Warning: Permanently added '10.128.0.39' (ED25519) to the list of known hosts. executing program [ 42.329994][ T3964] [ 42.330639][ T3964] ===================================================== [ 42.332432][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 42.334347][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 42.336110][ T3964] ----------------------------------------------------- [ 42.337952][ T3964] syz-executor253/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 42.340075][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 42.342429][ T3964] [ 42.342429][ T3964] and this task is already holding: [ 42.344386][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.346910][ T3964] which would create a new lock dependency: [ 42.348455][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 42.350587][ T3964] [ 42.350587][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 42.353060][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 42.353079][ T3964] [ 42.353079][ T3964] ... which became SOFTIRQ-irq-safe at: [ 42.356428][ T3964] lock_acquire+0x240/0x77c [ 42.357719][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.358991][ T3964] net_tx_action+0x634/0x884 [ 42.360199][ T3964] __do_softirq+0x344/0xe20 [ 42.361386][ T3964] do_softirq+0x120/0x20c [ 42.362550][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 42.363895][ T3964] local_bh_enable+0x28/0x174 [ 42.365132][ T3964] dev_deactivate_many+0x580/0xbe4 [ 42.366479][ T3964] dev_deactivate+0x13c/0x1fc [ 42.367743][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 42.369037][ T3964] __linkwatch_run_queue+0x424/0x730 [ 42.370456][ T3964] linkwatch_event+0x58/0x68 [ 42.371725][ T3964] process_one_work+0x790/0x11b8 [ 42.373040][ T3964] worker_thread+0x910/0x1034 [ 42.374302][ T3964] kthread+0x37c/0x45c [ 42.375405][ T3964] ret_from_fork+0x10/0x20 [ 42.376566][ T3964] [ 42.376566][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 42.378386][ T3964] (fs_reclaim){+.+.}-{0:0} [ 42.378405][ T3964] [ 42.378405][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 42.381672][ T3964] ... [ 42.381678][ T3964] lock_acquire+0x240/0x77c [ 42.383613][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.384962][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.386271][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.387808][ T3964] init_rescuer+0xa4/0x264 [ 42.388984][ T3964] workqueue_init+0x2b4/0x640 [ 42.390261][ T3964] kernel_init_freeable+0x448/0x650 [ 42.391645][ T3964] kernel_init+0x24/0x294 [ 42.392853][ T3964] ret_from_fork+0x10/0x20 [ 42.394035][ T3964] [ 42.394035][ T3964] other info that might help us debug this: [ 42.394035][ T3964] [ 42.396819][ T3964] Possible interrupt unsafe locking scenario: [ 42.396819][ T3964] [ 42.399014][ T3964] CPU0 CPU1 [ 42.400431][ T3964] ---- ---- [ 42.401833][ T3964] lock(fs_reclaim); [ 42.402847][ T3964] local_irq_disable(); [ 42.404669][ T3964] lock(noop_qdisc.q.lock); [ 42.406528][ T3964] lock(fs_reclaim); [ 42.408242][ T3964] [ 42.409183][ T3964] lock(noop_qdisc.q.lock); [ 42.410422][ T3964] [ 42.410422][ T3964] *** DEADLOCK *** [ 42.410422][ T3964] [ 42.412584][ T3964] 2 locks held by syz-executor253/3964: [ 42.414002][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 42.416527][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 42.419184][ T3964] [ 42.419184][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 42.421918][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 42.423343][ T3964] HARDIRQ-ON-W at: [ 42.424374][ T3964] lock_acquire+0x240/0x77c [ 42.426024][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.427701][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 42.429475][ T3964] dev_queue_xmit+0x24/0x34 [ 42.431113][ T3964] tx+0x8c/0x130 [ 42.432480][ T3964] kthread+0x1ac/0x374 [ 42.434042][ T3964] kthread+0x37c/0x45c [ 42.435596][ T3964] ret_from_fork+0x10/0x20 [ 42.437203][ T3964] IN-SOFTIRQ-W at: [ 42.438302][ T3964] lock_acquire+0x240/0x77c [ 42.439938][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.441566][ T3964] net_tx_action+0x634/0x884 [ 42.443212][ T3964] __do_softirq+0x344/0xe20 [ 42.444835][ T3964] do_softirq+0x120/0x20c [ 42.446422][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 42.448233][ T3964] local_bh_enable+0x28/0x174 [ 42.449919][ T3964] dev_deactivate_many+0x580/0xbe4 [ 42.451658][ T3964] dev_deactivate+0x13c/0x1fc [ 42.453333][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 42.455091][ T3964] __linkwatch_run_queue+0x424/0x730 [ 42.456910][ T3964] linkwatch_event+0x58/0x68 [ 42.458556][ T3964] process_one_work+0x790/0x11b8 [ 42.460333][ T3964] worker_thread+0x910/0x1034 [ 42.462029][ T3964] kthread+0x37c/0x45c [ 42.463528][ T3964] ret_from_fork+0x10/0x20 [ 42.465132][ T3964] INITIAL USE at: [ 42.466147][ T3964] lock_acquire+0x240/0x77c [ 42.467756][ T3964] _raw_spin_lock+0xb0/0x10c [ 42.469376][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 42.471161][ T3964] dev_queue_xmit+0x24/0x34 [ 42.472793][ T3964] tx+0x8c/0x130 [ 42.474140][ T3964] kthread+0x1ac/0x374 [ 42.475627][ T3964] kthread+0x37c/0x45c [ 42.477163][ T3964] ret_from_fork+0x10/0x20 [ 42.478787][ T3964] } [ 42.479437][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 42.481426][ T3964] [ 42.481426][ T3964] the dependencies between the lock to be acquired [ 42.481433][ T3964] and SOFTIRQ-irq-unsafe lock: [ 42.485037][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 42.486369][ T3964] HARDIRQ-ON-W at: [ 42.487397][ T3964] lock_acquire+0x240/0x77c [ 42.489030][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.490781][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.492544][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.494518][ T3964] init_rescuer+0xa4/0x264 [ 42.496144][ T3964] workqueue_init+0x2b4/0x640 [ 42.497818][ T3964] kernel_init_freeable+0x448/0x650 [ 42.499644][ T3964] kernel_init+0x24/0x294 [ 42.501225][ T3964] ret_from_fork+0x10/0x20 [ 42.502836][ T3964] SOFTIRQ-ON-W at: [ 42.503872][ T3964] lock_acquire+0x240/0x77c [ 42.505474][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.507216][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.508987][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.510952][ T3964] init_rescuer+0xa4/0x264 [ 42.512560][ T3964] workqueue_init+0x2b4/0x640 [ 42.514237][ T3964] kernel_init_freeable+0x448/0x650 [ 42.516038][ T3964] kernel_init+0x24/0x294 [ 42.517616][ T3964] ret_from_fork+0x10/0x20 [ 42.519221][ T3964] INITIAL USE at: [ 42.520244][ T3964] lock_acquire+0x240/0x77c [ 42.521899][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.523723][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.525463][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 42.527465][ T3964] init_rescuer+0xa4/0x264 [ 42.529066][ T3964] workqueue_init+0x2b4/0x640 [ 42.530748][ T3964] kernel_init_freeable+0x448/0x650 [ 42.532560][ T3964] kernel_init+0x24/0x294 [ 42.534138][ T3964] ret_from_fork+0x10/0x20 [ 42.535720][ T3964] } [ 42.536412][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 42.538583][ T3964] ... acquired at: [ 42.539569][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.540921][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.542251][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.543556][ T3964] kvmalloc_node+0x88/0x204 [ 42.544813][ T3964] get_dist_table+0x9c/0x2a4 [ 42.546056][ T3964] netem_change+0x7cc/0x1a90 [ 42.547292][ T3964] netem_init+0x54/0xb8 [ 42.548435][ T3964] qdisc_create+0x6fc/0xf44 [ 42.549677][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.551005][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.552396][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.553760][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.554959][ T3964] netlink_unicast+0x664/0x938 [ 42.556266][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.557588][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.558883][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.560132][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.561494][ T3964] invoke_syscall+0x98/0x2b8 [ 42.562768][ T3964] el0_svc_common+0x138/0x258 [ 42.564063][ T3964] do_el0_svc+0x58/0x14c [ 42.565192][ T3964] el0_svc+0x7c/0x1f0 [ 42.566266][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.567614][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 42.568861][ T3964] [ 42.569468][ T3964] [ 42.569468][ T3964] stack backtrace: [ 42.571090][ T3964] CPU: 1 PID: 3964 Comm: syz-executor253 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 42.573831][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 42.576481][ T3964] Call trace: [ 42.577329][ T3964] dump_backtrace+0x0/0x530 [ 42.578504][ T3964] show_stack+0x2c/0x3c [ 42.579592][ T3964] dump_stack_lvl+0x108/0x170 [ 42.580845][ T3964] dump_stack+0x1c/0x58 [ 42.581932][ T3964] __lock_acquire+0x62b4/0x7620 [ 42.583175][ T3964] lock_acquire+0x240/0x77c [ 42.584396][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 42.585720][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 42.587043][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.588256][ T3964] kvmalloc_node+0x88/0x204 [ 42.589434][ T3964] get_dist_table+0x9c/0x2a4 [ 42.590672][ T3964] netem_change+0x7cc/0x1a90 [ 42.591900][ T3964] netem_init+0x54/0xb8 [ 42.593016][ T3964] qdisc_create+0x6fc/0xf44 [ 42.594201][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.595528][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.596911][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.598179][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.599354][ T3964] netlink_unicast+0x664/0x938 [ 42.600616][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.601905][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.603169][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.604396][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.605753][ T3964] invoke_syscall+0x98/0x2b8 [ 42.606963][ T3964] el0_svc_common+0x138/0x258 [ 42.608185][ T3964] do_el0_svc+0x58/0x14c [ 42.609303][ T3964] el0_svc+0x7c/0x1f0 [ 42.610363][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.611741][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 42.612980][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 42.615362][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor253 [ 42.617802][ T3964] INFO: lockdep is turned off. [ 42.619052][ T3964] Preemption disabled at: [ 42.619063][ T3964] [] netem_change+0x22c/0x1a90 [ 42.621760][ T3964] CPU: 1 PID: 3964 Comm: syz-executor253 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 42.624393][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 42.626919][ T3964] Call trace: [ 42.627751][ T3964] dump_backtrace+0x0/0x530 [ 42.628928][ T3964] show_stack+0x2c/0x3c [ 42.630061][ T3964] dump_stack_lvl+0x108/0x170 [ 42.631273][ T3964] dump_stack+0x1c/0x58 [ 42.632363][ T3964] ___might_sleep+0x380/0x4dc [ 42.633622][ T3964] __might_sleep+0x98/0xf0 [ 42.634831][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 42.636139][ T3964] __kmalloc_node+0xbc/0x5b8 [ 42.637353][ T3964] kvmalloc_node+0x88/0x204 [ 42.638426][ T3964] get_dist_table+0x9c/0x2a4 [ 42.639338][ T3964] netem_change+0x7cc/0x1a90 [ 42.640253][ T3964] netem_init+0x54/0xb8 [ 42.641032][ T3964] qdisc_create+0x6fc/0xf44 [ 42.641861][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 42.642805][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 42.643699][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 42.645009][ T3964] rtnetlink_rcv+0x28/0x38 [ 42.646209][ T3964] netlink_unicast+0x664/0x938 [ 42.647488][ T3964] netlink_sendmsg+0x844/0xb38 [ 42.648786][ T3964] ____sys_sendmsg+0x584/0x870 [ 42.650060][ T3964] ___sys_sendmsg+0x214/0x294 [ 42.651295][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 42.652693][ T3964] invoke_syscall+0x98/0x2b8 [ 42.653906][ T3964] el0_svc_common+0x138/0x258 [ 42.655141][ T3964] do_el0_svc+0x58/0x14c [ 42.656290][ T3964] el0_svc+0x7c/0x1f0 [ 42.657401][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 42.658729][ T3964] el0t_64_sync+0x1a0/0x1a4