syzbot

 sign-in | mailing list | source | docs
🐞 Open [706]
🐞 Fixed [89]
🐞 Invalid [349]
Missing Backports [43]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

possible deadlock in __qdisc_run

Status: auto-obsoleted due to no activity on 2023/10/25 04:14
Reported-by: syzbot+85b76d35a1b5bc4c871a@syzkaller.appspotmail.com
First crash: 437d, last: 388d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 possible deadlock in __qdisc_run 44 388d 437d 0/3 auto-obsoleted due to no activity on 2023/10/25 01:57

Sample crash report:
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
6.1.45-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.3/3402 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
ffff800015b3c360 (fs_reclaim){+.+.}-{0:0}, at: might_alloc include/linux/sched/mm.h:271 [inline]
ffff800015b3c360 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook mm/slab.h:710 [inline]
ffff800015b3c360 (fs_reclaim){+.+.}-{0:0}, at: slab_alloc_node mm/slub.c:3318 [inline]
ffff800015b3c360 (fs_reclaim){+.+.}-{0:0}, at: __kmem_cache_alloc_node+0x58/0x388 mm/slub.c:3437

and this task is already holding:
ffff00012a0dc108 (&sch->q.lock){+.-.}-{2:2}, at: sch_tree_lock+0x120/0x1d4
which would create a new lock dependency:
 (&sch->q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0}

but this new dependency connects a SOFTIRQ-irq-safe lock:
 (&sch->q.lock){+.-.}-{2:2}

... which became SOFTIRQ-irq-safe at:
  lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
  __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
  _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:350 [inline]
  dequeue_skb net/sched/sch_generic.c:240 [inline]
  qdisc_restart net/sched/sch_generic.c:397 [inline]
  __qdisc_run+0x9cc/0x239c net/sched/sch_generic.c:415
  qdisc_run+0xc4/0x23c include/net/pkt_sched.h:126
  net_tx_action+0x748/0x94c net/core/dev.c:5093
  __do_softirq+0x30c/0xea0 kernel/softirq.c:571
  ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
  call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
  do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
  do_softirq+0x120/0x20c kernel/softirq.c:472
  __local_bh_enable_ip+0x2c0/0x4d0 kernel/softirq.c:396
  local_bh_enable+0x28/0x1d0 include/linux/bottom_half.h:33
  rcu_read_unlock_bh include/linux/rcupdate.h:817 [inline]
  ip_finish_output2+0xd40/0x11b4 net/ipv4/ip_output.c:229
  __ip_finish_output+0x1b0/0x458
  ip_finish_output+0x40/0x268 net/ipv4/ip_output.c:316
  NF_HOOK_COND include/linux/netfilter.h:291 [inline]
  ip_output+0x330/0x49c net/ipv4/ip_output.c:430
  dst_output include/net/dst.h:444 [inline]
  ip_local_out net/ipv4/ip_output.c:126 [inline]
  __ip_queue_xmit+0xe8c/0x1a00 net/ipv4/ip_output.c:532
  ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:546
  __tcp_transmit_skb+0x1938/0x31fc net/ipv4/tcp_output.c:1402
  tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
  tcp_write_xmit+0x131c/0x4e2c net/ipv4/tcp_output.c:2696
  __tcp_push_pending_frames+0x98/0x228 net/ipv4/tcp_output.c:2880
  tcp_push+0x448/0x688 net/ipv4/tcp.c:732
  tcp_sendmsg_locked+0x2ca8/0x34f8 net/ipv4/tcp.c:1458
  tcp_sendmsg+0x40/0x64 net/ipv4/tcp.c:1486
  inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:830
  sock_sendmsg_nosec net/socket.c:716 [inline]
  sock_sendmsg net/socket.c:736 [inline]
  sock_write_iter+0x2d8/0x414 net/socket.c:1113
  call_write_iter include/linux/fs.h:2205 [inline]
  new_sync_write fs/read_write.c:491 [inline]
  vfs_write+0x610/0x914 fs/read_write.c:584
  ksys_write+0x15c/0x26c fs/read_write.c:637
  __do_sys_write fs/read_write.c:649 [inline]
  __se_sys_write fs/read_write.c:646 [inline]
  __arm64_sys_write+0x7c/0x90 fs/read_write.c:646
  __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
  invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
  el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
  do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
  el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
  el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
  el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581

