gfs2: fsid=syz:syz.0: dirty_inode: glock -5
gfs2: fsid=syz:syz.0: G:  s:EX n:2/966 f:yfaqob t:EX d:EX/0 a:0 v:0 r:2 m:20 p:5
gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5335 [syz.0.0] gfs2_file_write_iter+0x915/0xff0 fs/gfs2/file.c:1164
Oops: general protection fault, probably for non-canonical address 0xdffffc000000002c: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000160-0x0000000000000167]
CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:pid_nr include/linux/pid.h:179 [inline]
RIP: 0010:dump_holder fs/gfs2/glock.c:2295 [inline]
RIP: 0010:gfs2_dump_glock+0xfba/0x1bb0 fs/gfs2/glock.c:2407
Code: e8 9b ed 18 fe 48 8b 1b 48 85 db 74 2f e8 7e 06 ae fd 4c 8d a3 e0 00 00 00 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 dc 07 00 00 45 8b 24 24 eb 08 e8 4f 06 ae
RSP: 0018:ffffc9000d2a6f80 EFLAGS: 00010202
RAX: 000000000000002c RBX: 0000000000000080 RCX: dffffc0000000000
RDX: ffffc9000f0d3000 RSI: 00000000000019d2 RDI: 00000000000019d3
RBP: ffffc9000d2a7270 R08: ffffffff83e7dd85 R09: 1ffffffff2864b10
R10: dffffc0000000000 R11: fffffbfff2864b11 R12: 0000000000000160
R13: ffff88803642c880 R14: ffff88803642c8a0 R15: 1ffff11006c85914
FS:  00007f76dc7e46c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bff6296000 CR3: 00000000348aa000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 gfs2_dirty_inode+0x5a5/0x6b0 fs/gfs2/super.c:512
 __mark_inode_dirty+0x2ee/0xe90 fs/fs-writeback.c:2515
 generic_update_time+0xad/0xc0 fs/inode.c:2112
 gfs2_update_time+0x13a/0x200 fs/gfs2/inode.c:2174
 inode_update_time fs/inode.c:2124 [inline]
 touch_atime+0x27d/0x690 fs/inode.c:2197
 file_accessed include/linux/fs.h:2539 [inline]
 filemap_read+0xd86/0xf50 mm/filemap.c:2714
 gfs2_file_read_iter+0x132/0xc40 fs/gfs2/file.c:968
 copy_splice_read+0x663/0xb60 fs/splice.c:365
 do_splice_read fs/splice.c:985 [inline]
 splice_direct_to_actor+0x4af/0xc80 fs/splice.c:1089
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0x289/0x3e0 fs/splice.c:1233
 do_sendfile+0x564/0x8a0 fs/read_write.c:1363
 __do_sys_sendfile64 fs/read_write.c:1418 [inline]
 __se_sys_sendfile64+0x100/0x1e0 fs/read_write.c:1410
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f76db980809
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f76dc7e4058 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f76dbb46080 RCX: 00007f76db980809
RDX: 0000000020000280 RSI: 000000000000000b RDI: 000000000000000d
RBP: 00007f76db9f393e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f76dbb46080 R15: 00007ffd0ee49b18
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:pid_nr include/linux/pid.h:179 [inline]
RIP: 0010:dump_holder fs/gfs2/glock.c:2295 [inline]
RIP: 0010:gfs2_dump_glock+0xfba/0x1bb0 fs/gfs2/glock.c:2407
Code: e8 9b ed 18 fe 48 8b 1b 48 85 db 74 2f e8 7e 06 ae fd 4c 8d a3 e0 00 00 00 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 dc 07 00 00 45 8b 24 24 eb 08 e8 4f 06 ae
RSP: 0018:ffffc9000d2a6f80 EFLAGS: 00010202
RAX: 000000000000002c RBX: 0000000000000080 RCX: dffffc0000000000
RDX: ffffc9000f0d3000 RSI: 00000000000019d2 RDI: 00000000000019d3
RBP: ffffc9000d2a7270 R08: ffffffff83e7dd85 R09: 1ffffffff2864b10
R10: dffffc0000000000 R11: fffffbfff2864b11 R12: 0000000000000160
R13: ffff88803642c880 R14: ffff88803642c8a0 R15: 1ffff11006c85914
FS:  00007f76dc7e46c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055bff627cf20 CR3: 00000000348aa000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e8 9b ed 18 fe       	call   0xfe18eda0
   5:	48 8b 1b             	mov    (%rbx),%rbx
   8:	48 85 db             	test   %rbx,%rbx
   b:	74 2f                	je     0x3c
   d:	e8 7e 06 ae fd       	call   0xfdae0690
  12:	4c 8d a3 e0 00 00 00 	lea    0xe0(%rbx),%r12
  19:	4c 89 e0             	mov    %r12,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	0f 85 dc 07 00 00    	jne    0x812
  36:	45 8b 24 24          	mov    (%r12),%r12d
  3a:	eb 08                	jmp    0x44
  3c:	e8                   	.byte 0xe8
  3d:	4f 06                	rex.WRXB (bad)
  3f:	ae                   	scas   %es:(%rdi),%al