===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 6.9.0-syzkaller-12277-g56fb6f92854f #0 Not tainted ----------------------------------------------------- modprobe/8780 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: ffffffff8e43bdc0 (mmu_notifier_invalidate_range_start){+.+.}-{0:0}, at: fs_reclaim_acquire+0x93/0x140 mm/page_alloc.c:3800 and this task is already holding: ffff88801a2f3e18 (&pool->lock#5){..-.}-{2:2}, at: mempool_alloc_noprof+0x286/0x5a0 mm/mempool.c:406 which would create a new lock dependency: (&pool->lock#5){..-.}-{2:2} -> (mmu_notifier_invalidate_range_start){+.+.}-{0:0} but this new dependency connects a SOFTIRQ-irq-safe lock: (&pool->lock#5){..-.}-{2:2} ... which became SOFTIRQ-irq-safe at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 mempool_free+0x115/0x390 mm/mempool.c:539 blk_update_request+0x5e7/0x10d0 block/blk-mq.c:929 scsi_end_request+0x80/0x880 drivers/scsi/scsi_lib.c:631 scsi_io_completion+0x1bd/0x430 drivers/scsi/scsi_lib.c:1068 blk_complete_reqs block/blk-mq.c:1132 [inline] blk_done_softirq+0x100/0x150 block/blk-mq.c:1137 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 lock_release+0x630/0x9f0 kernel/locking/lockdep.c:5778 rcu_lock_release include/linux/rcupdate.h:339 [inline] rcu_read_unlock include/linux/rcupdate.h:812 [inline] list_lru_count_one+0x26a/0x2e0 mm/list_lru.c:174 list_lru_shrink_count include/linux/list_lru.h:156 [inline] super_cache_count+0x19f/0x2a0 fs/super.c:264 do_shrink_slab+0x86/0x1160 mm/shrinker.c:382 shrink_slab+0x1094/0x14d0 mm/shrinker.c:662 shrink_node_memcgs mm/vmscan.c:5891 [inline] shrink_node+0x10ec/0x2a30 mm/vmscan.c:5924 shrink_zones mm/vmscan.c:6168 [inline] do_try_to_free_pages+0x695/0x1aa0 mm/vmscan.c:6230 try_to_free_pages+0x760/0x1100 mm/vmscan.c:6465 __perform_reclaim mm/page_alloc.c:3859 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3881 [inline] __alloc_pages_slowpath+0xdc3/0x23d0 mm/page_alloc.c:4287 __alloc_pages_noprof+0x43e/0x6c0 mm/page_alloc.c:4673 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 shmem_alloc_folio mm/shmem.c:1628 [inline] shmem_alloc_and_add_folio+0x24d/0xdb0 mm/shmem.c:1668 shmem_get_folio_gfp+0x82d/0x1f50 mm/shmem.c:2055 shmem_get_folio mm/shmem.c:2160 [inline] shmem_write_begin+0x170/0x4d0 mm/shmem.c:2743 generic_perform_write+0x322/0x640 mm/filemap.c:4015 shmem_file_write_iter+0xfc/0x120 mm/shmem.c:2919 new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f to a SOFTIRQ-irq-unsafe lock: (mmu_notifier_invalidate_range_start){+.+.}-{0:0} ... which became SOFTIRQ-irq-unsafe at: ... lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3800 might_alloc include/linux/sched/mm.h:334 [inline] slab_pre_alloc_hook mm/slub.c:3890 [inline] slab_alloc_node mm/slub.c:3980 [inline] kmalloc_trace_noprof+0x3d/0x2c0 mm/slub.c:4147 kmalloc_noprof include/linux/slab.h:660 [inline] kzalloc_noprof include/linux/slab.h:778 [inline] __kthread_create_worker+0x5c/0x3e0 kernel/kthread.c:865 kthread_create_worker+0xda/0x120 kernel/kthread.c:908 wq_cpu_intensive_thresh_init+0x18/0x160 kernel/workqueue.c:7775 workqueue_init+0x26/0x8a0 kernel/workqueue.c:7824 kernel_init_freeable+0x3fe/0x5d0 init/main.c:1562 kernel_init+0x1d/0x2b0 init/main.c:1467 