[ 472.735977][T11521] [ 472.738346][T11521] ===================================== [ 472.743885][T11521] WARNING: bad unlock balance detected! [ 472.749441][T11521] syzkaller #0 Not tainted [ 472.753843][T11521] ------------------------------------- [ 472.759362][T11521] syz.2.1222/11521 is trying to release lock (&sighand->siglock) at: [ 472.767420][T11521] [] copy_process+0x27bd/0x3c20 [ 472.773858][T11521] but there are no more locks to release! [ 472.779587][T11521] [ 472.779587][T11521] other info that might help us debug this: [ 472.787631][T11521] 1 lock held by syz.2.1222/11521: [ 472.792723][T11521] #0: ffffffff8e374a90 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x2154/0x3c20 [ 472.803098][T11521] [ 472.803098][T11521] stack backtrace: [ 472.809000][T11521] CPU: 1 UID: 0 PID: 11521 Comm: syz.2.1222 Not tainted syzkaller #0 PREEMPT(full) [ 472.809028][T11521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 472.809046][T11521] Call Trace: [ 472.809054][T11521] [ 472.809066][T11521] dump_stack_lvl+0x189/0x250 [ 472.809090][T11521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.809107][T11521] ? __pfx__printk+0x10/0x10 [ 472.809130][T11521] ? copy_process+0x27bd/0x3c20 [ 472.809153][T11521] print_unlock_imbalance_bug+0xdc/0xf0 [ 472.809168][T11521] lock_release+0x269/0x3e0 [ 472.809189][T11521] ? copy_process+0x27bd/0x3c20 [ 472.809212][T11521] _raw_spin_unlock+0x16/0x50 [ 472.809231][T11521] copy_process+0x27bd/0x3c20 [ 472.809258][T11521] ? copy_process+0x97f/0x3c20 [ 472.809282][T11521] ? __pfx_copy_process+0x10/0x10 [ 472.809308][T11521] kernel_clone+0x21e/0x840 [ 472.809325][T11521] ? __pfx_kernel_clone+0x10/0x10 [ 472.809344][T11521] __se_sys_clone3+0x292/0x300 [ 472.809360][T11521] ? __pfx___se_sys_clone3+0x10/0x10 [ 472.809380][T11521] ? _copy_to_user+0x8a/0xb0 [ 472.809402][T11521] ? do_user_addr_fault+0xc85/0x1380 [ 472.809426][T11521] ? do_syscall_64+0xbe/0xfa0 [ 472.809447][T11521] do_syscall_64+0xfa/0xfa0 [ 472.809467][T11521] ? lockdep_hardirqs_on+0x9c/0x150 [ 472.809486][T11521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.809501][T11521] ? clear_bhb_loop+0x60/0xb0 [ 472.809517][T11521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.809532][T11521] RIP: 0033:0x7f4df65c3609 [ 472.809554][T11521] Code: d7 08 00 48 8d 3d 9c d7 08 00 e8 e2 28 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 472.809567][T11521] RSP: 002b:00007ffef05e2ba8 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 472.809584][T11521] RAX: ffffffffffffffda RBX: 00007f4df65459f0 RCX: 00007f4df65c3609 [ 472.809596][T11521] RDX: 00007f4df65459f0 RSI: 0000000000000058 RDI: 00007ffef05e2bf0 [ 472.809606][T11521] RBP: 00007f4df73456c0 R08: 00007f4df73456c0 R09: 00007ffef05e2cd7 [ 472.809617][T11521] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 472.809628][T11521] R13: 000000000000000b R14: 00007ffef05e2bf0 R15: 00007ffef05e2cd8 [ 472.809643][T11521] [ 473.066127][T11521] ------------[ cut here ]------------ [ 473.074349][T11521] pvqspinlock: lock 0xffff8880280b8000 has corrupted value 0x0! [ 473.086956][T11521] WARNING: kernel/locking/qspinlock_paravirt.h:506 at __pv_queued_spin_unlock_slowpath+0x1fe/0x2a0, CPU#0: syz.2.1222/11521 [ 473.100915][T11521] Modules linked in: [ 473.104829][T11521] CPU: 0 UID: 0 PID: 11521 Comm: syz.2.1222 Not tainted syzkaller #0 PREEMPT(full) [ 473.115104][T11521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 473.125473][T11521] RIP: 