Warning: Permanently added '10.128.0.28' (ED25519) to the list of known hosts. executing program [ 38.883993][ T3968] [ 38.884557][ T3968] ===================================================== [ 38.886063][ T3968] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 38.887714][ T3968] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 38.889362][ T3968] ----------------------------------------------------- [ 38.890945][ T3968] syz-executor405/3968 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 38.892635][ T3968] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 38.894819][ T3968] [ 38.894819][ T3968] and this task is already holding: [ 38.896531][ T3968] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 38.898469][ T3968] which would create a new lock dependency: [ 38.899829][ T3968] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 38.901407][ T3968] [ 38.901407][ T3968] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 38.903482][ T3968] (noop_qdisc.q.lock){+.-.}-{2:2} [ 38.903500][ T3968] [ 38.903500][ T3968] ... which became SOFTIRQ-irq-safe at: [ 38.906310][ T3968] lock_acquire+0x240/0x77c [ 38.907248][ T3968] _raw_spin_lock+0xb0/0x10c [ 38.908301][ T3968] net_tx_action+0x634/0x884 [ 38.909090][ T3968] __do_softirq+0x344/0xe20 [ 38.909844][ T3968] do_softirq+0x120/0x20c [ 38.910565][ T3968] __local_bh_enable_ip+0x2c0/0x4d0 [ 38.911440][ T3968] local_bh_enable+0x28/0x174 [ 38.912222][ T3968] dev_deactivate_many+0x580/0xbe4 [ 38.913085][ T3968] dev_deactivate+0x13c/0x1fc [ 38.913865][ T3968] linkwatch_do_dev+0x2a8/0x3c8 [ 38.914681][ T3968] __linkwatch_run_queue+0x424/0x730 [ 38.915561][ T3968] linkwatch_event+0x58/0x68 [ 38.916325][ T3968] process_one_work+0x790/0x11b8 [ 38.917150][ T3968] worker_thread+0x910/0x1034 [ 38.917931][ T3968] kthread+0x37c/0x45c [ 38.918603][ T3968] ret_from_fork+0x10/0x20 [ 38.919496][ T3968] [ 38.919496][ T3968] to a SOFTIRQ-irq-unsafe lock: [ 38.920908][ T3968] (fs_reclaim){+.+.}-{0:0} [ 38.920926][ T3968] [ 38.920926][ T3968] ... which became SOFTIRQ-irq-unsafe at: [ 38.923622][ T3968] ... [ 38.923628][ T3968] lock_acquire+0x240/0x77c [ 38.925170][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 38.926211][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 38.927332][ T3968] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 38.928461][ T3968] init_rescuer+0xa4/0x264 [ 38.929396][ T3968] workqueue_init+0x2b4/0x640 [ 38.930502][ T3968] kernel_init_freeable+0x448/0x650 [ 38.931672][ T3968] kernel_init+0x24/0x294 [ 38.932639][ T3968] ret_from_fork+0x10/0x20 [ 38.933626][ T3968] [ 38.933626][ T3968] other info that might help us debug this: [ 38.933626][ T3968] [ 38.935956][ T3968] Possible interrupt unsafe locking scenario: [ 38.935956][ T3968] [ 38.937802][ T3968] CPU0 CPU1 [ 38.938968][ T3968] ---- ---- [ 38.940258][ T3968] lock(fs_reclaim); [ 38.941142][ T3968] local_irq_disable(); [ 38.942582][ T3968] lock(noop_qdisc.q.lock); [ 38.944128][ T3968] lock(fs_reclaim); [ 38.945721][ T3968] [ 38.946502][ T3968] lock(noop_qdisc.q.lock); [ 38.947615][ T3968] [ 38.947615][ T3968] *** DEADLOCK *** [ 38.947615][ T3968] [ 38.949410][ T3968] 2 locks held by syz-executor405/3968: [ 38.950512][ T3968] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 38.952747][ T3968] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 38.954987][ T3968] [ 38.954987][ T3968] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 38.957393][ T3968] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 38.958476][ T3968] HARDIRQ-ON-W at: [ 38.959299][ T3968] lock_acquire+0x240/0x77c [ 38.960589][ T3968] _raw_spin_lock+0xb0/0x10c [ 38.961993][ T3968] __dev_queue_xmit+0x8d0/0x2a6c [ 38.963499][ T3968] dev_queue_xmit+0x24/0x34 [ 38.964884][ T3968] tx+0x8c/0x130 [ 38.966035][ T3968] kthread+0x1ac/0x374 [ 38.967231][ T3968] kthread+0x37c/0x45c [ 38.968436][ T3968] ret_from_fork+0x10/0x20 [ 38.969827][ T3968] IN-SOFTIRQ-W