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(mmu_notifier_invalidate_range_start); local_irq_disable(); lock(&pool->lock#5); lock(mmu_notifier_invalidate_range_start); lock(&pool->lock#5); *** DEADLOCK *** 3 locks held by modprobe/8780: #0: ffff888023f9f3a0 (mapping.invalidate_lock){++++}-{3:3}, at: filemap_invalidate_lock_shared include/linux/fs.h:846 [inline] #0: ffff888023f9f3a0 (mapping.invalidate_lock){++++}-{3:3}, at: page_cache_ra_unbounded+0xf7/0x7f0 mm/readahead.c:225 #1: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #1: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline] #1: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: blk_mq_run_hw_queue+0x40c/0xae0 block/blk-mq.c:2250 #2: ffff88801a2f3e18 (&pool->lock#5){..-.}-{2:2}, at: mempool_alloc_noprof+0x286/0x5a0 mm/mempool.c:406 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&pool->lock#5){..-.}-{2:2} { IN-SOFTIRQ-W at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 mempool_free+0x115/0x390 mm/mempool.c:539 blk_update_request+0x5e7/0x10d0 block/blk-mq.c:929 scsi_end_request+0x80/0x880 drivers/scsi/scsi_lib.c:631 scsi_io_completion+0x1bd/0x430 drivers/scsi/scsi_lib.c:1068 blk_complete_reqs block/blk-mq.c:1132 [inline] blk_done_softirq+0x100/0x150 block/blk-mq.c:1137 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:278 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 lock_release+0x630/0x9f0 kernel/locking/lockdep.c:5778 rcu_lock_release include/linux/rcupdate.h:339 [inline] rcu_read_unlock include/linux/rcupdate.h:812 [inline] list_lru_count_one+0x26a/0x2e0 mm/list_lru.c:174 list_lru_shrink_count include/linux/list_lru.h:156 [inline] super_cache_count+0x19f/0x2a0 fs/super.c:264 do_shrink_slab+0x86/0x1160 mm/shrinker.c:382 shrink_slab+0x1094/0x14d0 mm/shrinker.c:662 shrink_node_memcgs mm/vmscan.c:5891 [inline] shrink_node+0x10ec/0x2a30 mm/vmscan.c:5924 shrink_zones mm/vmscan.c:6168 [inline] do_try_to_free_pages+0x695/0x1aa0 mm/vmscan.c:6230 try_to_free_pages+0x760/0x1100 mm/vmscan.c:6465 __perform_reclaim mm/page_alloc.c:3859 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3881 [inline] __alloc_pages_slowpath+0xdc3/0x23d0 mm/page_alloc.c:4287 __alloc_pages_noprof+0x43e/0x6c0 mm/page_alloc.c:4673 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 shmem_alloc_folio mm/shmem.c:1628 [inline] shmem_alloc_and_add_folio+0x24d/0xdb0 mm/shmem.c:1668 shmem_get_folio_gfp+0x82d/0x1f50 mm/shmem.c:2055 shmem_get_folio mm/shmem.c:2160 [inline] shmem_write_begin+0x170/0x4d0 mm/shmem.c:2743 generic_perform_write+0x322/0x640 mm/filemap.c:4015 shmem_file_write_iter+0xfc/0x120 mm/shmem.c:2919 new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f INITIAL USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 mempool_alloc_noprof+0x286/0x5a0 mm/mempool.c:406 bio_alloc_bioset+0x26f/0x1130 block/bio.c:554 bio_alloc include/linux/bio.h:437 [inline] swap_writepage_bdev_async mm/page_io.c:361 [inline] __swap_writepage+0x534/0x13e0 mm/page_io.c:390 swap_writepage+0xd5/0x1d0 mm/page_io.c:209 shmem_writepage+0xf14/0x1b00 mm/shmem.c:1518 pageout mm/vmscan.c:660 [inline] shrink_folio_list+0x371a/0x9120 mm/vmscan.c:1341 shrink_inactive_list mm/vmscan.c:1944 [inline] shrink_list mm/vmscan.c:2179 [inline] shrink_lruvec+0x1663/0x2d90 mm/vmscan.c:5703 shrink_node_memcgs mm/vmscan.c:5889 [inline] shrink_node+0x1081/0x2a30 mm/vmscan.c:5924 shrink_zones