Warning: Permanently added '10.128.0.74' (ED25519) to the list of known hosts. executing program [ 44.849116][ T3970] [ 44.849742][ T3970] ===================================================== [ 44.851655][ T3970] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 44.853623][ T3970] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 44.855436][ T3970] ----------------------------------------------------- [ 44.857279][ T3970] syz-executor374/3970 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 44.859446][ T3970] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 44.861835][ T3970] [ 44.861835][ T3970] and this task is already holding: [ 44.863784][ T3970] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 44.866312][ T3970] which would create a new lock dependency: [ 44.867860][ T3970] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 44.869889][ T3970] [ 44.869889][ T3970] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 44.872403][ T3970] (noop_qdisc.q.lock){+.-.}-{2:2} [ 44.872421][ T3970] [ 44.872421][ T3970] ... which became SOFTIRQ-irq-safe at: [ 44.875844][ T3970] lock_acquire+0x240/0x77c [ 44.877054][ T3970] _raw_spin_lock+0xb0/0x10c [ 44.878282][ T3970] net_tx_action+0x634/0x884 [ 44.879547][ T3970] __do_softirq+0x344/0xe20 [ 44.880755][ T3970] do_softirq+0x120/0x20c [ 44.881934][ T3970] __local_bh_enable_ip+0x2c0/0x4d0 [ 44.883335][ T3970] local_bh_enable+0x28/0x174 [ 44.884634][ T3970] dev_deactivate_many+0x580/0xbe4 [ 44.886052][ T3970] dev_deactivate+0x13c/0x1fc [ 44.887325][ T3970] linkwatch_do_dev+0x2a8/0x3c8 [ 44.888645][ T3970] __linkwatch_run_queue+0x424/0x730 [ 44.890059][ T3970] linkwatch_event+0x58/0x68 [ 44.891353][ T3970] process_one_work+0x790/0x11b8 [ 44.892740][ T3970] worker_thread+0x910/0x1034 [ 44.894013][ T3970] kthread+0x37c/0x45c [ 44.895144][ T3970] ret_from_fork+0x10/0x20 [ 44.896383][ T3970] [ 44.896383][ T3970] to a SOFTIRQ-irq-unsafe lock: [ 44.898273][ T3970] (fs_reclaim){+.+.}-{0:0} [ 44.898291][ T3970] [ 44.898291][ T3970] ... which became SOFTIRQ-irq-unsafe at: [ 44.901585][ T3970] ... [ 44.901591][ T3970] lock_acquire+0x240/0x77c [ 44.903549][ T3970] fs_reclaim_acquire+0xf0/0x1d0 [ 44.904907][ T3970] slab_pre_alloc_hook+0x38/0xe8 [ 44.906289][ T3970] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 44.907855][ T3970] init_rescuer+0xa4/0x264 [ 44.909048][ T3970] workqueue_init+0x2b4/0x640 [ 44.910340][ T3970] kernel_init_freeable+0x448/0x650 [ 44.911777][ T3970] kernel_init+0x24/0x294 [ 44.912940][ T3970] ret_from_fork+0x10/0x20 [ 44.914179][ T3970] [ 44.914179][ T3970] other info that might help us debug this: [ 44.914179][ T3970] [ 44.916948][ T3970] Possible interrupt unsafe locking scenario: [ 44.916948][ T3970] [ 44.919222][ T3970] CPU0 CPU1 [ 44.920619][ T3970] ---- ---- [ 44.922063][ T3970] lock(fs_reclaim); [ 44.923137][ T3970] local_irq_disable(); [ 44.924966][ T3970] lock(noop_qdisc.q.lock); [ 44.926903][ T3970] lock(fs_reclaim); [ 44.928655][ T3970] [ 44.929604][ T3970] lock(noop_qdisc.q.lock); [ 44.930890][ T3970] [ 44.930890][ T3970] *** DEADLOCK *** [ 44.930890][ T3970] [ 44.933062][ T3970] 2 locks held by syz-executor374/3970: [ 44.934582][ T3970] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 44.937123][ T3970] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 44.939784][ T3970] [ 44.939784][ T3970] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 44.942618][ T3970] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 44.944080][ T3970] HARDIRQ-ON-W at: [ 44.945213][ T3970] lock_acquire+0x240/0x77c [ 44.946803][ T3970] _raw_spin_lock+0xb0/0x10c [ 44.948444][ T3970] __dev_queue_xmit+0x8d0/0x2a6c [ 44.950265][ T3970] dev_queue_xmit+0x24/0x34 [ 44.951940][ T3970] tx+0x8c/0x130 [ 44.953329][ T3970] kthread+0x1ac/0x374 [ 44.954831][ T3970] kthread+0x37c/0x45c [ 44.956386][ T3970] ret_from_fork+0x10/0x20 [ 44.958038][ T3970] IN-SOFTIRQ-W at: [ 44.959107][ T3970] lock_acquire+0x240/0x77c [ 44.960793][ T3970] _raw_spin_lock+0xb0/0x10c [ 44.962383][ T3970] net_tx_action+0x634/0x884 [ 44.964091][ T3970] __do_softirq+0x344/0xe20 [ 44.965717][ T3970] do_softirq+0x120/0x20c [ 44.967316][ T3970] __local_bh_enable_ip+0x2c0/0x4d0 [ 44.969209][ T3970] local_bh_enable+0x28/0x174 [ 44.970904][ T3970] dev_deactivate_many+0x580/0xbe4 [ 44.972758][ T3970] dev_deactivate+0x13c/0x1fc [ 44.974463][ T3970] linkwatch_do_dev+0x2a8/0x3c8 [ 44.976235][ T3970] __linkwatch_run_queue+0x424/0x730 [ 44.978100][ T3970] linkwatch_event+0x58/0x68 [ 44.979767][ T3970] process_one_work+0x790/0x11b8 [ 44.981531][ T3970] worker_thread+0x910/0x1034 [ 44.983250][ T3970] kthread+0x37c/0x45c [ 44.984800][ T3970] ret_from_fork+0x10/0x20 [ 44.986433][ T3970] INITIAL USE at: [ 44.987455][ T3970] lock_acquire+0x240/0x77c [ 44.989076][ T3970] _raw_spin_lock+0xb0/0x10c [ 44.990728][ T3970] __dev_queue_xmit+0x8d0/0x2a6c [ 44.992537][ T3970] dev_queue_xmit+0x24/0x34 [ 44.994227][ T3970] tx+0x8c/0x130 [ 44.995591][ T3970] kthread+0x1ac/0x374 [ 44.997108][ T3970] kthread+0x37c/0x45c [ 44.998621][ T3970] ret_from_fork+0x10/0x20 [ 45.000236][ T3970] } [ 45.000888][ T3970] ... key at: [] noop_qdisc+0x108/0x320 [ 45.002937][ T3970] [ 45.002937][ T3970] the dependencies between the lock to be acquired [ 45.002944][ T3970] and SOFTIRQ-irq-unsafe lock: [ 45.006622][ T3970] -> (fs_reclaim){+.+.}-{0:0} { [ 45.007945][ T3970] HARDIRQ-ON-W at: [ 45.008994][ T3970] lock_acquire+0x240/0x77c [ 45.010711][ T3970] fs_reclaim_acquire+0xf0/0x1d0 [ 45.012514][ T3970] slab_pre_alloc_hook+0x38/0xe8 [ 45.014280][ T3970] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.016251][ T3970] init_rescuer+0xa4/0x264 [ 45.017877][ T3970] workqueue_init+0x2b4/0x640 [ 45.019586][ T3970] kernel_init_freeable+0x448/0x650 [ 45.021493][ T3970] kernel_init+0x24/0x294 [ 45.023068][ T3970] ret_from_fork+0x10/0x20 [ 45.024729][ T3970] SOFTIRQ-ON-W at: [ 45.025759][ T3970] lock_acquire+0x240/0x77c [ 45.027444][ T3970] fs_reclaim_acquire+0xf0/0x1d0 [ 45.029217][ T3970] slab_pre_alloc_hook+0x38/0xe8 [ 45.031011][ T3970] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.032924][ T3970] init_rescuer+0xa4/0x264 [ 45.034607][ T3970] workqueue_init+0x2b4/0x640 [ 45.036327][ T3970] kernel_init_freeable+0x448/0x650 [ 45.038136][ T3970] kernel_init+0x24/0x294 [ 45.039721][ T3970] ret_from_fork+0x10/0x20 [ 45.041344][ T3970] INITIAL USE at: [ 45.042405][ T3970] lock_acquire+0x240/0x77c [ 45.044046][ T3970] fs_reclaim_acquire+0xf0/0x1d0 [ 45.045800][ T3970] slab_pre_alloc_hook+0x38/0xe8 [ 45.047541][ T3970] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.049478][ T3970] init_rescuer+0xa4/0x264 [ 45.051054][ T3970] workqueue_init+0x2b4/0x640 [ 45.052715][ T3970] kernel_init_freeable+0x448/0x650 [ 45.054510][ T3970] kernel_init+0x24/0x294 [ 45.056044][ T3970] ret_from_fork+0x10/0x20 [ 45.057682][ T3970] } [ 45.058350][ T3970] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 45.060506][ T3970] ... acquired at: [ 45.061519][ T3970] fs_reclaim_acquire+0xf0/0x1d0 [ 45.062891][ T3970] slab_pre_alloc_hook+0x38/0xe8 [ 45.064309][ T3970] __kmalloc_node+0xbc/0x5b8 [ 45.065588][ T3970] kvmalloc_node+0x88/0x204 [ 45.066835][ T3970] get_dist_table+0x9c/0x2a4 [ 45.068105][ T3970] netem_change+0x7cc/0x1a90 [ 45.069401][ T3970] netem_init+0x54/0xb8 [ 45.070537][ T3970] qdisc_create+0x6fc/0xf44 [ 45.071874][ T3970] tc_modify_qdisc+0x8dc/0x1344 [ 45.073233][ T3970] rtnetlink_rcv_msg+0xa74/0xdac [ 45.074606][ T3970] netlink_rcv_skb+0x20c/0x3b8 [ 45.075929][ T3970] rtnetlink_rcv+0x28/0x38 [ 45.077161][ T3970] netlink_unicast+0x664/0x938 [ 45.078470][ T3970] netlink_sendmsg+0x844/0xb38 [ 45.079806][ T3970] ____sys_sendmsg+0x584/0x870 [ 45.081134][ T3970] ___sys_sendmsg+0x214/0x294 [ 45.082496][ T3970] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.083938][ T3970] invoke_syscall+0x98/0x2b8 [ 45.085243][ T3970] el0_svc_common+0x138/0x258 [ 45.086525][ T3970] do_el0_svc+0x58/0x14c [ 45.087697][ T3970] el0_svc+0x7c/0x1f0 [ 45.088808][ T3970] el0t_64_sync_handler+0x84/0xe4 [ 45.090220][ T3970] el0t_64_sync+0x1a0/0x1a4 [ 45.091439][ T3970] [ 45.092061][ T3970] [ 45.092061][ T3970] stack backtrace: [ 45.093659][ T3970] CPU: 0 PID: 3970 Comm: syz-executor374 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 45.096404][ T3970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 45.099094][ T3970] Call trace: [ 45.099999][ T3970] dump_backtrace+0x0/0x530 [ 45.101216][ T3970] show_stack+0x2c/0x3c [ 45.102347][ T3970] dump_stack_lvl+0x108/0x170 [ 45.103621][ T3970] dump_stack+0x1c/0x58 [ 45.104716][ T3970] __lock_acquire+0x62b4/0x7620 [ 45.106030][ T3970] lock_acquire+0x240/0x77c [ 45.107314][ T3970] fs_reclaim_acquire+0xf0/0x1d0 [ 45.108640][ T3970] slab_pre_alloc_hook+0x38/0xe8 [ 45.109973][ T3970] __kmalloc_node+0xbc/0x5b8 [ 45.111191][ T3970] kvmalloc_node+0x88/0x204 [ 45.112457][ T3970] get_dist_table+0x9c/0x2a4 [ 45.113711][ T3970] netem_change+0x7cc/0x1a90 [ 45.114921][ T3970] netem_init+0x54/0xb8 [ 45.116011][ T3970] qdisc_create+0x6fc/0xf44 [ 45.117241][ T3970] tc_modify_qdisc+0x8dc/0x1344 [ 45.118551][ T3970] rtnetlink_rcv_msg+0xa74/0xdac [ 45.119873][ T3970] netlink_rcv_skb+0x20c/0x3b8 [ 45.121181][ T3970] rtnetlink_rcv+0x28/0x38 [ 45.122335][ T3970] netlink_unicast+0x664/0x938 [ 45.123612][ T3970] netlink_sendmsg+0x844/0xb38 [ 45.124900][ T3970] ____sys_sendmsg+0x584/0x870 [ 45.126174][ T3970] ___sys_sendmsg+0x214/0x294 [ 45.127445][ T3970] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.128791][ T3970] invoke_syscall+0x98/0x2b8 [ 45.130006][ T3970] el0_svc_common+0x138/0x258 [ 45.131307][ T3970] do_el0_svc+0x58/0x14c [ 45.132434][ T3970] el0_svc+0x7c/0x1f0 [ 45.133511][ T3970] el0t_64_sync_handler+0x84/0xe4 [ 45.134836][ T3970] el0t_64_sync+0x1a0/0x1a4 [ 45.136082][ T3970] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 45.138484][ T3970] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3970, name: syz-executor374 [ 45.140855][ T3970] INFO: lockdep is turned off. [ 45.142051][ T3970] Preemption disabled at: [ 45.142062][ T3970] [] netem_change+0x22c/0x1a90 [ 45.144722][ T3970] CPU: 0 PID: 3970 Comm: syz-executor374 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 45.147397][ T3970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 45.150042][ T3970] Call trace: [ 45.150871][ T3970] dump_backtrace+0x0/0x530 [ 45.152053][ T3970] show_stack+0x2c/0x3c [ 45.153109][ T3970] dump_stack_lvl+0x108/0x170 [ 45.154315][ T3970] dump_stack+0x1c/0x58 [ 45.155423][ T3970] ___might_sleep+0x380/0x4dc [ 45.156657][ T3970] __might_sleep+0x98/0xf0 [ 45.157846][ T3970] slab_pre_alloc_hook+0x58/0xe8 [ 45.159162][ T3970] __kmalloc_node+0xbc/0x5b8 [ 45.160381][ T3970] kvmalloc_node+0x88/0x204 [ 45.161598][ T3970] get_dist_table+0x9c/0x2a4 [ 45.162797][ T3970] netem_change+0x7cc/0x1a90 [ 45.164006][ T3970] netem_init+0x54/0xb8 [ 45.165098][ T3970] qdisc_create+0x6fc/0xf44 [ 45.166311][ T3970] tc_modify_qdisc+0x8dc/0x1344 [ 45.167630][ T3970] rtnetlink_rcv_msg+0xa74/0xdac [ 45.168979][ T3970] netlink_rcv_skb+0x20c/0x3b8 [ 45.170235][ T3970] rtnetlink_rcv+0x28/0x38 [ 45.171452][ T3970] netlink_unicast+0x664/0x938 [ 45.172711][ T3970] netlink_sendmsg+0x844/0xb38 [ 45.173978][ T3970] ____sys_sendmsg+0x584/0x870 [ 45.175256][ T3970] ___sys_sendmsg+0x214/0x294 [ 45.176457][ T3970] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.177761][ T3970] invoke_syscall+0x98/0x2b8 [ 45.178965][ T3970] el0_svc_common+0x138/0x258 [ 45.180234][ T3970] do_el0_svc+0x58/0x14c [ 45.181402][ T3970] el0_svc+0x7c/0x1f0 [ 45.182467][ T3970] el0t_64_sync_handler+0x84/0xe4 [ 45.183816][ T3970] el0t_64_sync+0x1a0/0x1a4