0010:__pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 [ 473.132935][T11521] Code: 88 f8 a4 f6 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 93 00 00 00 8b 13 48 c7 c7 e0 1c ab 8b 48 89 de e8 83 56 03 f6 90 <0f> 0b 90 90 eb 95 48 c7 c7 10 f5 20 8e 4c 89 f6 4c 89 fa e8 da c9 [ 473.152848][T11521] RSP: 0018:ffffc900040df8e0 EFLAGS: 00010246 [ 473.159203][T11521] RAX: b9dfea7c18b7cb00 RBX: ffff8880280b8000 RCX: ffff88802f4bbc80 [ 473.167698][T11521] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 473.175963][T11521] RBP: 1ffff11005017001 R08: 0000000000000003 R09: 0000000000000004 [ 473.184247][T11521] R10: dffffc0000000000 R11: fffffbfff1c3a654 R12: dffffc0000000000 [ 473.192721][T11521] R13: dffffc0000000000 R14: ffff8880280b8010 R15: ffff8880280b8008 [ 473.201561][T11521] FS: 0000555588b1a500(0000) GS:ffff888125a0a000(0000) knlGS:0000000000000000 [ 473.211441][T11521] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 473.218286][T11521] CR2: 00007f41bcd45f98 CR3: 00000000667c6000 CR4: 00000000003526f0 [ 473.226251][T11521] Call Trace: [ 473.229694][T11521] [ 473.232731][T11521] __raw_callee_save___pv_queued_spin_unlock_slowpath+0x15/0x30 [ 473.240610][T11521] .slowpath+0x9/0x18 [ 473.244587][T11521] do_raw_spin_unlock+0x122/0x240 [ 473.250151][T11521] _raw_spin_unlock+0x1e/0x50 [ 473.254821][T11521] copy_process+0x27bd/0x3c20 [ 473.259765][T11521] ? copy_process+0x97f/0x3c20 [ 473.264541][T11521] ? __pfx_copy_process+0x10/0x10 [ 473.269829][T11521] kernel_clone+0x21e/0x840 [ 473.274323][T11521] ? __pfx_kernel_clone+0x10/0x10 [ 473.279487][T11521] __se_sys_clone3+0x292/0x300 [ 473.284432][T11521] ? __pfx___se_sys_clone3+0x10/0x10 [ 473.289829][T11521] ? _copy_to_user+0x8a/0xb0 [ 473.294410][T11521] ? do_user_addr_fault+0xc85/0x1380 [ 473.299863][T11521] ? do_syscall_64+0xbe/0xfa0 [ 473.304955][T11521] do_syscall_64+0xfa/0xfa0 [ 473.310045][T11521] ? lockdep_hardirqs_on+0x9c/0x150 [ 473.315273][T11521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.321394][T11521] ? clear_bhb_loop+0x60/0xb0 [ 473.326092][T11521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.332035][T11521] RIP: 0033:0x7f4df65c3609 [ 473.336479][T11521] Code: d7 08 00 48 8d 3d 9c d7 08 00 e8 e2 28 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 473.356163][T11521] RSP: 002b:00007ffef05e2ba8 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 473.364619][T11521] RAX: ffffffffffffffda RBX: 00007f4df65459f0 RCX: 00007f4df65c3609 [ 473.372637][T11521] RDX: 00007f4df65459f0 RSI: 0000000000000058 RDI: 00007ffef05e2bf0 [ 473.380719][T11521] RBP: 00007f4df73456c0 R08: 00007f4df73456c0 R09: 00007ffef05e2cd7 [ 473.388724][T11521] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 473.396714][T11521] R13: 000000000000000b R14: 00007ffef05e2bf0 R15: 00007ffef05e2cd8 [ 473.405323][T11521] [ 473.408937][T11521] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 473.416231][T11521] CPU: 0 UID: 0 PID: 11521 Comm: syz.2.1222 Not tainted syzkaller #0 PREEMPT(full) [ 473.425591][T11521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 473.435634][T11521] Call Trace: [ 473.438905][T11521] [ 473.441825][T11521] dump_stack_lvl+0x99/0x250 [ 473.446405][T11521] ? __asan_memcpy+0x40/0x70 [ 473.451025][T11521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 473.456215][T11521] ? __pfx__printk+0x10/0x10 [ 473.460801][T11521] vpanic+0x237/0x6d0 [ 473.464797][T11521] ? __pfx_vpanic+0x10/0x10 [ 473.469292][T11521] ? is_bpf_text_address+0x292/0x2b0 [ 473.474576][T11521] ? is_bpf_text_address+0x26/0x2b0 [ 473.479767][T11521] panic+0xb9/0xc0 [ 473.483478][T11521] ? __pfx_panic+0x10/0x10 [ 473.487902][T11521] __warn+0x334/0x4c0 [ 473.491875][T11521] ? __pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 [ 473.498283][T11521] ? __pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 [ 473.504689][T11521] report_bug+0x2be/0x4f0 [ 473.509011][T11521] ? __pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 [ 473.515422][T11521] ? __pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 [ 473.521840][T11521] ? __pv_queued_spin_unlock_slowpath+0x200/0x2a0 [ 473.528266][T11521] handle_bug+0x84/0x160 [ 473.532518][T11521] exc_invalid_op+0x1a/0x50 [ 473.537027][T11521] asm_exc_invalid_op+0x1a/0x20 [ 473.541876][T11521] RIP: 0010:__pv_queued_spin_unlock_slowpath+0x1fe/0x2a0 [ 473.548896][T11521] Code: 88 f8 a4 f6 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 93 00 00 00 8b 13 48 c7 c7 e0 1c ab 8b 48 89 de e8 83 56 03 f6 90 <0f> 0b 90 90 eb 95 48 c7 c7 10 f5 20 8e 4c 89 f6 4c 89 fa e8 da c9 [ 473.568584][T11521] RSP: 0018:ffffc900040df8e0 EFLAGS: 00010246 [ 473.574670][T11521] RAX: b9dfea7c18b7cb00 RBX: ffff8880280b8000 RCX: ffff88802f4bbc80 [ 473.582634][T11521] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 473.590614][T11521] RBP: 1ffff11005017001 R08: 0000000000000003 R09: 0000000000000004 [ 473.598579][T11521] R10: dffffc0000000000 R11: fffffbfff1c3a654 R12: dffffc0000000000 [ 473.606638][T11521] R13: dffffc0000000000 R14: ffff8880280b8010 R15: ffff8880280b8008 [ 473.614610][T11521] __raw_callee_save___pv_queued_spin_unlock_slowpath+0x15/0x30 [ 473.622247][T11521] .slowpath+0x9/0x18 [ 473.626230][T11521] do_raw_spin_unlock+0x122/0x240 [ 473.631299][T11521] _raw_spin_unlock+0x1e/0x50 [ 473.636053][T11521] copy_process+0x27bd/0x3c20 [ 473.640731][T11521] ? copy_process+0x97f/0x3c20 [ 473.645502][T11521] ? __pfx_copy_process+0x10/0x10 [ 473.650530][T11521] kernel_clone+0x21e/0x840 [ 473.655056][T11521] ? __pfx_kernel_clone+0x10/0x10 [ 473.660095][T11521] __se_sys_clone3+0x292/0x300 [ 473.664861][T11521] ? __pfx___se_sys_clone3+0x10/0x10 [ 473.670161][T11521] ? _copy_to_user+0x8a/0xb0 [ 473.674752][T11521] ? do_user_addr_fault+0xc85/0x1380 [ 473.680063][T11521] ? do_syscall_64+0xbe/0xfa0 [ 473.684734][T11521] do_syscall_64+0xfa/0xfa0 [ 473.689228][T11521] ? lockdep_hardirqs_on+0x9c/0x150 [ 473.694418][T11521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.700469][T11521] ? clear_bhb_loop+0x60/0xb0 [ 473.705133][T11521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.711044][T11521] RIP: 0033:0x7f4df65c3609 [ 473.715449][T11521] Code: d7 08 00 48 8d 3d 9c d7 08 00 e8 e2 28 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 473.735178][T11521] RSP: 002b:00007ffef05e2ba8 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 473.743589][T11521] RAX: ffffffffffffffda RBX: 00007f4df65459f0 RCX: 00007f4df65c3609 [ 473.751551][T11521] RDX: 00007f4df65459f0 RSI: 0000000000000058 RDI: 00007ffef05e2bf0 [ 473.759509][T11521] RBP: 00007f4df73456c0 R08: 00007f4df73456c0 R09: 00007ffef05e2cd7 [ 473.767552][T11521] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 473.775510][T11521] R13: 000000000000000b R14: 00007ffef05e2bf0 R15: 00007ffef05e2cd8 [ 473.783495][T11521] [ 473.786815][T11521] Kernel Offset: disabled [ 473.791162][T11521] Rebooting in 86400 seconds..