Warning: Permanently added '10.128.0.66' (ED25519) to the list of known hosts. executing program [ 39.111725][ T3963] [ 39.112360][ T3963] ===================================================== [ 39.113856][ T3963] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 39.115598][ T3963] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 39.117427][ T3963] ----------------------------------------------------- [ 39.119012][ T3963] syz-executor420/3963 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 39.120761][ T3963] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 39.122944][ T3963] [ 39.122944][ T3963] and this task is already holding: [ 39.124771][ T3963] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 39.126943][ T3963] which would create a new lock dependency: [ 39.128324][ T3963] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 39.130157][ T3963] [ 39.130157][ T3963] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 39.132481][ T3963] (noop_qdisc.q.lock){+.-.}-{2:2} [ 39.132500][ T3963] [ 39.132500][ T3963] ... which became SOFTIRQ-irq-safe at: [ 39.135468][ T3963] lock_acquire+0x240/0x77c [ 39.136476][ T3963] _raw_spin_lock+0xb0/0x10c [ 39.137514][ T3963] net_tx_action+0x634/0x884 [ 39.138716][ T3963] __do_softirq+0x344/0xe20 [ 39.139850][ T3963] do_softirq+0x120/0x20c [ 39.140874][ T3963] __local_bh_enable_ip+0x2c0/0x4d0 [ 39.142153][ T3963] local_bh_enable+0x28/0x174 [ 39.143307][ T3963] dev_deactivate_many+0x580/0xbe4 [ 39.144374][ T3963] dev_deactivate+0x13c/0x1fc [ 39.145731][ T3963] linkwatch_do_dev+0x2a8/0x3c8 [ 39.146869][ T3963] __linkwatch_run_queue+0x424/0x730 [ 39.148143][ T3963] linkwatch_event+0x58/0x68 [ 39.149278][ T3963] process_one_work+0x790/0x11b8 [ 39.150427][ T3963] worker_thread+0x910/0x1034 [ 39.151529][ T3963] kthread+0x37c/0x45c [ 39.152637][ T3963] ret_from_fork+0x10/0x20 [ 39.153669][ T3963] [ 39.153669][ T3963] to a SOFTIRQ-irq-unsafe lock: [ 39.155284][ T3963] (fs_reclaim){+.+.}-{0:0} [ 39.155302][ T3963] [ 39.155302][ T3963] ... which became SOFTIRQ-irq-unsafe at: [ 39.157955][ T3963] ... [ 39.157961][ T3963] lock_acquire+0x240/0x77c [ 39.159777][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.161000][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.162143][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.163564][ T3963] init_rescuer+0xa4/0x264 [ 39.164533][ T3963] workqueue_init+0x2b4/0x640 [ 39.165677][ T3963] kernel_init_freeable+0x448/0x650 [ 39.167097][ T3963] kernel_init+0x24/0x294 [ 39.168083][ T3963] ret_from_fork+0x10/0x20 [ 39.169143][ T3963] [ 39.169143][ T3963] other info that might help us debug this: [ 39.169143][ T3963] [ 39.171590][ T3963] Possible interrupt unsafe locking scenario: [ 39.171590][ T3963] [ 39.173824][ T3963] CPU0 CPU1 [ 39.175085][ T3963] ---- ---- [ 39.176367][ T3963] lock(fs_reclaim); [ 39.177288][ T3963] local_irq_disable(); [ 39.178894][ T3963] lock(noop_qdisc.q.lock); [ 39.180737][ T3963] lock(fs_reclaim); [ 39.182385][ T3963] [ 39.183231][ T3963] lock(noop_qdisc.q.lock); [ 39.184289][ T3963] [ 39.184289][ T3963] *** DEADLOCK *** [ 39.184289][ T3963] [ 39.186217][ T3963] 2 locks held by syz-executor420/3963: [ 39.187749][ T3963] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 39.190008][ T3963] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 39.192283][ T3963] [ 39.192283][ T3963] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 39.194845][ T3963] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 39.196104][ T3963] HARDIRQ-ON-W at: [ 39.196995][ T3963] lock_acquire+0x240/0x77c [ 39.198405][ T3963] _raw_spin_lock+0xb0/0x10c [ 39.199846][ T3963] __dev_queue_xmit+0x8d0/0x2a6c [ 39.201532][ T3963] dev_queue_xmit+0x24/0x34 [ 39.202959][ T3963] tx+0x8c/0x130 [ 39.204193][ T3963] kthread+0x1ac/0x374 [ 39.205512][ T3963] kthread+0x37c/0x45c [ 39.206821][ T3963] ret_from_fork+0x10/0x20 [ 39.208476][ T3963] IN-SOFTIRQ-W at: [ 39.209461][ T3963] lock_acquire+0x240/0x77c [ 39.210813][ T3963] _raw_spin_lock+0xb0/0x10c [ 39.212281][ T3963] net_tx_action+0x634/0x884 [ 39.213792][ T3963] __do_softirq+0x344/0xe20 [ 39.215440][ T3963] do_softirq+0x120/0x20c [ 39.216809][ T3963] __local_bh_enable_ip+0x2c0/0x4d0 [ 39.218482][ T3963] local_bh_enable+0x28/0x174 [ 39.220010][ T3963] dev_deactivate_many+0x580/0xbe4 [ 39.221792][ T3963] dev_deactivate+0x13c/0x1fc [ 39.223241][ T3963] linkwatch_do_dev+0x2a8/0x3c8 [ 39.224793][ T3963] __linkwatch_run_queue+0x424/0x730 [ 39.226262][ T3963] linkwatch_event+0x58/0x68 [ 39.227871][ T3963] process_one_work+0x790/0x11b8 [ 39.229372][ T3963] worker_thread+0x910/0x1034 [ 39.230859][ T3963] kthread+0x37c/0x45c [ 39.232189][ T3963] ret_from_fork+0x10/0x20 [ 39.233556][ T3963] INITIAL USE at: [ 39.234562][ T3963] lock_acquire+0x240/0x77c [ 39.235971][ T3963] _raw_spin_lock+0xb0/0x10c [ 39.237385][ T3963] __dev_queue_xmit+0x8d0/0x2a6c [ 39.238880][ T3963] dev_queue_xmit+0x24/0x34 [ 39.240271][ T3963] tx+0x8c/0x130 [ 39.241602][ T3963] kthread+0x1ac/0x374 [ 39.242967][ T3963] kthread+0x37c/0x45c [ 39.244249][ T3963] ret_from_fork+0x10/0x20 [ 39.245572][ T3963] } [ 39.246131][ T3963] ... key at: [] noop_qdisc+0x108/0x320 [ 39.247853][ T3963] [ 39.247853][ T3963] the dependencies between the lock to be acquired [ 39.247860][ T3963] and SOFTIRQ-irq-unsafe lock: [ 39.251188][ T3963] -> (fs_reclaim){+.+.}-{0:0} { [ 39.252427][ T3963] HARDIRQ-ON-W at: [ 39.253327][ T3963] lock_acquire+0x240/0x77c [ 39.254729][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.256444][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.257968][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.259694][ T3963] init_rescuer+0xa4/0x264 [ 39.261104][ T3963] workqueue_init+0x2b4/0x640 [ 39.262671][ T3963] kernel_init_freeable+0x448/0x650 [ 39.264346][ T3963] kernel_init+0x24/0x294 [ 39.265720][ T3963] ret_from_fork+0x10/0x20 [ 39.267137][ T3963] SOFTIRQ-ON-W at: [ 39.268073][ T3963] lock_acquire+0x240/0x77c [ 39.269637][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.271234][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.272704][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.274438][ T3963] init_rescuer+0xa4/0x264 [ 39.275826][ T3963] workqueue_init+0x2b4/0x640 [ 39.277432][ T3963] kernel_init_freeable+0x448/0x650 [ 39.279048][ T3963] kernel_init+0x24/0x294 [ 39.280450][ T3963] ret_from_fork+0x10/0x20 [ 39.281815][ T3963] INITIAL USE at: [ 39.282825][ T3963] lock_acquire+0x240/0x77c [ 39.284159][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.285783][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.287278][ T3963] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 39.288931][ T3963] init_rescuer+0xa4/0x264 [ 39.290347][ T3963] workqueue_init+0x2b4/0x640 [ 39.291891][ T3963] kernel_init_freeable+0x448/0x650 [ 39.293477][ T3963] kernel_init+0x24/0x294 [ 39.294775][ T3963] ret_from_fork+0x10/0x20 [ 39.296184][ T3963] } [ 39.296768][ T3963] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 39.298555][ T3963] ... acquired at: [ 39.299431][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.300679][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.301819][ T3963] __kmalloc_node+0xbc/0x5b8 [ 39.302911][ T3963] kvmalloc_node+0x88/0x204 [ 39.303990][ T3963] get_dist_table+0x9c/0x2a4 [ 39.305176][ T3963] netem_change+0x7cc/0x1a90 [ 39.306237][ T3963] netem_init+0x54/0xb8 [ 39.307266][ T3963] qdisc_create+0x6fc/0xf44 [ 39.308352][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 39.309500][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 39.310620][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 39.311886][ T3963] rtnetlink_rcv+0x28/0x38 [ 39.312974][ T3963] netlink_unicast+0x664/0x938 [ 39.314241][ T3963] netlink_sendmsg+0x844/0xb38 [ 39.315363][ T3963] ____sys_sendmsg+0x584/0x870 [ 39.316559][ T3963] ___sys_sendmsg+0x214/0x294 [ 