at: [ 38.970756][ T3968] lock_acquire+0x240/0x77c [ 38.972142][ T3968] _raw_spin_lock+0xb0/0x10c [ 38.973365][ T3968] net_tx_action+0x634/0x884 [ 38.974847][ T3968] __do_softirq+0x344/0xe20 [ 38.976204][ T3968] do_softirq+0x120/0x20c [ 38.977603][ T3968] __local_bh_enable_ip+0x2c0/0x4d0 [ 38.979147][ T3968] local_bh_enable+0x28/0x174 [ 38.980536][ T3968] dev_deactivate_many+0x580/0xbe4 [ 38.982017][ T3968] dev_deactivate+0x13c/0x1fc [ 38.983446][ T3968] linkwatch_do_dev+0x2a8/0x3c8 [ 38.984947][ T3968] __linkwatch_run_queue+0x424/0x730 [ 38.986416][ T3968] linkwatch_event+0x58/0x68 [ 38.987782][ T3968] process_one_work+0x790/0x11b8 [ 38.989320][ T3968] worker_thread+0x910/0x1034 [ 38.990752][ T3968] kthread+0x37c/0x45c [ 38.991966][ T3968] ret_from_fork+0x10/0x20 [ 38.993435][ T3968] INITIAL USE at: [ 38.994295][ T3968] lock_acquire+0x240/0x77c [ 38.995715][ T3968] _raw_spin_lock+0xb0/0x10c [ 38.997085][ T3968] __dev_queue_xmit+0x8d0/0x2a6c [ 38.998620][ T3968] dev_queue_xmit+0x24/0x34 [ 38.999883][ T3968] tx+0x8c/0x130 [ 39.000976][ T3968] kthread+0x1ac/0x374 [ 39.002260][ T3968] kthread+0x37c/0x45c [ 39.003490][ T3968] ret_from_fork+0x10/0x20 [ 39.004941][ T3968] } [ 39.005470][ T3968] ... key at: [] noop_qdisc+0x108/0x320 [ 39.007190][ T3968] [ 39.007190][ T3968] the dependencies between the lock to be acquired [ 39.007197][ T3968] and SOFTIRQ-irq-unsafe lock: [ 39.010062][ T3968] -> (fs_reclaim){+.+.}-{0:0} { [ 39.011112][ T3968] HARDIRQ-ON-W at: [ 39.011966][ T3968] lock_acquire+0x240/0x77c [ 39.013338][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 39.014835][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 39.016180][ T3968] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.017767][ T3968] init_rescuer+0xa4/0x264 [ 39.019092][ T3968] workqueue_init+0x2b4/0x640 [ 39.020460][ T3968] kernel_init_freeable+0x448/0x650 [ 39.022054][ T3968] kernel_init+0x24/0x294 [ 39.023475][ T3968] ret_from_fork+0x10/0x20 [ 39.024819][ T3968] SOFTIRQ-ON-W at: [ 39.025638][ T3968] lock_acquire+0x240/0x77c [ 39.027100][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 39.028632][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 39.030056][ T3968] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.031695][ T3968] init_rescuer+0xa4/0x264 [ 39.033037][ T3968] workqueue_init+0x2b4/0x640 [ 39.034514][ T3968] kernel_init_freeable+0x448/0x650 [ 39.035989][ T3968] kernel_init+0x24/0x294 [ 39.037332][ T3968] ret_from_fork+0x10/0x20 [ 39.038686][ T3968] INITIAL USE at: [ 39.039552][ T3968] lock_acquire+0x240/0x77c [ 39.040973][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 39.042464][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 39.043927][ T3968] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.045527][ T3968] init_rescuer+0xa4/0x264 [ 39.046886][ T3968] workqueue_init+0x2b4/0x640 [ 39.048299][ T3968] kernel_init_freeable+0x448/0x650 [ 39.049871][ T3968] kernel_init+0x24/0x294 [ 39.051137][ T3968] ret_from_fork+0x10/0x20 [ 39.052413][ T3968] } [ 39.052991][ T3968] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 39.054765][ T3968] ... acquired at: [ 39.055585][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 39.056721][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 39.057797][ T3968] __kmalloc_node+0xbc/0x5b8 [ 39.058862][ T3968] kvmalloc_node+0x88/0x204 [ 39.059957][ T3968] get_dist_table+0x9c/0x2a4 [ 39.061036][ T3968] netem_change+0x7cc/0x1a90 [ 39.062056][ T3968] netem_init+0x54/0xb8 [ 39.063121][ T3968] qdisc_create+0x6fc/0xf44 [ 39.064132][ T3968] tc_modify_qdisc+0x8dc/0x1344 [ 39.065250][ T3968] rtnetlink_rcv_msg+0xa74/0xdac [ 39.066333][ T3968] netlink_rcv_skb+0x20c/0x3b8 [ 39.067502][ T3968] rtnetlink_rcv+0x28/0x38 [ 39.068511][ T3968] netlink_unicast+0x664/0x938 [ 39.069593][ T3968] netlink_sendmsg+0x844/0xb38 [ 39.070674][ T3968] ____sys_sendmsg+0x584/0x870 [ 39.071832][ T3968] ___sys_sendmsg+0x214/0x294 [ 