Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]
CPU: 0 UID: 0 PID: 5938 Comm: kworker/0:2H Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: gfs2-glock/syz:syz glock_work_func
RIP: 0010:__gfs2_trans_begin+0x3cc/0x940 fs/gfs2/trans.c:73
Code: 09 00 00 4c 89 e8 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 ef e8 95 eb 07 fe 41 bc 8c 00 00 00 4d 03 65 00 4c 89 e0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 85 04 00 00 45 8b 3c 24 89 df 44 89 fe
RSP: 0018:ffffc9000511f760 EFLAGS: 00010217
RAX: 0000000000000011 RBX: 0000000000000004 RCX: ffff88807b5e3e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000511f918
RBP: ffffc9000511f850 R08: ffff88807a16c0af R09: 1ffff1100f42d815
R10: dffffc0000000000 R11: ffffed100f42d816 R12: 000000000000008c
R13: ffff88807a16c9e0 R14: ffffc9000511f8a0 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88812528f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcba264f156 CR3: 000000005b636000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 gfs2_ail_empty_gl+0x164/0x340 fs/gfs2/glops.c:125
 inode_go_sync+0x448/0x5b0 fs/gfs2/glops.c:332
 do_xmote+0x1cd/0x770 fs/gfs2/glock.c:688
 glock_work_func+0x2ef/0x600 fs/gfs2/glock.c:1011
 process_one_work kernel/workqueue.c:3314 [inline]
 process_scheduled_works+0xa8e/0x14e0 kernel/workqueue.c:3397
 worker_thread+0xa47/0xfb0 kernel/workqueue.c:3478
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__gfs2_trans_begin+0x3cc/0x940 fs/gfs2/trans.c:73
Code: 09 00 00 4c 89 e8 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 ef e8 95 eb 07 fe 41 bc 8c 00 00 00 4d 03 65 00 4c 89 e0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 85 04 00 00 45 8b 3c 24 89 df 44 89 fe
RSP: 0018:ffffc9000511f760 EFLAGS: 00010217
RAX: 0000000000000011 RBX: 0000000000000004 RCX: ffff88807b5e3e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000511f918
RBP: ffffc9000511f850 R08: ffff88807a16c0af R09: 1ffff1100f42d815
R10: dffffc0000000000 R11: ffffed100f42d816 R12: 000000000000008c
R13: ffff88807a16c9e0 R14: ffffc9000511f8a0 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88812528f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f707596ba28 CR3: 000000005d53c000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	09 00                	or     %eax,(%rax)
   2:	00 4c 89 e8          	add    %cl,-0x18(%rcx,%rcx,4)
   6:	48 c1 e8 03          	shr    $0x3,%rax
   a:	42 80 3c 38 00       	cmpb   $0x0,(%rax,%r15,1)
   f:	74 08                	je     0x19
  11:	4c 89 ef             	mov    %r13,%rdi
  14:	e8 95 eb 07 fe       	call   0xfe07ebae
  19:	41 bc 8c 00 00 00    	mov    $0x8c,%r12d
  1f:	4d 03 65 00          	add    0x0(%r13),%r12
  23:	4c 89 e0             	mov    %r12,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	0f 85 85 04 00 00    	jne    0x4bc
  37:	45 8b 3c 24          	mov    (%r12),%r15d
  3b:	89 df                	mov    %ebx,%edi
  3d:	44 89 fe             	mov    %r15d,%esi