BUG: spinlock bad magic on CPU#1, syz-fuzzer/8387 lock: 0xffff888021508000, .magic: 000011d0, .owner: /-1, .owner_cpu: 12366 CPU: 1 PID: 8387 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline] do_raw_spin_lock+0x216/0x2b0 kernel/locking/spinlock_debug.c:112 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x41/0x50 kernel/locking/spinlock.c:159 __lock_task_sighand+0x106/0x2d0 kernel/signal.c:1391 lock_task_sighand include/linux/sched/signal.h:700 [inline] do_send_sig_info kernel/signal.c:1290 [inline] do_send_specific+0x1ff/0x330 kernel/signal.c:3827 do_tkill+0x186/0x1f0 kernel/signal.c:3853 __do_sys_tgkill kernel/signal.c:3872 [inline] __se_sys_tgkill kernel/signal.c:3866 [inline] __x64_sys_tgkill+0x9d/0xd0 kernel/signal.c:3866 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x46db96 Code: c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 48 8b 54 24 18 b8 ea 00 00 00 0f 05 cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 8b 74 24 10 48 8b 54 RSP: 002b:000000c00003dea0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ea RAX: ffffffffffffffda RBX: 000000c000082900 RCX: 000000000046db96 RDX: 0000000000000017 RSI: 00000000000020c4 RDI: 00000000000020c2 RBP: 000000c00003dec0 R08: 000000000000070f R09: 00007ffc385da090 R10: 00000000000034fe R11: 0000000000000246 R12: 000000000043b6a0 R13: 0000000000000000 R14: 0000000000946ad0 R15: 0000000000000000 ================================================================================ UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9 index 16382 is out of range for type 'long unsigned int [8]' CPU: 1 PID: 8387 Comm: syz-fuzzer Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:288 decode_tail kernel/locking/qspinlock.c:130 [inline] __pv_queued_spin_lock_slowpath+0xa3f/0xb40 kernel/locking/qspinlock.c:468 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:554 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x200/0x2b0 kernel/locking/spinlock_debug.c:113 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline] _raw_spin_lock_irqsave+0x41/0x50 kernel/locking/spinlock.c:159 __lock_task_sighand+0x106/0x2d0 kernel/signal.c:1391 lock_task_sighand include/linux/sched/signal.h:700 [inline] do_send_sig_info kernel/signal.c:1290 [inline] do_send_specific+0x1ff/0x330 kernel/signal.c:3827 do_tkill+0x186/0x1f0 kernel/signal.c:3853 __do_sys_tgkill kernel/signal.c:3872 [inline] __se_sys_tgkill kernel/signal.c:3866 [inline] __x64_sys_tgkill+0x9d/0xd0 kernel/signal.c:3866 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x46db96 Code: c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 48 8b 54 24 18 b8 ea 00 00 00 0f 05 cc cc cc cc cc cc cc cc cc 8b 7c 24 08 48 8b 74 24 10 48 8b 54 RSP: 002b:000000c00003dea0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ea RAX: ffffffffffffffda RBX: 000000c000082900 RCX: 000000000046db96 RDX: 0000000000000017 RSI: 00000000000020c4 RDI: 00000000000020c2 RBP: 000000c00003dec0 R08: 000000000000070f R09: 00007ffc385da090 R10: 00000000000034fe R11: 0000000000000246 R12: 000000000043b6a0 R13: 0000000000000000 R14: 0000000000946ad0 R15: 0000000000000000 ================================================================================