Bug 202115

Summary: KASAN: disable LOCKDEP on reports?
Product: Memory Management Reporter: Dmitry Vyukov (dvyukov)
Component: SanitizersAssignee: Dmitry Vyukov (dvyukov)
Status: NEW ---    
Severity: normal CC: andreyknvl, kasan-dev
Priority: P2    
Hardware: All   
OS: Linux   
Kernel Version: ALL Subsystem:
Regression: No Bisected commit-id:

Description Dmitry Vyukov 2019-01-02 09:49:14 UTC 
KASAN reports frequently provoke LOCKDEP reports about deadlocks when KASAN starts printing from an unfortunate location, e.g.:
https://groups.google.com/forum/#!msg/syzkaller-upstream-moderation/FYj3WVkommU/UOAS_HInBAAJ

In this case KASAN did not even manage to finish printing Allocated/Free/Stack info, when LOCKDEP kicked-in and halted kernel due to panic_on_warn, so information important for debugging of the primary bug was lost.

It can make sense to disable LOCKDEP in the beginning of KASAN reports, esp if panic_on_warn is set.


[ 1209.013593] ==================================================================
[ 1209.016840] kasan: CONFIG_KASAN_INLINE enabled
[ 1209.023834] BUG: KASAN: stack-out-of-bounds in timerqueue_add+0x2a5/0x320
[ 1209.028405] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 1209.035315] Read of size 8 at addr ffff8880a941f478 by task syz-executor881/7978
[ 1209.042655] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 1209.050158] 
[ 1209.056381] CPU: 1 PID: 3 Comm:  Not tainted 4.20.0-rc7-next-20181224 #1
[ 1209.057995] CPU: 0 PID: 7978 Comm: syz-executor881 Not tainted 4.20.0-rc7-next-20181224 #1
[ 1209.064811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1209.073197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1209.082552] RIP: 0010:account_system_index_time+0xe8/0x5f0
[ 1209.091880] Call Trace:
[ 1209.097508] Code: 04 00 00 49 8b 84 24 00 07 00 00 48 ba 00 00 00 00 00 fc ff df 48 8d b8 40 01 00 00 48 8d 88 28 01 00 00 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48 89 fe 83 e6 07 40 38 f2 7f 08 84 d2 0f 85 93 03 00
[ 1209.100076]  dump_stack+0x1db/0x2d0
[ 1209.118956] RSP: 0018:ffff8880ae707a80 EFLAGS: 00010006
[ 1209.122570]  ? dump_stack_print_info.cold+0x20/0x20
[ 1209.127911] RAX: 0000000041b58ab3 RBX: 1ffff11015ce0f54 RCX: 0000000041b58bdb
[ 1209.132914]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1209.140160] RDX: dffffc0000000000 RSI: 000000000836b17e RDI: 0000000041b58bf3
[ 1209.140171] RBP: ffff8880ae707b48 R08: ffff8880ae71f5f0 R09: fffffbfff1335b3d
[ 1209.145085]  ? timerqueue_add+0x2a5/0x320
[ 1209.152331] R10: fffffbfff1301b45 R11: ffffffff899ad9e3 R12: ffff8880a94c4440
[ 1209.159596]  print_address_description.cold+0x7c/0x20d
[ 1209.163715] R13: 000000000077a391 R14: 0000000000000003 R15: ffff8880ae707b20
[ 1209.170971]  ? timerqueue_add+0x2a5/0x320
[ 1209.176223] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[ 1209.183476]  ? timerqueue_add+0x2a5/0x320
[ 1209.187613] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1209.195860]  kasan_report.cold+0x1b/0x40
[ 1209.199973] CR2: 00000000006d7090 CR3: 0000000096f60000 CR4: 00000000001406e0
[ 1209.199984] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1209.205866]  ? timerqueue_add+0x2a5/0x320
[ 1209.209903] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1209.217162]  __asan_report_load8_noabort+0x14/0x20
[ 1209.224405] Call Trace:
[ 1209.228539]  timerqueue_add+0x2a5/0x320
[ 1209.235781]  <IRQ>
[ 1209.240703]  enqueue_hrtimer+0x1ae/0x570
[ 1209.243270]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1209.247224]  ? hrtimer_update_softirq_timer+0xa0/0xa0
