======================================================== WARNING: possible irq lock inversion dependency detected 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 Not tainted -------------------------------------------------------- syz-executor/13995 just changed the state of lock: ffff88807d1bf230 (&dev->event_lock#2){..-.}-{2:2}, at: input_inject_event+0xc5/0x340 drivers/input/input.c:423 but this lock took another, SOFTIRQ-READ-unsafe lock in the past: (tasklist_lock){.+.+}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Chain exists of: &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&dev->event_lock#2); lock(&new->fa_lock); lock(&dev->event_lock#2); *** DEADLOCK *** 5 locks held by syz-executor/13995: #0: ffff88801e2da420 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515 #1: ffff88803363d7b0 (&type->i_mutex_dir_key#5/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:835 [inline] #1: ffff88803363d7b0 (&type->i_mutex_dir_key#5/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:3979 #2: ffff88803363d560 (&simple_offset_lock_class){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] #2: ffff88803363d560 (&simple_offset_lock_class){+.+.}-{2:2}, at: mtree_alloc_cyclic+0x1c9/0x2b0 lib/maple_tree.c:6526 #3: ffffc90000a18c00 (drivers/tty/vt/keyboard.c:274){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1789 #4: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:326 [inline] #4: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline] #4: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: input_handler_for_each_handle+0x29/0x1d0 drivers/input/input.c:2676 the shortest dependencies between 2nd lock and 1st lock: -> (tasklist_lock){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0x12d/0x850 kernel/exit.c:1591 do_wait+0x1e9/0x560 kernel/exit.c:1635 kernel_wait+0xe9/0x240 kernel/exit.c:1811 call_usermodehelper_exec_sync kernel/umh.c:137 [inline] call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x870/0xd30 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 SOFTIRQ-ON-R at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0x12d/0x850 kernel/exit.c:1591 do_wait+0x1e9/0x560 kernel/exit.c:1635 kernel_wait+0xe9/0x240 kernel/exit.c:1811 call_usermodehelper_exec_sync kernel/umh.c:137 [inline] call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x870/0xd30 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 INITIAL USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326 copy_process+0x228b/0x3dc0 kernel/fork.c:2500 kernel_clone+0x223/0x880 kernel/fork.c:2781 user_mode_thread+0x132/0x1a0 kernel/fork.c:2859 rest_init+0x23/0x300 init/main.c:712 start_kernel+0x47a/0x500 init/main.c:1103 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507 x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488 common_startup_64+0x13e/0x147 INITIAL READ USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 __do_wait+0x12d/0x850 kernel/exit.c:1591 do_wait+0x1e9/0x560 kernel/exit.c:1635 kernel_wait+0xe9/0x240 kernel/exit.c:1811 call_usermodehelper_exec_sync kernel/umh.c:137 [inline] call_usermodehelper_exec_work+0xbd/0x230 kernel/umh.c:164 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x870/0xd30 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x36/0x50 kernel/locking/spinlock.c:228 send_sigio+0xfc/0x360 fs/fcntl.c:830 dnotify_handle_event+0x13c/0x440 fs/notify/dnotify/dnotify.c:114 fsnotify_handle_event fs/notify/fsnotify.c:347 [inline] send_to_group fs/notify/fsnotify.c:395 [inline] fsnotify+0x18ab/0x1f70 fs/notify/fsnotify.c:604 fsnotify_parent include/linux/fsnotify.h:99 [inline] fsnotify_dentry include/linux/fsnotify.h:108 [inline] fsnotify_change+0x24f/0x2a0 include/linux/fsnotify.h:450 notify_change+0xc0c/0xe90 fs/attr.c:508 chmod_common+0x2ab/0x4c0 fs/open.c:654 vfs_fchmod fs/open.c:670 [inline] __do_sys_fchmod fs/open.c:679 [inline] __se_sys_fchmod fs/open.c:673 [inline] __x64_sys_fchmod+0xf8/0x160 fs/open.c:673 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&f->f_owner.lock){....