loop3: detected capacity change from 0 to 10
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor.5:18105]
Modules linked in:
irq event stamp: 2471821
hardirqs last  enabled at (2471820): [<ffffffff848397ab>] irqentry_exit+0x3b/0x90
hardirqs last disabled at (2471821): [<ffffffff8483816f>] sysvec_apic_timer_interrupt+0xf/0x80
softirqs last  enabled at (2470084): [<ffffffff811a851c>] handle_softirqs+0x50c/0x770
softirqs last disabled at (2470111): [<ffffffff811a8f24>] irq_exit_rcu+0x94/0xc0
CPU: 0 UID: 0 PID: 18105 Comm: syz-executor.5 Not tainted 6.12.0-rc5-next-20241104 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:do_csum+0x131/0x2f0
Code: fd 03 0f 8e a8 00 00 00 e8 3c 34 1a ff 41 89 ef 31 db 41 83 e7 fc 4b 8d 44 3d 00 4d 89 ef 48 89 04 24 e8 22 34 1a ff 4c 89 fa <48> b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 0c 02 4c 89 fa 83
RSP: 0018:ffff88806ce09798 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8237a506
RDX: ffff88803cf83564 RSI: ffffffff8237a52e RDI: 0000000000000005
RBP: 00000000000005c6 R08: ffff88806ce098b8 R09: fffffbfff0fdc5e4
R10: 00000000000005c6 R11: 0000000000000000 R12: 000000000000508e
R13: ffff88803cf83564 R14: 0000000000000000 R15: ffff88803cf83564
FS:  00007fef9ebbf700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555824ed098 CR3: 000000001ad60000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 csum_partial+0x24/0x60
 __skb_checksum+0x136/0xb10
 skb_checksum+0x94/0xd0
 __skb_gro_checksum_complete+0x78/0x260
 tcp4_gro_receive+0x3c5/0x1280
 inet_gro_receive+0x7e8/0xdc0
 dev_gro_receive+0x1db4/0x2740
 napi_gro_receive+0x48c/0xbb0
 e1000_clean_rx_irq+0x7e1/0x11a0
 e1000_clean+0x960/0x2540
 __napi_poll+0xb9/0x540
 net_rx_action+0xa06/0xe00
 handle_softirqs+0x1b1/0x770
 irq_exit_rcu+0x94/0xc0
 sysvec_apic_timer_interrupt+0x70/0x80
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:put_cpu_partial+0x10a/0x1b0
Code: 24 28 75 5b 49 c7 44 24 28 00 00 00 00 4c 89 e7 48 8d 35 00 00 00 00 e8 54 9f ab ff 4d 85 ed 74 06 e8 2a 6d d5 ff fb 4d 85 f6 <74> 1c 5b 4c 89 f6 48 89 ef 5d 41 5c 41 5d 41 5e e9 c1 fa ff ff 44
RSP: 0018:ffff8880373ff330 EFLAGS: 00000246
RAX: 000000000025b0dd RBX: ffffea00005ac3c0 RCX: 1ffffffff0fde6ae
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff81846b56
RBP: ffff888008c4f780 R08: 0000000000000001 R09: fffffbfff0fdc5e9
R10: ffffffff87ee2f4f R11: 0000000000000000 R12: ffff88806ce40350
R13: 0000000000000200 R14: 0000000000000000 R15: ffff888016b0f000
 qlist_free_all+0x50/0x160
 kasan_quarantine_reduce+0x19f/0x240
 __kasan_slab_alloc+0x49/0x70
 __kmalloc_noprof+0x195/0x4b0
 bio_kmalloc+0x3e/0x70
 blk_rq_map_kern+0x488/0x8f0
 scsi_execute_cmd+0xbe8/0xe80
 sr_check_events+0x1b5/0xa80
 cdrom_check_events+0x68/0x110
 sr_block_check_events+0xc3/0x100
 disk_check_events+0xc7/0x420
 disk_check_media_change+0xfe/0x280
 sr_block_open+0xe8/0x280
 blkdev_get_whole+0x97/0x290
 bdev_open+0x2c7/0xe40
 blkdev_open+0x334/0x410
 do_dentry_open+0x71c/0x1420
 vfs_open+0x82/0x3f0
 path_openat+0x1cf3/0x2980
 do_filp_open+0x1b8/0x410
 do_sys_openat2+0x164/0x1d0
 __x64_sys_openat+0x143/0x200
 do_syscall_64+0xbf/0x1d0
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fefa1649b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fef9ebbf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007fefa175cf60 RCX: 00007fefa1649b19
RDX: 0000000000105802 RSI: 00000000200001c0 RDI: ffffffffffffff9c
RBP: 00007fefa16a3f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff3aa3ec8f R14: 00007fef9ebbf300 R15: 0000000000022000
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at default_idle+0x1e/0x30
loop7: detected capacity change from 0 to 4
EXT4-fs (loop7): invalid first ino: 3260751986
loop7: detected capacity change from 0 to 4
EXT4-fs (loop7): invalid first ino: 3260751986
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'.