[ 1209.249357]  ? timekeeping_advance+0x80d/0xc70
[ 1209.253394]  ? lock_hrtimer_base.isra.0+0x75/0x130
[ 1209.258910]  ? account_guest_time+0x400/0x400
[ 1209.264082]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1209.268644]  ? do_settimeofday64+0x4e0/0x4e0
[ 1209.273559]  ? check_preemption_disabled+0x48/0x290
[ 1209.278029]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1209.283546]  ? lock_hrtimer_base.isra.0+0x92/0x130
[ 1209.287932]  ? check_preemption_disabled+0x48/0x290
[ 1209.292928]  hrtimer_start_range_ns+0x62a/0xda0
[ 1209.298445]  irqtime_account_process_tick.isra.0+0x3a2/0x490
[ 1209.303357]  ? __hrtimer_get_remaining+0x1e0/0x1e0
[ 1209.308354]  account_process_tick+0x27f/0x350
[ 1209.313003]  ? __debug_object_init+0x54b/0x1280
[ 1209.318808]  update_process_times+0x25/0x80
[ 1209.323716]  ? debug_object_free+0x590/0x590
[ 1209.328291]  tick_sched_handle+0xa2/0x190
[ 1209.332866]  do_nanosleep+0x1a2/0x750
[ 1209.337161]  tick_sched_timer+0x47/0x130
[ 1209.341551]  ? schedule_timeout_idle+0x90/0x90
[ 1209.345677]  __hrtimer_run_queues+0x3a7/0x1050
[ 1209.349457]  ? lock_downgrade+0x910/0x910
[ 1209.353494]  ? tick_sched_do_timer+0x1b0/0x1b0
[ 1209.358082]  ? memset+0x32/0x40
[ 1209.362644]  ? hrtimer_start_range_ns+0xda0/0xda0
[ 1209.366768]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1209.371365]  ? kvm_clock_read+0x18/0x30
[ 1209.374590]  ? __hrtimer_init+0xe1/0x250
[ 1209.379443]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1209.384936]  hrtimer_nanosleep+0x2e4/0x640
[ 1209.388889]  ? ktime_get_update_offsets_now+0x3d5/0x5e0
[ 1209.392928]  ? nanosleep_copyout+0x110/0x110
[ 1209.397923]  ? do_timer+0x50/0x50
[ 1209.402137]  ? clock_was_set_work+0x30/0x30
[ 1209.407499]  ? rcu_softirq_qs+0x20/0x20
[ 1209.411907]  ? vmacache_update+0x114/0x140
[ 1209.415334]  hrtimer_interrupt+0x314/0x770
[ 1209.419632]  ? do_syscall_64+0x8c/0x800
[ 1209.423620]  smp_apic_timer_interrupt+0x18d/0x760
[ 1209.427813]  ? do_syscall_64+0x8c/0x800
[ 1209.432037]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1209.435990]  __x64_sys_nanosleep+0x1e0/0x280
[ 1209.440812]  ? smp_call_function_single_interrupt+0x640/0x640
[ 1209.444775]  ? hrtimer_nanosleep+0x640/0x640
[ 1209.449594]  ? trace_hardirqs_off+0x310/0x310
[ 1209.453986]  do_syscall_64+0x1a3/0x800
[ 1209.459860]  ? task_prio+0x50/0x50
[ 1209.459877]  ? check_preemption_disabled+0x48/0x290
[ 1209.464268]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1209.468744]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1209.472615]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 1209.476132]  apic_timer_interrupt+0xf/0x20
[ 1209.481129]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1209.486031]  </IRQ>
[ 1209.490869]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1209.495855] Modules linked in:
[ 1209.500079] RIP: 0033:0x443ae0
[ 1209.504895] 
[ 1209.504901] ======================================================
[ 1209.504906] WARNING: possible circular locking dependency detected
[ 1209.504910] 4.20.0-rc7-next-20181224 #1 Not tainted
[ 1209.504915] ------------------------------------------------------
[ 1209.504919] syz-executor881/7978 is trying to acquire lock:
[ 1209.504922] 000000007874c6ae ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
[ 1209.504935] 
[ 1209.504939] but task is already holding lock:
[ 1209.504942] 000000001e99e9d7 (report_lock){....}, at: kasan_report+0xb1/0x15e
[ 1209.504955] 
[ 1209.504959] which lock already depends on the new lock.