to a SOFTIRQ-irq-unsafe lock:
 (fs_reclaim){+.+.}-{0:0}

... which became SOFTIRQ-irq-unsafe at:
...
  lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
  __fs_reclaim_acquire mm/page_alloc.c:4683 [inline]
  fs_reclaim_acquire+0x90/0x12c mm/page_alloc.c:4697
  might_alloc include/linux/sched/mm.h:271 [inline]
  slab_pre_alloc_hook mm/slab.h:710 [inline]
  slab_alloc_node mm/slub.c:3318 [inline]
  __kmem_cache_alloc_node+0x58/0x388 mm/slub.c:3437
  kmalloc_node_trace+0x44/0x90 mm/slab_common.c:1058
  kmalloc_node include/linux/slab.h:575 [inline]
  kzalloc_node include/linux/slab.h:700 [inline]
  alloc_worker kernel/workqueue.c:1843 [inline]
  init_rescuer+0xa4/0x264 kernel/workqueue.c:4272
  workqueue_init+0x298/0x5b4 kernel/workqueue.c:6101
  kernel_init_freeable+0x33c/0x528 init/main.c:1603
  kernel_init+0x24/0x29c init/main.c:1508
  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

other info that might help us debug this:

 Possible interrupt unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(fs_reclaim);
                               local_irq_disable();
                               lock(&sch->q.lock);
                               lock(fs_reclaim);
  <Interrupt>
    lock(&sch->q.lock);

 *** DEADLOCK ***

2 locks held by syz-executor.3/3402:
 #0: ffff800017e6fdc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
 #0: ffff800017e6fdc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6104
 #1: ffff00012a0dc108 (&sch->q.lock){+.-.}-{2:2}, at: sch_tree_lock+0x120/0x1d4

