======================================================== WARNING: possible irq lock inversion dependency detected 5.18.0-rc3-syzkaller #0 Not tainted -------------------------------------------------------- syz-executor425/6524 just changed the state of lock: ffff8880216b6148 (&timer->lock){..-.}-{2:2}, at: snd_timer_interrupt.part.0+0x28/0xd50 sound/core/timer.c:856 but this lock took another, SOFTIRQ-READ-unsafe lock in the past: (tasklist_lock){.+.+}-{2:2} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Chain exists of: &timer->lock --> &new->fa_lock --> tasklist_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&timer->lock); lock(&new->fa_lock); lock(&timer->lock); *** DEADLOCK *** 4 locks held by syz-executor425/6524: #0: ffff888072523228 (&mm->mmap_lock#2){++++}-{3:3}, at: mmap_read_trylock include/linux/mmap_lock.h:136 [inline] #0: ffff888072523228 (&mm->mmap_lock#2){++++}-{3:3}, at: do_user_addr_fault+0x18d/0xcd0 arch/x86/mm/fault.c:1338 #1: ffffffff8ad781e0 (rcu_read_lock){....}-{1:2}, at: filemap_map_pages+0x175/0x1700 mm/filemap.c:3351 #2: ffff888071af2018 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] #2: ffff888071af2018 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: filemap_map_pages+0x6e7/0x1700 mm/filemap.c:3365 #3: ffffc900001e0d78 ((&priv->tlist)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:35 [inline] #3: ffffc900001e0d78 ((&priv->tlist)){+.-.}-{0:0}, at: call_timer_fn+0xcd/0x4a0 kernel/time/timer.c:1411 the shortest dependencies between 2nd lock and 1st lock: -> (tasklist_lock){.+.+}-{2:2} { HARDIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 do_wait+0x231/0xaa0 kernel/exit.c:1508 kernel_wait+0x97/0x130 kernel/exit.c:1698 call_usermodehelper_exec_sync kernel/umh.c:139 [inline] call_usermodehelper_exec_work+0xbb/0x140 kernel/umh.c:166 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 SOFTIRQ-ON-R at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 do_wait+0x231/0xaa0 kernel/exit.c:1508 kernel_wait+0x97/0x130 kernel/exit.c:1698 call_usermodehelper_exec_sync kernel/umh.c:139 [inline] call_usermodehelper_exec_work+0xbb/0x140 kernel/umh.c:166 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326 copy_process+0x3a19/0x68e0 kernel/fork.c:2368 kernel_clone+0xb8/0x7f0 kernel/fork.c:2639 kernel_thread+0xa3/0xe0 kernel/fork.c:2691 rest_init+0x1e/0x300 init/main.c:691 start_kernel+0x343/0x361 init/main.c:1140 secondary_startup_64_no_verify+0xc3/0xcb INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 do_wait+0x231/0xaa0 kernel/exit.c:1508 kernel_wait+0x97/0x130 kernel/exit.c:1698 call_usermodehelper_exec_sync kernel/umh.c:139 [inline] call_usermodehelper_exec_work+0xbb/0x140 kernel/umh.c:166 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 } ... key at: [] tasklist_lock+0x18/0x40 ... acquired at: __raw_read_lock include/linux/rwlock_api_smp.h:150 [inline] _raw_read_lock+0x5b/0x70 kernel/locking/spinlock.c:228 send_sigio+0x8c/0x2b0 fs/fcntl.c:792 kill_fasync_rcu fs/fcntl.c:1003 [inline] kill_fasync fs/fcntl.c:1017 [inline] kill_fasync+0x176/0x320 fs/fcntl.c:1010 snd_timer_user_ccallback+0x24d/0x300 sound/core/timer.c:1386 snd_timer_notify1+0x115/0x330 sound/core/timer.c:516 snd_timer_stop1+0x3bd/0x7b0 sound/core/timer.c:657 snd_timer_stop sound/core/timer.c:710 [inline] snd_timer_close_locked+0x1cc/0xb30 sound/core/timer.c:408 snd_timer_close+0x7d/0xd0 sound/core/timer.c:463 __snd_timer_user_ioctl.isra.0+0xaf5/0x1e90 sound/core/timer.c:1762 snd_timer_user_ioctl+0x72/0xa0 sound/core/timer.c:2128 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> (&f->f_owner.lock){....