BUG: spinlock bad magic on CPU#1, syz-executor/16276 ================================================================== BUG: KASAN: global-out-of-bounds in task_pid_nr include/linux/pid.h:236 [inline] BUG: KASAN: global-out-of-bounds in spin_dump+0x197/0x1a0 kernel/locking/spinlock_debug.c:64 Read of size 4 at addr ffffffff8c295758 by task syz-executor/16276 CPU: 1 UID: 0 PID: 16276 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 Call Trace: dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xba/0x230 mm/kasan/report.c:482 kasan_report+0x117/0x150 mm/kasan/report.c:595 task_pid_nr include/linux/pid.h:236 [inline] spin_dump+0x197/0x1a0 kernel/locking/spinlock_debug.c:64 spin_bug kernel/locking/spinlock_debug.c:78 [inline] debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] do_raw_spin_lock+0x1e5/0x2f0 kernel/locking/spinlock_debug.c:115 spin_lock include/linux/spinlock.h:341 [inline] ocfs2_is_hard_readonly fs/ocfs2/ocfs2.h:665 [inline] ocfs2_inode_lock_full_nested+0x11e/0x1bd0 fs/ocfs2/dlmglue.c:2446 ocfs2_inode_revalidate+0x126/0x2a0 fs/ocfs2/inode.c:1333 ocfs2_getattr+0x101/0x3a0 fs/ocfs2/file.c:1323 vfs_getattr_nosec+0x2e1/0x430 fs/stat.c:213 vfs_statx_path+0x2b/0x230 fs/stat.c:299 vfs_statx+0x12e/0x200 fs/stat.c:356 vfs_fstatat+0x11b/0x170 fs/stat.c:373 __do_sys_newfstatat fs/stat.c:538 [inline] __se_sys_newfstatat fs/stat.c:532 [inline] __x64_sys_newfstatat+0x151/0x200 fs/stat.c:532 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f36f799956a Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 e8 ff ff ff f7 RSP: 002b:00007ffc07543128 EFLAGS: 00000286 ORIG_RAX: 0000000000000106 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f36f799956a RDX: 00007ffc07543150 RSI: 00007ffc075431e0 RDI: 00000000ffffff9c RBP: 00007ffc075431e0 R08: 00007ffc075441e0 R09: 00000000ffffffff R10: 0000000000000100 R11: 0000000000000286 R12: 00007ffc075442d0 R13: 00007f36f7a0471f R14: 0000000000125cfa R15: 00007ffc075453a0 The buggy address belongs to the variable: fops_ul+0x118/0x160 The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc295 flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000002000 ffffea000030a548 ffffea000030a548 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner info is not present (never set?) Memory state around the buggy address: ffffffff8c295600: 03 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 ffffffff8c295680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffff8c295700: 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff8c295780: f9 f9 f9 f9 06 f9 f9 f9 05 f9 f9 f9 04 f9 f9 f9 ffffffff8c295800: 04 f9 f9 f9 00 06 f9 f9 00 00 05 f9 f9 f9 f9 f9 ==================================================================