Warning: Permanently added '10.128.0.78' (ED25519) to the list of known hosts. executing program [ 40.099932][ T3965] [ 40.100579][ T3965] ===================================================== [ 40.102381][ T3965] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 40.104358][ T3965] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 40.106155][ T3965] ----------------------------------------------------- [ 40.107900][ T3965] syz-executor348/3965 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 40.109996][ T3965] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 40.112387][ T3965] [ 40.112387][ T3965] and this task is already holding: [ 40.114252][ T3965] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 40.116740][ T3965] which would create a new lock dependency: [ 40.118284][ T3965] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 40.120286][ T3965] [ 40.120286][ T3965] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 40.122705][ T3965] (noop_qdisc.q.lock){+.-.}-{2:2} [ 40.122723][ T3965] [ 40.122723][ T3965] ... which became SOFTIRQ-irq-safe at: [ 40.126028][ T3965] lock_acquire+0x240/0x77c [ 40.127220][ T3965] _raw_spin_lock+0xb0/0x10c [ 40.128429][ T3965] net_tx_action+0x634/0x884 [ 40.129678][ T3965] __do_softirq+0x344/0xe20 [ 40.130854][ T3965] do_softirq+0x120/0x20c [ 40.131962][ T3965] __local_bh_enable_ip+0x2c0/0x4d0 [ 40.133322][ T3965] local_bh_enable+0x28/0x174 [ 40.134578][ T3965] dev_deactivate_many+0x580/0xbe4 [ 40.135905][ T3965] dev_deactivate+0x13c/0x1fc [ 40.137129][ T3965] linkwatch_do_dev+0x2a8/0x3c8 [ 40.138393][ T3965] __linkwatch_run_queue+0x424/0x730 [ 40.139743][ T3965] linkwatch_event+0x58/0x68 [ 40.141013][ T3965] process_one_work+0x790/0x11b8 [ 40.142306][ T3965] worker_thread+0x910/0x1034 [ 40.143525][ T3965] kthread+0x37c/0x45c [ 40.144582][ T3965] ret_from_fork+0x10/0x20 [ 40.145779][ T3965] [ 40.145779][ T3965] to a SOFTIRQ-irq-unsafe lock: [ 40.147672][ T3965] (fs_reclaim){+.+.}-{0:0} [ 40.147689][ T3965] [ 40.147689][ T3965] ... which became SOFTIRQ-irq-unsafe at: [ 40.150916][ T3965] ... [ 40.150922][ T3965] lock_acquire+0x240/0x77c [ 40.152760][ T3965] fs_reclaim_acquire+0xf0/0x1d0 [ 40.154044][ T3965] slab_pre_alloc_hook+0x38/0xe8 [ 40.155322][ T3965] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 40.156884][ T3965] init_rescuer+0xa4/0x264 [ 40.158067][ T3965] workqueue_init+0x2b4/0x640 [ 40.159282][ T3965] kernel_init_freeable+0x448/0x650 [ 40.160667][ T3965] kernel_init+0x24/0x294 [ 40.161826][ T3965] ret_from_fork+0x10/0x20 [ 40.162944][ T3965] [ 40.162944][ T3965] other info that might help us debug this: [ 40.162944][ T3965] [ 40.165559][ T3965] Possible interrupt unsafe locking scenario: [ 40.165559][ T3965] [ 40.167780][ T3965] CPU0 CPU1 [ 40.169120][ T3965] ---- ---- [ 40.170512][ T3965] lock(fs_reclaim); [ 40.171531][ T3965] local_irq_disable(); [ 40.173296][ T3965] lock(noop_qdisc.q.lock); [ 40.175211][ T3965] lock(fs_reclaim); [ 40.176943][ T3965] [ 40.177813][ T3965] lock(noop_qdisc.q.lock); [ 40.179071][ T3965] [ 40.179071][ T3965] *** DEADLOCK *** [ 40.179071][ T3965] [ 40.181169][ T3965] 2 locks held by syz-executor348/3965: [ 40.182605][ T3965] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 40.185135][ T3965] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 40.187731][ T3965] [ 40.187731][ T3965] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 40.190491][ T3965] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 40.191972][ T3965] HARDIRQ-ON-W at: [ 40.193015][ T3965] lock_acquire+0x240/0x77c [ 40.194597][ T3965] _raw_spin_lock+0xb0/0x10c [ 40.196276][ T3965] __dev_queue_xmit+0x8d0/0x2a6c [ 40.198033][ T3965] dev_queue_xmit+0x24/0x34 [ 40.199620][ T3965] tx+0x8c/0x130 [ 40.200971][ T3965] kthread+0x1ac/0x374 [ 40.202463][ T3965] kthread+0x37c/0x45c [ 40.203949][ T3965] ret_from_fork+0x10/0x20 [ 40.205552][ T3965] IN-SOFTIRQ-W at: [ 40.206599][ T3965] lock_acquire+0x240/0x77c [ 40.208183][ T3965] _raw_spin_lock+0xb0/0x10c [ 40.209766][ T3965] net_tx_action+0x634/0x884 [ 40.211412][ T3965] __do_softirq+0x344/0xe20 [ 40.213041][ T3965] do_softirq+0x120/0x20c [ 40.214582][ T3965] __local_bh_enable_ip+0x2c0/0x4d0 [ 40.216378][ T3965] local_bh_enable+0x28/0x174 [ 40.218027][ T3965] dev_deactivate_many+0x580/0xbe4 [ 40.219797][ T3965] dev_deactivate+0x13c/0x1fc [ 40.221386][ T3965] linkwatch_do_dev+0x2a8/0x3c8 [ 40.223084][ T3965] __linkwatch_run_queue+0x424/0x730 [ 40.224928][ T3965] linkwatch_event+0x58/0x68 [ 40.226539][ T3965] process_one_work+0x790/0x11b8 [ 40.228262][ T3965] worker_thread+0x910/0x1034 [ 40.229888][ T3965] kthread+0x37c/0x45c [ 40.231422][ T3965] ret_from_fork+0x10/0x20 [ 40.233047][ T3965] INITIAL USE at: [ 40.234100][ T3965] lock_acquire+0x240/0x77c [ 40.235623][ T3965] _raw_spin_lock+0xb0/0x10c [ 40.237198][ T3965] __dev_queue_xmit+0x8d0/0x2a6c [ 40.238892][ T3965] dev_queue_xmit+0x24/0x34 [ 40.240510][ T3965] tx+0x8c/0x130 [ 40.241877][ T3965] kthread+0x1ac/0x374 [ 40.243411][ T3965] kthread+0x37c/0x45c [ 40.244868][ T3965] ret_from_fork+0x10/0x20 [ 40.246458][ T3965] } [ 40.247108][ T3965] ... key at: [] noop_qdisc+0x108/0x320 [ 40.249123][ T3965] [ 40.249123][ T3965] the dependencies between the lock to be acquired [ 40.249130][ T3965] and SOFTIRQ-irq-unsafe lock: [ 40.252784][ T3965] -> (fs_reclaim){+.+.}-{0:0} { [ 40.254110][ T3965] HARDIRQ-ON-W at: [ 40.255167][ T3965] lock_acquire+0x240/0x77c [ 40.256764][ T3965] fs_reclaim_acquire+0xf0/0x1d0 [ 40.258447][ T3965] slab_pre_alloc_hook+0x38/0xe8 [ 40.260131][ T3965] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 40.262004][ T3965] init_rescuer+0xa4/0x264 [ 40.263623][ T3965] workqueue_init+0x2b4/0x640 [ 40.265311][ T3965] kernel_init_freeable+0x448/0x650 [ 40.267140][ T3965] kernel_init+0x24/0x294 [ 40.268682][ T3965] ret_from_fork+0x10/0x20 [ 40.270249][ T3965] SOFTIRQ-ON-W at: [ 40.271282][ T3965] lock_acquire+0x240/0x77c [ 40.272867][ T3965] fs_reclaim_acquire+0xf0/0x1d0 [ 40.274608][ T3965] slab_pre_alloc_hook+0x38/0xe8 [ 40.276354][ T3965] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 40.278261][ T3965] init_rescuer+0xa4/0x264 [ 40.279885][ T3965] workqueue_init+0x2b4/0x640 [ 40.281536][ T3965] kernel_init_freeable+0x448/0x650 [ 40.283366][ T3965] kernel_init+0x24/0x294 [ 40.284961][ T3965] ret_from_fork+0x10/0x20 [ 40.286559][ T3965] INITIAL USE at: [ 40.287571][ T3965] lock_acquire+0x240/0x77c [ 40.289113][ T3965] fs_reclaim_acquire+0xf0/0x1d0 [ 40.290736][ T3965] slab_pre_alloc_hook+0x38/0xe8 [ 40.292425][ T3965] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 40.294388][ T3965] init_rescuer+0xa4/0x264 [ 40.295947][ T3965] workqueue_init+0x2b4/0x640 [ 40.297553][ T3965] kernel_init_freeable+0x448/0x650 [ 40.299261][ T3965] kernel_init+0x24/0x294 [ 40.300828][ T3965] ret_from_fork+0x10/0x20 [ 40.302457][ T3965] } [ 40.303107][ T3965] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 40.305228][ T3965] ... acquired at: [ 40.306261][ T3965] fs_reclaim_acquire+0xf0/0x1d0 [ 40.307595][ T3965] slab_pre_alloc_hook+0x38/0xe8 [ 40.309035][ T3965] __kmalloc_node+0xbc/0x5b8 [ 40.310335][ T3965] kvmalloc_node+0x88/0x204 [ 40.311581][ T3965] get_dist_table+0x9c/0x2a4 [ 40.312912][ T3965] netem_change+0x7cc/0x1a90 [ 40.314200][ T3965] netem_init+0x54/0xb8 [ 40.315328][ T3965] qdisc_create+0x6fc/0xf44 [ 40.316632][ T3965] tc_modify_qdisc+0x8dc/0x1344 [ 40.317982][ T3965] rtnetlink_rcv_msg+0xa74/0xdac [ 40.319326][ T3965] netlink_rcv_skb+0x20c/0x3b8 [ 40.320611][ T3965] rtnetlink_rcv+0x28/0x38 [ 40.321770][ T3965] netlink_unicast+0x664/0x938 [ 40.323042][ T3965] netlink_sendmsg+0x844/0xb38 [ 40.324363][ T3965] ____sys_sendmsg+0x584/0x870 [ 40.325640][ T3965] ___sys_sendmsg+0x214/0x294 [ 40.326941][ T3965] __arm64_sys_sendmsg+0x1ac/0x25c [ 40.328310][ T3965] invoke_syscall+0x98/0x2b8 [ 40.329520][ T3965] el0_svc_common+0x138/0x258 [ 40.330778][ T3965] do_el0_svc+0x58/0x14c [ 40.331900][ T3965] el0_svc+0x7c/0x1f0 [ 40.333035][ T3965] el0t_64_sync_handler+0x84/0xe4 [ 40.334391][ T3965] el0t_64_sync+0x1a0/0x1a4 [ 40.335626][ T3965] [ 40.336195][ T3965] [ 40.336195][ T3965] stack backtrace: [ 40.337770][ T3965] CPU: 1 PID: 3965 Comm: syz-executor348 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 40.340433][ T3965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 40.343048][ T3965] Call trace: [ 40.343897][ T3965] dump_backtrace+0x0/0x530 [ 40.345069][ T3965] show_stack+0x2c/0x3c [ 40.346137][ T3965] dump_stack_lvl+0x108/0x170 [ 40.347306][ T3965] dump_stack+0x1c/0x58 [ 40.348408][ T3965] __lock_acquire+0x62b4/0x7620 [ 40.349656][ T3965] lock_acquire+0x240/0x77c [ 40.350811][ T3965] fs_reclaim_acquire+0xf0/0x1d0 [ 