}-{2:2} { INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326 f_modown+0x23/0x320 fs/fcntl.c:91 __f_setown fs/fcntl.c:110 [inline] f_setown+0x86/0x160 fs/fcntl.c:138 do_fcntl+0x52a/0xd00 fs/fcntl.c:377 __do_sys_fcntl fs/fcntl.c:454 [inline] __se_sys_fcntl fs/fcntl.c:439 [inline] __x64_sys_fcntl+0x114/0x160 fs/fcntl.c:439 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236 send_sigio+0x1c/0x2b0 fs/fcntl.c:778 kill_fasync_rcu fs/fcntl.c:1003 [inline] kill_fasync fs/fcntl.c:1017 [inline] kill_fasync+0x176/0x320 fs/fcntl.c:1010 snd_timer_user_ccallback+0x24d/0x300 sound/core/timer.c:1386 snd_timer_notify1+0x115/0x330 sound/core/timer.c:516 snd_timer_start1+0x3dd/0x6f0 sound/core/timer.c:578 snd_timer_start sound/core/timer.c:696 [inline] snd_timer_start sound/core/timer.c:689 [inline] snd_timer_user_start.isra.0+0x16d/0x1e0 sound/core/timer.c:1984 __snd_timer_user_ioctl.isra.0+0xa9d/0x1e90 sound/core/timer.c:2107 snd_timer_user_ioctl+0x72/0xa0 sound/core/timer.c:2128 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae } ... key at: [] __key.5+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236 send_sigio+0x1c/0x2b0 fs/fcntl.c:778 kill_fasync_rcu fs/fcntl.c:1003 [inline] kill_fasync fs/fcntl.c:1017 [inline] kill_fasync+0x176/0x320 fs/fcntl.c:1010 snd_timer_user_ccallback+0x24d/0x300 sound/core/timer.c:1386 snd_timer_notify1+0x115/0x330 sound/core/timer.c:516 snd_timer_start1+0x3dd/0x6f0 sound/core/timer.c:578 snd_timer_start sound/core/timer.c:696 [inline] snd_timer_start sound/core/timer.c:689 [inline] snd_timer_user_start.isra.0+0x16d/0x1e0 sound/core/timer.c:1984 __snd_timer_user_ioctl.isra.0+0xa9d/0x1e90 sound/core/timer.c:2107 snd_timer_user_ioctl+0x72/0xa0 sound/core/timer.c:2128 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> (&new->fa_lock){....}-{2:2} { INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_write_lock_irq include/linux/rwlock_api_smp.h:195 [inline] _raw_write_lock_irq+0x32/0x50 kernel/locking/spinlock.c:326 fasync_remove_entry+0xa1/0x1d0 fs/fcntl.c:873 __fput+0x664/0x8c0 fs/file_table.c:314 task_work_run+0xc0/0x160 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:37 [inline] do_exit+0x986/0x2470 kernel/exit.c:795 do_group_exit+0xb2/0x2a0 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __x64_sys_exit_group+0x35/0x40 kernel/exit.c:934 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae INITIAL READ USE at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:996 [inline] kill_fasync fs/fcntl.c:1017 [inline] kill_fasync+0xe5/0x320 fs/fcntl.c:1010 snd_timer_user_ccallback+0x24d/0x300 sound/core/timer.c:1386 snd_timer_notify1+0x115/0x330 sound/core/timer.c:516 snd_timer_start1+0x3dd/0x6f0 sound/core/timer.c:578 snd_timer_start sound/core/timer.c:696 [inline] snd_timer_start sound/core/timer.c:689 [inline] snd_timer_user_start.isra.0+0x16d/0x1e0 sound/core/timer.c:1984 __snd_timer_user_ioctl.isra.0+0xa9d/0x1e90 sound/core/timer.c:2107 snd_timer_user_ioctl+0x72/0xa0 sound/core/timer.c:2128 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae } ... key at: [] __key.0+0x0/0x40 ... acquired at: __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline] _raw_read_lock_irqsave+0x70/0x90 kernel/locking/spinlock.c:236 kill_fasync_rcu fs/fcntl.c:996 [inline] kill_fasync