the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&sch->q.lock){+.-.}-{2:2} {
   HARDIRQ-ON-W at:
                    lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
                    __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
                    _raw_spin_lock_bh+0x54/0x6c kernel/locking/spinlock.c:178
                    spin_lock_bh include/linux/spinlock.h:355 [inline]
                    dev_reset_queue+0x130/0x1fc net/sched/sch_generic.c:1291
                    netdev_for_each_tx_queue include/linux/netdevice.h:2453 [inline]
                    dev_deactivate_many+0x540/0xa8c net/sched/sch_generic.c:1359
                    dev_deactivate+0x13c/0x1fc net/sched/sch_generic.c:1382
                    linkwatch_do_dev+0x29c/0x3a4 net/core/link_watch.c:166
                    __linkwatch_run_queue+0x3a0/0x700 net/core/link_watch.c:221
                    linkwatch_event+0x58/0x68 net/core/link_watch.c:264
                    process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
                    worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
                    kthread+0x250/0x2d8 kernel/kthread.c:376
                    ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
   IN-SOFTIRQ-W at:
                    lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
                    __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
                    _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
                    spin_lock include/linux/spinlock.h:350 [inline]
                    dequeue_skb net/sched/sch_generic.c:240 [inline]
                    qdisc_restart net/sched/sch_generic.c:397 [inline]
                    __qdisc_run+0x9cc/0x239c net/sched/sch_generic.c:415
                    qdisc_run+0xc4/0x23c include/net/pkt_sched.h:126
                    net_tx_action+0x748/0x94c net/core/dev.c:5093
                    __do_softirq+0x30c/0xea0 kernel/softirq.c:571
                    ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
                    call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
                    do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:84
                    do_softirq+0x120/0x20c kernel/softirq.c:472
                    __local_bh_enable_ip+0x2c0/0x4d0 kernel/softirq.c:396
                    local_bh_enable+0x28/0x1d0 include/linux/bottom_half.h:33
                    rcu_read_unlock_bh include/linux/rcupdate.h:817 [inline]
                    ip_finish_output2+0xd40/0x11b4 net/ipv4/ip_output.c:229
                    __ip_finish_output+0x1b0/0x458
                    ip_finish_output+0x40/0x268 net/ipv4/ip_output.c:316
                    NF_HOOK_COND include/linux/netfilter.h:291 [inline]
                    ip_output+0x330/0x49c net/ipv4/ip_output.c:430
                    dst_output include/net/dst.h:444 [inline]
                    ip_local_out net/ipv4/ip_output.c:126 [inline]
                    __ip_queue_xmit+0xe8c/0x1a00 net/ipv4/ip_output.c:532
                    ip_queue_xmit+0x5c/0x78 net/ipv4/ip_output.c:546
                    __tcp_transmit_skb+0x1938/0x31fc net/ipv4/tcp_output.c:1402
                    tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline]
                    tcp_write_xmit+0x131c/0x4e2c net/ipv4/tcp_output.c:2696
                    __tcp_push_pending_frames+0x98/0x228 net/ipv4/tcp_output.c:2880
                    tcp_push+0x448/0x688 net/ipv4/tcp.c:732
                    tcp_sendmsg_locked+0x2ca8/0x34f8 net/ipv4/tcp.c:1458
                    tcp_sendmsg+0x40/0x64 net/ipv4/tcp.c:1486
                    inet_sendmsg+0x15c/0x290 net/ipv4/af_inet.c:830
                    sock_sendmsg_nosec net/socket.c:716 [inline]
                    sock_sendmsg net/socket.c:736 [inline]
                    sock_write_iter+0x2d8/0x414 net/socket.c:1113
                    call_write_iter include/linux/fs.h:2205 [inline]
                    new_sync_write fs/read_write.c:491 [inline]
                    vfs_write+0x610/0x914 fs/read_write.c:584
                    ksys_write+0x15c/0x26c fs/read_write.c:637
                    __do_sys_write fs/read_write.c:649 [inline]
                    __se_sys_write fs/read_write.c:646 [inline]
                    __arm64_sys_write+0x7c/0x90 fs/read_write.c:646
                    __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
                    invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
                    el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
                    do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
                    el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
                    el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
                    el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
   INITIAL USE at:
                   lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
                   __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
                   _raw_spin_lock_bh+0x54/0x6c kernel/locking/spinlock.c:178
                   spin_lock_bh include/linux/spinlock.h:355 [inline]
                   dev_reset_queue+0x130/0x1fc net/sched/sch_generic.c:1291
                   netdev_for_each_tx_queue include/linux/netdevice.h:2453 [inline]
                   dev_deactivate_many+0x540/0xa8c net/sched/sch_generic.c:1359
                   dev_deactivate+0x13c/0x1fc net/sched/sch_generic.c:1382
                   linkwatch_do_dev+0x29c/0x3a4 net/core/link_watch.c:166
                   __linkwatch_run_queue+0x3a0/0x700 net/core/link_watch.c:221
                   linkwatch_event+0x58/0x68 net/core/link_watch.c:264
                   process_one_work+0x7ac/0x1404 kernel/workqueue.c:2292
                   worker_thread+0x8e4/0xfec kernel/workqueue.c:2439
                   kthread+0x250/0x2d8 kernel/kthread.c:376
                   ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
 }
 ... key      at: [<ffff800019d20ae0>] qdisc_alloc.__key+0x0/0x20

