syzbot

BUG: spinlock bad magic on CPU#1, syz-fuzzer/8387
 lock: 0xffff888021508000, .magic: 000011d0, .owner: <none>/-1, .owner_cpu: 12366
CPU: 1 PID: 8387 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x141/0x1d7 lib/dump_stack.c:120
 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
 do_raw_spin_lock+0x216/0x2b0 kernel/locking/spinlock_debug.c:112
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]
 _raw_spin_lock_irqsave+0x41/0x50 kernel/locking/spinlock.c:159
 __lock_task_sighand+0x106/0x2d0 kernel/signal.c:1391
 lock_task_sighand include/linux/sched/signal.h:700 [inline]
 do_send_sig_info kernel/signal.c:1290 [inline]
 do_send_specific+0x1ff/0x330 kernel/signal.c:3827
 do_tkill+0x186/0x1f0 kernel/signal.c:3853
 __do_sys_tgkill kernel/signal.c:3872 [inline]
 __se_sys_tgkill kernel/signal.c:3866 [inline]
 __x64_sys_tgkill+0x9d/0xd0 kernel/signal.c:3866
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x46db96
Code: c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 48 8b 54 24 18 b8 ea 00 00 00 0f 05 <c3> cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 8b 74 24 10 48 8b 54
RSP: 002b:000000c00003dea0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ea
RAX: ffffffffffffffda RBX: 000000c000082900 RCX: 000000000046db96
RDX: 0000000000000017 RSI: 00000000000020c4 RDI: 00000000000020c2
RBP: 000000c00003dec0 R08: 000000000000070f R09: 00007ffc385da090
R10: 00000000000034fe R11: 0000000000000246 R12: 000000000043b6a0
R13: 0000000000000000 R14: 0000000000946ad0 R15: 0000000000000000
================================================================================
UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9
index 16382 is out of range for type 'long unsigned int [8]'
CPU: 1 PID: 8387 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x141/0x1d7 lib/dump_stack.c:120
 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
 __ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:288
 decode_tail kernel/locking/qspinlock.c:130 [inline]
 __pv_queued_spin_lock_slowpath+0xa3f/0xb40 kernel/locking/qspinlock.c:468
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:554 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock+0x200/0x2b0 kernel/locking/spinlock_debug.c:113
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]
 _raw_spin_lock_irqsave+0x41/0x50 kernel/locking/spinlock.c:159
 __lock_task_sighand+0x106/0x2d0 kernel/signal.c:1391
 lock_task_sighand include/linux/sched/signal.h:700 [inline]
 do_send_sig_info kernel/signal.c:1290 [inline]
 do_send_specific+0x1ff/0x330 kernel/signal.c:3827
 do_tkill+0x186/0x1f0 kernel/signal.c:3853
 __do_sys_tgkill kernel/signal.c:3872 [inline]
 __se_sys_tgkill kernel/signal.c:3866 [inline]
 __x64_sys_tgkill+0x9d/0xd0 kernel/signal.c:3866
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x46db96
Code: c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 48 8b 54 24 18 b8 ea 00 00 00 0f 05 <c3> cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 8b 74 24 10 48 8b 54
RSP: 002b:000000c00003dea0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ea
RAX: ffffffffffffffda RBX: 000000c000082900 RCX: 000000000046db96
RDX: 0000000000000017 RSI: 00000000000020c4 RDI: 00000000000020c2
RBP: 000000c00003dec0 R08: 000000000000070f R09: 00007ffc385da090
R10: 00000000000034fe R11: 0000000000000246 R12: 000000000043b6a0
R13: 0000000000000000 R14: 0000000000946ad0 R15: 0000000000000000
================================================================================