loop6: detected capacity change from 0 to 40
watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.6:2485]
Modules linked in:
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffffffff8115008a>] copy_process+0x1dba/0x6df0
softirqs last  enabled at (0): [<ffffffff811500ce>] copy_process+0x1dfe/0x6df0
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 0 PID: 2485 Comm: syz-executor.6 Tainted: G    B              6.0.0-rc4-next-20220906 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__sbq_wake_up+0x1ca/0x3d0
Code: 63 01 00 00 e8 87 5a 2e ff 4d 85 f6 74 86 e8 7d 5a 2e ff be 04 00 00 00 4c 89 f7 e8 40 c0 60 ff b8 ff ff ff ff f0 41 0f c1 06 <8d> 58 ff 31 ff 89 de e8 0a 57 2e ff 85 db 0f 88 1e 01 00 00 e8 4d
RSP: 0018:ffff88806ce09c90 EFLAGS: 00000297
RAX: 00000000efe6a0bf RBX: 0000000000000002 RCX: ffffffff8217c9b0
RDX: ffffed1001f28521 RSI: 0000000000000004 RDI: ffff88800f942900
RBP: 0000000000000002 R08: 0000000000000001 R09: ffff88800f942903
R10: ffffed1001f28520 R11: 0000000000000001 R12: ffff88800f8e1610
R13: ffff88800f942948 R14: ffff88800f942900 R15: ffff88800f8e1634
FS:  0000555556fe9400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f44a5966ff8 CR3: 0000000017fb4000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 sbitmap_queue_clear+0xad/0x210
 blk_mq_put_tag+0xd8/0x160
 __blk_mq_free_request+0x2e0/0x380
 blk_mq_free_request+0x35d/0x500
 __blk_mq_end_request+0x358/0x580
 scsi_end_request+0x472/0x9a0
 scsi_io_completion+0xbc/0x2070
 scsi_complete+0x114/0x560
 blk_complete_reqs+0xb2/0xf0
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 common_interrupt+0xa4/0xc0
 </IRQ>
 <TASK>
 asm_common_interrupt+0x22/0x40
RIP: 0010:finish_task_switch.isra.0+0x237/0x8a0
Code: 89 ff 48 c7 03 00 00 00 00 e8 a5 aa 3f 03 4d 85 e4 75 ba 4c 89 ff e8 68 9a 04 03 e8 43 6e 2c 00 fb 65 48 8b 1c 25 c0 6e 02 00 <48> 8d bb 10 14 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffff88800991fb30 EFLAGS: 00000246
RAX: 0000000000000007 RBX: ffff888044050000 RCX: 1ffffffff0b5f9e1
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff81208e4d
RBP: ffff88800991fb70 R08: 0000000000000000 R09: 0000000000000000
R10: ffffed100d9c6f98 R11: 0000000000000001 R12: ffff88806ce37cd8
R13: ffff888020eb5040 R14: ffff8880440504b0 R15: ffff88806ce37cc0
 __schedule+0x89b/0x24a0
 schedule+0xda/0x1b0
 do_nanosleep+0x197/0x690
 hrtimer_nanosleep+0x257/0x6b0
 common_nsleep+0xa6/0xd0
 __x64_sys_clock_nanosleep+0x2fb/0x420
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fb6b62fc8e1
Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 aa e7 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 e3 e7 ff ff 48 8b 04 24 eb 97 66 2e 0f 1f
RSP: 002b:00007ffd1fa43910 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: ffffffffffffffda RBX: 0000000000000155 RCX: 00007fb6b62fc8e1
RDX: 00007ffd1fa43950 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffd1fa439dc R08: 0000000000000000 R09: 00007ffd1faa5080
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
R13: 00000000000e6eab R14: 0000000000000008 R15: 00007ffd1fa43a40
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 7939 Comm: modprobe Tainted: G    B              6.0.0-rc4-next-20220906 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:__sanitizer_cov_trace_pc+0xd/0x70
Code: a8 01 00 00 e8 b4 ff ff ff 31 c0 e9 ed 16 1a 03 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 8b 05 59 4a bc 7e 89 c1 48 8b 34 24 <81> e1 00 01 00 00 65 48 8b 14 25 c0 6e 02 00 a9 00 01 ff 00 74 0e
