================================================================== BUG: KASAN: global-out-of-bounds in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] BUG: KASAN: global-out-of-bounds in _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 Read of size 1 at addr ffffffff8ece1b58 by task syz-executor/5961 CPU: 1 UID: 0 PID: 5961 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:568 kasan_check_byte include/linux/kasan.h:399 [inline] lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162 rtlock_slowlock kernel/locking/rtmutex.c:1894 [inline] rtlock_lock kernel/locking/spinlock_rt.c:43 [inline] __rt_spin_lock kernel/locking/spinlock_rt.c:49 [inline] rt_spin_lock+0x144/0x2c0 kernel/locking/spinlock_rt.c:57 spin_lock include/linux/spinlock_rt.h:44 [inline] igrab+0x21/0xb0 fs/inode.c:1540 ocfs2_get_system_file_inode+0x1e6/0x7d0 fs/ocfs2/sysfile.c:104 ocfs2_remove_inode fs/ocfs2/inode.c:723 [inline] ocfs2_wipe_inode fs/ocfs2/inode.c:894 [inline] ocfs2_delete_inode fs/ocfs2/inode.c:1155 [inline] ocfs2_evict_inode+0x1512/0x40c0 fs/ocfs2/inode.c:1292 evict+0x504/0x9c0 fs/inode.c:810 d_delete_notify include/linux/fsnotify.h:377 [inline] vfs_rmdir+0x3ec/0x520 fs/namei.c:4474 do_rmdir+0x25f/0x550 fs/namei.c:4516 __do_sys_unlinkat fs/namei.c:4690 [inline] __se_sys_unlinkat fs/namei.c:4684 [inline] __x64_sys_unlinkat+0xc2/0xf0 fs/namei.c:4684 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f4740d3e1c7 Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc1a66fcb8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f4740d3e1c7 RDX: 0000000000000200 RSI: 00007ffc1a670e60 RDI: 00000000ffffff9c RBP: 00007f4740dc1c05 R08: 0000555572b2c66b R09: 0000000000000000 R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffc1a670e60 R13: 00007f4740dc1c05 R14: 000000000001e494 R15: 00007ffc1a673020 The buggy address belongs to the variable: dev_attr_phys_port_id+0x38/0x60 net-sysfs.c:-1 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xece1 flags: 0x80000000002000(reserved|node=0|zone=1) raw: 0080000000002000 ffffea00003b3848 ffffea00003b3848 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffffff8ece1a00: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 ffffffff8ece1a80: 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 f9 >ffffffff8ece1b00: f9 f9 f9 f9 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 ^ ffffffff8ece1b80: 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 ffffffff8ece1c00: 00 00 00 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 ==================================================================