[ 1209.504961] 
[ 1209.504964] 
[ 1209.504969] the existing dependency chain (in reverse order) is:
[ 1209.504971] 
[ 1209.504973] -> #5 (report_lock){....}:
[ 1209.504986]        _raw_spin_lock_irqsave+0x95/0xcd
[ 1209.504990]        kasan_report+0xb1/0x15e
[ 1209.504994]        __asan_report_load8_noabort+0x14/0x20
[ 1209.504998]        timerqueue_add+0x2a5/0x320
[ 1209.505002]        enqueue_hrtimer+0x1ae/0x570
[ 1209.505006]        hrtimer_start_range_ns+0x62a/0xda0
[ 1209.505009]        do_nanosleep+0x1a2/0x750
[ 1209.505013]        hrtimer_nanosleep+0x2e4/0x640
[ 1209.505017]        __x64_sys_nanosleep+0x1e0/0x280
[ 1209.505021]        do_syscall_64+0x1a3/0x800
[ 1209.505026]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1209.505028] 
[ 1209.505030] -> #4 (hrtimer_bases.lock){-.-.}:
[ 1209.505043]        _raw_spin_lock_irqsave+0x95/0xcd
[ 1209.505047]        lock_hrtimer_base.isra.0+0x75/0x130
[ 1209.505051]        hrtimer_start_range_ns+0x120/0xda0
[ 1209.505055]        enqueue_task_rt+0x95b/0x1010
[ 1209.505059]        enqueue_task+0xb9/0x380
[ 1209.505063]        __sched_setscheduler+0xe32/0x1fe0
[ 1209.505067]        _sched_setscheduler+0x218/0x340
[ 1209.505071]        sched_setscheduler+0xe/0x10
[ 1209.505075]        watchdog_dev_init+0x109/0x1db
[ 1209.505079]        watchdog_init+0x81/0x294
[ 1209.505082]        do_one_initcall+0x129/0x937
[ 1209.505087]        kernel_init_freeable+0x4db/0x5ca
[ 1209.505090]        kernel_init+0x12/0x1c5
[ 1209.505094]        ret_from_fork+0x3a/0x50
[ 1209.505096] 
[ 1209.505099] -> #3 (&rt_b->rt_runtime_lock){-.-.}:
[ 1209.505112]        _raw_spin_lock+0x2f/0x40
[ 1209.505115]        rq_online_rt+0xb4/0x390
[ 1209.505119]        set_rq_online.part.0+0xe7/0x140
[ 1209.505123]        sched_cpu_activate+0x29e/0x430
[ 1209.505128]        cpuhp_invoke_callback+0x2f6/0x2110
[ 1209.505132]        cpuhp_thread_fun+0x496/0x8a0
[ 1209.505135]        smpboot_thread_fn+0x6ab/0xa10
[ 1209.505139]        kthread+0x357/0x430
[ 1209.505143]        ret_from_fork+0x3a/0x50
[ 1209.505145] 
[ 1209.505147] -> #2 (&rq->lock){-.-.}:
[ 1209.505159]        _raw_spin_lock+0x2f/0x40
[ 1209.505163]        task_fork_fair+0xb5/0x7a0
[ 1209.505167]        sched_fork+0x437/0xb90
[ 1209.505171]        copy_process+0x1ff6/0x8720
[ 1209.505174]        _do_fork+0x1a9/0x1170
[ 1209.505178]        kernel_thread+0x34/0x40
[ 1209.505181]        rest_init+0x28/0x37b
[ 1209.505185]        arch_call_rest_init+0xe/0x1b
[ 1209.505189]        start_kernel+0x882/0x8bd
[ 1209.505193]        x86_64_start_reservations+0x29/0x2b
[ 1209.505197]        x86_64_start_kernel+0x77/0x7b
[ 1209.505201]        secondary_startup_64+0xa4/0xb0
[ 1209.505203] 
[ 1209.505205] -> #1 (&p->pi_lock){-.-.}:
[ 1209.505218]        _raw_spin_lock_irqsave+0x95/0xcd
[ 1209.505222]        try_to_wake_up+0xb9/0x1480
[ 1209.505226]        wake_up_process+0x10/0x20
[ 1209.505229]        __up.isra.0+0x1c0/0x2a0
[ 1209.505233]        up+0x13e/0x1c0
[ 1209.505237]        __up_console_sem+0xb7/0x1c0
[ 1209.505241]        console_unlock+0x743/0x1040
[ 1209.505244]        vprintk_emit+0x370/0x960
[ 1209.505248]        vprintk_default+0x28/0x30
[ 1209.505252]        vprintk_func+0x7e/0x189
[ 1209.505255]        printk+0xba/0xed
[ 1209.505259]        do_exit.cold+0x57/0x16a
[ 1209.505262]        do_group_exit+0x177/0x430