the dependencies between the lock to be acquired
 and SOFTIRQ-irq-unsafe lock:
-> (fs_reclaim){+.+.}-{0:0} {
   HARDIRQ-ON-W at:
                    lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
                    __fs_reclaim_acquire mm/page_alloc.c:4683 [inline]
                    fs_reclaim_acquire+0x90/0x12c mm/page_alloc.c:4697
                    might_alloc include/linux/sched/mm.h:271 [inline]
                    slab_pre_alloc_hook mm/slab.h:710 [inline]
                    slab_alloc_node mm/slub.c:3318 [inline]
                    __kmem_cache_alloc_node+0x58/0x388 mm/slub.c:3437
                    kmalloc_node_trace+0x44/0x90 mm/slab_common.c:1058
                    kmalloc_node include/linux/slab.h:575 [inline]
                    kzalloc_node include/linux/slab.h:700 [inline]
                    alloc_worker kernel/workqueue.c:1843 [inline]
                    init_rescuer+0xa4/0x264 kernel/workqueue.c:4272
                    workqueue_init+0x298/0x5b4 kernel/workqueue.c:6101
                    kernel_init_freeable+0x33c/0x528 init/main.c:1603
                    kernel_init+0x24/0x29c init/main.c:1508
                    ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
   SOFTIRQ-ON-W at:
                    lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
                    __fs_reclaim_acquire mm/page_alloc.c:4683 [inline]
                    fs_reclaim_acquire+0x90/0x12c mm/page_alloc.c:4697
                    might_alloc include/linux/sched/mm.h:271 [inline]
                    slab_pre_alloc_hook mm/slab.h:710 [inline]
                    slab_alloc_node mm/slub.c:3318 [inline]
                    __kmem_cache_alloc_node+0x58/0x388 mm/slub.c:3437
                    kmalloc_node_trace+0x44/0x90 mm/slab_common.c:1058
                    kmalloc_node include/linux/slab.h:575 [inline]
                    kzalloc_node include/linux/slab.h:700 [inline]
                    alloc_worker kernel/workqueue.c:1843 [inline]
                    init_rescuer+0xa4/0x264 kernel/workqueue.c:4272
                    workqueue_init+0x298/0x5b4 kernel/workqueue.c:6101
                    kernel_init_freeable+0x33c/0x528 init/main.c:1603
                    kernel_init+0x24/0x29c init/main.c:1508
                    ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
   INITIAL USE at:
                   lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
                   __fs_reclaim_acquire mm/page_alloc.c:4683 [inline]
                   fs_reclaim_acquire+0x90/0x12c mm/page_alloc.c:4697
                   might_alloc include/linux/sched/mm.h:271 [inline]
                   slab_pre_alloc_hook mm/slab.h:710 [inline]
                   slab_alloc_node mm/slub.c:3318 [inline]
                   __kmem_cache_alloc_node+0x58/0x388 mm/slub.c:3437
                   kmalloc_node_trace+0x44/0x90 mm/slab_common.c:1058
                   kmalloc_node include/linux/slab.h:575 [inline]
                   kzalloc_node include/linux/slab.h:700 [inline]
                   alloc_worker kernel/workqueue.c:1843 [inline]
                   init_rescuer+0xa4/0x264 kernel/workqueue.c:4272
                   workqueue_init+0x298/0x5b4 kernel/workqueue.c:6101
                   kernel_init_freeable+0x33c/0x528 init/main.c:1603
                   kernel_init+0x24/0x29c init/main.c:1508
                   ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
 }
 ... key      at: [<ffff800015b3c360>] __fs_reclaim_map+0x0/0xe0
 ... acquired at:
   __fs_reclaim_acquire mm/page_alloc.c:4683 [inline]
   fs_reclaim_acquire+0x90/0x12c mm/page_alloc.c:4697
   might_alloc include/linux/sched/mm.h:271 [inline]
   slab_pre_alloc_hook mm/slab.h:710 [inline]
   slab_alloc_node mm/slub.c:3318 [inline]
   __kmem_cache_alloc_node+0x58/0x388 mm/slub.c:3437
   __do_kmalloc_node mm/slab_common.c:954 [inline]
   __kmalloc_node+0xcc/0x1d0 mm/slab_common.c:962
   kmalloc_node include/linux/slab.h:579 [inline]
   kvmalloc_node+0x84/0x1e4 mm/util.c:581
   kvmalloc include/linux/slab.h:706 [inline]
   get_dist_table+0xa0/0x354 net/sched/sch_netem.c:788
   netem_change+0x754/0x1900 net/sched/sch_netem.c:985
   netem_init+0x54/0xb8 net/sched/sch_netem.c:1072
   qdisc_create+0x70c/0xe64 net/sched/sch_api.c:1314
   tc_modify_qdisc+0x9f0/0x1840
   rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6107
   netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2525
   rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6125
   netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
   netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1354
   netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1903
   sock_sendmsg_nosec net/socket.c:716 [inline]
   sock_sendmsg net/socket.c:736 [inline]
   ____sys_sendmsg+0x558/0x844 net/socket.c:2482
   ___sys_sendmsg net/socket.c:2536 [inline]
   __sys_sendmsg+0x26c/0x33c net/socket.c:2565
   __do_sys_sendmsg net/socket.c:2574 [inline]
   __se_sys_sendmsg net/socket.c:2572 [inline]
   __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2572
   __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
   invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
   el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
   do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
   el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
   el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
   el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581