mm/vmscan.c:6168 [inline] do_try_to_free_pages+0x695/0x1aa0 mm/vmscan.c:6230 try_to_free_pages+0x760/0x1100 mm/vmscan.c:6465 __perform_reclaim mm/page_alloc.c:3859 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3881 [inline] __alloc_pages_slowpath+0xdc3/0x23d0 mm/page_alloc.c:4287 __alloc_pages_noprof+0x43e/0x6c0 mm/page_alloc.c:4673 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline] alloc_pages_node_noprof include/linux/gfp.h:296 [inline] alloc_slab_page+0x5f/0x120 mm/slub.c:2264 allocate_slab+0x1bc/0x2e0 mm/slub.c:2435 new_slab mm/slub.c:2480 [inline] ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3666 __slab_alloc+0x58/0xa0 mm/slub.c:3756 __slab_alloc_node mm/slub.c:3809 [inline] slab_alloc_node mm/slub.c:3988 [inline] kmalloc_trace_noprof+0x1d5/0x2c0 mm/slub.c:4147 kmalloc_noprof include/linux/slab.h:660 [inline] kzalloc_noprof include/linux/slab.h:778 [inline] kobject_uevent_env+0x28b/0x8e0 lib/kobject_uevent.c:525 __kobject_del+0xd3/0x310 lib/kobject.c:601 kobject_cleanup lib/kobject.c:680 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x245/0x480 lib/kobject.c:737 net_rx_queue_update_kobjects+0x52b/0x5b0 net/core/net-sysfs.c:1174 netif_set_real_num_rx_queues+0x100/0x1f0 net/core/dev.c:2988 veth_init_queues drivers/net/veth.c:1760 [inline] veth_newlink+0x9c5/0xcd0 drivers/net/veth.c:1872 rtnl_newlink_create net/core/rtnetlink.c:3510 [inline] __rtnl_newlink net/core/rtnetlink.c:3730 [inline] rtnl_newlink+0x158f/0x20a0 net/core/rtnetlink.c:3743 rtnetlink_rcv_msg+0x89b/0x10d0 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2564 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x8db/0xcb0 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 __sys_sendto+0x3a4/0x4f0 net/socket.c:2192 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0xde/0x100 net/socket.c:2200 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f } ... key at: [] mempool_init_node.__key+0x0/0x20 the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (mmu_notifier_invalidate_range_start){+.+.}-{0:0} { HARDIRQ-ON-W at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3800 might_alloc include/linux/sched/mm.h:334 [inline] slab_pre_alloc_hook mm/slub.c:3890 [inline] slab_alloc_node mm/slub.c:3980 [inline] kmalloc_trace_noprof+0x3d/0x2c0 mm/slub.c:4147 kmalloc_noprof include/linux/slab.h:660 [inline] kzalloc_noprof include/linux/slab.h:778 [inline] __kthread_create_worker+0x5c/0x3e0 kernel/kthread.c:865 kthread_create_worker+0xda/0x120 kernel/kthread.c:908 wq_cpu_intensive_thresh_init+0x18/0x160 kernel/workqueue.c:7775 workqueue_init+0x26/0x8a0 kernel/workqueue.c:7824 kernel_init_freeable+0x3fe/0x5d0 init/main.c:1562 kernel_init+0x1d/0x2b0 init/main.c:1467 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 SOFTIRQ-ON-W at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3800 might_alloc include/linux/sched/mm.h:334 [inline] slab_pre_alloc_hook mm/slub.c:3890 [inline] slab_alloc_node mm/slub.c:3980 [inline] kmalloc_trace_noprof+0x3d/0x2c0 mm/slub.c:4147 kmalloc_noprof include/linux/slab.h:660 [inline] kzalloc_noprof include/linux/slab.h:778 [inline] __kthread_create_worker+0x5c/0x3e0 kernel/kthread.c:865 kthread_create_worker+0xda/0x120 kernel/kthread.c:908 wq_cpu_intensive_thresh_init+0x18/0x160 kernel/workqueue.c:7775 workqueue_init+0x26/0x8a0 