watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.0:4007]
Modules linked in:
irq event stamp: 4405849
hardirqs last  enabled at (4405848): [<ffffffff84000d02>] asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
hardirqs last disabled at (4405849): [<ffffffff83e6374b>] sysvec_apic_timer_interrupt+0xb/0xa0 arch/x86/kernel/apic/apic.c:1106
softirqs last  enabled at (4404662): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
softirqs last disabled at (4404665): [<ffffffff84001092>] asm_call_irq_on_stack+0x12/0x20
CPU: 1 PID: 4007 Comm: syz-executor.0 Not tainted 5.10.230 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:check_memory_region+0x177/0x1f0 mm/kasan/generic.c:193
Code: d2 75 0b 48 89 da 48 29 c2 e9 20 ff ff ff 48 89 d0 49 39 c2 75 92 49 0f be 02 41 83 e1 07 49 39 c1 7d 85 41 bb 01 00 00 00 5b <5d> 44 89 d8 41 5c e9 5e 8d b3 02 48 85 d2 74 e9 48 01 ea eb 09 48
RSP: 0018:ffff88806cf099e0 EFLAGS: 00000246
RAX: ffffed10011028a5 RBX: 0000000000000001 RCX: ffffffff81219aa2
RDX: ffffed10011028a5 RSI: 0000000000000008 RDI: ffff888008814520
RBP: ffffed10011028a4 R08: 0000000000000000 R09: ffff888008814527
R10: ffffed10011028a4 R11: 0000000000000001 R12: ffff888008814500
R13: 0000000000000000 R14: ffff88806cf09da8 R15: dffffc0000000000
FS:  00007f3787b0a700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f305c2ff718 CR3: 000000001d3c2000 CR4: 0000000000350ee0
Call Trace:
 <IRQ>
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 cpumask_test_cpu include/linux/cpumask.h:367 [inline]
 update_sd_lb_stats kernel/sched/fair.c:9242 [inline]
 find_busiest_group+0x1f2/0x2de0 kernel/sched/fair.c:9517
 load_balance+0x358/0x2a10 kernel/sched/fair.c:9887
 rebalance_domains+0x690/0xe40 kernel/sched/fair.c:10319
 __do_softirq+0x1b8/0x7c9 kernel/softirq.c:298
 asm_call_irq_on_stack+0x12/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x80/0xa0 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:393 [inline]
 __irq_exit_rcu kernel/softirq.c:423 [inline]
 irq_exit_rcu+0x114/0x1b0 kernel/softirq.c:435
 sysvec_apic_timer_interrupt+0x43/0xa0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:91 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:108 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:134 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:165 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/generic.c:183 [inline]
RIP: 0010:check_memory_region+0x198/0x1f0 mm/kasan/generic.c:192
Code: 7d 85 41 bb 01 00 00 00 5b 5d 44 89 d8 41 5c e9 5e 8d b3 02 48 85 d2 74 e9 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 db 80 38 00 <74> f2 e9 28 ff ff ff 48 29 c3 48 89 da 49 89 d3 49 c1 fb 3f 49 c1
RSP: 0018:ffff88800f05f5c8 EFLAGS: 00000246
RAX: fffff940000702c0 RBX: fffff940000702c1 RCX: ffffffff81667456
RDX: fffff940000702c1 RSI: 0000000000000008 RDI: ffffea0000381600
RBP: fffff940000702c0 R08: 0000000000000000 R09: ffffea0000381607
R10: fffff940000702c0 R11: 0000000000000001 R12: ffff88800f05f648
R13: 0000000000000003 R14: ffffffff80000000 R15: ffff88800ef60280