}-{2:2} { INITIAL USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326 f_modown+0x38/0x340 fs/fcntl.c:93 fcntl_dirnotify+0x57d/0x740 fs/notify/dnotify/dnotify.c:368 do_fcntl+0x492/0x1730 fs/fcntl.c:441 __do_sys_fcntl fs/fcntl.c:492 [inline] __se_sys_fcntl+0xd2/0x1c0 fs/fcntl.c:477 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236 send_sigio+0x33/0x360 fs/fcntl.c:816 dnotify_handle_event+0x13c/0x440 fs/notify/dnotify/dnotify.c:114 fsnotify_handle_event fs/notify/fsnotify.c:347 [inline] send_to_group fs/notify/fsnotify.c:395 [inline] fsnotify+0x18ab/0x1f70 fs/notify/fsnotify.c:604 fsnotify_parent include/linux/fsnotify.h:99 [inline] fsnotify_file include/linux/fsnotify.h:131 [inline] fsnotify_access+0x219/0x280 include/linux/fsnotify.h:380 iterate_dir+0x5c8/0x810 fs/readdir.c:110 __do_sys_getdents fs/readdir.c:324 [inline] __se_sys_getdents+0x1ef/0x4d0 fs/readdir.c:309 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] init_file.__key+0x0/0x20 ... acquired at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236 send_sigio+0x33/0x360 fs/fcntl.c:816 kill_fasync_rcu fs/fcntl.c:1035 [inline] kill_fasync+0x23a/0x4d0 fs/fcntl.c:1049 mousedev_notify_readers+0x719/0xc80 drivers/input/mousedev.c:309 mousedev_event+0x5d9/0x1390 drivers/input/mousedev.c:394 input_handler_events_default+0x107/0x1c0 drivers/input/input.c:2552 input_pass_values+0x286/0x860 drivers/input/input.c:126 input_event_dispose+0x30f/0x600 drivers/input/input.c:341 input_handle_event+0xa71/0xbe0 drivers/input/input.c:369 input_inject_event+0x22f/0x340 drivers/input/input.c:428 evdev_write+0x672/0x7c0 drivers/input/evdev.c:521 vfs_write+0x2a2/0xc90 fs/read_write.c:588 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&new->fa_lock){....}-{2:2} { INITIAL USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:326 fasync_remove_entry+0xff/0x1d0 fs/fcntl.c:905 sock_fasync+0x8a/0x100 net/socket.c:1446 __fput+0x73e/0x8a0 fs/file_table.c:419 task_work_run+0x24f/0x310 kernel/task_work.c:228 get_signal+0x15e6/0x1740 kernel/signal.c:2689 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL READ USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1028 [inline] kill_fasync+0x19e/0x4d0 fs/fcntl.c:1049 mousedev_notify_readers+0x719/0xc80 drivers/input/mousedev.c:309 mousedev_event+0x5d9/0x1390 drivers/input/mousedev.c:394 input_handler_events_default+0x107/0x1c0 drivers/input/input.c:2552 input_pass_values+0x286/0x860 drivers/input/input.c:126 input_event_dispose+0x30f/0x600 drivers/input/input.c:341 input_handle_event+0xa71/0xbe0 drivers/input/input.c:369 input_inject_event+0x22f/0x340 drivers/input/input.c:428 evdev_write+0x672/0x7c0 drivers/input/evdev.c:521 vfs_write+0x2a2/0xc90 fs/read_write.c:588 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] fasync_insert_entry.