kernel/workqueue.c:7824 kernel_init_freeable+0x3fe/0x5d0 init/main.c:1562 kernel_init+0x1d/0x2b0 init/main.c:1467 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 INITIAL USE at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3800 might_alloc include/linux/sched/mm.h:334 [inline] slab_pre_alloc_hook mm/slub.c:3890 [inline] slab_alloc_node mm/slub.c:3980 [inline] kmalloc_trace_noprof+0x3d/0x2c0 mm/slub.c:4147 kmalloc_noprof include/linux/slab.h:660 [inline] kzalloc_noprof include/linux/slab.h:778 [inline] __kthread_create_worker+0x5c/0x3e0 kernel/kthread.c:865 kthread_create_worker+0xda/0x120 kernel/kthread.c:908 wq_cpu_intensive_thresh_init+0x18/0x160 kernel/workqueue.c:7775 workqueue_init+0x26/0x8a0 kernel/workqueue.c:7824 kernel_init_freeable+0x3fe/0x5d0 init/main.c:1562 kernel_init+0x1d/0x2b0 init/main.c:1467 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 } ... key at: [] __mmu_notifier_invalidate_range_start_map+0x0/0x40 ... acquired at: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3800 might_alloc include/linux/sched/mm.h:334 [inline] prepare_alloc_pages+0x147/0x5d0 mm/page_alloc.c:4431 __alloc_pages_noprof+0x166/0x6c0 mm/page_alloc.c:4649 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 stack_depot_save_flags+0x666/0x830 lib/stackdepot.c:627 kasan_save_stack mm/kasan/common.c:48 [inline] kasan_save_track+0x51/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_mempool_unpoison_object+0xa0/0x170 mm/kasan/common.c:535 remove_element+0x129/0x1a0 mm/mempool.c:150 mempool_alloc_noprof+0x54e/0x5a0 mm/mempool.c:408 __sg_alloc_table+0xcc/0x3c0 lib/scatterlist.c:321 sg_alloc_table_chained+0xe6/0x1c0 lib/sg_pool.c:133 scsi_alloc_sgtables+0x290/0xcb0 drivers/scsi/scsi_lib.c:1133 sd_setup_read_write_cmnd drivers/scsi/sd.c:1227 [inline] sd_init_command+0x531/0x2100 drivers/scsi/sd.c:1345 scsi_prepare_cmd drivers/scsi/scsi_lib.c:1698 [inline] scsi_queue_rq+0x18cd/0x2f70 drivers/scsi/scsi_lib.c:1832 blk_mq_dispatch_rq_list+0xb89/0x1b30 block/blk-mq.c:2037 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:170 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:184 [inline] __blk_mq_sched_dispatch_requests+0xb8a/0x1840 block/blk-mq-sched.c:309 blk_mq_sched_dispatch_requests+0xcb/0x140 block/blk-mq-sched.c:331 blk_mq_run_hw_queue+0x9a5/0xae0 block/blk-mq.c:2250 blk_mq_flush_plug_list+0x1115/0x1880 block/blk-mq.c:2799 __blk_flush_plug+0x420/0x500 block/blk-core.c:1194 blk_finish_plug+0x5e/0x80 block/blk-core.c:1221 read_pages+0x644/0x840 mm/readahead.c:183 page_cache_ra_unbounded+0x6ce/0x7f0 mm/readahead.c:273 do_sync_mmap_readahead+0x49c/0x970 filemap_fault+0x828/0x1760 mm/filemap.c:3313 __do_fault+0x135/0x460 mm/memory.c:4562 do_read_fault mm/memory.c:4926 [inline] do_fault mm/memory.c:5056 [inline] do_pte_missing mm/memory.c:3903 [inline] handle_pte_fault+0x3d8d/0x7130 mm/memory.c:5380 __handle_mm_fault mm/memory.c:5523 [inline] handle_mm_fault+0xfb0/0x19d0 mm/memory.c:5688 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline] handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 stack backtrace: CPU: 0 PID: 8780 Comm: modprobe Not tainted 6.9.0-syzkaller-12277-g56fb6f92854f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_bad_irq_dependency kernel/locking/lockdep.c:2626 [inline] check_irq_usage