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 PageHead include/linux/page-flags.h:571 [inline]
 __free_pages+0x16/0x120 mm/page_alloc.c:5060
 qlink_free mm/kasan/quarantine.c:151 [inline]
 qlist_free_all+0x59/0xe0 mm/kasan/quarantine.c:170
 quarantine_reduce+0x184/0x210 mm/kasan/quarantine.c:267
 __kasan_kmalloc.constprop.0+0xa2/0xd0 mm/kasan/common.c:442
 slab_post_alloc_hook mm/slab.h:532 [inline]
 slab_alloc_node mm/slub.c:2896 [inline]
 kmem_cache_alloc_node_trace+0x14f/0x340 mm/slub.c:2946
 kmalloc_node include/linux/slab.h:570 [inline]
 kzalloc_node include/linux/slab.h:675 [inline]
 __get_vm_area_node+0xd4/0x340 mm/vmalloc.c:2073
 __vmalloc_node_range+0x13f/0x9e0 mm/vmalloc.c:2559
 __vmalloc_node+0xb5/0x110 mm/vmalloc.c:2607
 n_tty_open+0x16/0x170 drivers/tty/n_tty.c:1910
 tty_ldisc_open+0xa2/0x120 drivers/tty/tty_ldisc.c:464
 tty_ldisc_setup+0x43/0x100 drivers/tty/tty_ldisc.c:773
 tty_init_dev.part.0+0x1fa/0x610 drivers/tty/tty_io.c:1449
 tty_init_dev+0x5b/0x80 drivers/tty/tty_io.c:1415
 ptmx_open drivers/tty/pty.c:836 [inline]
 ptmx_open+0x116/0x370 drivers/tty/pty.c:802
 chrdev_open+0x268/0x6e0 fs/char_dev.c:414
 do_dentry_open+0x4b7/0x1090 fs/open.c:817
 do_open fs/namei.c:3307 [inline]
 path_openat+0x19ba/0x2770 fs/namei.c:3425
 do_filp_open+0x190/0x3e0 fs/namei.c:3452
 do_sys_openat2+0x171/0x4d0 fs/open.c:1227
 do_sys_open fs/open.c:1243 [inline]
 __do_sys_openat fs/open.c:1259 [inline]
 __se_sys_openat fs/open.c:1254 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1254
 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x67/0xd1
RIP: 0033:0x7f378a594b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3787b0a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f378a6a7f60 RCX: 00007f378a594b19
RDX: 0000000000000c02 RSI: 0000000020000000 RDI: ffffffffffffff9c
RBP: 00007f378a5eef6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffea0baabff R14: 00007f3787b0a300 R15: 0000000000022000
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline]
NMI backtrace for cpu 0 skipped: idling at default_idle+0xe/0x20 arch/x86/kernel/process.c:706
----------------
Code disassembly (best guess):
   0:	d2 75 0b             	shlb   %cl,0xb(%rbp)
   3:	48 89 da             	mov    %rbx,%rdx
   6:	48 29 c2             	sub    %rax,%rdx
   9:	e9 20 ff ff ff       	jmpq   0xffffff2e
   e:	48 89 d0             	mov    %rdx,%rax
  11:	49 39 c2             	cmp    %rax,%r10
  14:	75 92                	jne    0xffffffa8
  16:	49 0f be 02          	movsbq (%r10),%rax
  1a:	41 83 e1 07          	and    $0x7,%r9d
  1e:	49 39 c1             	cmp    %rax,%r9
  21:	7d 85                	jge    0xffffffa8
  23:	41 bb 01 00 00 00    	mov    $0x1,%r11d
  29:	5b                   	pop    %rbx
* 2a:	5d                   	pop    %rbp <-- trapping instruction
  2b:	44 89 d8             	mov    %r11d,%eax
  2e:	41 5c                	pop    %r12
  30:	e9 5e 8d b3 02       	jmpq   0x2b38d93
  35:	48 85 d2             	test   %rdx,%rdx
  38:	74 e9                	je     0x23
  3a:	48 01 ea             	add    %rbp,%rdx
  3d:	eb 09                	jmp    0x48
  3f:	48                   	rex.W