WARNING: CPU: 3 PID: 21840 at drivers/block/floppy.c:999 schedule_bh drivers/block/floppy.c:999 [inline]
WARNING: CPU: 3 PID: 21840 at drivers/block/floppy.c:999 floppy_interrupt+0x415/0x480 drivers/block/floppy.c:1765
Modules linked in:
CPU: 3 PID: 21840 Comm: syz-executor.0 Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:schedule_bh drivers/block/floppy.c:999 [inline]
RIP: 0010:floppy_interrupt+0x415/0x480 drivers/block/floppy.c:1765
Code: ff 89 de e8 ad b9 4f fc 85 db 0f 85 75 ff ff ff 41 be 01 00 00 00 e9 64 fd ff ff e8 45 d1 a3 fc e9 1d fd ff ff e8 1b be 4f fc <0f> 0b e9 2d fe ff ff 48 c7 c7 00 f2 60 8c e8 e8 d0 a3 fc e9 11 fc
RSP: 0018:ffffc900005e0e58 EFLAGS: 00010046
RAX: 0000000080010002 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff888013ab8000 RSI: ffffffff85364a85 RDI: 0000000000000001
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffc900005e0ff8 R12: ffffffff8535e2d0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88802c900000(0063) knlGS:000000005786d400
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000573fe04c CR3: 000000006358d000 CR4: 0000000000350ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
floppy_hardint+0x1aa/0x200 arch/x86/include/asm/floppy.h:66
__handle_irq_event_percpu+0x22a/0x740 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x261/0xcf0 kernel/irq/chip.c:834
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:238 [inline]
__common_interrupt+0x9f/0x220 arch/x86/kernel/irq.c:257
common_interrupt+0xa9/0xd0 arch/x86/kernel/irq.c:247
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:636
RIP: 0010:__list_del_entry_valid+0xc6/0x1b0 lib/list_debug.c:62
Code: 8b 01 48 39 f0 75 6d 48 8d 7a 08 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a4 00 00 00 48 8b 42 08 <48> 39 c6 75 56 b8 01 00 00 00 48 83 c4 18 c3 48 c7 c7 e0 14 c8 8a
RSP: 0018:ffffc90002c97510 EFLAGS: 00000246
RAX: ffffea00018c5808 RBX: ffff88802c9435c0 RCX: 1ffffd40002ed1d2
RDX: ffffea0001768e88 RSI: ffffea00018c5808 RDI: ffffea0001768e90
RBP: ffffea00018c5808 R08: ffff88802c943580 R09: ffff88802c9435c8
R10: ffffffff9184ee87 R11: ffff88807ffd6700 R12: 0000000000000001
R13: ffff88803fffa700 R14: ffffea00018c5800 R15: dffffc0000000000
__list_del_entry include/linux/list.h:134 [inline]
list_del include/linux/list.h:148 [inline]
__rmqueue_pcplist+0x113/0x17b0 mm/page_alloc.c:2752
rmqueue_pcplist mm/page_alloc.c:2784 [inline]
rmqueue mm/page_alloc.c:2827 [inline]
get_page_from_freelist+0x4fd/0x31e0 mm/page_alloc.c:3218
__alloc_pages+0x1d0/0x4a0 mm/page_alloc.c:4477
alloc_pages+0x1a9/0x270 mm/mempolicy.c:2292
vm_area_alloc_pages mm/vmalloc.c:3059 [inline]
__vmalloc_area_node mm/vmalloc.c:3135 [inline]
__vmalloc_node_range+0xa6e/0x1540 mm/vmalloc.c:3316
alloc_thread_stack_node kernel/fork.c:309 [inline]
dup_task_struct kernel/fork.c:1113 [inline]
copy_process+0x13f1/0x7400 kernel/fork.c:2330
kernel_clone+0xfd/0x8f0 kernel/fork.c:2912
__do_sys_clone3+0x1f1/0x260 kernel/fork.c:3213
do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]
do_int80_syscall_32+0x49/0x90 arch/x86/entry/common.c:132
entry_INT80_compat+0x8f/0xa0 arch/x86/entry/entry_64_compat.S:353
RIP: 0023:0xf7287df0
Code: 4c 24 04 85 c9 0f 84 df 0d fe ff 8b 54 24 0c 85 d2 0f 84 d3 0d fe ff 53 56 8b 74 24 18 89 cb 8b 4c 24 10 b8 b3 01 00 00 cd 80 <85> c0 74 09 5e 5b 0f 8c b4 0d fe ff c3 31 ed 83 e4 f0 83 ec 0c 56
RSP: 002b:00000000ff9e9f44 EFLAGS: 00000282 ORIG_RAX: 00000000000001b3
RAX: ffffffffffffffda RBX: 00000000ff9e9fb0 RCX: 0000000000000058
RDX: 00000000f7238c40 RSI: 00000000f7f2fb40 RDI: 00000000ffffffd8
RBP: 000000000000006e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
----------------
Code disassembly (best guess):
0: 8b 01 mov (%rcx),%eax
2: 48 39 f0 cmp %rsi,%rax
5: 75 6d jne 0x74
7: 48 8d 7a 08 lea 0x8(%rdx),%rdi
b: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
12: fc ff df
15: 48 89 f9 mov %rdi,%rcx
18: 48 c1 e9 03 shr $0x3,%rcx
1c: 80 3c 01 00 cmpb $0x0,(%rcx,%rax,1)
20: 0f 85 a4 00 00 00 jne 0xca
26: 48 8b 42 08 mov 0x8(%rdx),%rax
* 2a: 48 39 c6 cmp %rax,%rsi <-- trapping instruction
2d: 75 56 jne 0x85
2f: b8 01 00 00 00 mov $0x1,%eax
34: 48 83 c4 18 add $0x18,%rsp
38: c3 ret
39: 48 c7 c7 e0 14 c8 8a mov $0xffffffff8ac814e0,%rdi