Warning: Permanently added '10.128.1.110' (ED25519) to the list of known hosts. executing program [ 45.385876][ T3963] [ 45.386663][ T3963] ===================================================== [ 45.388533][ T3963] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 45.390599][ T3963] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 45.392523][ T3963] ----------------------------------------------------- [ 45.394460][ T3963] syz-executor425/3963 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 45.396565][ T3963] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 45.399007][ T3963] [ 45.399007][ T3963] and this task is already holding: [ 45.400964][ T3963] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 45.403426][ T3963] which would create a new lock dependency: [ 45.405037][ T3963] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 45.407152][ T3963] [ 45.407152][ T3963] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 45.409784][ T3963] (noop_qdisc.q.lock){+.-.}-{2:2} [ 45.409805][ T3963] [ 45.409805][ T3963] ... which became SOFTIRQ-irq-safe at: [ 45.413295][ T3963] lock_acquire+0x240/0x77c [ 45.414552][ T3963] _raw_spin_lock+0xb0/0x10c [ 45.415807][ T3963] net_tx_action+0x634/0x884 [ 45.417042][ T3963] __do_softirq+0x344/0xe20 [ 45.418281][ T3963] do_softirq+0x120/0x20c [ 45.419470][ T3963] __local_bh_enable_ip+0x2c0/0x4d0 [ 45.420851][ T3963] local_bh_enable+0x28/0x174 [ 45.422161][ T3963] dev_deactivate_many+0x580/0xbe4 [ 45.423581][ T3963] dev_deactivate+0x13c/0x1fc [ 45.424830][ T3963] linkwatch_do_dev+0x2a8/0x3c8 [ 45.426228][ T3963] __linkwatch_run_queue+0x424/0x730 [ 45.427788][ T3963] linkwatch_event+0x58/0x68 [ 45.429125][ T3963] process_one_work+0x790/0x11b8 [ 45.430475][ T3963] worker_thread+0x910/0x1034 [ 45.431768][ T3963] kthread+0x37c/0x45c [ 45.432841][ T3963] ret_from_fork+0x10/0x20 [ 45.433991][ T3963] [ 45.433991][ T3963] to a SOFTIRQ-irq-unsafe lock: [ 45.435862][ T3963] (fs_reclaim){+.+.}-{0:0} [ 45.435881][ T3963] [ 45.435881][ T3963] ... which became SOFTIRQ-irq-unsafe at: [ 45.439288][ T3963] ... [ 45.439295][ T3963] lock_acquire+0x240/0x77c [ 45.441283][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 45.442667][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 45.444050][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.445680][ T3963] init_rescuer+0xa4/0x264 [ 45.446938][ T3963] workqueue_init+0x2b4/0x640 [ 45.448265][ T3963] kernel_init_freeable+0x448/0x650 [ 45.449697][ T3963] kernel_init+0x24/0x294 [ 45.450888][ T3963] ret_from_fork+0x10/0x20 [ 45.452132][ T3963] [ 45.452132][ T3963] other info that might help us debug this: [ 45.452132][ T3963] [ 45.454894][ T3963] Possible interrupt unsafe locking scenario: [ 45.454894][ T3963] [ 45.457082][ T3963] CPU0 CPU1 [ 45.458484][ T3963] ---- ---- [ 45.459937][ T3963] lock(fs_reclaim); [ 45.461025][ T3963] local_irq_disable(); [ 45.462870][ T3963] lock(noop_qdisc.q.lock); [ 45.464812][ T3963] lock(fs_reclaim); [ 45.466553][ T3963] [ 45.467431][ T3963] lock(noop_qdisc.q.lock); [ 45.468671][ T3963] [ 45.468671][ T3963] *** DEADLOCK *** [ 45.468671][ T3963] [ 45.470767][ T3963] 2 locks held by syz-executor425/3963: [ 45.472251][ T3963] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 45.474809][ T3963] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 45.477415][ T3963] [ 45.477415][ T3963] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 45.480250][ T3963] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 45.481733][ T3963] HARDIRQ-ON-W at: [ 45.482794][ T3963] lock_acquire+0x240/0x77c [ 45.484424][ T3963] _raw_spin_lock+0xb0/0x10c [ 45.486158][ T3963] __dev_queue_xmit+0x8d0/0x2a6c [ 45.487923][ T3963] dev_queue_xmit+0x24/0x34 [ 45.489566][ T3963] tx+0x8c/0x130 [ 45.490978][ T3963] kthread+0x1ac/0x374 [ 45.492497][ T3963] kthread+0x37c/0x45c [ 45.494018][ T3963] ret_from_fork+0x10/0x20 [ 45.495587][ T3963] IN-SOFTIRQ-W at: [ 45.496669][ T3963] lock_acquire+0x240/0x77c [ 45.498276][ T3963] _raw_spin_lock+0xb0/0x10c [ 45.499917][ T3963] net_tx_action+0x634/0x884 [ 45.501532][ T3963] __do_softirq+0x344/0xe20 [ 45.503217][ T3963] do_softirq+0x120/0x20c [ 45.504804][ T3963] __local_bh_enable_ip+0x2c0/0x4d0 [ 45.506626][ T3963] local_bh_enable+0x28/0x174 [ 45.508278][ T3963] dev_deactivate_many+0x580/0xbe4 [ 45.510091][ T3963] dev_deactivate+0x13c/0x1fc [ 45.511879][ T3963] linkwatch_do_dev+0x2a8/0x3c8 [ 45.513585][ T3963] __linkwatch_run_queue+0x424/0x730 [ 45.515429][ T3963] linkwatch_event+0x58/0x68 [ 45.517168][ T3963] process_one_work+0x790/0x11b8 [ 45.518959][ T3963] worker_thread+0x910/0x1034 [ 45.520675][ T3963] kthread+0x37c/0x45c [ 45.522228][ T3963] ret_from_fork+0x10/0x20 [ 45.523876][ T3963] INITIAL USE at: [ 45.524941][ T3963] lock_acquire+0x240/0x77c [ 45.526525][ T3963] _raw_spin_lock+0xb0/0x10c [ 45.528156][ T3963] __dev_queue_xmit+0x8d0/0x2a6c [ 45.529874][ T3963] dev_queue_xmit+0x24/0x34 [ 45.531424][ T3963] tx+0x8c/0x130 [ 45.532807][ T3963] kthread+0x1ac/0x374 [ 45.534312][ T3963] kthread+0x37c/0x45c [ 45.535846][ T3963] ret_from_fork+0x10/0x20 [ 45.537374][ T3963] } [ 45.538041][ T3963] ... key at: [] noop_qdisc+0x108/0x320 [ 45.540111][ T3963] [ 45.540111][ T3963] the dependencies between the lock to be acquired [ 45.540118][ T3963] and SOFTIRQ-irq-unsafe lock: [ 45.543713][ T3963] -> (fs_reclaim){+.+.}-{0:0} { [ 45.545006][ T3963] HARDIRQ-ON-W at: [ 45.546040][ T3963] lock_acquire+0x240/0x77c [ 45.547700][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 45.549507][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 45.551376][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.553327][ T3963] init_rescuer+0xa4/0x264 [ 45.554949][ T3963] workqueue_init+0x2b4/0x640 [ 45.556683][ T3963] kernel_init_freeable+0x448/0x650 [ 45.558492][ T3963] kernel_init+0x24/0x294 [ 45.560118][ T3963] ret_from_fork+0x10/0x20 [ 45.561729][ T3963] SOFTIRQ-ON-W at: [ 45.562793][ T3963] lock_acquire+0x240/0x77c [ 45.564424][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 45.566208][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 45.567980][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.569989][ T3963] init_rescuer+0xa4/0x264 [ 45.571693][ T3963] workqueue_init+0x2b4/0x640 [ 45.573402][ T3963] kernel_init_freeable+0x448/0x650 [ 45.575249][ T3963] kernel_init+0x24/0x294 [ 45.576874][ T3963] ret_from_fork+0x10/0x20 [ 45.578531][ T3963] INITIAL USE at: [ 45.579559][ T3963] lock_acquire+0x240/0x77c [ 45.581123][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 45.582916][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 45.584687][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 45.586661][ T3963] init_rescuer+0xa4/0x264 [ 45.588320][ T3963] workqueue_init+0x2b4/0x640 [ 45.590029][ T3963] kernel_init_freeable+0x448/0x650 [ 45.591835][ T3963] kernel_init+0x24/0x294 [ 45.593388][ T3963] ret_from_fork+0x10/0x20 [ 45.595001][ T3963] } [ 45.595678][ T3963] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 45.597871][ T3963] ... acquired at: [ 45.598839][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 45.600186][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 45.601593][ T3963] __kmalloc_node+0xbc/0x5b8 [ 45.602875][ T3963] kvmalloc_node+0x88/0x204 [ 45.604183][ T3963] get_dist_table+0x9c/0x2a4 [ 45.605488][ T3963] netem_change+0x7cc/0x1a90 [ 45.606793][ T3963] netem_init+0x54/0xb8 [ 45.608000][ T3963] qdisc_create+0x6fc/0xf44 [ 45.609221][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 45.610587][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 45.611990][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 45.613342][ T3963] rtnetlink_rcv+0x28/0x38 [ 45.614534][ T3963] netlink_unicast+0x664/0x938 [ 45.615933][ T3963] netlink_sendmsg+0x844/0xb38 [ 45.617250][ T3963] ____sys_sendmsg+0x584/0x870 [ 45.618586][ T3963] ___sys_sendmsg+0x214/0x294 [ 45.619860][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.621257][ T3963] invoke_syscall+0x98/0x2b8 [ 45.622619][ T3963] el0_svc_common+0x138/0x258 [ 45.623949][ T3963] do_el0_svc+0x58/0x14c [ 45.625138][ T3963] el0_svc+0x7c/0x1f0 [ 45.626193][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 45.627564][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 45.628882][ T3963] [ 45.629529][ T3963] [ 45.629529][ T3963] stack backtrace: [ 45.631093][ T3963] CPU: 1 PID: 3963 Comm: syz-executor425 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 45.633822][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 45.636609][ T3963] Call trace: [ 45.637497][ T3963] dump_backtrace+0x0/0x530 [ 45.638806][ T3963] show_stack+0x2c/0x3c [ 45.639918][ T3963] dump_stack_lvl+0x108/0x170 [ 45.641204][ T3963] dump_stack+0x1c/0x58 [ 45.642399][ T3963] __lock_acquire+0x62b4/0x7620 [ 45.643695][ T3963] lock_acquire+0x240/0x77c [ 45.644912][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 45.646242][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 45.647574][ T3963] __kmalloc_node+0xbc/0x5b8 [ 45.648800][ T3963] kvmalloc_node+0x88/0x204 [ 45.650039][ T3963] get_dist_table+0x9c/0x2a4 [ 45.651240][ T3963] netem_change+0x7cc/0x1a90 [ 45.652508][ T3963] netem_init+0x54/0xb8 [ 45.653631][ T3963] qdisc_create+0x6fc/0xf44 [ 45.654829][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 45.656165][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 45.657505][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 45.658810][ T3963] rtnetlink_rcv+0x28/0x38 [ 45.659978][ T3963] netlink_unicast+0x664/0x938 [ 45.661236][ T3963] netlink_sendmsg+0x844/0xb38 [ 45.662497][ T3963] ____sys_sendmsg+0x584/0x870 [ 45.663867][ T3963] ___sys_sendmsg+0x214/0x294 [ 45.665165][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.666517][ T3963] invoke_syscall+0x98/0x2b8 [ 45.667748][ T3963] el0_svc_common+0x138/0x258 [ 45.668995][ T3963] do_el0_svc+0x58/0x14c [ 45.670133][ T3963] el0_svc+0x7c/0x1f0 [ 45.671159][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 45.672443][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 45.673751][ T3963] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 45.676257][ T3963] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3963, name: syz-executor425 [ 45.678774][ T3963] INFO: lockdep is turned off. [ 45.680019][ T3963] Preemption disabled at: [ 45.680031][ T3963] [] netem_change+0x22c/0x1a90 [ 45.682858][ T3963] CPU: 1 PID: 3963 Comm: syz-executor425 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 45.685609][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 45.688196][ T3963] Call trace: [ 45.689089][ T3963] dump_backtrace+0x0/0x530 [ 45.690322][ T3963] show_stack+0x2c/0x3c [ 45.691424][ T3963] dump_stack_lvl+0x108/0x170 [ 45.692718][ T3963] dump_stack+0x1c/0x58 [ 45.693863][ T3963] ___might_sleep+0x380/0x4dc [ 45.695154][ T3963] __might_sleep+0x98/0xf0 [ 45.696413][ T3963] slab_pre_alloc_hook+0x58/0xe8 [ 45.697744][ T3963] __kmalloc_node+0xbc/0x5b8 [ 45.698984][ T3963] kvmalloc_node+0x88/0x204 [ 45.700329][ T3963] get_dist_table+0x9c/0x2a4 [ 45.701611][ T3963] netem_change+0x7cc/0x1a90 [ 45.702858][ T3963] netem_init+0x54/0xb8 [ 45.704004][ T3963] qdisc_create+0x6fc/0xf44 [ 45.705213][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 45.706524][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 45.707849][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 45.709169][ T3963] rtnetlink_rcv+0x28/0x38 [ 45.710421][ T3963] netlink_unicast+0x664/0x938 [ 45.711775][ T3963] netlink_sendmsg+0x844/0xb38 [ 45.713054][ T3963] ____sys_sendmsg+0x584/0x870 [ 45.714357][ T3963] ___sys_sendmsg+0x214/0x294 [ 45.715611][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 45.717094][ T3963] invoke_syscall+0x98/0x2b8 [ 45.718389][ T3963] el0_svc_common+0x138/0x258 [ 45.719683][ T3963] do_el0_svc+0x58/0x14c [ 45.720814][ T3963] el0_svc+0x7c/0x1f0 [ 45.721928][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 45.723308][ T3963] el0t_64_sync+0x1a0/0x1a4