RSP: 0018:ffff88806cf09c88 EFLAGS: 00000282
RAX: 0000000000000101 RBX: 00000000efdbeb85 RCX: 0000000000000101
RDX: ffff888043dc8000 RSI: ffffffff8217c92c RDI: 0000000000000005
RBP: 0000000000000002 R08: 0000000000000005 R09: 0000000000000000
R10: 00000000efdbeb85 R11: 0000000000000001 R12: 0000000000000001
R13: ffff88800f942948 R14: ffff88800f942900 R15: ffff88800f8e1634
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe0bd39f368 CR3: 0000000044b6a000 CR4: 0000000000350ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __sbq_wake_up+0x13c/0x3d0
 sbitmap_queue_clear+0xad/0x210
 blk_mq_put_tag+0xd8/0x160
 __blk_mq_free_request+0x2e0/0x380
 blk_mq_free_request+0x35d/0x500
 __blk_mq_end_request+0x358/0x580
 scsi_end_request+0x472/0x9a0
 scsi_io_completion+0xbc/0x2070
 scsi_complete+0x114/0x560
 blk_complete_reqs+0xb2/0xf0
 __do_softirq+0x1c8/0x8d0
 __irq_exit_rcu+0x11b/0x180
 irq_exit_rcu+0x5/0x20
 sysvec_call_function_single+0x8e/0xc0
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x16/0x20
RIP: 0010:unwind_next_frame+0xac/0x20b0
Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 57 17 00 00 49 8b 46 48 bf 01 00 00 00 48 89 44 24 10 e8 e4 a8 0e 00 <48> b8 00 00 00 00 00 fc ff df 4d 8d 6e 60 4c 89 ea 48 c1 ea 03 80
RSP: 0018:ffff88804498f608 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 1ffffffff0e09ae0
RDX: 1ffff110087b926c RSI: ffffffff8135bc7c RDI: ffff888043dc9360
RBP: ffff88804498f6e0 R08: ffffffff85e25a20 R09: ffffffff85e25a24
R10: ffffed1008931ede R11: ffff88804498f6c8 R12: ffff88804498f750
R13: 0000000000000000 R14: ffff88804498f688 R15: ffff888007c75000
 arch_stack_walk+0x83/0xf0
 stack_trace_save+0x8c/0xc0
 kasan_save_stack+0x1e/0x40
 __kasan_record_aux_stack+0x95/0xb0
 call_rcu+0x6a/0xa30
 kmem_cache_free+0xbd/0x610
 mas_destroy+0x2cd/0x560
 mas_store_prealloc+0xf0/0x160
 vma_expand+0x3f7/0xb50
 mmap_region+0xca6/0x1a00
 do_mmap+0x828/0xf40
 vm_mmap_pgoff+0x1af/0x270
 ksys_mmap_pgoff+0x3d0/0x4f0
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fe0bd8c2d82
Code: eb aa 66 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 33 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 56 5b 5d c3 0f 1f 00 c7 05 ae 03 01 00 16 00
RSP: 002b:00007ffc9fff5448 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000000812 RCX: 00007fe0bd8c2d82
RDX: 0000000000000001 RSI: 0000000000001000 RDI: 00007fe0bd39b000
RBP: 00007fe0bd39b000 R08: 0000000000000000 R09: 0000000000003000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007fe0bd8a2470
R13: 00007ffc9fff5460 R14: 00007ffc9fff54c0 R15: 00007ffc9fff57f0
 </TASK>
----------------
Code disassembly (best guess):
   0:	63 01                	movsxd (%rcx),%eax
   2:	00 00                	add    %al,(%rax)
   4:	e8 87 5a 2e ff       	callq  0xff2e5a90
   9:	4d 85 f6             	test   %r14,%r14
   c:	74 86                	je     0xffffff94
   e:	e8 7d 5a 2e ff       	callq  0xff2e5a90
  13:	be 04 00 00 00       	mov    $0x4,%esi
  18:	4c 89 f7             	mov    %r14,%rdi
  1b:	e8 40 c0 60 ff       	callq  0xff60c060
  20:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  25:	f0 41 0f c1 06       	lock xadd %eax,(%r14)
* 2a:	8d 58 ff             	lea    -0x1(%rax),%ebx <-- trapping instruction
  2d:	31 ff                	xor    %edi,%edi
  2f:	89 de                	mov    %ebx,%esi
  31:	e8 0a 57 2e ff       	callq  0xff2e5740
  36:	85 db                	test   %ebx,%ebx
  38:	0f 88 1e 01 00 00    	js     0x15c
  3e:	e8                   	.byte 0xe8
  3f:	4d                   	rex.WRB