[ 1209.505266]        __x64_sys_exit_group+0x44/0x50
[ 1209.505270]        do_syscall_64+0x1a3/0x800
[ 1209.505274]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1209.505277] 
[ 1209.505279] -> #0 ((console_sem).lock){-.-.}:
[ 1209.505292]        lock_acquire+0x1db/0x570
[ 1209.505296]        _raw_spin_lock_irqsave+0x95/0xcd
[ 1209.505299]        down_trylock+0x13/0x70
[ 1209.505303]        __down_trylock_console_sem+0xa8/0x210
[ 1209.505307]        console_trylock+0x15/0xa0
[ 1209.505311]        vprintk_emit+0x351/0x960
[ 1209.505314]        vprintk_default+0x28/0x30
[ 1209.505318]        vprintk_func+0x7e/0x189
[ 1209.505321]        printk+0xba/0xed
[ 1209.505325]        kasan_report+0xc1/0x15e
[ 1209.505329]        __asan_report_load8_noabort+0x14/0x20
[ 1209.505333]        timerqueue_add+0x2a5/0x320
[ 1209.505337]        enqueue_hrtimer+0x1ae/0x570
[ 1209.505341]        hrtimer_start_range_ns+0x62a/0xda0
[ 1209.505345]        do_nanosleep+0x1a2/0x750
[ 1209.505354]        hrtimer_nanosleep+0x2e4/0x640
[ 1209.505358]        __x64_sys_nanosleep+0x1e0/0x280
[ 1209.505362]        do_syscall_64+0x1a3/0x800
[ 1209.505366]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1209.505368] 
[ 1209.505373] other info that might help us debug this:
[ 1209.505375] 
[ 1209.505378] Chain exists of:
[ 1209.505380]   (console_sem).lock --> hrtimer_bases.lock --> report_lock
[ 1209.505396] 
[ 1209.505400]  Possible unsafe locking scenario:
[ 1209.505402] 
[ 1209.505406]        CPU0                    CPU1
[ 1209.505410]        ----                    ----
[ 1209.505413]   lock(report_lock);
[ 1209.505421]                                lock(hrtimer_bases.lock);
[ 1209.505430]                                lock(report_lock);
[ 1209.505437]   lock((console_sem).lock);
[ 1209.505444] 
[ 1209.505447]  *** DEADLOCK ***
[ 1209.505449] 
[ 1209.505453] 2 locks held by syz-executor881/7978:
[ 1209.505455]  #0: 0000000053a4f5fc (hrtimer_bases.lock){-.-.}, at: lock_hrtimer_base.isra.0+0x75/0x130
[ 1209.505471]  #1: 000000001e99e9d7 (report_lock){....}, at: kasan_report+0xb1/0x15e
[ 1209.505486] 
[ 1209.505489] stack backtrace:
[ 1209.505495] CPU: 0 PID: 7978 Comm: syz-executor881 Not tainted 4.20.0-rc7-next-20181224 #1
[ 1209.505502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1209.505505] Call Trace:
[ 1209.505508]  dump_stack+0x1db/0x2d0
[ 1209.505513]  ? dump_stack_print_info.cold+0x20/0x20
[ 1209.505517]  ? print_stack_trace+0x77/0xb0
[ 1209.505520]  ? vprintk_func+0x86/0x189
[ 1209.505525]  print_circular_bug.isra.0.cold+0x1cc/0x28f
[ 1209.505529]  __lock_acquire+0x2fed/0x4a10
[ 1209.505532]  ? mark_held_locks+0x100/0x100
[ 1209.505536]  ? __kernel_text_address+0xd/0x40
[ 1209.505541]  ? unwind_get_return_address+0x61/0xa0
[ 1209.505544]  ? __save_stack_trace+0x8a/0xf0
[ 1209.505549]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1209.505553]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1209.505557]  ? pvclock_read_flags+0x160/0x160
[ 1209.505561]  lock_acquire+0x1db/0x570
[ 1209.505565]  ? down_trylock+0x13/0x70
[ 1209.505569]  ? lock_release+0xc40/0xc40
[ 1209.505573]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1209.505577]  ? trace_hardirqs_off+0xb8/0x310
[ 1209.505581]  _raw_spin_lock_irqsave+0x95/0xcd
[ 1209.505585]  ? down_trylock+0x13/0x70