stack backtrace:
CPU: 0 PID: 3402 Comm: syz-executor.3 Not tainted 6.1.45-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __lock_acquire+0x6310/0x764c kernel/locking/lockdep.c:5056
 lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
 __fs_reclaim_acquire mm/page_alloc.c:4683 [inline]
 fs_reclaim_acquire+0x90/0x12c mm/page_alloc.c:4697
 might_alloc include/linux/sched/mm.h:271 [inline]
 slab_pre_alloc_hook mm/slab.h:710 [inline]
 slab_alloc_node mm/slub.c:3318 [inline]
 __kmem_cache_alloc_node+0x58/0x388 mm/slub.c:3437
 __do_kmalloc_node mm/slab_common.c:954 [inline]
 __kmalloc_node+0xcc/0x1d0 mm/slab_common.c:962
 kmalloc_node include/linux/slab.h:579 [inline]
 kvmalloc_node+0x84/0x1e4 mm/util.c:581
 kvmalloc include/linux/slab.h:706 [inline]
 get_dist_table+0xa0/0x354 net/sched/sch_netem.c:788
 netem_change+0x754/0x1900 net/sched/sch_netem.c:985
 netem_init+0x54/0xb8 net/sched/sch_netem.c:1072
 qdisc_create+0x70c/0xe64 net/sched/sch_api.c:1314
 tc_modify_qdisc+0x9f0/0x1840
 rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6107
 netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2525
 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6125
 netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
 netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1354
 netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1903
 sock_sendmsg_nosec net/socket.c:716 [inline]
 sock_sendmsg net/socket.c:736 [inline]
 ____sys_sendmsg+0x558/0x844 net/socket.c:2482
 ___sys_sendmsg net/socket.c:2536 [inline]
 __sys_sendmsg+0x26c/0x33c net/socket.c:2565
 __do_sys_sendmsg net/socket.c:2574 [inline]
 __se_sys_sendmsg net/socket.c:2572 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2572
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3402, name: syz-executor.3
preempt_count: 201, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
Preemption disabled at:
[<ffff8000106c9e9c>] sch_tree_lock+0x120/0x1d4
CPU: 0 PID: 3402 Comm: syz-executor.3 Not tainted 6.1.45-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __might_resched+0x37c/0x4d8 kernel/sched/core.c:9941
 __might_sleep+0x90/0xe4 kernel/sched/core.c:9870
 might_alloc include/linux/sched/mm.h:274 [inline]
 slab_pre_alloc_hook mm/slab.h:710 [inline]
 slab_alloc_node mm/slub.c:3318 [inline]
 __kmem_cache_alloc_node+0x74/0x388 mm/slub.c:3437
 __do_kmalloc_node mm/slab_common.c:954 [inline]
 __kmalloc_node+0xcc/0x1d0 mm/slab_common.c:962
 kmalloc_node include/linux/slab.h:579 [inline]
 kvmalloc_node+0x84/0x1e4 mm/util.c:581
 kvmalloc include/linux/slab.h:706 [inline]
 get_dist_table+0xa0/0x354 net/sched/sch_netem.c:788
 netem_change+0x754/0x1900 net/sched/sch_netem.c:985
 netem_init+0x54/0xb8 net/sched/sch_netem.c:1072
 qdisc_create+0x70c/0xe64 net/sched/sch_api.c:1314
 tc_modify_qdisc+0x9f0/0x1840
 rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6107
 netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2525
 rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6125
 netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
 netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1354
 netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1903
 sock_sendmsg_nosec net/socket.c:716 [inline]
 sock_sendmsg net/socket.c:736 [inline]
 ____sys_sendmsg+0x558/0x844 net/socket.c:2482
 ___sys_sendmsg net/socket.c:2536 [inline]
 __sys_sendmsg+0x26c/0x33c net/socket.c:2565
 __do_sys_sendmsg net/socket.c:2574 [inline]
 __se_sys_sendmsg net/socket.c:2572 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2572
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581