39.317676][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.318856][ T3963] invoke_syscall+0x98/0x2b8 [ 39.319998][ T3963] el0_svc_common+0x138/0x258 [ 39.321123][ T3963] do_el0_svc+0x58/0x14c [ 39.322146][ T3963] el0_svc+0x7c/0x1f0 [ 39.323119][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 39.324358][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 39.325419][ T3963] [ 39.325875][ T3963] [ 39.325875][ T3963] stack backtrace: [ 39.327173][ T3963] CPU: 1 PID: 3963 Comm: syz-executor420 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 39.329581][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 39.331978][ T3963] Call trace: [ 39.332696][ T3963] dump_backtrace+0x0/0x530 [ 39.333674][ T3963] show_stack+0x2c/0x3c [ 39.334616][ T3963] dump_stack_lvl+0x108/0x170 [ 39.335788][ T3963] dump_stack+0x1c/0x58 [ 39.336754][ T3963] __lock_acquire+0x62b4/0x7620 [ 39.337867][ T3963] lock_acquire+0x240/0x77c [ 39.338943][ T3963] fs_reclaim_acquire+0xf0/0x1d0 [ 39.339996][ T3963] slab_pre_alloc_hook+0x38/0xe8 [ 39.341130][ T3963] __kmalloc_node+0xbc/0x5b8 [ 39.342171][ T3963] kvmalloc_node+0x88/0x204 [ 39.343380][ T3963] get_dist_table+0x9c/0x2a4 [ 39.344437][ T3963] netem_change+0x7cc/0x1a90 [ 39.345477][ T3963] netem_init+0x54/0xb8 [ 39.346403][ T3963] qdisc_create+0x6fc/0xf44 [ 39.347467][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 39.348681][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 39.349801][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 39.350881][ T3963] rtnetlink_rcv+0x28/0x38 [ 39.351912][ T3963] netlink_unicast+0x664/0x938 [ 39.352981][ T3963] netlink_sendmsg+0x844/0xb38 [ 39.354143][ T3963] ____sys_sendmsg+0x584/0x870 [ 39.355220][ T3963] ___sys_sendmsg+0x214/0x294 [ 39.356354][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.357555][ T3963] invoke_syscall+0x98/0x2b8 [ 39.358649][ T3963] el0_svc_common+0x138/0x258 [ 39.359749][ T3963] do_el0_svc+0x58/0x14c [ 39.360663][ T3963] el0_svc+0x7c/0x1f0 [ 39.361605][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 39.362776][ T3963] el0t_64_sync+0x1a0/0x1a4 [ 39.363825][ T3963] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 39.366124][ T3963] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3963, name: syz-executor420 [ 39.368265][ T3963] INFO: lockdep is turned off. [ 39.369307][ T3963] Preemption disabled at: [ 39.369317][ T3963] [] netem_change+0x22c/0x1a90 [ 39.371808][ T3963] CPU: 1 PID: 3963 Comm: syz-executor420 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 39.374198][ T3963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 39.376473][ T3963] Call trace: [ 39.377264][ T3963] dump_backtrace+0x0/0x530 [ 39.378316][ T3963] show_stack+0x2c/0x3c [ 39.379184][ T3963] dump_stack_lvl+0x108/0x170 [ 39.380373][ T3963] dump_stack+0x1c/0x58 [ 39.381317][ T3963] ___might_sleep+0x380/0x4dc [ 39.382409][ T3963] __might_sleep+0x98/0xf0 [ 39.383470][ T3963] slab_pre_alloc_hook+0x58/0xe8 [ 39.384556][ T3963] __kmalloc_node+0xbc/0x5b8 [ 39.385574][ T3963] kvmalloc_node+0x88/0x204 [ 39.386600][ T3963] get_dist_table+0x9c/0x2a4 [ 39.387742][ T3963] netem_change+0x7cc/0x1a90 [ 39.388753][ T3963] netem_init+0x54/0xb8 [ 39.389674][ T3963] qdisc_create+0x6fc/0xf44 [ 39.390656][ T3963] tc_modify_qdisc+0x8dc/0x1344 [ 39.391843][ T3963] rtnetlink_rcv_msg+0xa74/0xdac [ 39.392935][ T3963] netlink_rcv_skb+0x20c/0x3b8 [ 39.394039][ T3963] rtnetlink_rcv+0x28/0x38 [ 39.395051][ T3963] netlink_unicast+0x664/0x938 [ 39.396176][ T3963] netlink_sendmsg+0x844/0xb38 [ 39.397291][ T3963] ____sys_sendmsg+0x584/0x870 [ 39.398462][ T3963] ___sys_sendmsg+0x214/0x294 [ 39.399644][ T3963] __arm64_sys_sendmsg+0x1ac/0x25c [ 39.400919][ T3963] invoke_syscall+0x98/0x2b8 [ 39.402002][ T3963] el0_svc_common+0x138/0x258 [ 39.403098][ T3963] do_el0_svc+0x58/0x14c [ 39.404060][ T3963] el0_svc+0x7c/0x1f0 [ 39.404946][ T3963] el0t_64_sync_handler+0x84/0xe4 [ 39.406067][ T3963] el0t_64_sync+0x1a0/0x1a4