__key+0x0/0x20 ... acquired at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0xdd/0x130 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:1028 [inline] kill_fasync+0x19e/0x4d0 fs/fcntl.c:1049 mousedev_notify_readers+0x719/0xc80 drivers/input/mousedev.c:309 mousedev_event+0x5d9/0x1390 drivers/input/mousedev.c:394 input_handler_events_default+0x107/0x1c0 drivers/input/input.c:2552 input_pass_values+0x286/0x860 drivers/input/input.c:126 input_event_dispose+0x30f/0x600 drivers/input/input.c:341 input_handle_event+0xa71/0xbe0 drivers/input/input.c:369 input_inject_event+0x22f/0x340 drivers/input/input.c:428 evdev_write+0x672/0x7c0 drivers/input/evdev.c:521 vfs_write+0x2a2/0xc90 fs/read_write.c:588 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> (&dev->event_lock#2){..-.}-{2:2} { IN-SOFTIRQ-W at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 input_inject_event+0xc5/0x340 drivers/input/input.c:423 kd_sound_helper+0x101/0x210 drivers/tty/vt/keyboard.c:256 input_handler_for_each_handle+0x103/0x1d0 drivers/input/input.c:2679 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1843 [inline] __run_timers kernel/time/timer.c:2417 [inline] __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428 run_timer_base kernel/time/timer.c:2437 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 mas_alloc_cyclic+0x2a3/0x3a0 lib/maple_tree.c:4329 mtree_alloc_cyclic+0x1eb/0x2b0 lib/maple_tree.c:6527 simple_offset_add+0x105/0x1b0 fs/libfs.c:289 shmem_symlink+0x1a5/0x6c0 mm/shmem.c:3672 vfs_symlink+0x137/0x2e0 fs/namei.c:4568 do_symlinkat+0x222/0x3a0 fs/namei.c:4594 __do_sys_symlinkat fs/namei.c:4610 [inline] __se_sys_symlinkat fs/namei.c:4607 [inline] __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 input_inject_event+0xc5/0x340 drivers/input/input.c:423 kbd_led_trigger_activate+0xb8/0x100 drivers/tty/vt/keyboard.c:1036 led_trigger_set+0x582/0x9c0 drivers/leds/led-triggers.c:212 led_match_default_trigger drivers/leds/led-triggers.c:269 [inline] led_trigger_set_default+0x229/0x260 drivers/leds/led-triggers.c:287 led_classdev_register_ext+0x6e6/0x8a0 drivers/leds/led-class.c:555 led_classdev_register include/linux/leds.h:273 [inline] input_leds_connect+0x489/0x630 drivers/input/input-leds.c:145 input_attach_handler drivers/input/input.c:1027 [inline] input_register_device+0xd3b/0x1110 drivers/input/input.c:2473 atkbd_connect+0x752/0xa00 drivers/input/keyboard/atkbd.c:1342 serio_connect_driver drivers/input/serio/serio.c:44 [inline] serio_driver_probe+0x7f/0xa0 drivers/input/serio/serio.c:775 really_probe+0x2b8/0xad0 drivers/base/dd.c:657 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:799 driver_probe_device+0x50/0x430 drivers/base/dd.c:829 __driver_attach+0x45f/0x710 drivers/base/dd.c:1215 bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368 serio_attach_driver drivers/input/serio/serio.c:804 [inline] serio_handle_event+0x1c7/0x920 drivers/input/serio/serio.c:224 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x870/0xd30 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 } ... key at: [] input_allocate_device.__key.5+0x0/0x20 ... acquired at: mark_lock+0x223/0x350 kernel/locking/lockdep.c:4677 __lock_acquire+0xbf9/0x2040 kernel/locking/lockdep.c:5096 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 input_inject_event+0xc5/0x340 drivers/input/input.c:423 kd_sound_helper+0x101/0x210 drivers/tty/vt/keyboard.c:256 input_handler_for_each_handle+0x103/0x1d0 drivers/input/input.c:2679 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1843 [inline] __run_timers kernel/time/timer.c:2417 [inline] __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428 run_timer_base kernel/time/timer.c:2437 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 