------------[ cut here ]------------ WARNING: CPU: 3 PID: 6078 at include/linux/cpumask.h:144 cpu_max_bits_warn include/linux/cpumask.h:144 [inline] WARNING: CPU: 3 PID: 6078 at include/linux/cpumask.h:144 cpumask_check include/linux/cpumask.h:151 [inline] WARNING: CPU: 3 PID: 6078 at include/linux/cpumask.h:144 cpumask_clear_cpu include/linux/cpumask.h:538 [inline] WARNING: CPU: 3 PID: 6078 at include/linux/cpumask.h:144 __mm_cid_put kernel/sched/sched.h:3256 [inline] WARNING: CPU: 3 PID: 6078 at include/linux/cpumask.h:144 sched_mm_cid_remote_clear+0x374/0x4f0 kernel/sched/core.c:11874 Modules linked in: CPU: 3 PID: 6078 Comm: syz-executor.2 Not tainted 6.10.0-rc2-syzkaller-00022-g32f88d65f01b #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:cpu_max_bits_warn include/linux/cpumask.h:144 [inline] RIP: 0010:cpumask_check include/linux/cpumask.h:151 [inline] RIP: 0010:cpumask_clear_cpu include/linux/cpumask.h:538 [inline] RIP: 0010:__mm_cid_put kernel/sched/sched.h:3256 [inline] RIP: 0010:sched_mm_cid_remote_clear+0x374/0x4f0 kernel/sched/core.c:11874 Code: 00 e9 48 fe ff ff 4d 85 ed 89 44 24 48 0f 84 52 ff ff ff e8 6e d6 36 00 9c 58 f6 c4 02 0f 85 41 01 00 00 fb e9 47 ff ff ff 90 <0f> 0b 90 e9 0b ff ff ff e8 af 03 16 00 84 c0 0f 85 d6 fd ff ff e8 RSP: 0018:ffffc90006367cf8 EFLAGS: 00010006 RAX: 000000000000001e RBX: ffffe8ffad1433f8 RCX: ffffffff815ef518 RDX: 00000000ffffffff RSI: 0000000000000004 RDI: ffffc90006367d40 RBP: ffff8880273d9bc8 R08: 0000000000000001 R09: fffff52000c6cfa8 R10: 0000000000000003 R11: 0000000000000000 R12: 1ffff92000c6cfa0 R13: 0000000000000200 R14: ffffc90006367d40 R15: ffff88802c13ec00 FS: 0000000000000000(0000) GS:ffff88802c300000(0063) knlGS:00000000f5f29b40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 00000000ee6d4000 CR3: 000000001ce72000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: sched_mm_cid_remote_clear_old kernel/sched/core.c:11907 [inline] task_mm_cid_work+0x39a/0x920 kernel/sched/core.c:11957 task_work_run+0x14e/0x250 kernel/task_work.c:180 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] irqentry_exit_to_user_mode+0x259/0x280 kernel/entry/common.c:231 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0023:0xf73496f0 Code: 5c 24 14 8d b4 26 00 00 00 00 39 c8 72 1c 8b 1e 89 c7 29 cf 89 5c 24 0c 0f b6 1c 3b 84 db 74 0a 8b 7c 24 0c 88 1c 07 8b 46 08 <83> c0 01 89 46 08 83 ea 01 73 d5 8b 5c 24 14 81 fb 00 01 00 00 0f RSP: 002b:00000000f5f28b10 EFLAGS: 00000246 RAX: 0000000000bcbf3f RBX: 0000000000000000 RCX: 0000000000000001 RDX: 00000000000000d4 RSI: 00000000f5f28c10 RDI: 0000000000bcbf3e RBP: 00000000f5f28b84 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ---------------- Code disassembly (best guess): 0: 5c pop %rsp 1: 24 14 and $0x14,%al 3: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi a: 39 c8 cmp %ecx,%eax c: 72 1c jb 0x2a e: 8b 1e mov (%rsi),%ebx 10: 89 c7 mov %eax,%edi 12: 29 cf sub %ecx,%edi 14: 89 5c 24 0c mov %ebx,0xc(%rsp) 18: 0f b6 1c 3b movzbl (%rbx,%rdi,1),%ebx 1c: 84 db test %bl,%bl 1e: 74 0a je 0x2a 20: 8b 7c 24 0c mov 0xc(%rsp),%edi 24: 88 1c 07 mov %bl,(%rdi,%rax,1) 27: 8b 46 08 mov 0x8(%rsi),%eax * 2a: 83 c0 01 add $0x1,%eax <-- trapping instruction 2d: 89 46 08 mov %eax,0x8(%rsi) 30: 83 ea 01 sub $0x1,%edx 33: 73 d5 jae 0xa 35: 8b 5c 24 14 mov 0x14(%rsp),%ebx 39: 81 fb 00 01 00 00 cmp $0x100,%ebx 3f: 0f .byte 0xf