[ 1209.505588]  ? vprintk_emit+0x351/0x960
[ 1209.505592]  down_trylock+0x13/0x70
[ 1209.505596]  ? vprintk_emit+0x351/0x960
[ 1209.505600]  __down_trylock_console_sem+0xa8/0x210
[ 1209.505604]  console_trylock+0x15/0xa0
[ 1209.505608]  vprintk_emit+0x351/0x960
[ 1209.505611]  ? wake_up_klogd+0x180/0x180
[ 1209.505616]  ? debug_object_activate+0x2a7/0x4e0
[ 1209.505619]  ? find_held_lock+0x35/0x120
[ 1209.505623]  ? debug_object_activate+0x2a7/0x4e0
[ 1209.505627]  vprintk_default+0x28/0x30
[ 1209.505631]  vprintk_func+0x7e/0x189
[ 1209.505634]  printk+0xba/0xed
[ 1209.505638]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 1209.505643]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1209.505647]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1209.505651]  ? timerqueue_add+0x2a5/0x320
[ 1209.505655]  ? timerqueue_add+0x2a5/0x320
[ 1209.505658]  kasan_report+0xc1/0x15e
[ 1209.505662]  ? timerqueue_add+0x2a5/0x320
[ 1209.505666]  __asan_report_load8_noabort+0x14/0x20
[ 1209.505670]  timerqueue_add+0x2a5/0x320
[ 1209.505674]  enqueue_hrtimer+0x1ae/0x570
[ 1209.505678]  ? hrtimer_update_softirq_timer+0xa0/0xa0
[ 1209.505682]  ? lock_hrtimer_base.isra.0+0x75/0x130
[ 1209.505687]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1209.505691]  ? check_preemption_disabled+0x48/0x290
[ 1209.505695]  ? lock_hrtimer_base.isra.0+0x92/0x130
[ 1209.505700]  hrtimer_start_range_ns+0x62a/0xda0
[ 1209.505704]  ? __hrtimer_get_remaining+0x1e0/0x1e0
[ 1209.505708]  ? __debug_object_init+0x54b/0x1280
[ 1209.505712]  ? debug_object_free+0x590/0x590
[ 1209.505715]  do_nanosleep+0x1a2/0x750
[ 1209.505719]  ? schedule_timeout_idle+0x90/0x90
[ 1209.505723]  ? lock_downgrade+0x910/0x910
[ 1209.505727]  ? memset+0x32/0x40
[ 1209.505731]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1209.505735]  ? __hrtimer_init+0xe1/0x250
[ 1209.505739]  hrtimer_nanosleep+0x2e4/0x640
[ 1209.505744]  ? nanosleep_copyout+0x110/0x110
[ 1209.505748]  ? clock_was_set_work+0x30/0x30
[ 1209.505752]  ? vmacache_update+0x114/0x140
[ 1209.505755]  ? do_syscall_64+0x8c/0x800
[ 1209.505760]  ? do_syscall_64+0x8c/0x800
[ 1209.505764]  __x64_sys_nanosleep+0x1e0/0x280
[ 1209.505768]  ? hrtimer_nanosleep+0x640/0x640
[ 1209.505772]  do_syscall_64+0x1a3/0x800
[ 1209.505776]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1209.505780]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 1209.505784]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1209.505788]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1209.505792] RIP: 0033:0x443ae0
[ 1209.505803] Code: c0 5b 5d c3 66 0f 1f 44 00 00 8b 04 24 48 83 c4 18 5b 5d c3 66 0f 1f 44 00 00 83 3d 11 b5 29 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 21 fc ff c3 48 83 ec 08 e8 4a 44 00 00
[ 1209.505808] RSP: 002b:00007ffc84f7ff38 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
[ 1209.505817] RAX: ffffffffffffffda RBX: 0000000000000978 RCX: 0000000000443ae0
[ 1209.505822] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffc84f7ff40
[ 1209.505836] RBP: 0000000000000978 R08: 0000000000000001 R09: 0000000001e99940
[ 1209.505842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000976
[ 1209.505847] R13: 0000000000127235 R14: 0000000000000000 R15: 0000000000000000
[ 1209.505859] ---[ end trace 45e69f5e272f25f9 ]---