mas_alloc_cyclic+0x2a3/0x3a0 lib/maple_tree.c:4329 mtree_alloc_cyclic+0x1eb/0x2b0 lib/maple_tree.c:6527 simple_offset_add+0x105/0x1b0 fs/libfs.c:289 shmem_symlink+0x1a5/0x6c0 mm/shmem.c:3672 vfs_symlink+0x137/0x2e0 fs/namei.c:4568 do_symlinkat+0x222/0x3a0 fs/namei.c:4594 __do_sys_symlinkat fs/namei.c:4610 [inline] __se_sys_symlinkat fs/namei.c:4607 [inline] __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f stack backtrace: CPU: 1 UID: 0 PID: 13995 Comm: syz-executor Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace: __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 mark_lock_irq+0x80c/0xc20 kernel/locking/lockdep.c:4242 mark_lock+0x223/0x350 kernel/locking/lockdep.c:4677 __lock_acquire+0xbf9/0x2040 kernel/locking/lockdep.c:5096 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5759 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 input_inject_event+0xc5/0x340 drivers/input/input.c:423 kd_sound_helper+0x101/0x210 drivers/tty/vt/keyboard.c:256 input_handler_for_each_handle+0x103/0x1d0 drivers/input/input.c:2679 call_timer_fn+0x18e/0x650 kernel/time/timer.c:1792 expire_timers kernel/time/timer.c:1843 [inline] __run_timers kernel/time/timer.c:2417 [inline] __run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2428 run_timer_base kernel/time/timer.c:2437 [inline] run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2447 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:mas_alloc_cyclic+0x2a3/0x3a0 lib/maple_tree.c:4329 Code: 03 42 80 3c 30 00 74 08 48 89 ef e8 57 9b 52 f6 48 8b 6d 00 4c 89 e0 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 e7 e8 2d 9c 52 f6 <49> 89 2c 24 48 ff c5 48 8b 44 24 10 42 80 3c 30 00 4c 8b 64 24 18 RSP: 0018:ffffc9000db77a60 EFLAGS: 00000246 RAX: 1ffff92001b6ef88 RBX: ffffc9000db77b40 RCX: 1ffff92001b6ef00 RDX: ffff88807fb35a00 RSI: 0000000000000000 RDI: 0000000000000007 RBP: 0000000000000004 R08: ffffffff8ba51440 R09: 1ffffffff1fee945 R10: dffffc0000000000 R11: fffffbfff1fee946 R12: ffffc9000db77c40 R13: ffff888060dde2f0 R14: dffffc0000000000 R15: 0000000000000000 mtree_alloc_cyclic+0x1eb/0x2b0 lib/maple_tree.c:6527 simple_offset_add+0x105/0x1b0 fs/libfs.c:289 shmem_symlink+0x1a5/0x6c0 mm/shmem.c:3672 vfs_symlink+0x137/0x2e0 fs/namei.c:4568 do_symlinkat+0x222/0x3a0 fs/namei.c:4594 __do_sys_symlinkat fs/namei.c:4610 [inline] __se_sys_symlinkat fs/namei.c:4607 [inline] __x64_sys_symlinkat+0x95/0xb0 fs/namei.c:4607 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbe6a37d477 Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe6b7a4dc8 EFLAGS: 00000202 ORIG_RAX: 000000000000010a RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbe6a37d477 RDX: 00007fbe6a3f2231 RSI: 00000000ffffff9c RDI: 00007ffe6b7a4e50 RBP: 00007ffe6b7a4dfc R08: 0000000000000013 R09: 00007ffe6b7a4b17 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 R13: 0000000000058e62 R14: 0000000000058df1 R15: 00007ffe6b7a4e50 ---------------- Code disassembly (best guess): 0: 03 42 80 add -0x80(%rdx),%eax 3: 3c 30 cmp $0x30,%al 5: 00 74 08 48 add %dh,0x48(%rax,%rcx,1) 9: 89 ef mov %ebp,%edi b: e8 57 9b 52 f6 call 0xf6529b67 10: 48 8b 6d 00 mov 0x0(%rbp),%rbp 14: 4c 89 e0 mov %r12,%rax 17: 48 c1 e8 03 shr $0x3,%rax 1b: 42 80 3c 30 00 cmpb $0x0,(%rax,%r14,1) 20: 74 08 je 0x2a 22: 4c 89 e7 mov %r12,%rdi 25: e8 2d 9c 52 f6 call 0xf6529c57 * 2a: 49 89 2c 24 mov %rbp,(%r12) <-- trapping instruction 2e: 48 ff c5 inc %rbp 31: 48 8b 44 24 10 mov 0x10(%rsp),%rax 36: 42 80 3c 30 00 cmpb $0x0,(%rax,%r14,1) 3b: 4c 8b 64 24 18 mov 0x18(%rsp),%r12