fs/fcntl.c:1017 [inline] kill_fasync+0xe5/0x320 fs/fcntl.c:1010 snd_timer_user_ccallback+0x24d/0x300 sound/core/timer.c:1386 snd_timer_notify1+0x115/0x330 sound/core/timer.c:516 snd_timer_start1+0x3dd/0x6f0 sound/core/timer.c:578 snd_timer_start sound/core/timer.c:696 [inline] snd_timer_start sound/core/timer.c:689 [inline] snd_timer_user_start.isra.0+0x16d/0x1e0 sound/core/timer.c:1984 __snd_timer_user_ioctl.isra.0+0xa9d/0x1e90 sound/core/timer.c:2107 snd_timer_user_ioctl+0x72/0xa0 sound/core/timer.c:2128 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae -> (&timer->lock){..-.}-{2:2} { IN-SOFTIRQ-W at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 snd_timer_interrupt.part.0+0x28/0xd50 sound/core/timer.c:856 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x530/0x8e0 kernel/time/timer.c:1737 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1750 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:645 lock_release+0x3f1/0x720 kernel/locking/lockdep.c:5649 page_add_file_rmap+0xb8/0x1290 mm/rmap.c:1282 do_set_pte+0x249/0x5e0 mm/memory.c:4056 filemap_map_pages+0x876/0x1700 mm/filemap.c:3386 do_fault_around mm/memory.c:4219 [inline] do_read_fault mm/memory.c:4234 [inline] do_fault mm/memory.c:4369 [inline] handle_pte_fault mm/memory.c:4627 [inline] __handle_mm_fault+0x1adf/0x31c0 mm/memory.c:4763 handle_mm_fault+0x166/0x5e0 mm/memory.c:4861 do_user_addr_fault+0x2da/0xcd0 arch/x86/mm/fault.c:1397 handle_page_fault arch/x86/mm/fault.c:1484 [inline] exc_page_fault+0x5a/0xc0 arch/x86/mm/fault.c:1540 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:570 INITIAL USE at: lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 snd_timer_notify sound/core/timer.c:1086 [inline] snd_timer_notify+0xcc/0x320 sound/core/timer.c:1073 snd_pcm_timer_notify sound/core/pcm_native.c:608 [inline] snd_pcm_post_stop+0x173/0x1d0 sound/core/pcm_native.c:1512 snd_pcm_action_single+0xbe/0xf0 sound/core/pcm_native.c:1283 snd_pcm_stop sound/core/pcm_native.c:1535 [inline] snd_pcm_drop+0x165/0x290 sound/core/pcm_native.c:2218 snd_pcm_oss_sync+0x1ed/0x730 sound/core/oss/pcm_oss.c:1746 snd_pcm_oss_release+0x21f/0x2b0 sound/core/oss/pcm_oss.c:2590 __fput+0x1f5/0x8c0 fs/file_table.c:317 task_work_run+0xc0/0x160 kernel/task_work.c:164 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:169 [inline] exit_to_user_mode_prepare+0x23c/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:294 do_syscall_64+0x42/0x80 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae } ... key at: [] __key.10+0x0/0x40 ... acquired at: mark_lock kernel/locking/lockdep.c:4571 [inline] mark_usage kernel/locking/lockdep.c:4502 [inline] __lock_acquire+0x11de/0x5660 kernel/locking/lockdep.c:4983 lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 snd_timer_interrupt.part.0+0x28/0xd50 sound/core/timer.c:856 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x530/0x8e0 kernel/time/timer.c:1737 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1750 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:645 lock_release+0x3f1/0x720 kernel/locking/lockdep.c:5649 page_add_file_rmap+0xb8/0x1290 mm/rmap.c:1282 do_set_pte+0x249/0x5e0 mm/memory.c:4056 filemap_map_pages+0x876/0x1700 mm/filemap.c:3386 do_fault_around mm/memory.c:4219 [inline] do_read_fault mm/memory.c:4234 [inline] do_fault mm/memory.c:4369 [inline] handle_pte_fault mm/memory.c:4627 [inline] __handle_mm_fault+0x1adf/0x31c0 mm/memory.c:4763 handle_mm_fault+0x166/0x5e0 mm/memory.c:4861 do_user_addr_fault+0x2da/0xcd0 arch/x86/mm/fault.c:1397 handle_page_fault arch/x86/mm/fault.c:1484 [inline] exc_page_fault+0x5a/0xc0 arch/x86/mm/fault.c:1540 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:570 stack backtrace: CPU: 1 PID: 6524 Comm: syz-executor425 Not tainted 5.18.