Crashes (47):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/08/16 04:13 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/16 01:20 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/15 20:11 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/15 09:47 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/15 07:25 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/15 00:43 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/13 14:42 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/13 14:29 linux-6.1.y 1321ab403b38 39990d51 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/11 05:23 linux-6.1.y 0a4a7855302d da3c3ef8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/07 23:03 linux-6.1.y 52a953d0934b b1b6ae3d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/07 03:41 linux-6.1.y 52a953d0934b 4ffcc9ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/04 00:18 linux-6.1.y 52a953d0934b 74621247 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/03 16:09 linux-6.1.y 52a953d0934b 39a91c18 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/02 13:14 linux-6.1.y d2a6dc4eaf6d df07ffe8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/02 02:30 linux-6.1.y d2a6dc4eaf6d df07ffe8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/08/01 13:15 linux-6.1.y d2a6dc4eaf6d 2a0d0f29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/31 21:02 linux-6.1.y d2a6dc4eaf6d 2a0d0f29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/31 19:20 linux-6.1.y d2a6dc4eaf6d 2a0d0f29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/29 16:00 linux-6.1.y d2a6dc4eaf6d 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/29 02:50 linux-6.1.y d2a6dc4eaf6d 92476829 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/26 01:54 linux-6.1.y 5302e81aa209 6756545c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/19 15:51 linux-6.1.y 61fd484b2cf6 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/18 20:35 linux-6.1.y 61fd484b2cf6 022df2bb .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/17 20:43 linux-6.1.y 61fd484b2cf6 20f8b3c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/17 20:19 linux-6.1.y 61fd484b2cf6 20f8b3c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/16 13:19 linux-6.1.y 61fd484b2cf6 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/16 13:05 linux-6.1.y 61fd484b2cf6 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/16 13:05 linux-6.1.y 61fd484b2cf6 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/15 20:40 linux-6.1.y 61fd484b2cf6 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/14 16:48 linux-6.1.y 61fd484b2cf6 d624500f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/14 03:40 linux-6.1.y 61fd484b2cf6 55eda22f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/12 21:48 linux-6.1.y 61fd484b2cf6 979d5fe2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/12 01:38 linux-6.1.y 61fd484b2cf6 2f19aa4f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/12 01:30 linux-6.1.y 61fd484b2cf6 2f19aa4f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/10 09:28 linux-6.1.y 61fd484b2cf6 668cb1fa .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/10 08:41 linux-6.1.y 61fd484b2cf6 668cb1fa .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/01 00:09 linux-6.1.y a1c449d00ff8 af3053d2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/01 00:08 linux-6.1.y a1c449d00ff8 af3053d2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/07/01 00:02 linux-6.1.y a1c449d00ff8 af3053d2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/06/29 00:50 linux-6.1.y a1c449d00ff8 ca69c785 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/06/29 00:14 linux-6.1.y a1c449d00ff8 ca69c785 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/06/28 23:34 linux-6.1.y a1c449d00ff8 ca69c785 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/06/28 20:59 linux-6.1.y a1c449d00ff8 ca69c785 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/06/28 19:43 linux-6.1.y a1c449d00ff8 ca69c785 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/06/28 18:45 linux-6.1.y a1c449d00ff8 ca69c785 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/06/28 15:58 linux-6.1.y a1c449d00ff8 4cd5bb25 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
2023/06/28 13:09 linux-6.1.y a1c449d00ff8 4cd5bb25 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __qdisc_run
* Struck through repros no longer work on HEAD.