loop1: detected capacity change from 0 to 40
loop0: detected capacity change from 0 to 10
syz-executor.1: attempt to access beyond end of device
loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop1, logical block 10, lost async page write
loop2: detected capacity change from 0 to 40
loop4: detected capacity change from 0 to 40
loop1: detected capacity change from 0 to 40
syz-executor.1: attempt to access beyond end of device
loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop1, logical block 10, lost async page write
syz-executor.1: attempt to access beyond end of device
loop1: rw=0, sector=28, nr_sectors = 16 limit=40
syz-executor.4: attempt to access beyond end of device
loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop4, logical block 10, lost async page write
syz-executor.2: attempt to access beyond end of device
loop2: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop2, logical block 10, lost async page write
syz-executor.2: attempt to access beyond end of device
loop2: rw=0, sector=28, nr_sectors = 16 limit=40
lo: entered promiscuous mode
lo: entered allmulticast mode
loop1: detected capacity change from 0 to 40
syz-executor.1: attempt to access beyond end of device
loop1: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop1, logical block 10, lost async page write
syz-executor.1: attempt to access beyond end of device
loop1: rw=0, sector=28, nr_sectors = 16 limit=40
loop4: detected capacity change from 0 to 40
syz-executor.4: attempt to access beyond end of device
loop4: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop4, logical block 10, lost async page write
syz-executor.4: attempt to access beyond end of device
loop4: rw=0, sector=28, nr_sectors = 16 limit=40
SELinux:  Context unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 is not valid (left unmapped).
loop1: detected capacity change from 0 to 40
Buffer I/O error on dev loop1, logical block 10, lost async page write
----------------
Code disassembly (best guess):
   0:	fd                   	std
   1:	03 0f                	add    (%rdi),%ecx
   3:	8e a8 00 00 00 e8    	mov    -0x18000000(%rax),%gs
   9:	3c 34                	cmp    $0x34,%al
   b:	1a ff                	sbb    %bh,%bh
   d:	41 89 ef             	mov    %ebp,%r15d
  10:	31 db                	xor    %ebx,%ebx
  12:	41 83 e7 fc          	and    $0xfffffffc,%r15d
  16:	4b 8d 44 3d 00       	lea    0x0(%r13,%r15,1),%rax
  1b:	4d 89 ef             	mov    %r13,%r15
  1e:	48 89 04 24          	mov    %rax,(%rsp)
  22:	e8 22 34 1a ff       	callq  0xff1a3449
  27:	4c 89 fa             	mov    %r15,%rdx
* 2a:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  31:	fc ff df
  34:	48 c1 ea 03          	shr    $0x3,%rdx
  38:	0f b6 0c 02          	movzbl (%rdx,%rax,1),%ecx
  3c:	4c 89 fa             	mov    %r15,%rdx
  3f:	83                   	.byte 0x83