kernel/locking/lockdep.c:2865 [inline] check_prev_add kernel/locking/lockdep.c:3138 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x4de0/0x5900 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 fs_reclaim_acquire+0xaf/0x140 mm/page_alloc.c:3800 might_alloc include/linux/sched/mm.h:334 [inline] prepare_alloc_pages+0x147/0x5d0 mm/page_alloc.c:4431 __alloc_pages_noprof+0x166/0x6c0 mm/page_alloc.c:4649 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 stack_depot_save_flags+0x666/0x830 lib/stackdepot.c:627 kasan_save_stack mm/kasan/common.c:48 [inline] kasan_save_track+0x51/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_mempool_unpoison_object+0xa0/0x170 mm/kasan/common.c:535 remove_element+0x129/0x1a0 mm/mempool.c:150 mempool_alloc_noprof+0x54e/0x5a0 mm/mempool.c:408 __sg_alloc_table+0xcc/0x3c0 lib/scatterlist.c:321 sg_alloc_table_chained+0xe6/0x1c0 lib/sg_pool.c:133 scsi_alloc_sgtables+0x290/0xcb0 drivers/scsi/scsi_lib.c:1133 sd_setup_read_write_cmnd drivers/scsi/sd.c:1227 [inline] sd_init_command+0x531/0x2100 drivers/scsi/sd.c:1345 scsi_prepare_cmd drivers/scsi/scsi_lib.c:1698 [inline] scsi_queue_rq+0x18cd/0x2f70 drivers/scsi/scsi_lib.c:1832 blk_mq_dispatch_rq_list+0xb89/0x1b30 block/blk-mq.c:2037 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:170 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:184 [inline] __blk_mq_sched_dispatch_requests+0xb8a/0x1840 block/blk-mq-sched.c:309 blk_mq_sched_dispatch_requests+0xcb/0x140 block/blk-mq-sched.c:331 blk_mq_run_hw_queue+0x9a5/0xae0 block/blk-mq.c:2250 blk_mq_flush_plug_list+0x1115/0x1880 block/blk-mq.c:2799 __blk_flush_plug+0x420/0x500 block/blk-core.c:1194 blk_finish_plug+0x5e/0x80 block/blk-core.c:1221 read_pages+0x644/0x840 mm/readahead.c:183 page_cache_ra_unbounded+0x6ce/0x7f0 mm/readahead.c:273 do_sync_mmap_readahead+0x49c/0x970 filemap_fault+0x828/0x1760 mm/filemap.c:3313 __do_fault+0x135/0x460 mm/memory.c:4562 do_read_fault mm/memory.c:4926 [inline] do_fault mm/memory.c:5056 [inline] do_pte_missing mm/memory.c:3903 [inline] handle_pte_fault+0x3d8d/0x7130 mm/memory.c:5380 __handle_mm_fault mm/memory.c:5523 [inline] handle_mm_fault+0xfb0/0x19d0 mm/memory.c:5688 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline] handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7f5cecde8cf6 Code: Unable to access opcode bytes at 0x7f5cecde8ccc. RSP: 002b:00007ffcfc7d4e18 EFLAGS: 00010283 RAX: 0000000000000000 RBX: 00007f5cecdc45c0 RCX: 000000000000000d RDX: 00007f5cecdccc04 RSI: 00007f5cecdccb4d RDI: 00007f5cecb6e3c0 RBP: 0000000000000000 R08: 00007f5cecdc45a0 R09: 0000000000000009 R10: 00007f5cecdfbab0 R11: 00007f5cecb6e3c0 R12: 00007f5cecb70218 R13: 00007f5cecb70228 R14: 00007f5cecdfbab0 R15: 00007f5ceccf1b10 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 8780, name: modprobe preempt_count: 1, expected: 0 RCU nest depth: 1, expected: 0 INFO: lockdep is turned off. irq event stamp: 81486 hardirqs last enabled at (81485): [] seqcount_lockdep_reader_access+0x13b/0x1e0 include/linux/seqlock.h:74 hardirqs last disabled at (81486): [] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline] hardirqs last disabled at (81486): [] _raw_spin_lock_irqsave+0xb0/0x120 kernel/locking/spinlock.c:162 softirqs last enabled at (80828): [] __do_softirq kernel/softirq.c:588 [inline] softirqs