40.352033][ T3965] slab_pre_alloc_hook+0x38/0xe8 [ 40.353374][ T3965] __kmalloc_node+0xbc/0x5b8 [ 40.354539][ T3965] kvmalloc_node+0x88/0x204 [ 40.355762][ T3965] get_dist_table+0x9c/0x2a4 [ 40.356959][ T3965] netem_change+0x7cc/0x1a90 [ 40.358141][ T3965] netem_init+0x54/0xb8 [ 40.359186][ T3965] qdisc_create+0x6fc/0xf44 [ 40.360388][ T3965] tc_modify_qdisc+0x8dc/0x1344 [ 40.361656][ T3965] rtnetlink_rcv_msg+0xa74/0xdac [ 40.362901][ T3965] netlink_rcv_skb+0x20c/0x3b8 [ 40.364101][ T3965] rtnetlink_rcv+0x28/0x38 [ 40.365291][ T3965] netlink_unicast+0x664/0x938 [ 40.366523][ T3965] netlink_sendmsg+0x844/0xb38 [ 40.367745][ T3965] ____sys_sendmsg+0x584/0x870 [ 40.368974][ T3965] ___sys_sendmsg+0x214/0x294 [ 40.370217][ T3965] __arm64_sys_sendmsg+0x1ac/0x25c [ 40.371625][ T3965] invoke_syscall+0x98/0x2b8 [ 40.372862][ T3965] el0_svc_common+0x138/0x258 [ 40.374101][ T3965] do_el0_svc+0x58/0x14c [ 40.375238][ T3965] el0_svc+0x7c/0x1f0 [ 40.376255][ T3965] el0t_64_sync_handler+0x84/0xe4 [ 40.377626][ T3965] el0t_64_sync+0x1a0/0x1a4 [ 40.378887][ T3965] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 40.381428][ T3965] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3965, name: syz-executor348 [ 40.383842][ T3965] INFO: lockdep is turned off. [ 40.384990][ T3965] Preemption disabled at: [ 40.385001][ T3965] [] netem_change+0x22c/0x1a90 [ 40.387775][ T3965] CPU: 1 PID: 3965 Comm: syz-executor348 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 40.390397][ T3965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 40.392930][ T3965] Call trace: [ 40.393763][ T3965] dump_backtrace+0x0/0x530 [ 40.394920][ T3965] show_stack+0x2c/0x3c [ 40.395957][ T3965] dump_stack_lvl+0x108/0x170 [ 40.397155][ T3965] dump_stack+0x1c/0x58 [ 40.398232][ T3965] ___might_sleep+0x380/0x4dc [ 40.399463][ T3965] __might_sleep+0x98/0xf0 [ 40.400583][ T3965] slab_pre_alloc_hook+0x58/0xe8 [ 40.401883][ T3965] __kmalloc_node+0xbc/0x5b8 [ 40.403114][ T3965] kvmalloc_node+0x88/0x204 [ 40.404282][ T3965] get_dist_table+0x9c/0x2a4 [ 40.405488][ T3965] netem_change+0x7cc/0x1a90 [ 40.406692][ T3965] netem_init+0x54/0xb8 [ 40.407757][ T3965] qdisc_create+0x6fc/0xf44 [ 40.408932][ T3965] tc_modify_qdisc+0x8dc/0x1344 [ 40.410208][ T3965] rtnetlink_rcv_msg+0xa74/0xdac [ 40.411502][ T3965] netlink_rcv_skb+0x20c/0x3b8 [ 40.412722][ T3965] rtnetlink_rcv+0x28/0x38 [ 40.413854][ T3965] netlink_unicast+0x664/0x938 [ 40.415050][ T3965] netlink_sendmsg+0x844/0xb38 [ 40.416302][ T3965] ____sys_sendmsg+0x584/0x870 [ 40.417551][ T3965] ___sys_sendmsg+0x214/0x294 [ 40.418731][ T3965] __arm64_sys_sendmsg+0x1ac/0x25c [ 40.420060][ T3965] invoke_syscall+0x98/0x2b8 [ 40.421253][ T3965] el0_svc_common+0x138/0x258 [ 40.422499][ T3965] do_el0_svc+0x58/0x14c [ 40.423617][ T3965] el0_svc+0x7c/0x1f0 [ 40.424703][ T3965] el0t_64_sync_handler+0x84/0xe4 [ 40.425991][ T3965] el0t_64_sync+0x1a0/0x1a4