[ 1209.507122] Code: c0 5b 5d c3 66 0f 1f 44 00 00 8b 04 24 48 83 c4 18 5b 5d c3 66 0f 1f 44 00 00 83 3d 11 b5 29 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 74 21 fc ff c3 48 83 ec 08 e8 4a 44 00 00
[ 1209.512289] RIP: 0010:account_system_index_time+0xe8/0x5f0
[ 1209.515456] RSP: 002b:00007ffc84f7ff38 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
[ 1209.518640] Code: 04 00 00 49 8b 84 24 00 07 00 00 48 ba 00 00 00 00 00 fc ff df 48 8d b8 40 01 00 00 48 8d 88 28 01 00 00 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48 89 fe 83 e6 07 40 38 f2 7f 08 84 d2 0f 85 93 03 00
[ 1209.520247] RAX: ffffffffffffffda RBX: 0000000000000978 RCX: 0000000000443ae0
[ 1209.526545] RSP: 0018:ffff8880ae707a80 EFLAGS: 00010006
[ 1209.532855] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffc84f7ff40
[ 1209.537888] RAX: 0000000041b58ab3 RBX: 1ffff11015ce0f54 RCX: 0000000041b58bdb
[ 1209.544188] RBP: 0000000000000978 R08: 0000000000000001 R09: 0000000001e99940
[ 1209.549895] RDX: dffffc0000000000 RSI: 000000000836b17e RDI: 0000000041b58bf3
[ 1209.557667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000976
[ 1209.559274] RBP: ffff8880ae707b48 R08: ffff8880ae71f5f0 R09: fffffbfff1335b3d
[ 1209.563749] R13: 0000000000127235 R14: 0000000000000000 R15: 0000000000000000
[ 1209.571001] R10: fffffbfff1301b45 R11: ffffffff899ad9e3 R12: ffff8880a94c4440
[ 1209.572614] 
[ 1209.577954] R13: 000000000077a391 R14: 0000000000000003 R15: ffff8880ae707b20
[ 1209.579561] The buggy address belongs to the page:
[ 1209.581177] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[ 1209.587300] page:ffffea0002a507c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 1209.588906] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1209.592769] flags: 0x1fffc0000000000()
[ 1209.597773] CR2: 00000000006d7090 CR3: 0000000096f60000 CR4: 00000000001406e0
[ 1209.601990] raw: 01fffc0000000000 ffffea0002a507c8 ffffea0002a507c8 0000000000000000
[ 1209.607419] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1209.611899] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 1209.616455] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1209.621884] page dumped because: kasan: bad access detected
[ 1209.626182] Kernel panic - not syncing: Fatal exception in interrupt
[ 1209.630918] 
[ 1210.697656] Memory state around the buggy address:
[ 1210.702584]  ffff8880a941f300: 00 00 00 00 f1 f1 f1 f1 f1 f1 04 f2 00 f2 f2 f2
[ 1210.709937]  ffff8880a941f380: f8 f2 f2 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00
[ 1210.717291] >ffff8880a941f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[ 1210.724640]                                                                 ^
[ 1210.731910]  ffff8880a941f480: f1 f1 f8 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00
[ 1210.739280]  ffff8880a941f500: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
[ 1210.746631] ==================================================================
[ 1210.785709] Shutting down cpus with NMI
[ 1210.790800] Kernel Offset: disabled
[ 1210.794435] Rebooting in 86400 seconds..
Comment 1 Andrey Konovalov 2022-03-27 14:14:50 UTC 
Resolved with [1].

Dmitry, could you close? I don't have the permissions for this bug.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c32caa267b927b744610f4214bfde7ce7d55df1c