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 print_irq_inversion_bug kernel/locking/lockdep.c:4609 [inline] check_usage_forwards kernel/locking/lockdep.c:4045 [inline] mark_lock_irq kernel/locking/lockdep.c:4177 [inline] mark_lock.part.0.cold+0x82/0xd8 kernel/locking/lockdep.c:4607 mark_lock kernel/locking/lockdep.c:4571 [inline] mark_usage kernel/locking/lockdep.c:4502 [inline] __lock_acquire+0x11de/0x5660 kernel/locking/lockdep.c:4983 lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 snd_timer_interrupt.part.0+0x28/0xd50 sound/core/timer.c:856 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x530/0x8e0 kernel/time/timer.c:1737 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1750 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:lock_release+0x3f1/0x720 kernel/locking/lockdep.c:5649 Code: 7e 83 f8 01 0f 85 8d 01 00 00 9c 58 f6 c4 02 0f 85 78 01 00 00 48 f7 04 24 00 02 00 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c5 48 c7 45 00 00 00 00 00 c7 45 08 00 00 00 00 48 8b 84 24 RSP: 0000:ffffc9000b7bfa90 EFLAGS: 00000206 RAX: dffffc0000000000 RBX: c89cedfddc633325 RCX: ffffc9000b7bfae0 RDX: 1ffff11003981c2a RSI: ffffffff88eb9380 RDI: ffffffff8942bfe0 RBP: 1ffff920016f7f54 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003 R13: 0000000000000004 R14: ffff88801cc0e158 R15: ffff88801cc0d700 page_add_file_rmap+0xb8/0x1290 mm/rmap.c:1282 do_set_pte+0x249/0x5e0 mm/memory.c:4056 filemap_map_pages+0x876/0x1700 mm/filemap.c:3386 do_fault_around mm/memory.c:4219 [inline] do_read_fault mm/memory.c:4234 [inline] do_fault mm/memory.c:4369 [inline] handle_pte_fault mm/memory.c:4627 [inline] __handle_mm_fault+0x1adf/0x31c0 mm/memory.c:4763 handle_mm_fault+0x166/0x5e0 mm/memory.c:4861 do_user_addr_fault+0x2da/0xcd0 arch/x86/mm/fault.c:1397 handle_page_fault arch/x86/mm/fault.c:1484 [inline] exc_page_fault+0x5a/0xc0 arch/x86/mm/fault.c:1540 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:570 RIP: 0033:0x7f32ec669900 Code: e8 15 d1 03 00 48 83 c4 38 31 c0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4c 8d 7c 24 10 bb 40 42 0f 00 4c 8d 74 24 20 e8 a0 d1 03 00 <89> c5 85 c0 0f 88 9a 00 00 00 0f 84 9e 00 00 00 4c 89 fe bf 01 00 RSP: 002b:00007ffe94af4ec0 EFLAGS: 00010206 RAX: 0000000000000000 RBX: 00000000000f4240 RCX: 00007f32ec6a6aeb RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000001976 R08: 0000000000000000 R09: 0000555557069300 R10: 00005555570695d0 R11: 0000000000000246 R12: 000000000001167d R13: 00007ffe94af4ecc R14: 00007ffe94af4ee0 R15: 00007ffe94af4ed0 ---------------- Code disassembly (best guess): 0: 7e 83 jle 0xffffff85 2: f8 clc 3: 01 0f add %ecx,(%rdi) 5: 85 8d 01 00 00 9c test %ecx,-0x63ffffff(%rbp) b: 58 pop %rax c: f6 c4 02 test $0x2,%ah f: 0f 85 78 01 00 00 jne 0x18d 15: 48 f7 04 24 00 02 00 testq $0x200,(%rsp) 1c: 00 1d: 74 01 je 0x20 1f: fb sti 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 48 01 c5 add %rax,%rbp <-- trapping instruction 2d: 48 c7 45 00 00 00 00 movq $0x0,0x0(%rbp) 34: 00 35: c7 45 08 00 00 00 00 movl $0x0,0x8(%rbp) 3c: 48 rex.W 3d: 8b .byte 0x8b 3e: 84 .byte 0x84 3f: 24 .byte 0x24