/glock.c:562
 do_xmote+0x5d0/0x8e0 fs/gfs2/glock.c:688
 run_queue+0x264/0x490 fs/gfs2/glock.c:753
 gfs2_glock_nq+0x574/0x1114 fs/gfs2/glock.c:1408
 gfs2_glock_nq_init fs/gfs2/glock.h:238 [inline]
 gfs2_lookupi+0x220/0x470 fs/gfs2/inode.c:322
 gfs2_lookup_simple+0xa8/0xec fs/gfs2/inode.c:273
 init_journal fs/gfs2/ops_fstype.c:714 [inline]
 init_inodes+0x2d0/0x2190 fs/gfs2/ops_fstype.c:857
 gfs2_fill_super+0x1434/0x1ff0 fs/gfs2/ops_fstype.c:1184
 get_tree_bdev+0x314/0x5c0 fs/super.c:1291
 gfs2_get_tree+0x44/0x1e0 fs/gfs2/ops_fstype.c:1260
 vfs_get_tree+0x74/0x2a0 fs/super.c:1496
 do_new_mount fs/namespace.c:2881 [inline]
 path_mount+0xf64/0x2170 fs/namespace.c:3211
 do_mount fs/namespace.c:3224 [inline]
 __do_sys_mount fs/namespace.c:3432 [inline]
 __se_sys_mount fs/namespace.c:3409 [inline]
 __arm64_sys_mount+0x2ec/0x520 fs/namespace.c:3409
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
 el0_svc_common.constprop.0+0x110/0x3c0 arch/arm64/kernel/syscall.c:159
 do_el0_svc_compat+0x40/0x80 arch/arm64/kernel/syscall.c:204
 el0_svc_compat+0x20/0x30 arch/arm64/kernel/entry-common.c:442
 el0_sync_compat_handler+0x90/0x140 arch/arm64/kernel/entry-common.c:451
 el0_sync_compat+0x178/0x180 arch/arm64/kernel/entry.S:708
Code: d2d00001 f2fbffe1 9101c300 d343fc02 (38e16841) 
---[ end trace e41c10177b62e9c5 ]---