last enabled at (80828): [] invoke_softirq kernel/softirq.c:428 [inline] softirqs last enabled at (80828): [] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 softirqs last disabled at (80815): [] __do_softirq kernel/softirq.c:588 [inline] softirqs last disabled at (80815): [] invoke_softirq kernel/softirq.c:428 [inline] softirqs last disabled at (80815): [] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 PID: 8780 Comm: modprobe Not tainted 6.9.0-syzkaller-12277-g56fb6f92854f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 __might_resched+0x5d4/0x780 kernel/sched/core.c:10196 might_alloc include/linux/sched/mm.h:337 [inline] prepare_alloc_pages+0x1c9/0x5d0 mm/page_alloc.c:4431 __alloc_pages_noprof+0x166/0x6c0 mm/page_alloc.c:4649 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 stack_depot_save_flags+0x666/0x830 lib/stackdepot.c:627 kasan_save_stack mm/kasan/common.c:48 [inline] kasan_save_track+0x51/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:312 [inline] __kasan_mempool_unpoison_object+0xa0/0x170 mm/kasan/common.c:535 remove_element+0x129/0x1a0 mm/mempool.c:150 mempool_alloc_noprof+0x54e/0x5a0 mm/mempool.c:408 __sg_alloc_table+0xcc/0x3c0 lib/scatterlist.c:321 sg_alloc_table_chained+0xe6/0x1c0 lib/sg_pool.c:133 scsi_alloc_sgtables+0x290/0xcb0 drivers/scsi/scsi_lib.c:1133 sd_setup_read_write_cmnd drivers/scsi/sd.c:1227 [inline] sd_init_command+0x531/0x2100 drivers/scsi/sd.c:1345 scsi_prepare_cmd drivers/scsi/scsi_lib.c:1698 [inline] scsi_queue_rq+0x18cd/0x2f70 drivers/scsi/scsi_lib.c:1832 blk_mq_dispatch_rq_list+0xb89/0x1b30 block/blk-mq.c:2037 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:170 [inline] blk_mq_do_dispatch_sched block/blk-mq-sched.c:184 [inline] __blk_mq_sched_dispatch_requests+0xb8a/0x1840 block/blk-mq-sched.c:309 blk_mq_sched_dispatch_requests+0xcb/0x140 block/blk-mq-sched.c:331 blk_mq_run_hw_queue+0x9a5/0xae0 block/blk-mq.c:2250 blk_mq_flush_plug_list+0x1115/0x1880 block/blk-mq.c:2799 __blk_flush_plug+0x420/0x500 block/blk-core.c:1194 blk_finish_plug+0x5e/0x80 block/blk-core.c:1221 read_pages+0x644/0x840 mm/readahead.c:183 page_cache_ra_unbounded+0x6ce/0x7f0 mm/readahead.c:273 do_sync_mmap_readahead+0x49c/0x970 filemap_fault+0x828/0x1760 mm/filemap.c:3313 __do_fault+0x135/0x460 mm/memory.c:4562 do_read_fault mm/memory.c:4926 [inline] do_fault mm/memory.c:5056 [inline] do_pte_missing mm/memory.c:3903 [inline] handle_pte_fault+0x3d8d/0x7130 mm/memory.c:5380 __handle_mm_fault mm/memory.c:5523 [inline] handle_mm_fault+0xfb0/0x19d0 mm/memory.c:5688 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline] handle_page_fault arch/x86/mm/fault.c:1481 [inline] exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x7f5cecde8cf6 Code: Unable to access opcode bytes at 0x7f5cecde8ccc. RSP: 002b:00007ffcfc7d4e18 EFLAGS: 00010283 RAX: 0000000000000000 RBX: 00007f5cecdc45c0 RCX: 000000000000000d RDX: 00007f5cecdccc04 RSI: 00007f5cecdccb4d RDI: 00007f5cecb6e3c0 RBP: 0000000000000000 R08: 00007f5cecdc45a0 R09: 0000000000000009 R10: 00007f5cecdfbab0 R11: 00007f5cecb6e3c0 R12: 00007f5cecb70218 R13: 00007f5cecb70228 R14: 00007f5cecdfbab0 R15: 00007f5ceccf1b10 BUG: scheduling while atomic: modprobe/8780/0x00000002 INFO: lockdep is turned off. Modules linked in: Preemption disabled at: [<0000000000000000>] 0x0