39.072817][ T3968] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.073941][ T3968] invoke_syscall+0x98/0x2b8 [ 39.075072][ T3968] el0_svc_common+0x138/0x258 [ 39.076222][ T3968] do_el0_svc+0x58/0x14c [ 39.077211][ T3968] el0_svc+0x7c/0x1f0 [ 39.078138][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 39.079268][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 39.080316][ T3968] [ 39.080869][ T3968] [ 39.080869][ T3968] stack backtrace: [ 39.082114][ T3968] CPU: 1 PID: 3968 Comm: syz-executor405 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 39.084300][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 39.086592][ T3968] Call trace: [ 39.087243][ T3968] dump_backtrace+0x0/0x530 [ 39.088154][ T3968] show_stack+0x2c/0x3c [ 39.089112][ T3968] dump_stack_lvl+0x108/0x170 [ 39.090188][ T3968] dump_stack+0x1c/0x58 [ 39.091124][ T3968] __lock_acquire+0x62b4/0x7620 [ 39.092140][ T3968] lock_acquire+0x240/0x77c [ 39.093187][ T3968] fs_reclaim_acquire+0xf0/0x1d0 [ 39.094262][ T3968] slab_pre_alloc_hook+0x38/0xe8 [ 39.095304][ T3968] __kmalloc_node+0xbc/0x5b8 [ 39.096232][ T3968] kvmalloc_node+0x88/0x204 [ 39.097165][ T3968] get_dist_table+0x9c/0x2a4 [ 39.098122][ T3968] netem_change+0x7cc/0x1a90 [ 39.099070][ T3968] netem_init+0x54/0xb8 [ 39.099958][ T3968] qdisc_create+0x6fc/0xf44 [ 39.100954][ T3968] tc_modify_qdisc+0x8dc/0x1344 [ 39.102101][ T3968] rtnetlink_rcv_msg+0xa74/0xdac [ 39.103219][ T3968] netlink_rcv_skb+0x20c/0x3b8 [ 39.104294][ T3968] rtnetlink_rcv+0x28/0x38 [ 39.105348][ T3968] netlink_unicast+0x664/0x938 [ 39.106392][ T3968] netlink_sendmsg+0x844/0xb38 [ 39.107369][ T3968] ____sys_sendmsg+0x584/0x870 [ 39.108555][ T3968] ___sys_sendmsg+0x214/0x294 [ 39.109619][ T3968] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.110688][ T3968] invoke_syscall+0x98/0x2b8 [ 39.111662][ T3968] el0_svc_common+0x138/0x258 [ 39.112607][ T3968] do_el0_svc+0x58/0x14c [ 39.113493][ T3968] el0_svc+0x7c/0x1f0 [ 39.114397][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 39.115561][ T3968] el0t_64_sync+0x1a0/0x1a4 [ 39.116629][ T3968] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 39.118811][ T3968] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3968, name: syz-executor405 [ 39.121031][ T3968] INFO: lockdep is turned off. [ 39.122081][ T3968] Preemption disabled at: [ 39.122091][ T3968] [] netem_change+0x22c/0x1a90 [ 39.124377][ T3968] CPU: 1 PID: 3968 Comm: syz-executor405 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 39.126597][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 39.128594][ T3968] Call trace: [ 39.129338][ T3968] dump_backtrace+0x0/0x530 [ 39.130283][ T3968] show_stack+0x2c/0x3c [ 39.131220][ T3968] dump_stack_lvl+0x108/0x170 [ 39.132297][ T3968] dump_stack+0x1c/0x58 [ 39.133223][ T3968] ___might_sleep+0x380/0x4dc [ 39.134301][ T3968] __might_sleep+0x98/0xf0 [ 39.135282][ T3968] slab_pre_alloc_hook+0x58/0xe8 [ 39.136374][ T3968] __kmalloc_node+0xbc/0x5b8 [ 39.137396][ T3968] kvmalloc_node+0x88/0x204 [ 39.138383][ T3968] get_dist_table+0x9c/0x2a4 [ 39.139386][ T3968] netem_change+0x7cc/0x1a90 [ 39.140396][ T3968] netem_init+0x54/0xb8 [ 39.141250][ T3968] qdisc_create+0x6fc/0xf44 [ 39.142212][ T3968] tc_modify_qdisc+0x8dc/0x1344 [ 39.143306][ T3968] rtnetlink_rcv_msg+0xa74/0xdac [ 39.144344][ T3968] netlink_rcv_skb+0x20c/0x3b8 [ 39.145399][ T3968] rtnetlink_rcv+0x28/0x38 [ 39.146405][ T3968] netlink_unicast+0x664/0x938 [ 39.147484][ T3968] netlink_sendmsg+0x844/0xb38 [ 39.148556][ T3968] ____sys_sendmsg+0x584/0x870 [ 39.149653][ T3968] ___sys_sendmsg+0x214/0x294 [ 39.150610][ T3968] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.151796][ T3968] invoke_syscall+0x98/0x2b8 [ 39.152720][ T3968] el0_svc_common+0x138/0x258 [ 39.153666][ T3968] do_el0_svc+0x58/0x14c [ 39.154631][ T3968] el0_svc+0x7c/0x1f0 [ 39.155463][ T3968] el0t_64_sync_handler+0x84/0xe4 [ 39.156636][ T3968] el0t_64_sync+0x1a0/0x1a4